Privacy in cyberspace

Vaishnavi Kaishav


One of the fundamental human rights is the right to privacy. Courts in India have recognized it as a fundamental right, even though it is not expressly stated in the Indian Constitution. When it comes to cyber laws and regulations, India lags far behind. In India, there is no definition of cybercrime. The IT Act of 2000, as amended in 2008, is insufficient to encompass the full scope of cybercrime. , the question of the right to privacy has absolutely no importance when cyber crimes are probed in India. In Cyberspace, an individual's privacy can be violated in a variety of ways. The purpose of this article paper is to investigate the constitutional and legal status of the right to privacy in India in cybercrime. It aims to provide concrete recommendations to improve the country's internet privacy situation. A non-physical terrain created by computers is referred to as cyberspace. Citizens have increasingly used cyberspace to isolate themselves from their social circle in recent years. It turns out that there is a serious risk of an individual's privacy being violated.


Crime is both socio and economic phenomenon. Its history is as ancient as human civilization. In India, Kautilya's Arthashastra is regarded as an authentic administrative treatise. For the offences listed, various punishments have been prescribed. It also discusses the concept of restitution for victims' losses. Crime, in any form, harms all diverse of society. Cybercrime has grown at a rapid pace in developing economies. It claims that stealing someone's phone is equivalent to putting them in solitary confinement. Technology has infiltrated so deeply that people cannot go a day without using a computer or a mobile phone. In our daily life, electronic gadgets become an important tool to communicate with one another, transfer finance from one account to another even in the commercial sector, there are much wider in the last 10 years which also lead to crime in cyberspace. But one phase got challenged that’s India don't have yet an absolute act for cybercrime. So it increases crime in cyberspace.

These days, the Internet is the swift and secure technique available on the planet. There are numerous types of internet scams and fraud that occur, and one must exercise extreme caution. Many times, simple things can make you a sufferer even when you are not aware of it. According to crime statistics, many cybercrimes are committed with the assistance of the internet and mobile phones. Legislators are compelled to enact specific legislation to deal with crimes committed with the assistance of a relevant device. It is the other side of the information and technology revolution. The Information Technology Act of 2000 establishes and defined computer and cybercrime means.


Computer bugs and viruses can steal data stored in the cookies folder of a computer. Malware, viruses and bugs can steal information that is shared online by computer users. Data is often stolen through the use of hostile spyware, or by a various computer virus.

Furthermore, the information that the user send/post in his or her social networking profile, i.e. Linkedin, Twitter, Facebook, Instagram, and other social media platforms are extremely vulnerable to unauthorized access. Children who use the internet are also easy prey for preparators because all of the information they feed can be easily tracked. According to Wikipedia, there are approximately 400 million users of social media websites. Almost all users use the mobile app for chatting, uploading photos, and entering vital personally identifiable information into their databases. Companies hire intermediaries to collect data on people who use the internet and social media. Data records are used for advertising purposes or to sell to other businesses. Many countries have enacted numerous laws to protect their citizens' privacy.


The Information Technology Act, 2000 was enacted by the Indian legislature to address cybercrime and cybercriminals. For violation of certain laws, the IT Act sets penalty and punishment provisions. The Information Technology Act went into effect on October 17, 2000. The act's preamble would be as follows. The Act establishes a legal identity for sharing conducted through digital data interchange and other means. Electronic communication, also known as "electronic commerce," was created to identify digital evidence and electronic records. The act was later amended again in 2008 and is now known as the Information Technology Amendment Act 2008. The Act includes several provisions that protect a person's privacy from online intrusion and exploitation that is in section 43 of IT acthacking (section 66E)three of imprisonment for violation of privacy (section 66C )identity theft, etc…..

In 2008, after the IT amendment acts the proviso inserted, According to Section 43A of the Information Technology Amendment Act 2008, all corporate entities and intermediaries that hold, manage, or collect any sensitive personal data must keep appropriate records. The Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011, have been published by the government.

· Financial information, such as bank account, credit card, debit card, or other payment instrument information;

· Passwords;

· Condition of physical, physiological, and mental health;

· Sexual preference;

· Medical history and records;

1. When dealing with Personal sensitive data or information, the regulations provide appropriate security policies and procedures that the body corporate or any individual collecting, receiving, possessing, storing, dealing with, or handling information on behalf of the body corporate must follow.

2.If a breach occurs, the body corporate or any other individual authorised may be held liable to pay for the damages to the individual who has been affected.


The Government of India formed a committee to draught a data protection statute. The committee proposed a draught law, which the Indian government adopted as the Personal Data Protection Bill 2019 (PDP) Bill. This will be India's first data protection law, repealing Section 43A of the IT Act. The PDP Bill proposes that it be applied to both electronic procurement records.

The Expert Committee (Chair: Mr Kris Gopalakrishnan) issued a draught report for public comment in July 2020. According to the Committee, non-personal data should be regulated for a data-sharing structure to tap the economic, social, and public value of such data.

According to the Personal Data Protection Bill (PDP), 2019, non-personal data is defined as data that is not personal data. Personal data is defined in the PDP Bill as information about one's characteristics, traits, or attributes of identity. Data can be data that has never been associated with a natural person (such as data on whether or supply chains). The Committee recommended that the PDP Bill be amended to remove non-personal data provisions. Currently, the bill gives the central government the authority to order any entity to provide non-personal data.

Organizations will need to examine and amend their data protection policies depending on the sort of personal data they process. To prevent data misuse, organizations will need to deploy suitable technical and organizational safeguards.


The main issue is that these guidelines did not emerge from anywhere. There are two Supreme Court decisions: the Prajwala case, which dealt with child pornography in 2018, and the Facebook v. Union of India case, which was decided in September 2019. In addition, there was a debate on fake news in the Rajya Sabha, in which the government was required to commit to developing guidelines. This is based on popular demand, court orders, and Parliament's and its committees' authority. Victims of abuse must have a safe place to express their concerns. That is the crux of the rules. As a result, the emphasis of the rules is on social media abuse and misuse. There is a mechanism for resolving grievances in both print and broadcast media. However, to file a complaint, a user must go to the police or to America, where the name of the grievance officer is unknown. "It appears that they are only in India for financial gain and are not subject to Indian laws or the constitution," IT minister says.

In a landmark case in [1], Intrusion to Privacy sometimes initiated by the Central Bureau of Investigation requested access to the massive database compiled by India's Unique Identity Authority. The Supreme Court, on the other hand, stated that the UIDAI was not to transfer any biometrics without the person's consent. The decision has ramifications for the government's massive biometric ID scheme. Personal data could be misused, according to rights groups. The government wants registration to be mandatory. The decision overturns two previous Supreme Court rulings that said privacy was not a fundamental right. It was issued by a nine-judge panel because one of the previous rulings was issued by an eight-judge panel.

In another landmark case, the supreme tribunal also provided for certain pre-positions regarding individual's confidentiality, with a fair approach to the right to freedom of expression guaranteed in Article 19 of the Constitution of India and the right to privacy, as set out in Article 21 Furthermore in the case of the State of Maharashtra v. Madhukar Narayan Mardikar

Finally, the recent case of [2], [1]the Supreme court has recognized Privacy as the constitutionally guaranteed right.While the right to privacy has been recognized as a constitutional basic right, it would only have a meaningful effect if people started to acknowledge it.

In Nasscom v. Ajay Sood & Others, TheNational Association of Software and Service Companies was the plaintiff in this case (Nasscom) The defendants ran a placement agency that specializes in headhunting, training and development. The High Court upheld the plaintiff's trademark rights and issued an injunction. The Delhi High Court ruled that phishing is a criminal offence in India. The defendants agreed to pay the plaintiff Rs1.6 million in damages. The court ruled that phishing is an act of passing off and tarnishing the plaintiff's image, not only to the consumer but also to the person whose name, identity, or password is used. This case sets a clear precedent: it brings the act of "phishing" within the purview of Indian law, despite the absence of specific legislation. [3].

There are numerous laws governing e-commerce and cybercrime in many other countries around the world. Separate Acts and Rules have been enacted to address data communication, storage, child pornography, electronic records, and data privacy.


The Indian Constitution's Article 19A does not explicitly identify the crimes relating to online and offline privacy. As a result, there are a variety of privacy problems. Several of the

The following are the most pressing concerns:

· Lack of interest in gaining knowledge: Without the user's consent, personal information could be sold to a third party for monetary gain. Users must be aware, but the majority of them do not want to learn about it. Although the internet is a free and open resource, users should exercise caution when accessing it. It is critical to safeguard your information.

· Lack of procedural safeguard in surveillance activities: There are insufficient procedural safeguards, which can result in data leakage. It is critical to ensure that suitable protection in the form of commercially available software is in place to secure data. It is not a good idea to keep confidential information out in the open.

· Scanning in the name of cybersecurity: Data that has been scanned may contain sensitive information about the user. User data is sometimes scanned simply to demonstrate security. This scanning may pose serious privacy risks.

· Lack of clear definition in IT Law: Indian Information technology law lacks a clear and distinct legislative framework for privacy issues. Online privacy crimes are treated in the same way that offline crimes are.


Cybercrime is a new type of crime that has arisen as a result of the technology and automation of various activities in an organization in a network. This new legislation should address data and information security. However, when drafting legislation, the legislature must keep in mind the need to strike a balance between the interests of the general public, their privacy, freedom of expression and the rising rate of cybercrime. Proper planning and governance, as well as monitoring and auditing, are required, as is incident response. One of the basic needs met by civil society is expressed through speech. Freedom of expression and opinion should be free of any political, corporate, or other influences. It must be applied in a nondiscriminatory and arbitrary manner.



Unique Identification Authority of India & Anr. v. Central Bureau     of Investigation (2014), 2014.


Justice K.S.Puttaswamy(Retd) ... vs Union Of India And Ors., 2017.


National Association Of Software ... vs Ajay Sood And Ors, 2005.


"prs research legislative," prs, 2020.


c. patra, "A Study Of Indian Law On Protection Of Right To     Privacy In The Cyber World," legal service India.