An unprecedented amount of personal data is available online and when aggregated a

persons life becomes transparent over time.

1
Increasing the level of privacy harm is the
fact that the data is stored in vast private databases by a few conglomerates due to the
concentrated nature of the online service industry.
2
However, when this data may be seen
non-contextually it may lead to incorrect inferences being drawn, e.g. a persons search
query logs may be entirely for the purposes of research and not a personal medical
condition. What is most worrying is that a person whose data is being gathered does not
have any notice causing a harm of exclusion. This is exclusion in information processing
and not information gathering hence, there should not be any reason for such exclusion.
Here, it is not out of place to heed the EU Law on Privacy which contains a basic
prohibition against databases. Then there is also the probable harm of secondary use,
where the information gathered will be used for purposes other than for which it was
gathered.
3

Vijay Prakash v. Union of India, A.I.R. 2010 Del. 7 (India) (Per S. Ravindra Bhat, J.).
After considering the English law on the point of privacy, the court notes that, it may be
seen from the above discussion, that originally, the law recognized relationships through
status (marriage) or arising from contract (such as employment, contract for services,
etc.) as imposing duties of confidentiality.
Raja v. P. Srinivasan, (2009) 8 M.L.J. 513 (India) (Per M. Chockalingam & R. Subbiah,
JJ.). The applicant sought to restrain the respondent, the publisher of a weekly, from
publishing inter alia, family photographs of the applicant accompanied by write ups

1
See Omer Tene, What Google Knows: Privacy and Internet Search Engines, 2008 UTAH L. REV. 1433. Cited in The
Law of Online Privacy in India By Apar Gupta, (2011) PL April S-3
2
Id. at 1456-1463.
3
The Law of Online Privacy in India By Apar Gupta, (2011) PL April S-3
leveling allegations of corruption. The appellant had contended that these photographs
contained images of his wife and minor child who were not connected to his public office
and public acts and hence the publication of their images contemporaneously infringed
their right to privacy. The court granted an interim injunction restraining the defendant
from publishing any such news articles as well as photographs of the plaintiffs wife and
minor child.
In District Registrar and Collector v. Canara Bank
4
it was held by this Court that:
the exclusion of illegitimate intrusion into privacy depends on the nature of the right
being asserted and the way in which it was brought into substantive judgment. If these
factors are relevant for defining the right to privacy, they are quite relevant whenever
there is invasion of that right by way of searches and seizures at the instance of the State.

The right to privacy refers to the specific right of an individual to control the collection,
use and disclosure of personal information. Personal information could be in the form of
personal interests, habits and activities, family records, educational records,
communications (including mail and telephone) records, medical records and financial
records, to name a few. An individual could easily be harmed by the existence of
computerised data about him/her which is inaccurate or misleading and which could be
transferred to an unauthorised third party at high speed and very little cost. This growth in
the use of personal data has many benefits but it could also lead to problems.
5

There is no limitation imposed on the compensation that can be awarded. Section 43A
which provides for civil action for security breaches is based on the concept of

4
(2005) 1 SCC 496
5
Dr. Shiv Shankar Singh, Privacy and Data Protection in India, (2012) PL February S-2
“sensitive personal information”. Other than that, there is no special
protection in Indian law for sensitive personal information. Section 43A provides for
compensation to an aggrieved person whose personal data including sensitive personal
data may be compromised by a company, during the time it was under processing with
the company, for failure to protect such data whether because of negligence in
implementing or maintaining reasonable security practices. This provision, therefore,
provides a right of compensation against any one other than the person in charge of the
computer facilities concerned, effectively giving a person a right not to have their
personal information disclosed to third parties, or damaged or changed by those third
parties. The section is equally able to be used by data controllers or the subjects of
personal information against third parties. It is only that they will be
“affected” in different ways which justify compensation. It also provides
that accessing data in an unauthorised way is a civil liability.
6

Sections 66E, 72 and 72A require the consent of the persons concerned but within
limited scope as it would be difficult to consider that it could provide a sufficient level of
personal data protection. Indeed, these sections confine themselves to the acts and
sections provide for monitoring violation of privacy, breach of confidentiality and
privacy, and disclosure of information in breach of lawful contract. Breach of
confidentiality and privacy is aimed at public and private authorities, which have been
granted power under the Act. In District Registrar and Collector v. Canara Bank23, the
Supreme Court said that the disclosure of the contents of the private documents of its

6
Dr. Shiv Shankar Singh, Privacy and Data Protection in India, (2012) PL February S-2
customers or copies of such private documents, by the bank would amount to a breach of
confidentiality and would, therefore, be violative of privacy rights of its customers.
7

On August 23, 2014 Manu Sharma received summons in a complaint case filled by
WindTel sister company Wind Entertainment regarding allegation that Sharma had
downloaded pirated songs of their movie Sugar rush, all rights of which were owned by
Wind Entertainment. Wind Entertainment claimed that they have conclusive proof of
Sharmas illegal activity owning to the detailed ISP logs that the company had in its
possession.
This shows that the respondent has shared the internet history of the petitioner to a third
party. This is the violation of the right to privacy of the petitioner.
In Vinod Kaushik v. Madhvika Joshi
8
the adjudicating officer found that the respondent had
violated the privacy of the complainant and his son by her unauthorised access of their email
accounts and sharing of their private communication




7
Dr. Shiv Shankar Singh, Privacy and Data Protection in India, (2012) PL February S-2
8
Complaint No. 2 of 2010, before the adjudicating officer Sh. Rajesh Aggarwal, Secretary, (Information
Technology), Government of Maharashtra. Decided on 10.10.2011