PRIVACY AND DATA PROTECTION IN THE

CYBERSPACE: AN INSIGHT TO CURRENT

INDIAN SCENARIO AND SUGGESTION OF A
COMPREHENSIVE FRAMEWORK

Submitted by: - Srinibash Dash

BBA LLB, Div.- B
Roll no. 1982132
 PRIVACY AND DATA PROTECTION IN THE CYBERSPACE: AN INSIGHT TO CURRENT INDIAN
SCENARIO AND SUGGESTION OF A COMPREHENSIVE FRAMEWORK
-Srinibash
Dash

ABSTRACT.
The issue of privacy in the Indian context is explained in this paper with respect to 3 distinct
dimensions such as, legal, Technical and Political. To deal with these challenges, whatever
may come, this paper, proposes a comprehensive framework. Unforeseen challenges are
brought in by technological advancements in the field of technology such as Mobility
(Geographical knowledge Discovery), Data Mining and Cloud Computing, etc. and the most
crucial of the challenges is the “Threat to Privacy” .Today we will access any info associated
with anyone from any place at any time, however, this arises as a replacement threat to
private and confidential information. The acceptance of technology throughout the globe is
a result of globalization and as per the growing number of users of the cyberspace, various
governments throughout the world have developed their respective legal frameworks to
govern the same, for example, the Data Protection Act (1998) Great Britain, the Electronic
Communication Privacy Act (1986) in the United States, etc. from time to time, but in the
Republic of India there's no such comprehensive legal framework that deals with the privacy
issue. To handle major cyber challenges, we refer ITA (Information Technology Act) Act 2008
that was built with the motivation to facilitate e-commerce and hence the issue of privacy
wasn't of primary concern in the IT act. This suggestive framework provides comprehensive
resolution as per gift and future necessities of privacy in Indian scenario. As justly
aforementioned “true power of any law lies on its ability, and easy enforcement.”

INTRODUCTION.

The literal meaning of the word privacy might change in different perspectives and scenarios.
Presumably, it was our cultural belief, style of living or the un-anticipation of the upcoming
and fast-paced technological developments that did not compel our lawmakers to address
the issue of “privacy” while framing the legal structure for the nation. However, it is of
prime importance to define the term “Privacy” before discussing it in the electronic
perspective in the Indian context.
The word “privacy” traces its ancestry back to the Latin word “Privatus” – meaning separate
from the rest. It can therefore be interpreted as the capacity of an individual or group to
seclude themselves or seclude information regarding them and disperse it selectively.
Privacy can be understood as the right of an individual to choose what information can
people access, who can access their information and when can the information be accessed.
The Indian constitution explains Privacy as “Personal Liberty” in Article 21.
“Protection of Life and Personal Liberty”- No person shall be deprived of his life or personal
liberty except according to the procedure established by law. As provided in constitution list
1, Privacy is considered to be a fundamental right.
In the international front, privacy is considered as Human Rights in different dimensions as:
1. Privacy of Personal Behaviour
2. Privacy of Person
3. Privacy of Personal Communication
4. Privacy of Personal Data
Although used synonymously, the words Privacy, Confidentiality and Information Security
differ in their meanings and scopes. With the advent of new and updated technology, it
became really tough to protect information through confidentiality alone. However, it is still
a mammoth task to ensure and establish privacy as the true scope of privacy still remains
untouched. Nowadays the business is customer centric and the survival of any business
depends on the personal preferences of the users. So, in temptation to have technological
adaptation, we pass on our personal and some time sensitive information very easily
without giving much heed to privacy. For example, from creating a Facebook account to
opening a bank account online, we pass on our personal information every time and nearly
every day. Ethically, the provided information shall only be used for the specified purpose
for which it has been collected, however, this information is stored, further processed and
provided to “interested users” for huge sums of money and your data is exploited. The
unintended phone calls and messages are a result of this data exploitation and trade. This
causes not only irritation but can amount to mental harassment and might lead to financial
as well as emotional losses.
All of this has raised the alarm and raised concerns regarding the issue of privacy across the
globe and in different forms and scenarios. Thus, various countries have adopted
comprehensive legal frameworks to deal with this. Many organisations are working tirelessly
on a globally accepted structure of privacy framework like the Organisation for Economic
Co-operation and Development (OECD). Based on the OECD guideline, the Data Protection
Act (1998) was adopted by the United Kingdom, containing 8 principles looking after issues
like who owns the data, subject of data, data processor, who’s responsible, etc.

LEGAL CHALLENGES.
The lack of proper legislation in the Indian context has made it extremely difficult to ensure
protection of privacy rights. However, to the rescue of the victims of the Privacy attack and
incompetent legislation, there are a few proxy laws and incident safeguards that the
government is currently using for the issues related to Privacy. A few of the proxy laws
include Article 21 of the Indian constitution, IT Act 2000, Indian Contract Act 1872, Indian
Penal Code, Indian Copyright Act, Consumer protection Act 1986, Specific Relief Act 1963,
Indian Telegraph Act, etc.
The following are the loopholes or shortcomings of the current legal framework:
 1. No comprehensive law and the privacy are still being dealt with some proxy laws and
it has no convergence on the privacy issue.
2. No classification of Information as public, private and sensitive information.
3. No legal framework talking about the ownership of private and sensitive information
and data.
4. No certain procedure of creating, processing, transmitting and storing the
information.
5. No guidelines regarding data quality, proportionality and data transparency.
6. No framework to deal with cross country flow of information
Such loopholes and short-comings in the legal framework cannot be tolerated in the era of
information technology and it can lead to severe impairment for the individual a well as for
the nation.
TECHNOLOGICAL CHALLENGES.
The form of information in India has been drastically transformed by the globalization and
the ICT revolution. It has not only made the information more accessible and handier, but
has also made that information more vulnerable. Although it has made our lives faster and
easier, it has caused unseen mayhem and havoc as well.
A few technologies that can affect our privacy explicitly are technologies like face
recognition, iris recognition, biometrics, etc.
The development of Computer technology has not only provided the ability to store vast
amount of data, but also provided with the ability to automatically sort, extract and
compare data. The process of looking at certain items of data, or at patterns within the data
as indicators of a particular characteristic or behaviour is known as data matching and
comes under the scope of data mining. Since it involves the data of a large number of
people, without prior cause of suspicion, it poses a major threat to privacy. It becomes more
crucial when the data warehouses are managed by third parties like BPO etc.

POLITICAL AND SOCIAL CHALLENGES.

The support of human resource for the implementation of any technology is a pre-requisite
and is inevitable. The information Technology principle says that people are the weakest link
in the chain of Information Security.
As far as the Indian scenario is concerned, people play a major role in the acceptance of
refusal of a particular form of technology. Although Privacy is not the issue at the pinnacle
of issues in India, and that’s because people are least bothered about their own privacy,
since there have been no scams or major data leaks till date, people have not been alarmed
enough to start considering their privacy as their own right and not just a first-world notion.
Media plays an important role in making people aware of the policies of the government
and its decisions. However, nowadays, media encroaches into public and private life as well
and no one’s information is kept safe and private.
India has had an ambivalence towards social networking sites since a long time and that has
put the user’s private information at immense risk. People on social networking sites form a
community, which is basically a group of like-minded people and then share their thoughts
on either a day-to-day basis or a regular basis. However, what people don’t understand is
that while sharing their thoughts, they end up sharing crucial and private information on the
internet which can essentially put their security and sometime, nation security in jeopardy.
It also leads to a lot of misrepresentation and misinterpretation causing damage to oneself,
a community or the nation at large.
PROPOSED FRAMEWORK.
It is clearly palpable from the current scenario that we have to adopt a whole new,
comprehensive legal framework to deal with the issue of privacy in the cyberspace and
establish proper procedure and code of conduct on the cyber space and a hierarchy of
procedures for data storage, ownership, etc.

A) Data Collection:
The first point to start with the establishment of a proper process of data collection
which is strictly monitored by a suitable authority following the points mentioned below:
-
1. Information collected for lawful purpose only.
2. Information collected by authorized agencies only.
3. Purpose of information collection shall be mentioned earlier and strictly adhered to
4. Personal data should be adequate, relevant and not excessive.

B) Data Security and Storage

The maintaining of the captured data is the second step. Appropriate technical measures
shall be applied to ensure that the captured data is safely stored and limited people
have access to it.

C) Data Processing
The processing of personal data shall be done lawfully and fairly. It should also involve
the users consent as an additional safeguard. It should be backed by essential judicial
support and shall protect every interest of the user.
D) Data Access
The access to the collected data shall be limited and only authorized people with
relevant reasons to access the data shall be allowed to access and handle it. Also, this
shall be applied for users and accessors of data beyond the Indian territory.
CONCLUSION.
The system and framework proposed here, covers all the three fronts namely legal,
political and technical. It has been designed keeping in mind the current scenario as well
as for the future. The system has a wide scope of betterment and a wider scope of
advancement as well. It has been kept flexible and scalable for future changes and
additions. It not only ensures a completely safe ecosystem of data sharing and storage,
but also ensures private and national security.

REFERENCES.
1. Definition of Privacy- https://en.wikipedia.org/wiki/Privacy
2. Privacy-Enhancing Technologies—approaches and development
http://www.sciencedirect.com/
3. Article 21- Indian Constitution
4. Electronic Communications Privacy Act
http://legal.web.aol.com/resources/legislation/ecpa.html
5. Article: Data Protection Law In India-Needs And Position (Adv. Swati
Sinha)
6. Article:” Does India have a Data Protection law” (Mohammed
Nyamathulla Khan)