Monami Mitra M.com(e-com) Semester IV Roll no.

11

      

  

Introduction Meaning of Privacy Internet Privacy Privacy and Confidentiality The Right to Privacy The OECD Principles Legal Implication of privacy issues In India In UK In U.S Case studies on privacy issues Conclusion References

The growing e-commerce and the widespread availability of online databases raise many fears regarding loss of privacy and many statistical challenges. This has given primary concern to privacy issue in all over the world in different forms.

The world privacy has been derived from Latin word Privatus which means separate from rest. Privacy can be understood as a right of an individual to decide: who can access the information , when they can access the information, and what information they can access.

According to Indian Constitution in Article 21 Privacy means protection of life and personal liberty No person shall be deprived of his life or personal liberty except according to procedure established by law The privacy is considered as one of the fundamental rights provided by constitution in list I (13)

Internet privacy consists of privacy over the media of the Internet: the ability to control what information one reveals about oneself over the Internet, and to control who can access that information

From creating a mail account to open an online banking account we pass on our personal information everywhere in a day to day life . Ideally the provided information must be used for limited purpose only for which it has been collected but in reality this information is further processed, sold for unauthorized purpose without the permission of the data owner.

Cookies HTTP Browsers Downloading freeware or shareware Search engines Electronic commerce E-mail Spam Dangers of Internet Chat Social networking blogs

These two terms are somewhat synonymous but there is a little difference between them.
It is the claim of individuals ,groups or institutions to determine for themselves when, how and to what extent information about them is communicated to others.

Privacy

Confidentiality

It involves a sense of expressed or implied basis of an independent equitable principle of confidentiality.

It is common for the journalist to use anonymous informants. The identities of the informants are kept confidential but are known to the Journalists.

Right to privacy involves the right to controls ones personal information and ability to determine if and how that information should be obtained and used. This principle of privacy becomes all the more relevant with the onset of the internet and e-commerce in India.

The OECD guidelines on the protection of privacy were developed in 1980, to help harmonise national privacy legislation and at the same time ,prevent interruptions in international flows of data.

The collection limitation principle The data quality principle The purpose specification principle The use limitation principle The security safeguard principle The openness principle The individual participation principle The accountability principle

There should be limits to the collection of personal data and any such data should be obtained by lawful and fair means and where appropriate , with the knowledge or consent of the owner.

Personal data should be relevant to the purposes for which they are to be used, and to the extent necessary for those purposes should be accurate, complete and kept up-to-date.

The purposes for which personal data are collected should be specified at the time of data collection only and its use is limited to that purpose only.

Personal data should not be disclosed, made available or otherwise used for purposes other than specified except:With the consent of the owner By the authority of law

Personal data should be protected by reasonable security safeguards against such risks or loss or unauthorized access ,destruction use, modification or disclosure of data

There should be a general policy of openness about developments, practices and policies with respect to personal data. Means should be readily available of establishing the existence and nature of personal data, and the main purposes of their use, as well as the identity and usual residence of the data controller

An individual should have right :To obtain from a data controller or otherwise, confirmation of whether or not the data controller has data relating to him. To have communicated to him ,data relating to him 1. Within a reasonable time 2. In a reasonable manner To be given reasons if a request made under sub paragraphs is denied, and to be able to challenge such denial

A data controller should be accountable for complying with measures which gave effect to the principles stated above.

No specific legislation pertaining to data protection and privacy has been enacted in India. However, there exist four components of data protection and privacy regime in India, namely:
Constitution of India Judgments of the Honble Supreme Court of India The Information Technology Act, 2000 The Indian Contract Act, 1872

Under article 21 of Indian constitution no person shall be deprived of his life or personal liberty except according to procedure established by law. Under this article , a citizen has a right to protect the privacy of his own , his family, marriage, motherhood, childbearing, and education . No one can publish anything concerning the above matters without his consent, whether truthful or otherwise and whether critical , unless they are a part of public records.

If one follows judgment of supreme court ,three things emerge:That the individuals right to privacy exists and any unlawful invasion of privacy would make the offender liable for the consequences in accordance with law. That there is constitutional recognition given to the right of privacy which protects personal privacy against unlawful government invasion That the persons right to be let alone may be lawfully restricted for the prevention of crime .

Section 72 of the act, establishes an information technology offence of breach of confidentiality and privacy Section 66(e) of ITAA 2008 describes the punishment for the violation of privacy. Section 43(a)of ITAA 2008 provides for the compensation for failure to protect data

any person who, in pursuant of any of the powers conferred under this Act, rules or regulations made there under, has secured access to any electronic record, book, register, correspondence, information, document or other material without the consent of the person concerned discloses such electronic record, book, register, correspondence, information, document or other material to any other person shall be punished with imprisonment for a term which may extend to two years, or with fine which may extend to one lakh rupees, or with both.

It is important to note that the scope of this section is limited to those authorities,which have been granted power under this act.

Whoever, intentionally or knowingly captures, publishes or transmits the image of a private area of any person without his or her consent, under circumstances violating the privacy of that person, shall be punished with imprisonment which may extend to three years or with fine not exceeding two lakh rupees, or with both

Where a body corporate, possessing, dealing or handling any sensitive personal data or information in a computer resource which it owns, controls or operates, is negligent in implementing and maintaining reasonable security practices and procedures and thereby causes wrongful loss or wrongful gain to any person, such body corporate shall be liable to pay damages by way of compensation, , to the person so affected

Sensitive personal data or information means such personal information as may be prescribed by the Central Government in consultation with such professional bodies or associations as it may deem fit. The victim of a breach of privacy is provided a remedy to claim compensation from the body corporate who has been negligent. There is no upper limit for the compensation to be claimed which may even be in excess of Rs 5 crores. This section provides a remedy to the "person affected" when "Wrongful loss" is caused to him or "Wrongful gain" is caused to another person at the expense of the affected person. There is no limit for the compensation.

In a contract , confidentiality clause exists which means that where an organization/company agrees to maintain the confidentiality of information relating to an individual , any unauthorized disclosure of information would amount to a breach of contract inviting an action for damages as a consequences of any default in observance of the terms of contract.

Data must be:Fairly and lawfully processed Processed for limited purpose Adequate , relevant not excessive Accurate Not kept longer than necessary Processed in accordance with the data subject's rights Secure Not transferred to countries without adequate protection

conclusion
m.com(e-com) Semester III Roll no. 3

Books :Ahmad ,F.(2nd ed.).(2005).Cyber Law in India.Delhi:New Era Kamanth ,N.(2nd ed.).(2006).Law relating to Computer Internet &E-commerce. New Delhi: Universal Law. Sood,V.(2nd ed.).(2003).Cyber Law Simplified. New Delhi: McGraw Hill.

Websites
http;//www.delhicorts.nic.in/cyber%20law.pdf http;//www.infosecon.networkshop/pdf.4.pdf.htm http;//www.cno.org/docs/prac/41069-privacy.pdf http;//www.ijest.info/docs/JEST10-02-05-136.pdf