Guardians Of Virtual Realm: Navigating Cyber Laws And Safeguarding Data Privacy For Silenced Voices
When we speak of cyber frauds, the first thing which strikes our mind is cyber laws, throughout the time these laws have protected us from various cyber frauds but on many instances, we have seen that some people have suffered the wrath of cybercrimes.
It is essential to examine various cyber laws, nature and extent of cybercrimes committed against individuals. To deal with this a series of laws has been formulated. The first cyber law dates back to 2000 which had been adjusted with time. The latest one is the Digital Data Protection Act of 2023. This act was originally introduced in Parliament as the Personal Data Protection Bill in 2019, it underwent extensive review by a parliamentary committee, which published its findings in 2021. Subsequently, the bill was withdrawn and reintroduced in 2022 under the name Digital Data Protection Bill, 2022. Consequently, the law that came into effect in 2023 largely derives from this revised bill.
So, in order to learn about the significant provisions of 2023, act we need to understand the provisions of 2019 which proposed a comprehensive, cross-sectoral framework based on preventive requirements for businesses (defined as “data fiduciaries”) and rights for individuals or consumers (“data principals”).
This imposed several obligations on organisations collecting personal data. These include providing individuals with notice and obtaining their consent, ensuring the accuracy and secure storage of data, and using the data solely for the purposes specified in the notice. Additionally, organisations are required to delete data once its intended purpose is fulfilled and to grant consumers rights to access, erase, and transfer their data. Businesses must also maintain robust security safeguards, uphold transparency standards, implement "privacy by design" principles, and establish systems for addressing grievances. The system introduced the Data Protection Authority (DPA) which gives the power to the authority to impose penalties on businesses which do not comply with the rules.
Furthermore, the regulation introduced the role of "consent managers," intermediaries responsible for collecting and managing consent on behalf of individuals.
Considering Digital Personal Data Protection Act 2023, it defines Personal Data as any data about an individual who is identifiable by or in relation to such data. And Personal Data Breach as any unauthorised processing of personal data or accidental disclosure, acquisition, sharing, use, alteration, destruction or loss of access to personal data, that compromises the confidentiality, integrity or availability of personal data.
There are certain highlighting provisions of this act, this include the Right to be forgotten by the Data Principal. The “Right to be forgotten” has been a welcomed development to further the school of thought that everyone deserves a second chance and should not be judged by their past actions. In cases of Jorawar Singh Mundy vs Union of India, the petitioner arrived in India from the USA in 2009 and was promptly charged under the NDPS Act, 1985. However, he was acquitted by the Trial Court in 2011. Returning to the USA to complete his education, the petitioner faced difficulty securing employment despite his strong academic record, due to the public availability of his criminal records. He requested vLex.in, Google India Pvt. Ltd., Google LLC, and Indian Kanoon to remove the verdict from their sites. Only vLex.in complied, while the others argued that the Indian Constitution does not guarantee a "Right to be Forgotten." Consequently, the petitioner filed a writ petition with the Delhi High Court, seeking the removal of the judgement from the respondents' websites. He contended that the continued display of this information infringed upon his Right to Privacy under Article 21 of the Constitution of India. The Court referred to the precedent of the EU accordingly citizens have the right to request the commercial websites to delete information relating to them only when such information is misleading or irrelevant. But eventually the Court stated that the Right to Privacy and the Right to be Forgotten go hand in hand. Furthermore, the Delhi High Court bench consisting of Justice Pratibha M. Singh held that Google India Pvt. Ltd., Google LLC, and Indian Kanoon will have to remove the petitioner's case from their domain.
Also, the exemption to process data is provided to the Government under this act for the purpose of National Security can be detrimental for the individual because this can lead to unnecessary data collection, processing and retention and this can be violative of Privacy of Individual. The Act also permits for the transfer of Personal Data outside India except the countries notified by the Central Government. This can be proved harmful for the Data Principal because foreign countries may not have the stringent rule for processing of personal data this can lead to increased risk of data misuse or unauthorised access.
Who are the Silenced Voices?
The group of Silenced Voices consist of a diverse set of people such as Teens, Ethnic Minorities, LGBTQ+, Low Income Individuals, Women and many more because of their social, economic, and psychological factors.
Considering Teens, they are the heaviest users of the internet and social media. This makes them more vulnerable than adults and therefore they are more exposed to various privacy risks, with cyberbullying often being cited. Since children are of tender age cyber criminals use Mobile smishing (SMS+Phishing) attacks, in which they use personalised greetings in text messages that pretends to be from a legitimate organisation and appears to be credible but such messages are often link to websites with seems to be authentic logos prompting users to download an application. Once downloaded, these apps steal this information, along with contacts and SMS messages from consumers' devices. McAfee says stolen contacts are used to fuel cybercriminal campaigns, expanding their network of targets. Teens often posit that they have 'nothing to hide', in order to justify their indifference to third-party use of their data. They believe that the worst could be targeted advertising, which they don't consider as a privacy intrusion.
Also, there are a bunch of problems, out of which one the most serious is the issue of Increased Cyberbullying among teens. This refers to the use of digital technologies for bullying, this aims to scare, angering or shame the targeted child. This includes spreading lies; posting embarrassing photos or videos; sending hurtful, abusive or threatening messages, images or videos etc. In Taru Puri v. Anmol Sheik of cyberbullying with adult, in this case court granted injunction, in order to remove the derogatory statements on Instagram and YouTube against Plaintiff. In Sneha Kalita v. U.O.I where government exercised its power under IT Act, 2000 to immediately remove all the links to Blue Whale Challenge Game, as this game was instigating suicide by trapping, brainwashing and targeting depressed children.
Also, unfortunately the second most affected group of individuals is women, they have been disproportionately affected by the cybercrimes and the number of cyber offences against them has increased many folds. Women facing cybercrimes have to pay heavy tolls on their health mentally as well as physically. Cyber threats include stalking, identity theft, and revenge pornography, leading to severe mental traumas. The current state of cybersecurity in India is alarming, as it ranks among the top five countries globally for cybercrime. Despite government efforts to enhance cybersecurity laws and regulations, there remain significant gaps in the implementation of these measures. Additionally, the general public and law enforcement agencies often lack awareness about cybersecurity, which exacerbates the issue. But why is it so that women are targeted more by people compared to others? To answer that we have to understand several factors that contribute to the cybercrimes faced by women in India, including gender-based violence, patriarchal attitudes, and a lack of cybersecurity awareness. Gender-based violence is a fundamental cause of online crimes targeting women. Speaking of women as the target of cyber fraud, we have numerous cases relating to it, one of the landmark cases being the State of Tamil Nadu vs Suhas Katti dealing with cyber law primarily focusing on cyber harassment. In this case the accused was a family friend of the victim and had expressed a desire to marry her. After the victim refused and married someone else, unfortunately marriage fell apart, the accused saw an opportunity and proposed again. When the victim refused a second time, the accused retaliated by posting obscene and defamatory messages about her in Yahoo Messenger groups, damaging her reputation and insulting her modesty. Additionally, he created a fake email account in her name and forwarded emails from it. These actions led to the victim receiving numerous annoying calls from people who believed she was soliciting for sex work. Fed up with the harassment, the victim took action and filed a report against the accused. He was arrested but denied the allegations.
But eventually when the case unfolded later the court held that the accused was guilty and he was punished under section Section 469 and Section 509 of IPC and Section 67 of Information Technology Act, 2000. Therefore, this case became a landmark as well as a precedent for various cases relating to cybercrime against women especially dealing in the sphere of revenge pornography.
While focussing on cyber laws we can't leave behind various problems that people face all over the world relating to cyber crimes and the most prominent targeted group among them is women, school going children, etc. There are numerous examples where the data leaks are faced by school students and based on that they are threatened or they face some serious cyber fraud. The same is the case with women but the gravity of the crimes increase manifold, most common of them is revenge pornography, stalking, online harassment, etc. Often, we have seen cases where the male counterpart in order to trouble the female counterparts release some disturbing or obscene videos of them which deeply affect the women's mental and physical health. Therefore, various efforts have been made by the government by introducing various portal's, helpline numbers, protection laws, etc. but still we are a long way to achieving a cyber safe environment for all.
Authors: Tushar Yadav and Srishti Gupta, Dr. B.R. Ambedkar National Law University, Sonepat. Views are personal.