BALANCING PRIVACY AND CYBERSECURITY: ARTICLE 21 IN THE DIGITAL

AGE

CHAPTER 1

INTRODUCTION

Undoubtedly, technology has increased the resilience and effectiveness of businesses

worldwide, and a paradigm change from a seller's market to a buyer's market has resulted in a
range of demands. IT is the problem. The Act doesn't explicitly outline how to create a
contract that uses an internet platform and untraceable jurisdiction.

A major worry is privacy protection, which has been made possible by increased human
interaction on internet platforms. The creation of vast amounts of data online and its
susceptibility to abuse provide a new problem, and the existence of significant volumes of
data on the internet exacerbates privacy infractions. Therefore, it is difficult to overestimate
the importance of privacy protection in these situations.

More awareness of the need to defend the right to privacy has emerged in a world where
individuals are busier than ever. Information technology has become a major part of
everyone's daily life today. People have become more vulnerable because of the large volume
of sensitive personal data generated by their conscious or unconscious daily activities.

Judge Cooley of the United States is credited for providing the traditional legal definition of
privacy, stating that it includes "the right to be left alone." Rewinding to 1980, it should be
mentioned that two Boston lawyers acknowledged the threat to privacy in the Harvard Law
Review essay titled "The Right of Privacy." 1 The fundamental right to privacy in e-
commerce is linked to security and trust and thus presents a significant challenge for e-
commerce customers. Protecting the privacy of e-user transactions has become increasingly
important over time.

Despite several IT modifications. A comprehensive statute that provides a set of definitions

for the term’s "privacy" and "data privacy" is needed because the Act of 2000 woefully fails
to provide a specific and widely agreed definition of these terms. The only anticipated

1
IAN J. LLOYD, INFORMATION TECHNOLOGY LAW 17(Oxford University Press 198 Madison Avenue,
New York, United States of America) (7th Edition, 2014).
remedy for reducing the legal, techno-legal, and regulatory concerns in e-commerce is
comprehensive legislation, which would address the newly emerging dangers to privacy and
data protection in this sector.

Every nation's constitution guarantees the right to privacy, which is also well-protected by
international agreements such as the Universal Declaration of Human Rights, the
International Covenant on Civil and Political Rights, and numerous other international
treaties.

These technologies have provided eavesdroppers a tool to violate people's privacy today, and
as a result, privacy concerns are more pressing than they were in the past. This legal and
techno-legal issue must be handled not only at the national level but also at the international
level because computers and the internet use a lot of data that commodifies personal
information about persons, which in some ways infringes their privacy.

When discussing the social transition, it is important to note that our ancestors believed that
privacy was incompatible with their safety and that requesting seclusion would put their lives
in danger due to the untamed rhythms. They ran a greater risk of becoming the animals' prey
the more they requested privacy. They held that sacrificing one's privacy for the benefit of the
group was a good idea. Slowly, the ideas of "privacy," "free from intrusion," "having control
over one's personal information," etc., emerged. It was only after the development of the
online network that the slow change gained momentum. As time went on, humans came to
understand the value of privacy and desired to keep things secret, that is, unhindered. 2 They
began defending themselves against others who entered their private lives without
permission. This heightened awareness followed the threat that technology resurrected in the
shape of "cookies," "web bugs," "data theft," Denial of Service (DOS) attacks, confidentiality
breaches, jurisdictional issues, choice of law, choice of venue, etc.

For aeons, society has been changing. Although transformation can take various forms, the
internet's contribution to human life is particularly noteworthy. Every positive thing has its
disadvantages, it's true. The Internet is also adorned with defects that have drawn a lot of
attention and caused problems for many nations, including our own.

2
RAMAN MITTAL & NEELOTPAL DEKA, CYBER PRIVACY, LEGAL DIMENSIONS OF
CYBERSPACE, 197 (S.K. VERMA & RAMAN MITTAL, eds.,) (Indian Law Institute).
Not only have privacy and data protection issues captured the attention of Indian lawmakers,
but also those of the United Kingdom, the European Union, and the United States, to mention
a few countries. Since the advent of e-commerce, people's anxiety over losing control over
their data and privacy has grown to an unprecedented degree. There is currently no
universally recognised definition of privacy, and it is not included in any laws. Various
authors, writers, and jurists have attempted to define the term "privacy" in the past. The two
most significant rights granted by any civilised country are thought to be those related to data
protection and privacy. Some authors believe that the Internet poses a serious threat to
privacy in the digital age, while others see privacy as the right of people and organisations to
privacy, which includes the right to privacy and the protection of their private documents and
information. Freedom from unapproved interference and the absence of a universally
accepted concept of privacy have been seen as "difficult notions." In the age of e-commerce,
privacy has become essential, which boosts credibility and loyalty. In India, conducting e-
commerce is subject to legal requirements that include adherence to other laws, such as the
Indian penal code and contract law. The protection of data and the absence of a standardised
meaning of the term "privacy" are presumed to be derived from laws such as those pertaining
to information technology, intellectual property, contractual relations, and contract crimes. As
time went on, e-commerce users saw how vulnerable their data was, and they began changing
their passwords frequently or at appropriate intervals because of privacy concerns. Another
issue is that as technology shapes people's interactions with social institutions, there are
emerging risks to personal privacy. What alarmed people in the nineteenth century was once
again seen to be a threat to privacy and several other legal areas in the current digital
environment.

Defensive privacy, human rights privacy, personal privacy, and contextual privacy are the
different categories of privacy. Other categories include privacy of person, privacy of
behaviour and action, privacy of data and image, privacy of communication, privacy of
thoughts and feelings, privacy of location and space, privacy of association, and solitude,
isolation, anonymity, reserve, and intimacy with friends and family. As technology has
advanced, the complexity of privacy issues in the fields of law, social psychology,
economics, and politics has become less than adequate. Because there isn't a single,
universally recognised definition of "privacy," states all over the world try to strike a balance
between an individual's right to privacy (Julia Drake). Additionally, because privacy is a
long-standing issue that has affected practically every democracy in the world since 1960, it
raises concerns about protecting personal information and privacy that requires international
cooperation. States have identified four distinct forms of privacy invasion—intrusion, public
revelation, false light, and appropriation—to protect press freedom. Following the legal
dispute over the definition of "privacy," e-commerce is facing yet another significant setback
linked to the nefarious use of private information and issues with data security. Another issue
is the definition and comprehension of sensitive data, which no law in the world has yet to
undertake. While thinking about privacy, data privacy, and its protection, some of the authors
also determined that the goal should be to minimise invasions of privacy throughout the
process of gathering, storing, and sharing personal data. To address the issue of a breach of
an individual's private rights from a computer data that contained personal information, the
2008 Amendment Act introduced Sections 72 and 72A. Along with risks to online privacy, e-
commerce-related data mining and confidentiality issues were deemed to be of primary
importance. The use of text files known as cookies to gather user data for marketing purposes
on ad networks and third-party websites using JavaScript and Flash technologies has
allegedly been exploited because there isn't a single, unified body that could have governed
the online space with its strict and stringent regulations. The new era comes with several
drawbacks, including concerns about security and privacy as well as new threats to privacy
and its protection. Knowing the laws of different nations is essential to comprehending the
legal and techno-legal challenges of privacy, data privacy, and data protection in e-
commerce. The U.K.'s Data Protection Act of 1998 lays out the requirements for data
controllers, the transfer of personal data, and data protection. Right to Privacy is viewed as
an independent concept by some Authors as this concept of Privacy made first appearance in
America law as a tort, a civil suit for damages or an injunction to protect against an
unwarranted invasion by others of the vague "right to be let alone”. Privacy Commissioner
for Personal Data of Honking has incorporated six data protection principles aiming to
protect the privacy of individuals in relation to their personal data and this ordinance was
viewed as a cornerstone in the creation of a new culture in carrying out and in handling of
personal data during their whole life cycle from their collection to their destruction. In the age
of information some Author viewed the massive collections of data stored on disparate
structures as unfortunate as it created initial chaos and led to the creation of structured
databases and database management systems (DBMS).

In Countries like U.K., apart from the legal issue, other techno-legal issues were also
discovered like that of Cookies in e-Privacy Directive. Difficulty in defining the term
‘Privacy’ among all the Human Rights has been identified in the international catalogue. Data
protection has been no longer just a Privacy right, as data have also become an economic
good, which means it also is property. The issues of the ‘traffic data’ are also crucial in such a
scenario as this can be used against the person and can lead to make assumptions about what
type of person is he and what advertising might be of his interest. the person in internet is
paying for the information he wants to collect but the privacy intruders are using his money
for their economic benefits while using his traffic data for the collections of his liking and
disliking to sale whatever they want. (Access International). Another issue is privacy
protection laws which are different in different countries. The difference in laws becomes
more problematic in cross border disputes. Hence this raises complication in privacy
compliance processes. The Author around the globe is also concerned with the regulatory
issues and legal questions that have alarmed the online activity due to growth of increased
internet and its boundary-less activities. Some Authors view privacy and security as still
ongoing research problems and regards tackling of privacy, as a difficult matter. Issues like
jurisdictional conflicts involving States, private actors, and regulatory agencies in the global
economy has been highlighted to be interconnected and regarded the internet as ubiquitous.
States also frequently assert their jurisdiction over conduct occurring outside their own
territory, particularly about conduct on the Internet. Reserve Bank of India introduced
guidelines governing internet banking, confidentiality, antimony laundering and know-your-
customer norms, which may have prompted customers to move towards the e-platform, albeit
with some concerns with respect to the privacy and security of their banking transactions.

To understand the concept of Privacy some Author finds that having a neutral concept of
privacy will enable to identify when a loss of privacy has occurred so that discussions of
privacy and claims of privacy can be intelligible. And secondly thinks that privacy must have
coherence as a value, for claims of legal protection of privacy and lastly states that privacy
must be a concept useful in legal contexts, a concept that will enable to identify those
occasions calling for legal protection, because the law does not interfere to protect against
every un- desirable event. The Protection of Privacy Rights from Government Action in
eCommerce is required as well as there is a need for proper recognition of the problems
relating to acknowledgement issue in e-Commerce and the concern is much more in America
with regard to online tools, where the Americans has expressed a consistent lack of
confidence about the security of everyday communication channels and the organizations that
control them and they exhibited a deep lack of faith in organizations of all kinds, public or
private, in protecting the personal information they collect.

Justice K. S. Pettaway (Retd.) v. Union of India 3 is a landmark case that started in 2015 with
several petitions contesting the constitutionality of mandatory Aadhar use for access to social
welfare programs (including subsidy disbursal). The right to privacy became the most
disputed aspect of the case before the three-judge panel deciding the validity of the Aadhar.
Since it was necessary to decide on the right to privacy before deciding on the Aadhar, the
matter was referred to the Chief Justice of India, who then formed a bench of nine judges to
resolve the ambiguity surrounding the essence of the right to privacy.

As a result of the work done in the landmark Pettaway case, the right to privacy is now a part
of the Fundamental Right. The ruling highlights the importance of having a data protection
law and the principle of consent and informational privacy in the age of the big brother trend.
The State has a concomitant obligation to define and protect data and privacy. Protecting data
will not only protect privacy but also help to safeguard individuals' autonomy.

The Internet's Blanket of Social Transformation

At the outset, the term "social transformation" is commonly understood to be brought about
by industrialisation and urbanisation, along with other factors like education and marriage.
The impact of the internet on the social front, particularly in e-commerce, is rarely discussed
at a mass level, even though the internet is largely responsible for the paradigm shift in the
current social structure. As the internet enters this century, concerns about privacy, data
protection, and the choice of law and jurisdiction must be addressed right away.

Human beings and conflict are unavoidable in a society; no social change can occur without
conflict. One of the most notable social changes is the impact of technology on people's lives;
technology has influenced society in many ways, and this change has obviously had an
impact on people's privacy and data protection, not just in India but also in other nations.

Since the advent of the internet, people's lives have undergone significant change, leaving
numerous unanswered questions as well as legal and techno-legal concerns around privacy
and data protection in eCommerce. This paper mostly focusses on the problems caused by

3
(2015) 8 SCC 735.
the internet in the e-commerce platform regarding jurisdiction and choice of law in the
context of societal change in the technological genre.

Without a doubt, technology has made people's lives much more comfortable, but this
comfort comes at a cost, and that cost can be paid in a variety of ways, including in the form
of data and privacy. The internet has no boundaries, but the court must exercise its
jurisdiction within reasonable bounds. Because of this mindset, lawmakers have been
compelled to create laws that address privacy, data protection, choice of law, and jurisdiction.

The most prominent social transformation can be seen to have taken place only after the
dawn of the internet. A lot of research gaps have been found during perusal of the available
literatures. The most significant discovery is, there is not a single legal definition of the term
‘privacy’ and ‘data privacy.4 Indian laws are not comprehensive but scattered. Our legal
system still needs a complete law to deal with the issues of privacy and data protection along
with the issues of cybercrimes and the issues of choice of law and jurisdiction. Apart from
coming up with the comprehensive laws to tackle the highlighted issues, the need of the hour
is to educate the people about the pros and cons of the internet. There should be a sensitizing
programme in the social institution including every government and private institutions,
colleges as well as schools. Only few people are aware of their privacy rights and the
importance about their data. Only few people value and protect them against third person.
Majority of the society don’t know what privacy is and why it is to be protected. In the
absence of such awareness, framing of a law would serve only half of the purpose.

1.2. STATEMENT OF PROBLEM

The swift development of digital technology has produced a complicated legal environment
in which cybersecurity issues continuously threaten the right to privacy guaranteed by Article
21 of the Indian Constitution. As more and more people conduct business online and
communicate digitally, protecting personal information has become crucial.

Users in India are at danger for data breaches, identity theft, and financial fraud due to the
lack of a comprehensive legal framework for privacy and the disjointed deployment of
cybersecurity measures. Emerging risks posed by artificial intelligence, big data analytics,

4
Dr. R. VENKATA RAO &Dr. T.V. SUBBA RAO, eds., A PUBLIC DISCOURSE ON PRIVACY-An
ANALYSIS OF Justice K.S. Puttaswamy v Union of India” , 52
and surveillance technologies are not adequately addressed by the Information Technology
Act, 2000, despite the fact that it offers some protections.

The matter is made more difficult by the conflict between national security and privacy
rights. Companies and governments frequently use cybersecurity, counterterrorism, and fraud
prevention as justifications for data surveillance and retention practices. However, this
violates a person's fundamental right to privacy by raising questions about state overreach,
lack of permission, and potential exploitation of personal data.

Because data protection regulations differ around the world and are hard to enforce,
jurisdictional issues in cross-border data transactions add even another level of complication.
There has never been a greater need for unified global privacy standards.

In addition to evaluating the suitability of India's current legal system, this study aims to
evaluate the tension between privacy and cybersecurity and offer suggestions for balancing
digital security while maintaining fundamental rights under Article 21. It seeks to support
current debates on ethical data governance, privacy legislation reform, and the function of
international collaboration in creating a unified legal approach.

1.3. AIMS AND OBJECTIVES

1. To analyse the scope of privacy under Article 21 in the context of digital

advancements and cybersecurity challenges.
2. To assess the effectiveness of existing Indian laws, such as the Information
Technology Act, 2000, in safeguarding digital privacy.
3. To examine the conflict between privacy rights and cybersecurity measures,
particularly in cases of state surveillance and data protection policies.
4. To explore global best practices and international data protection frameworks to
identify potential reforms for India’s legal framework.
5. To propose recommendations for a balanced approach that ensures strong
cybersecurity measures while upholding fundamental privacy rights.

1.4. HYPOTHESIS

1. The right to privacy has continuously evolved since its recognition, with its
dimensions expanding and shifting over time. These changes have accelerated
 significantly with technological advancements, particularly due to the rise of
multimedia and digitalisation.

2. Initially, the right to privacy was understood in a more traditional sense, but over time
it has grown into a multi-faceted right. It is now recognized not only as a fundamental
human right at the international level, but also within regional and national legal
frameworks. This broadening of the concept reflects the increasing complexities of
privacy concerns in the modern era, influenced by advancements in technology and
the digital landscape.

1.5. RESEARCH QUESTIONS

1. How does the right to privacy under Article 21 apply to digital interactions and data
security?
2. What are the key privacy risks and cybersecurity threats in India’s digital landscape?
3. How effective are India’s current legal frameworks in addressing digital privacy
concerns?
4. What lessons can India learn from global data protection laws, such as the GDPR, to
improve its own policies?
5. How can privacy and cybersecurity be balanced in a way that safeguards both
individual rights and national security?

1.6. REVIEW OF LITERATURE

J.A.L. Sterling5, Chapter 23 of this book, titled "WIPO Copyright Treaty," discusses the rise
of digital technology in the late 1990s and its impact on copyright law, highlighting the
challenges posed by the digital revolution. As online content became increasingly vulnerable,
the international community shifted its focus towards strengthening its protection.
Responding to global concerns, WIPO convened expert committees in 1991 to examine
issues related to digital technology. These committees were tasked with drafting a possible
amendment to the Berne Convention and developing a new international framework for
safeguarding online content. The WIPO Copyright Treaty (WCT) and the WIPO

5
J.A.L. Sterling, World Copyright Law, 879 (Sweet and Maxwell, London,2008)
Performances and Phonograms Treaty (WPPT) acknowledged the necessity of enforcing
protective measures through legislative mechanisms.

Lionel Bently and Brad Sherman6 Chapter eight of the book, titled "Infringement,"
explores technological systems for protection. Technological protection measures refer to any
technology, device, or component designed to prevent or restrict unauthorised use of works
or other protected content. A protection measure is considered effective when the right holder
controls access to the protected work through mechanisms such as encryption, scrambling, or
other modifications, as well as copy control systems that enforce security. The chapter also
examines Article 6 of the EU Information Society Directive, which defines key terms such as
infringement, circumvention, and effective protection.

1.7. RESEARCH METHODOLOGY

Research is defined as a systematic process that involves identifying a problem, formulating a

hypothesis, gathering data, analyzing that data, and ultimately arriving at a conclusion—
whether that conclusion offers a practical solution to the issue or contributes to theoretical
understanding. This study is based on data collected through observation and investigation
from various sources.

Since this research is not derived from empirical experimentation, the focus has been placed
on India, the United Kingdom, the United States, and international organizations such as the
United Nations. The analysis draws on materials gathered from multiple sources,
predominantly including debates from the Constituent Assembly, reports from the Law
Commission, international conventions, and the declarations and recommendations of various
conferences and committees.

To support this investigation, a review of diverse literature—comprising books by both

Indian and international authors, as well as several judgments rendered by the Supreme Court
and High Courts of India—will be undertaken. Constitutional provisions, along with relevant
statutory laws, will be critically examined. Additionally, legislative materials such as
subordinate legislation, notifications, and policies will be reviewed.

This doctrinal research incorporates references to American, British, and international law, as
well as the contributions of prominent Western scholars who have shaped the conceptual
6
Lionel Bently and Brad Sherman, Intellectual Property Law, 189 (Oxford University Press, New York 2011).
foundation of privacy. Various secondary sources—including books, articles, case
commentaries, encyclopedias, dictionaries, and newspapers—were consulted throughout the
course of the study.

The scope of the research is limited to the legal dimensions concerning the right to privacy
and the existing legal framework governing it. All the data used in this study is secondary
data.

1.8. METHOD OF DATA COLLECTION FOR NON EMPIRICAL AND MPIRICAL

STUDY

The suggested research project is empirical, exploratory, and analytical in character.

The study involved examining a variety of sources that included privacy-related provisions
from international instruments of human rights, conventions, national legislation, reports,
essays, judicial precedents, and constitutions. The privacy practices of Google, Facebook,
Twitter, and their subsidiaries' social networking sites and applications have been examined.
In the context of social media, the doctrinal approach has been utilised to investigate the idea
of privacy as a human right in the digital age. The research study made use of both primary
and secondary data. Information for empirical studies has been gathered via both face-to-face
interactions and online communication. The technique of random sampling has been applied
to the data collection.

1.9. SCOPE AND LIMITATION OF THE STUDY

● Citizens' lack of understanding or awareness of their right to privacy.

● More often than not, a person's right to privacy has been infringed without their
knowledge.
● Reluctance to disclose information, particularly when using internal technology for
study.
● The constitutional perspective is used in the study. The research materials are limited
to the literature on legislation.
● Limited availability of research data.

1.10. SIGNIFICANCE OF THE STUDY

A universal and unambiguous framework for promoting and defending the right to privacy is
provided by international human rights law. This framework applies to situations involving
both domestic and extraterritorial surveillance, digital communication interception, and the
gathering of personal data. The goal of this project is to improve our current understanding of
the growing privacy concerns in the digital era. This study aims to strengthen the human
rights approach in protecting and promoting social media users' privacy in India.

1.11. TENTATIVE CHAPTERIZATION

CHAPTER I: INTRODUCTION

Explores the meaning, definitions, importance, and functions of privacy.

CHAPTER II: DEVELOPMENT OF THE CONCEPT OF PRIVACY: A

JURISPRUDENTIAL ASPECT

Traces the evolution of legal jurisprudence on the concept of privacy from Ancient, through
Medieval, to Modern times.

CHAPTER III: CONSTITUTIONAL AND LEGAL SET UP OF RIGHT TO

PRIVACY

Here the researcher has discussed the constitutional prespective of the right of the privacy.
Also Examines how privacy has developed as a human right and its protection under the
constitution.

CHAPTER IV: NATIONAL AND INTERNATIONAL DIRECTIVES RELATED TO

THE RIGHT TO PRIVACY IN THE U.K., U.S.A., AND INDIA

Studies the legal frameworks and directives concerning the right to privacy in the United
Kingdom, United States, and India.

CHAPTER V: ROLE OF THE JUDICIARY IN INDIA FOR THE DEVELOPMENT

OF THE RIGHT TO PRIVACY

Provides an overview of the judicial pronouncements of the Supreme Court of India related to
privacy.
CHAPTER VI: DATA PRIVACY AND INFORMATION TECHNOLOGY
HISTORICIZING RIGHT TO WORSHIP

This chapter provides meaning of concept of digitalization, social media, their impact and
threat to privacy

CHAPTER VII: CONCLUSION AND SUGGESTIONS

 CHAPTER II

DEVELOPMENT OF THE CONCEPT OF PRIVACY: A

JURISPRUDENTIAL ASPECT

2.1 MEANING OF PRIVACY

In general, privacy refers to the freedom from interruption or intrusion and the right to be left
alone. The right to some control over the collection and use of your personal information is
known as information privacy.

Most likely, privacy needs date back to the beginning of humans. Man will always need
privacy to express his artistic inspirations. In order to paint stories of the hunt, the cave artists
required some alone time. When Archimedes realized his renowned Principle, he was lying in
solitude in his bathtub. Artists, poets, writers, creative geniuses, philosophers, and savants
have all found their most inspirational moments in privacy throughout history. Circumstantial
Right to Privacy have been drawn around the person, the family, the neighborhood, the state,
and the greater community by increasingly civilized cultures. The private area that surrounds
the individual is, fundamentally, the cornerstone of the privacy superstructure, regardless of
the number of qualities, layers, or clusters that may surround and identify the types and levels
of privacy. It is this fundamental space that establishes whether or not a person is truly free to
enjoy his solitude with dignity, regardless of how big or small, real or virtual, inside the body
or in the mind, mental or physical. Privacy is the creative is real or virtual that surrounds an
individual and that, normally, is left up to them to share or access. People typically view their
own concerns about their privacy, dignity, and liberty as increasing rings that are less and less
important. As a result, people perceive state-imposed norms as threats to their privacy since
they infringe on the privacy rings that are closest to them. People often regard their own
concerns for privacy, dignity, and liberty as growing rings that are less and less important. As
a result, people view state-imposed norms as a threat to their privacy since they intrude on the
privacy rings that are closest to them. The further apart these rings are, the easier it is for the
State to create and enforce laws that won't upset people's equilibrium or lead to legal
challenges to those laws. Thus, in democratic regimes, a person would neither comprehend
nor object to the State's incursion into personal areas that are too remote to challenge his
judgement.
2.2 PRIVACY IN INDIAN CULTURE

Privacy is not a state of maintaining secrecy. Rather it is defined as “the state of being alone
and not watched or disturbed by other people" or “the state of being free from the attention of
the public". It is important to consider India's demographics in order to see why privacy is not
as important in this nation. India has a rich history of diversity, which extends beyond its
topography, states, and physical environment to include customs, cuisine, dress, languages,
dialects, writing systems, conduct, caste, and religion. "Every two miles the water changes,
every four miles the speech," as the saying goes.

As per the Census of India 2011, out of the 1.3 billion Indians, 68.84% reside in rural areas.
The same census states that 67.77% of these rural residents are literate; the remaining people
are illiterate and ignorant, making up India's oral civilization. According to government
numbers, which may have a biassed method of evaluating literacy rates and frequently
include those who lack functional literacy, as much as 27.01% of India's population is
thought to be illiterate overall. The majority of people who are deemed illiterate or
uneducated, meanwhile, are undoubtedly impoverished, live in remote or tribal areas of the
nation, or come from underdeveloped areas. India has a high rate of mobile penetration; in
October 2016, mobile subscriptions there surpassed 1.1 billion. This is partly due to the fact
that a cell phone enables instantaneous, oral communication, eliminating the need for written
messages or the assistance of a third party.7

India's culture has never viewed information or conversation as "private." In India, where
practically every aspect of a person's life is exposed to, entwined with, and dependent upon a
family, a group, a village, or a society, there is also a dearth of knowledge on private lives.
The idea of privacy has never been easily understood in a world where personal preferences
are ignored and family members share a space. For this reason, "security" has always been
associated with wealth and "privacy" with extra valance. A lack of awareness exists regarding
the boundaries between personal and private domains, to the point where different kinds of
private and personal conversations are held at communal events across the nation. In India,
community people frequently share their opinions on a family's private concern during a
Panchayat or Kangaroo court meeting in a public setting. In India, cultural customs and
traditions are sufficiently ingrained that they supersede individual autonomy and decision-
making. India, in contrast to the US, which is an individualist society with a higher
7
Mainstream Weekly, Vol LV No. 37 dated 2 September, 2017
Individualism Index (IDV) and a lower Power Distance Index (PDI), is a collectivist society
with a lower Individualism Index (IDV) and a higher PDI, claim Hofstede. Researchers like
Hofstede have demonstrated that people in collectivist society are more likely than those in
individualist ones to exhibit faith and trust in other people.

Laws prohibiting discrimination based on caste and creed have not proven to be very helpful
because caste and creed are deeply ingrained in Indian culture. Although caste and creed are
private identities, there is little opportunity or discretion to maintain them private in India. In
Indian villages and towns, traditionally, communities have been split up according to
customary vocations. A person's caste and religion are directly related to these professions.
Therefore, in smaller towns and villages where employment has not diversified as much as in
larger areas, these identities are typically known to the general public. Many are aware of the
segregation and few object to it. When someone is asked for their name in places like Uttar
Pradesh or Bihar, just stating their first name is insufficient. It is a person's last name that
indicates their caste and religion.8

In addition, Indians are known for meddling in the affairs of others. It's ironic that we don't
even view requesting private information as "interference" or "breach of privacy." In India,
arranged marriages a notion unfamiliar to Westerners remain prevalent. If the infringement
on personal space isn't enough, people in the community also want to know how much
money is spent on weddings, when a couple plans to have children, and if not, why not.
Indian children are not trained to close their bedroom doors, not even at night. Unless you're
changing clothes, closing your door is generally regarded as a sign of secrecy rather than
privacy in Indian homes, whether rural and urban.

India is a country where most marriages are arranged between two families rather than
between two individuals. This practice is prevalent even in the most affluent and
cosmopolitan cities, where a person's marriage is not decided upon on their own but rather
after consultation and approval from their immediate and extended families, as well as
frequently from the community and village. People in the community select who should
marry, how much a wedding costs, when a couple plans to have children, and why a couple
chooses not to have children. This intrusion into personal space is unacceptable. And from a
very young age, this interference into one's private life begins.

8
India. Stakeholder Report, Universal Periodic Review, 27th Session on “The Right to Privacy in India”.
The right to privacy and the digital revolution are converging in our culture. India is moving
towards digital media, however the cultural background of the country makes it difficult to
comprehend and uphold privacy as a fundamental right to life and liberty. Indians must
realize that privacy is about not hiding things from others, but about showing things to them
that are necessary.

2.3 THE EVOLUTION OF PRIVACY

"Privacy" is the reasonable assumption that one's personal information shared in a private
setting won't be revealed to outside parties if doing so would make one appear
embarrassingly sensitive to ordinary people. Courts and legislators have recognized areas
(like houses) where people can expect privacy through case law and statutes, respectively.
Furthermore, statutes usually contain both criminal and civil consequences for invasions of
privacy. If people kept their personal information to themselves and conducted their activities
in their homes or other reasonably expected private spaces, there would be no need for these
and other privacy regulations. Nonetheless, there are several reasons why people divulge
personal information. For example:9

By disclosing our identities, residences, social security numbers, work histories, and financial
worth, we can apply for welfare, mortgages, or credit cards.

In order to find comfort, we divulge some of the most personal information about ourselves
to clergy, doctors, and attorneys; and

To uphold social order, we consent to or anticipate surveillance.

Any conversation about privacy should focus primarily on how to balance the conflict
between privacy, disclosure, and surveillance while upholding democracy and civility and
taking into account shifting political environments, economic situations, social ideals, and
technological advancements. The media's assertion of First Amendment rights to obtain
material that appears to be private and exempt from disclosure is at the heart of the
controversy.

The word "privacy" is not used in the Connecticut constitution, but it is modelled after the
federal constitution, which is interpreted to protect privacy, in terms of its protections against
arbitrary searches and seizures, forced testimony, and self-incrimination, as well as its
9
B.F. WRIGHT, THE GROWTH OF AMERICAN CONSTITUTIONAL LAW 200-08 (1942), § 8-7, at 58o-8I
guarantees of freedom of association and religion. However, the right to privacy stemming
from tort law only protects against the actions of private individuals; the constitution guards
against actions by the government. In an article titled The Right to private, 4 Harvard L.R.
193 (1890), Samuel Warren and Louis Brandeis outlined the tort law right to be free from
invasions of private. The right to privacy in this article is defined as the right to privacy
protection. It took more than fifty years for the Restatement of Torts to codify the
fundamentals of privacy laws. One of the arguments put out for the delay in acknowledging
privacy as a fundamental right is the novelty of the technology involved in increasingly
intrusive forms of invasion, such as computers, video cameras, and tiny listening devices.
Four different types of invasions are covered by the privacy principles: (1) invasion of
privacy, both physical and mental; (2) public exposure of personal information; (3) publicity
that presents an individual in an unfavorable light; and (4) misappropriation of an individual's
name or appearance.10

The United States government established an advisory committee inside the Department of
Health, Education, and Welfare (HEW) in the 1970s in response to concerns raised about the
growing automation of data processing.

2.4 TYPES OF PRIVACY

2.4.1. PRIVACY OF THE INDIVIDUAL

Individual privacy can be compared to physical autonomy. The concept of "body autonomy"
refers to the control you have over your body and who can access it. This extends beyond
attack, for instance. It is obvious that having someone else attack you violates your right to
bodily autonomy. However, physical autonomy can be demonstrated by educating a
youngster that they have the right to refuse to be touched by someone. Just because you
recommend they embrace Aunt Mable doesn't mean they have to let anyone touch them if it
makes them uncomfortable.

Meanwhile, private privacy can also include thought ownership. Recent developments in
neurological illness research have sparked discussions regarding the significance of reframing
mental privacy within the context of clinical research, as well as the real-world implications.

10
M.C. Pramodan, “Right to Privacy” 14 CULR 6 (1990)
2.4.2. PRIVACY OF COMMUNICATION

This tenet is straight forward. We presume that when we send a communication, whether by
snail mail, email, phone, or text message, it will not be intercepted at will. While wiretaps can
and do occur, formal requests must be made in writing and approved by other controlling
individuals or groups before they are carried out.

Similarly, the content you send can also be considered protected information. For example, in
the United States, the Health Insurance Portability and Accountability Act (HIPAA) specifies
the safeguards that health care and health-related organizations, such as insurers, must take
while transmitting communications containing patient information. 11 The average person can
prevent prying eyes from intercepting and gathering personally identifiable information, such
as social security numbers or banking details, by installing a virtual private network (VPN)
for their home internet network or using end-to-end encryption texting (think WhatsApp or
KaKaoTalk).

2.4.3. PRIVACY OF COMMERCIAL

It encompasses a broad range of regulations designed to protect trade secrets, patents,

copyrights, trademarks, private business information, and other private and confidential
assets. In contrast to physical privacy, sensitive data privacy, and familial privacy,
commercial privacy does not directly affect an individual. Moreover, issues pertaining to
economic privacy are typically handled by commercial or mercantile laws rather than being
treated as fundamental rights issues very often, if at all.

2.4.4. PRIVACY OF PERSONAL DATA

This is the privacy principle that affects businesses the most directly. Individuals have a right
to know how websites and other public areas are using or even collecting their personal
information. Similarly, companies are required by law to disclose what information (if any)
they gather, whether they share it, and how they use it. Regulating organizations are clamping
down on the acquisition of data for commercial advantage, as evidenced by laws like
California's CCPA and the European Union's GDPR.

11
HM Seervai, The Constitutional Law in India : A Critical Commentary 43 (Central book publication, New
Delhi, 2003)
Several countries and jurisdictions in the United jurisdictions go one step further and mandate
that companies offer a way for customers to choose not to have their data gathered or shared.
More significantly, companies must have procedures in place to abide by these rules or risk
paying steep fines.

2.4.5. PRIVACY OF BEHAVIOR AND ACTION

Privacy of action and behavior relates to our freedom of speech on certain issues like politics,
religion, and even sexual orientation. This specific privacy principle most closely
corresponds with the Civil Rights Act, the Bill of Rights, and the Declaration of
Independence.
As a country, we believe that everyone has the freedom to practice their faith as they see fit,
without interference. People also cannot face discrimination or marginalization due to their
sexual orientation or political affiliation.

Nevertheless, in a similar spirit, someone has the freedom to withhold this knowledge
without worrying about consequences or negative feedback. Keep in mind that since any of
the aforementioned can be used for ad targeting, this kind of information may also be covered
by data privacy rules.

2.4.6. PRIVACY OF ASSOCIATION

Lastly, the ability to communicate or make friends with whoever you choose without fear of
repercussions is known as the privacy of association. To put it briefly, you shouldn't be
evaluated based on the company you keep. This is true in theory as they say, we shouldn't
judge a book by its cover.

However, regardless of how you feel about it, we are all aware that the people you surround
yourself with unfortunately reflect you. You will not be preferred as a candidate for a job,
while applying to schools, or even to rent a condo with a tight review board if you are
connected to people or organizations that have a terrible reputation. Similarly, if a large
number of your pals have criminal records, you may find yourself in close proximity to police
authorities in the event that any of these individuals commits a crime.

2.5 PRIVACY AS AUTONOM: THE RIGHT TO BE LET ALONE

Effective or meaningful individual agency or autonomy can be broadly defined as the ability
(together with the required opportunities) to live a meaningfully self-authored life free from
unwarranted or inappropriate dissatisfaction on the part of others. This situation does not
really concern the exact definition or wording of the term "meaningful autonomy." My
argument is that this kind of thinking is more about degree than it is about on/off.
Establishing the frameworks necessary to promote meaningful autonomy should be a primary
goal of social policy and the law. Concretely speaking, meaningful autonomy is about having
the opportunity to make the decisions one truly wants to make, not about having the greatest
possible abstract freedom of choice.12

It is common for improving one person's effective autonomy to negatively impact another
person's. Conflicts will inevitably arise. One individual's effective autonomy, for example,
will typically be enhanced by a legal arrangement that makes her extremely wealthy, even
though this frequently results in one person being less wealthy, which will limit the effective
autonomy of the other person. A bank account or piece of land that is recognized as
belonging to one of the two claimants will usually let the winner live a more independent life
while having the reverse effect on the losing claimant.

International law has a strong foundation for the right to privacy. The Universal Declaration
of Human Rights contains the core legal doctrine of privacy. No one shall be the victim of
arbitrary interference with his family, home, or correspondence, or of attacks upon his honor
and reputation, according to Article 12 of the UDHR. Everyone is entitled to the protection of
the law from these kinds of intrusions and attacks." The first people to methodically establish
a legal right to privacy were Samuel Warren and Louis Brandeis, who described it as
basically the ability to shield one's "inviolate personality" from invasion or unwelcome
disclosure. They were essentially advocating for the "right to be let alone." Based on the Bill
of Rights' implicit protection of autonomy and free choice as well as its explicit protection
against government intrusion into one's home and personal belongings, Brandeis' idea of
privacy finally became established constitutional law, at least with regard to state incursions.

Common law tort claims emerged to provide protection against similar unjustified intrusions
by private parties. Basically, the question became whether the victim had a "reasonable
expectation of privacy" and if the other party or government agency had invaded it without
cause. Physical or geographical privacy and decisional privacy have emerged as two
12
N Pandey, Constitutional Law of India 92 (Central Law Agency, New Delhi, 200
significant sub branches. There is robust protection for the privacy of physical objects or
spaces. The Court has severely curtailed the government's power to surreptitiously access
individual citizens' "reasonable expectation of privacy" over their person and property. Via
privacy tort claims, physical privacy is also strongly shielded from private invasion. Even
though public individuals have primarily employed torts to shield their private lives from
egregious intrusions, ordinary people are also protected from particularly egregious
intrusions. Lastly, the majority of states have statutes that safeguard particular physical
privacy rights. For example, California forbids two-way mirrors, while New York forbids
hidden cameras in restrooms and hotel rooms.13

The evolution of the right to privacy has served to safeguard people's freedom to do as they
want and to experience as they please. Anonymity falls within the general concept of privacy.
Even though a vandal breaks a window, nobody may be able to identify them. A charitable
donation or an unsigned or pseudonymous email can be sent. A protected right may be
involved in anonymity, such as when political messages are sent. Alternatively, it could just
be an actual situation brought about by happenstance or stealth. The former is depicted with
unsigned graffiti, whereas the latter shows faceless people in a mob. With regard to
information technology, the differences between privacy and anonymity are evident. Sending
an encrypted email to a different recipient is equivalent to maintaining privacy. Being able to
transmit an email with its contents in a clear, readable manner while removing any
information that would allow the recipient to identify the sender is associated with
anonymity. When a message's contents are in doubt, privacy matters, but when a message's
authorship is in doubt, anonymity matters. Context-specific expectations for privacy (as well
as real privacy outside of the rules) can include sending identify and/or content.

2.6. WHAT DOES PRIVACY ENTAIL?

In the age of computers, privacy stands as one of the most significant civil rights. Being
private is all about integrity, honor, independence, and self-possession. There are several
contemporary risks to our privacy posed by new technologies. Privacy is a significant
concern. Consider a world in which all of your movements are captured on camera. Many
people don't think their privacy is important, and many of them believe they have nothing to
conceal. However, concealing information is not the only use of privacy, and this is where
issues arise. Personal privacy is unquestionably under attack, and privacy is fundamentally
13
Goel, Right To Privacy In India: Concept & Evaluation 26 (Partridge India, New Delhi, 201
about the power of the individual. As we all know now, environmental preservation is
essential to economic growth. Instead, the privacy issue is comparable to the environmental
issue in the 1950s and 1960s, when proponents of large enterprise argued that a poor
environment was a necessary trade-off for raising living standards.

We all live in a computerized environment these days, and our everyday activities involve
electronics. As a result, the impact of data collection in big databases has increased. A large
portion of the data is accessible online and frequently exhibits cross-correlation. It is possible
for a data shadow to form when we use the Internet. Spyware and cookies are frequently used
to generate a data shadow when browsing or utilizing P2P software. A lot of these databases
are for profit, and the data within can be sold to other parties or used for the original purpose.
Though there is still concern about databases holding personal information being violated
because people with the technical know-how to hack computers might gain access to it. An
even more significant effect of using big databases is that it is now easier to collect and
correlate data to build an identity profile of an individual. Sometimes the data collected on us
is inaccurate, which can cause serious issues and have unfavorable effects on the target.

2.7. INFORMATIONAL PRIVACY

The concept of informational privacy is new. The traditional concept of the right to privacy is
expanding to include new dimensions such as informational privacy and data privacy, thanks
to the development of technology and the internet. With the use of technology, a person can,
consciously or unknowingly, create both personal and non-personal information about
themselves online. An individual's claim to control the terms under which personal
information, or information identifiable to the individual, is acquired, released, and utilized is
known as information privacy, according to the IITF Principle of the United States. Westin
asserts that "the individual has the entire authority regarding the disposal of personal
information as part of his privacy right." The right of individuals, organizations, or groups to
decide for themselves when, how, and how much information about them is shared with
others is known as privacy, the author continues. This assertion may find support in social
programs or in the individual autonomy principles found in the constitution.14

Informational privacy, sometimes known as data privacy, is the interaction between

technology, technology-related legal and political concerns, and the collection and sharing of
14
Rakesh Chandra , Right to Privacy In India With Reference to Information Technology 98 ( YS Book
International, New Delhi, 2017)
data. It includes details that connect a single individual with historical events, background
knowledge, or other data. Informational privacy rights are contingent upon whether the
subject matter pertains to "personal information" or non-personal information, as nonpersonal
information of any kind cannot assert a right to privacy. First, let us assess what is meant by
the word "personal information," followed by "non-personal information."

"Personal" in this context does not imply extremely sensitive. Instead, it describes the
relationship that exists between a human and the information that is, how an individual may
be identified by the information, regardless of how sensitive or unimportant it may be. A
person owns the personal information that they supply and explain to society as a means of
identification based on their own interests. The biometric status of the person, such as their
sex, height, weight, blood type, fingerprint, retinal pattern, DNA, or overall health, may be
included in this data. It may pertain to personal information like date of birth, marital status,
sexual orientation, immigration status, criminal record, or educational qualifications. It may
also reveal social ties like affiliation with political and religious groups. Records that are
more discrete and show a person's fleeting behaviors are included in the descriptive data. For
instance, it includes data about the digital footprints of certain people who visit a certain
online business at a specific time to buy a specific item. Cyberspace is commonly used for
undercover monitoring to gather such data.

Lastly, information not covered by the first two categories may nonetheless be considered
personal if it relates to a service or good that the person uses or is given with in order to
establish their institutional identity. Examples of such services include guarded access. These
kinds of details typically have no past connection to the person. UIDAI is the most exemplary
example. The Aadhaar number is not created or authored by the individual. It does not
characterize the person's behavior or state of affairs, other than being associated with them
for record-keeping purposes by the federal government. Confidential36 bits of information,
including as network login passwords and automatic account activation codes, are included in
this category of personal data. Information does not qualify as personal information and loses
private importance if it is not connected to a specific person, as stated in the concept of
privacy. Three things account for this:

● Firstly, it's possible that the data does not pertain to a specific human being.
Consequently, there are no privacy issues because it is not personal information.
 ● Secondly, even while the information is about a certain person, it might not be
recognizable to that particular person due to anonymization. For instance, answers,
opinions, and other information provided by the individual in the questionnaire will
be regarded as information provided by the individual; but, as the information is
anonymous, there is no risk to the individual's privacy.
● Third, the information that is directly recognizable to a group and only indirectly
identifiable to the individuals that make up that group, even if it is about individuals
and is not anonymized. According to one reading of the privacy definition, the data is
not personal and falls beyond the purview of privacy because it is directly related to
the group and not the people who make up the group. However, this feels rather
formal. Since the information is about the group and pertains to every member of the
group, it also relates to every individual, making it that person's personal
information.15

The researcher believes that the type of information determines what we consider to be
"personal." A corporation, for instance, has privacy interests. As a legal body, a company has
an identity of its own, but it also has an obligation to preserve the identities of the individuals
that comprise the corporation. This indicates that while the corporate has its own privacy, it is
equally constrained by the privacy of those who work for it. Therefore, information about
taxes paid by those who work for the company or are shareholders in it is private information
that the firm is not allowed to use or reveal without the consent of those who provide it.

Since societal and individual profiling, as well as the gathering of sensitive data, may lead to
discrimination, privacy should be seen as "the protection of life choices against any form of
public control and social stigma"16. Allowing informational privacy as a component of
privacy is made possible by the fact that information flow includes both "inbound" and
"outbound" data, which can be accessed by anybody exercising their "right to know." "The
right to keep control over one's information and determine the manner of building up one's
own private sphere" is the last emphasis of this, which is data privacy.

2.8. THE PRIVACY PANIC CYCLE

Humans prefer to embrace the status quo and be afraid of the unfamiliar. While most people
are ready to give up privacy in exchange for other priorities like convenience or cost-
15
Ibid
16
“Claiming Human Rights”, National Commission for UNESCO
effectiveness, other people are not. The few people that privacy expert Alan Westin refers to
as privacy fundamentalists frequently respond instinctively to new technology because they
worry that their privacy will be compromised. When a portion of the public fears or mistrusts
the decisions made by others and feels that these decisions could endanger society as a whole,
it is known as a "mass moral panic." Even while techno-panics are eventually overcame by
society, they can severely impede the advancement of technology and have a real cost to it.

Regretfully, the cycle of fear and anxiety surrounding privacy may be harmful to creativity.
Initially, unjustified privacy concerns have the potential to impede the adoption of
advantageous new technology by causing customer anxiety. Moreover, excessive concerns
about privacy may result in poorly thought out legislative reactions that intentionally obstruct
or insufficiently support potentially useful technologies. On the other hand, as more
individuals utilize the technology, public awareness and appreciation of it increase and
concerns decrease. The public's anxiety over technology gradually wanes as a result of most
users realizing their concerns were unfounded, adjusting their technology usage according to
societal standards, or just accepting the compromises because the advantages of the
technology far exceed the drawbacks.