GUJARAT NATIONAL LAW UNIVERSITY

GUJARAT NATIONAL LAW UNIVERSITY

SUBJECT: INFORMATION TECHNOLOGY LAW

PROJECT SUBMISSION
TITLE: ONLINE PRIVACY

SUBMITTED TO:
MR. AMIT KASHYAP
ASSISTANT PROFESSOR OF LAW

SUBMITTED BY:
DIVYA AVASTHI (10A037)
GAURAV KARTIKEY (10A042)
PRERNA JAIN (10A053)
NEERAJ MANDIYA (10A068)
NIKITA MAHESHWARI (10A070)
NIRALI SARDA (10A074)
NISCHAY NAGARWAL (10A075)
ONLINE PRIVACY

Page 1

GUJARAT NATIONAL LAW UNIVERSITY

TABLE OF CONTENTS

I.
II.
III.
IV.
V.
VI.

INTRODUCTION..........................................................................................................3
VIOLATIONS OF ONLINE PRIVACY.......................................................................6
PROTECTING ONLINE PRIVACY...........................................................................12
ONLINE PRIVACY PROTECTION UNDER OTHER JURISDICTIONS...............17
CONCLUSION............................................................................................................30
REFERENCES.............................................................................................................31

I.
ONLINE PRIVACY

INTRODUCTION
Page 2

GUJARAT NATIONAL LAW UNIVERSITY

As per oxford Dictionary Privacy means "A state in which one is not observed or disturbed
by other people."1 "Nowhere have we found a wholly satisfactory statutory definition of
privacy" a statement made by Calcutta Committee when it was constituted for making an
inquiry particularly into press behavior in respect of personal privacy. Somehow they were
able to define it legally later in their first report on privacy:
"The right of the individual to be protected against intrusion into his personal life or affairs,
or those of his family, by direct physical means or by publication of information."2
Indian Constitution under Article 21 assures the right to live with human dignity, free from
exploitation. The meaning of the word life includes the right to live in fair and reasonable
conditions, right to rehabilitation after release, right to live hood by legal means and decent
environment.
On the basis of earlier judgments Supreme Court of India and in the case of Unni Krishnan
v. State of A.P3 Supreme Court has provided the list containing some of the rights covered
under Article 21.The list is provided below:
1.
2.
3.
4.
5.
6.
7.
8.
9.

The right to go abroad

The right to privacy
The right against solitary confinement
The right against hand cuffing
The right against delayed execution
The right to shelter
The right against custodial death
The right against public hanging
Doctors assistance4

In this paper we would discuss online privacy which is a subset of computer privacy which is
further related to right to privacy which has already been discussed above. The privacy and
security level of personal data published through the Internet is known as Internet Privacy or
Online Privacy.
Increased usage of technology in todays world has affected the privacy rights of a person as
it has changed the way in which information is being received or sent. Meaning of privacy
1

http://www.oxforddictionaries.com/definition/english/privacy
The Calcutt Committee, Report of the Committee on Privacy and Related Matters, 1990,
p. 7
3
1993 AIR 2178
4
http://www.legalserviceindia.com/articles/art222.htm
2

ONLINE PRIVACY

Page 3

GUJARAT NATIONAL LAW UNIVERSITY

has expanded as it is not just peeping into ones home, nowadays a person can be tracked
through internet too. In todays world different types of Personal Identifiable Information are
easily available due to various new and advanced technologies which was not the situation
earlier. Various biometrics such as DNA, fingerprints, iris-scanning are coming out as popular
methods of preventing fraud in organizations which in turn has raised concerns regarding the
storage and access of these digital data. Usage of smart phones is becoming a concern too as
it encroaches upon the right of privacy of a person. Every device, cell phone or other device
connected to the internet has a unique IP address which gives a unique identifier for every
device which further can be traced.5
Information Technology Act, 2000 is the sole legislation to govern cyber crimes which was
amended in 2008 i.e. IT (Amendment) Act, 2008 in order to meet the needs of modern world.
Further, the Privacy Protection Bill 2013 which is still in the Parliament proves that Indian
Government is taking steps in order to solve the problem. Though these legislations do not
suffice and some other laws should be made in order to curb the problem. Civil Liberties
Protection in Cyberspace is still a far-fetched dream for citizens of our country. 6 ESurveillance and Privacy Violating Projects Programs initiated by government such as
Aadhar, National Intelligence Grid (NATGRID), Crime and Criminal Tracking Network and
Systems (CCTNS), National Counter Terrorism Centre (NCTC), Central Monitoring System
(CMS), Centre for Communication Security Research and Monitoring (CCSRM), etc. are not
under any legal framework and there is legal or parliamentary body to govern them.
The Parliamentary Standing Committee on Information Technology in its report titled
Cyber-Crime, Cyber Security and Right to Privacy, which was submitted on February 12 th
2014, has come up with various recommendations in its eighty eight (88) pages report. As per
the report India needs to establish National Critical Information Infrastructure Protection
Centre to fight with cyber attacks. Committee has also demanded conduction of training
programmes as there is scarcity of security experts, auditors and skilled Information
Technology Personnel which results in inefficiency of the cyber law department. Further is
has been recommended by the committee that internet servers for critical sectors should be
hosted within the country instead of being hosted outside the country as it reduces the threat

5
6

http://papers.ssrn.com/sol3/papers.cfm?abstract_id=2357266
http://www.electroniccourts.in/privacylawsindia/?p=13

ONLINE PRIVACY

Page 4

GUJARAT NATIONAL LAW UNIVERSITY

to the security to some extent. A detailed plan of action constituting of deadlines and targets
should be constructed in relation to the National Cyber Security Policy, 20137.
Government is trying on its level but as an individual we too need to be alert while making
decisions regarding what to be posted on social networking websites and what not. Sharing of
personal information on websites such as Face book, Twitter, Shaadi.com etc. can lead to
misuse of our personal information as these sites are easily accessible without giving any
kind of identity proof. Apart from government making new legislations and rules on this
subject we also have to take the responsibility of our own actions undertaken on such social
networking websites in order to completely solve the problem in our country.

II.

VIOLATIONS OF ONLINE PRIVACY

http://www.prsindia.org/parliamenttrack/report-summaries/cyber-crime-cyber-securityand-right-to-privacy-3158/

ONLINE PRIVACY

Page 5

GUJARAT NATIONAL LAW UNIVERSITY

Online privacy is a cause for concern for any citizen planning to make an online purchase,
visit a social networking site or engage in any online activity. If a persons password is
compromised or revealed, he is at a potential risk for identity theft or cyber fraud.
Online privacy is threatened as the users often do not have control over the information that
they generate and the line between what is private information and what is public information
is quite fuzzy. This has created a situation where information displayed on social networking
sites can be used as evidence against an individual or to make decisions about the individual.
For example, in 2012 a number of individuals were arrested in India for comments tweeted or
posted on Facebook. This included two girls, one of whom had posted a comment on the
death of politician Bal Thackeray, and her friend who liked the comment. Among other
questions, these incidents raise the question of whether speech on social media is private or
public.8
Although Information and Communications Technologies have immensely enhanced our
ability to collect, store, process and communicate information, ironically, it is these very
technologies which make us vulnerable to intrusions of our privacy.
Firstly, data on our own personal computers can compromise us in myriad ways-with
consequences ranging from personal embarrassment to financial loss. Secondly, data
transmission across the internet and mobile networks is equally at risk of interception-both
lawful and unlawful-which could compromise our privacy. Thirdly, in this age of cloud
computing, when much of our data reside on distant servers of the companies whose services
we use, our privacy becomes only as strong as these companies internal security systems.
Fourthly, the privacy of children, women and minorities tends to be especially fragile today,
and they have become frequent targets of exploitation.9
Moreover, today the internet has spawned with new kinds of annoyances and encroachments
on internet privacy.
These internet privacy violations include:

Phishing: An Internet hacking activity used to steal secure user data, including
username, password, bank account number, security PIN or credit card number.

http://cis-india.org/internet-governance/telecommunications-internet-privacy.pdf
(Accessed on 29-09-2014).
9
http://cis-india.org/internet-governance/blog/privacy/safeguards-for-electronic-privacy
(Accessed on 29-09-2014).

ONLINE PRIVACY

Page 6

GUJARAT NATIONAL LAW UNIVERSITY

Two sections of the amended IT Act penalise these crimes: Section 66C makes it an
offence to fraudulently or dishonestly make use of the electronic signature,
password or other unique identification feature of any person. Similarly, section 66D
makes it an offence to cheat by personation 10 by means of any communication
device11 or 'computer resource'. Both offences are punishable with imprisonment of
upto three years or with a fine upto Rs. one lakh.
In the year 2005, Mumbai Police solved a Phishing scam wherein one financial
Institute registered a crime stating that some persons (perpetrators) had perpetrated
certain acts through misleading emails ostensibly emanating from ICICI Banks email
ID. Such acts had been perpetrated with an intent to defraud the customers. The
financial Institute customers received emails sent by the accused felt that the emails
originated from the financial Institute bank. When they filled the confidential
information and submitted it, the said information was directed to accused, which was
recovered from his laptop. This crime was registered u/s 66 of IT Act, sec 419, 420,
465, 468, 471 of IPC r/w Sections 51, 63 and 65 of Copyright Act, 1957 which attract
the punishment of 3 years imprisonment and fine up to 2 lakh rupees which the
accused never thought of.12

Spam and Offensive Messages: Although the advent of e-mail has greatly enhanced
our communications capacities, most e-mail networks today remain susceptible to
attacks from spammers who bulk-email unsolicited promotional or even offensive
messages to the nuisance of users. Among the more notorious of these scams is/was
the so-called "section 409 scam" in which victims receive e-mails from alleged
millionaires who induce them to disclose their credit information in return for a share
in millions.

10

"Cheating by personation" is a crime defined under section 416 the Indian Penal Code.
According to that section, a person is said to "cheat by personation" if he cheats by
pretending to be some other person, or by knowingly substituting one person for another,
or representing that he or any other person is a person other than he or such other
person really is." The explanation to the section adds that "the offence is committed
whether the individual personated is a real or imaginary person". Two illustrations to the
section further elaborate its meaning: (a) A cheats by pretending to be a certain rich
banker of the same name. A cheats by personation (b) A cheats by pretending to be B, a
person who is deceased. A cheats by personation.
11
Communication device" has been defined to mean "cell phones, personal digital
assistance (sic) or combination of both or any other device used to communicate send or
transmit any text, video, audio or image".
12
http://cybercellmumbai.gov.in/html/case-studies/case-of-fishing.html (Accessed on 3009-2014).

ONLINE PRIVACY

Page 7

GUJARAT NATIONAL LAW UNIVERSITY

Section 66A of the IT Act attempts to address this situation by penalizing the sending
of: any message which is grossly offensive or has a menacing character false
information for the purpose of causing annoyance, inconvenience, danger, insult,
criminal intimidation, enmity, hatred or ill-will any electronic e-mail for the purpose
of causing annoyance or inconvenience, or to deceive the addressee about the origin
of such messages. This offence is punishable with imprisonment upto three years and
with a fine.13
In 2009, a 15-year-old Bangalore teenager was arrested by the cyber crime
investigation cell (CCIC) of the city crime branch for allegedly sending a hoax e-mail
to a private news channel. In the e-mail, he claimed to have planted five bombs in
Mumbai, challenging the police to find them before it was too late.
According to police officials, at around 1p.m. on May 25, the news channel received
an e-mail that read: I have planted five bombs in Mumbai; you have two hours to
find it. The police, who were alerted immediately, traced the Internet Protocol (IP)
address to Vijay Nagar in Bangalore. The Internet service provider for the account
was BSNL, said officials.14

Electronic Voyeurism: Although once regarded as only the stuff of spy cinema, the
sudden increase in consumer electronics has lowered the costs and the size of cameras
to such an extent that the threat of hidden cameras recording peoples intimate
moments has become quite real. Section 66E has been inserted into the IT Act with an
intention of responding to the growing trend of such electronic voyeurism. The
section penalizes the capturing, publishing and transmission of images of the "private
area" of any person without their consent, "under circumstances violating the privacy"
of that person.
The offence is punishable with imprisonment of upto three years or with a fine of upto
Rs. two lakh or both.

13

Although no maximum limit is prescribed for the fine under this section, Section 63 of
the Indian Penal Code declares that Where no sum is expressed to which a fine may
extend, the amount of fine to which the offender is liable is unlimited, but shall not be
excessive.
14

Hafeez, M., 2009. Crime Line: Curiosity was his main motive, say city police. Crime
Line.
Available
at:http://mateenhafeez.blogspot.com/2009/05/curiosity-was-his-mainmotive-say-city.html (Accessed on 30-09-2014).

ONLINE PRIVACY

Page 8

GUJARAT NATIONAL LAW UNIVERSITY

Violation of childrens privacy: With the advent of the age of computers and the
Internet, children have increasingly become exposed to crimes such as pornography
and stalking that make use of their private information. The newly inserted section
67B of the IT Act (2008) attempts to safeguard the privacy of children below 18 years
by creating a new enhanced penalty for criminals who target children.
The section firstly penalizes anyone engaged in child pornography. Thus, any person
who publishes or transmits any material which depicts children engaged in sexually
explicit conduct, or anyone who creates, seeks, collects, stores, downloads, advertises
or exchanges this material may be punished with imprisonment upto five years (seven
years for repeat offenders) and with a fine of upto Rs. 10 lakh. Secondly, this section
punishes the online enticement of children into sexually explicitly acts, and the
facilitation of child abuse, which are also punishable as above. Viewed together, these
provisions seek to carve out a limited domain of privacy for children from would-be
sexual predators.

Lawful Interception and Monitoring of electronic communications under the IT

Act: Another large component of privacy on the internet is with regards to how law
enforcement can access online communications and habits through interception,
access, or monitoring. The legitimacy for these interception activities in India hinges
on their conformance with constitutional provisions that allow reasonable restrictions
on the exercise of fundamental rights to India's citizens. The interception of private or
personal communications involves restrictions on the right to freedom of expression
and the right to privacy. While the Constitution does not explicitly guarantee a right to
privacy, the courts in India have consistently read that right into the definition of the
fundamental right to life and personal liberty. These rights are not absolute and the
courts have held that parliament may impose reasonable restrictions on the exercise of
fundamental rights. This in turn provides law enforcement agencies the necessary
leverage to invade the internet privacy of millions of net users.
The newly amended IT Act completely rewrote its provisions in relation to lawful
interception. The new section 69 dealing with power to issue directions for
interception or monitoring or decryption of any information through any computer
resource is much more elaborate than the one it replaced, In October 2009, the
Central Government notified rules under section 69 which lay down procedures and

ONLINE PRIVACY

Page 9

GUJARAT NATIONAL LAW UNIVERSITY

safeguards for interception, monitoring and decryption of information (the
Interception Rules 2009). This further thickens the legal regime in this context.
An investigation by a national news agency reveals that the Internet activities of
Indias roughly 160 million users are already being subjected to wide-ranging
surveillance and monitoring, much of which is in violation of the governments own
rules and notifications for ensuring privacy of communications.
While the Indian governments Central Monitoring System (CMS) project is in early
stages of launch, investigation shows that there already exists without much public
knowledge Lawful Intercept and Monitoring (LIM) systems, which have been
deployed by the Centre for Development of Telematics (C-DoT) for monitoring
Internet traffic, emails, web-browsing, Skype and any other Internet activity of Indian
users.15

Privacy violations-the dark side of social media: Have you noticed how some of
the ads on the websites that you visit seem to be a perfect match to your interests and
past web searches? Is that a coincidence? On the web, it certainly isnt because
advertisers today, go to all lengths to promote their products, even if it means
violating your online privacy. Advertisers can invade your social media privacy and
take advantage of your data in several ways:
Data Scraping: It involves tracking peoples activities online and harvesting
personal data and conversations from social media, job websites and online
forums. Usually, research companies are the harvesters, and sell the compiled
data to other companies. These, in turn, use these details to design targeted ad
campaigns for their products. While one might argue that people are
knowingly sharing personal details on social media and thus, its free for
everyones use, data harvesters dont ask for the owners consent. And this
raises an ethics as well as an online privacy problem.16

15

Shalini Singh, Govt. violates privacy safeguards to secretly monitor Internet traffic, The
Hindu, September 9, 2013, available on http://www.thehindu.com/news/national/govtviolates-privacy-safeguards-to-secretly-monitor-internet-traffic/article5107682.ece
(Accessed on 01-10-2014).
16
http://www.bullguard.com/bullguard-security-center/internet-security/social-mediadangers/privacy-violations-in-social-media.aspx (Accessed on 01-10-2014).

ONLINE PRIVACY

Page 10

GUJARAT NATIONAL LAW UNIVERSITY

Facebook apps leaking personal data: It has been reported several times that
certain Facebook apps are leaking identifying information about those who are
using them, to advertising and Internet tracking companies, and all this
without the users having a clue. Heres how the leakage works: during the
apps installation process, you are prompted to accept certain terms, and once
you click Allow, the application receives an access token. Some of the
Facebook apps are leaking these access tokens to advertisers, granting them
access to personal-profile data such as chat logs and photos. However, no
disclaimer is showed announcing you your data is being transferred to third
parties. Thus your online privacy and safety are put at risk. Examples of apps
that have been found to leak identifying information include FarmVille and
Family Tree.
Online Social Tracking: We all use the Like, Tweet, +1, and other
buttons to share content with our friends. But these social widgets are also
valuable tracking tools for social media websites. They work with cookies
small files stored on a computer that enable tracking the user across different
sites that social websites place in browsers when you create an account or
log in, and together they allow the social websites to recognize you on any site
that uses these widgets. Thus, your interests and online shopping behaviour
can be easily tracked, and your internet privacy rudely invaded.

III.

PROTECTING ONLINE PRIVACY

"Privacy may be defined as the claim of individuals, groups or institutions to determine

when, how and to what extent information about them is communicated to others."
ONLINE PRIVACY

Page 11

GUJARAT NATIONAL LAW UNIVERSITY

The Information Technology Act, 2000 put the law in place to deal with the present age of
technology, to address issues emerging out of digital content and to regulate electronic
communication, but it could not foresee the country's need pertaining to online privacy. It was
amended in the year 2008 to cater to the country's emerging needs. The amendment
introduced the following provisions which dealt with privacy protection: the power of the
state functionaries to intercept, monitor and decrypt information,17 block access to websites18
and monitor or collect traffic data.19
Prior to this amendment, there was a void in Indian law 20 where interception and monitoring
in relation to internet communications was being carried out under the general provisions of
the Indian Telegraph Act, 1885 which spoke about interception but without procedural
framework or safeguards or rules.
This irregularity was considered by the Supreme Court in the case of Peoples Union for Civil
Liberties v. Union of India.21 This case is another classic example of judicial activism
whereby the Apex Court laid down guidelines and principles that forced the Central
Government to issue Rules under the Telegraph Act, 1885 in 1999 regarding interception of
telecommunications. This is one of the most influential cases in the entire privacy paradigm
because it was due to the efforts of the Supreme Court that legislative lacuna was filled.22
It is also significant that the principles and safeguards developed in this case have been
followed in most Indian legislations regarding interception of communications ever since.
The rules framed provided the blueprint for the interference with privacy rights for 'intrusion
upon a persons solitude or seclusion and information collection.'23
Rule 419-A framed under section 5(2) of the Telegraph Act provides that when (a) public
emergency; or (b) public safety situation exists, then an order may be made to issue directions
for interception.
These rules authorized high ranking public functionaries to issue directions for the
interception of messages. Since the section dealt with such mercurial powers, it was instilled
17
18
19
20
21
22
23

Section 69, Information Technology (Amendment) Act, 2008, No. 10 of 2009.

Section 69A, Information Technology (Amendment) Act, 2008, No. 10 of 2009.
Section 69B, Information Technology (Amendment) Act, 2008, No. 10 of 2009.
http://ssrn.com/abstract=1682465.
(1997) 1 SCC 301.
http://cis-india.org/internet-governance/telecommunications-internet-privacy.pdf.
Rule 419-A, Indian Telegraph Rules, 1951, added as on 19 th February, 1999.

ONLINE PRIVACY

Page 12

GUJARAT NATIONAL LAW UNIVERSITY

with safeguards to avoid abuse. There are documentary formalities with which the officials
needed to comply. It included recording of reasons in the nature of (a) interests of sovereignty
and integrity of India; (b) the security of the state; (c) friendly relations with foreign states;
(d) public order; and (e) incitement to the commission of an offence.
Until the 2008 Amendment was passed, the above rule single headedly dealt with matters
relating to interception though other sectoral laws existed to deal with privacy for example
RBI regulations to cover financial privacy, etc. The Legislature felt the need of inclusion of a
specific provision in the IT Act to deal with online privacy protection. Thus, the various
provisions introduced by the Act were enacted.

Section 43(A): Compensation for failure to protect data

Under this newly introduced provision, where a body corporate, possessing, dealing or
handling any sensitive personal data or information in a computer resource which it owns,
controls or operates, is negligent in implementing and maintaining reasonable security
practices and procedures and thereby causes wrongful loss or wrongful gain to any person,
such body corporate shall be liable to pay damages by way of compensation, to the person so
affected.

Section 66(E): Punishment for violation of privacy

The amendment also brings forward a section titled "punishment for violation of privacy."
Whoever, intentionally or knowingly captures, publishes or transmits the image of a private
area of any person without his or her consent, under circumstances violating the privacy of
that person, shall be punished with imprisonment which may extend to three years or with
fine not exceeding two lakh rupees, or with both.
Though, the title of the section is worded broadly it seeks to apply only to capturing an
"image of the private area of a person", "under circumstances violating the privacy of the
person."
The circumstances violating the privacy of a person are when such person has a reasonable
expectation that (a) he or she could disrobe in privacy without being concerned that an image
of his/her private area was being captured; or (b) any part of his/her private area would not be
visible to the public, whether such person is in a public or a private place.

ONLINE PRIVACY

Page 13

GUJARAT NATIONAL LAW UNIVERSITY

Section 69: Power to issue directions for interception or monitoring or

decryption of any information through any computer resource

This section was amended in 2008 whereby, the earlier existing provision was substituted by
newly inserted Section 69. The PUCL judgment passed by the Apex Court and Rule 419-A
framed thereafter can be termed as the inspiration for this section. This section is a mirror
image of rule 419-A framed under the Indian Telegraph Rules, 1951.
Under this provision, where the Central Government or a State Government or any of its
officers specially authorised by the Central Government or the State Government, as the case
may be is satisfied that it is necessary or expedient to do in the interest of the sovereignty or
integrity of India, defence of India, security of the State, friendly relations with foreign States
or public order or for preventing incitement to the commission of any cognizable offence
relating to above or for investigation of any offence, it may, subject to the provisions of subsection (2), for reasons to be recorded in writing, by order, direct any agency of the
appropriate Government to intercept, monitor or decrypt or cause to be intercepted or
monitored or decrypted any information generated, transmitted, received or stored in any
computer resource.

Section 72: Breach of confidentiality and privacy

This section provided that any person who, in pursuant of any of the powers conferred under
this Act, rules or regulations made there under, has secured access to any electronic record,
book, register, correspondence, information, document or other material without the consent
of the person concerned discloses such electronic record, book, register, correspondence,
information, document or other material to any other person shall be punished with
imprisonment for a term which may extend to two years, or with fine which may extend to
one lakh rupees, or with both.

Section 72(A): Punishment for Disclosure of information in breach of lawful

contract

Under this provision, any person including an intermediary who, while providing services
under the terms of lawful contract, has secured access to any material containing personal
information about another person, with the intent to cause or knowing that he is likely to
cause wrongful loss or wrongful gain discloses, without the consent of the person concerned,
ONLINE PRIVACY

Page 14

GUJARAT NATIONAL LAW UNIVERSITY

or in breach of a lawful contract, such material to any other person shall be punished with
imprisonment for a term which may extend to three years, or with a fine which may extend to
five lakh rupees, or with both.24
In 2009, the Government of Indian launched the national database, a Unique Identification
number (UID), also known as Adhaar Card Yojna which aimed at providing unique numbers
to all citizens of the country with a view to enhance public and private delivery system. The
numbers were assigned based on the biometric information of the individuals e.g. iris,
fingerprints, etc. But, the project rose concerns in the country regarding privacy of the data
collected as it had major privacy challenges to handle e.g. De-duplication, maintaining a large
centralized database against privacy breach, etc.25
This shows that the country is progressively opening its eyes to the emerging side-effects of
the technological era.
The Privacy Protection Bill (2013)
A non-profit research organisation, the Indian Centre for Internet and Society (ICIS)
drafted a bill Privacy Protectin Bill, 2013 in order "to establish an effective regime to protect
the privacy of all persons and their personal data from Governments, public authorities,
private entities and others, to set out conditions upon which surveillance of persons and
interception and monitoring of communications may be conducted, to constitute a Privacy
Commission, and for matters connected therewith and incidental thereto."26
Following are the chapters of the privacy protection bill (2013):
1. Preliminary
2. Right to privacy
3. Protection of personal data
4. Interception of communications
5. Surveillance
6. The privacy commission
7. Offences and penalties

24

http://ssrn.com/abstract=2357266.
http://ssrn.com/abstract=2188749.
26
Preliminary of The Privacy Protection Bill, 2013.
25

ONLINE PRIVACY

Page 15

GUJARAT NATIONAL LAW UNIVERSITY

If implemented, the draft Bill would be a considerable step forward for the privacy landscape
in India, which has so far lacked the impetus provided by international instruments such as
the European Data Protection Directive (95/46/EC).

IV.

ONLINE PRIVACY PROTECTION UNDER OTHER

JURISDICTIONS

Digital privacy concerns 56 percent of daily Internet users in the U.S., Mexico, Sweden,
Egypt, Pakistan and Thailand, according to a survey by Sweden-based technology company
Ericcson. But only 4 percent of respondents said they would use the Internet less. Instead, 93
percent planned to protect their privacy by taking steps like being more cautious about
personal information they share online.27
Privacy is a fundamental human right recognized in the UN Declaration of Human Rights,
the International Covenant on Civil and Political Rights and in many other
International and regional treaties. Privacy underpins human dignity and other key values
such as freedom of association and freedom of speech. It has become one of the most
important human rights issues of the modern age. Nearly every country in the world
recognizes right of privacy explicitly in their Constitution. At a minimum, these provisions
include rights of inviolability of the home and secrecy of communications. Most recently-

27

http://www.usnews.com/news/articles/2013/12/23/2014-consumers-seek-online-privacy
(Last seen 6th October 2014, 1:07 am).

ONLINE PRIVACY

Page 16

GUJARAT NATIONAL LAW UNIVERSITY

written Constitutions such as South Africa's and Hungary's include specific rights to access
and control one's personal information.
In many countries where privacy is not explicitly recognized in the Constitution, such as the
United States, Ireland and India, the courts have found this right in other provisions. In many
countries, International agreements that recognize privacy rights such as the International
Covenant on Civil and Political Rights or the European Convention on Human Rights have
been adopted into law.28

Reasons for Adopting Comprehensive Laws in Countries Around The Globe

There are three major reasons for the movement towards comprehensive privacy and data
protection laws. Many countries are adopting these laws for one or more reasons.

To remedy past injustices. Many countries, especially in Central Europe, South

America and South Africa, are adopting laws to remedy privacy violations that
occurred under previous authoritarian regimes.

To promote electronic commerce. Many countries, especially in Asia, and also

Canada, have developed or are currently developing laws in an effort to promote
electronic commerce. These countries recognize consumers are uneasy with their
personal information being sent worldwide. Privacy laws are being introduced as part
of a package of laws intended to facilitate electronic commerce by setting up uniform
rules.

To ensure laws are consistent with Pan-European laws. Most countries in Central
and Eastern Europe are adopting new laws based on the Council of Europe
Convention and the European Union Data Protection Directive. Many of these
countries hope to join the European Union in the near future. Countries in other
regions, such as Canada, are adopting new laws to ensure that trade will not be
affected by the requirements of the EU Directive.29

28
29

http://gilc.org/privacy/survey/intro.html (Last seen 6th October 2014, 1:15 am).

Ibid (Last Seen 6th October 2014, 7:02 am).

ONLINE PRIVACY

Page 17

GUJARAT NATIONAL LAW UNIVERSITY

The Evolution of Data Protection around the World

Interest in the right of privacy increased in the 1960s and 1970s with the advent of
information technology (IT). The surveillance potential of powerful computer systems
prompted demands for specific rules governing the collection and handling of personal
information. In many countries, new constitutions reflect this right. The genesis of modern
legislation in this area can be traced to the first data protection law in the world enacted in the
Land of Hesse in Germany in 1970. This was followed by national laws in Sweden (1973),
the United States (1974), Germany (1977) and France (1978).30
Two crucial International instruments evolved from these laws, The Council of Europe's 1981
Convention for the Protection of Individuals with regard to the Automatic Processing of
Personal Data31 and the Organization for Economic Cooperation and Development's
Guidelines Governing the Protection of Privacy and Transborder Data Flows of Personal
Data.32 These laws articulate specific rules covering the handling of electronic data. The rules
within these two documents form the core of the Data Protection laws of dozens of countries.
These rules describe personal information as data which are afforded protection at every step
from collection through to storage and dissemination. The right of people to access and
amend their data is a primary component of these rules.33
The expression of data protection in various declarations and laws varies only by degrees. All
require that personal information must be:

obtained fairly and lawfully;

used only for the original specified purpose;
adequate, relevant and not excessive to purpose;
accurate and up to date; and
destroyed after its purpose is completed.

30

David Flaherty, "Protecting Privacy in surveillance societies", University of North

Carolina Press, 1989.
31
Convention for the Protection of Individuals with regard to the Automatic Processing of
Personal Data Convention , ETS No. 108, Stasbourg, 1981.
32
OECD, Guidelines governing the Protection of Privacy and Transborder Data Flows of
Personal Data , Paris, 1981.
33
Supra Note 2 (Last seen 6th October 2014, 7:30 am).

ONLINE PRIVACY

Page 18

GUJARAT NATIONAL LAW UNIVERSITY

Over twenty countries have adopted the COE convention and another six have signed it but
have not yet adopted it into law. The OECD guidelines have also been widely used in national
legislation, even outside the OECD countries.34

Right to Privacy in Digital Age

Article 12 of the Universal Declaration of Human Rights and Article 17 of the International
Covenant on Civil and Political Rights state that no one shall be subjected to arbitrary
interference with one's privacy, family, home or correspondence, and that everyone has the
right to the protection of the law against such interference or attacks.
On 18th December 2013, The United Nations (UN) has unanimously voted to adopt a
resolution calling for online privacy to be recognised as a human right, the General Assembly
adopted resolution 68/16735, which expresses deep concern at the negative impact that
surveillance and interception of communications may have on human rights. United Nations
member states unanimously adopted a symbolic resolution that declares a worldwide right of
individuals to online privacy, a slap at the US National Security Agency's massive
surveillance programs that have angered Washington's friends and foes alike. The gesture is
politically notable because it shows the world is willing to be seen to do something in the
wake of The Year Of Snowden.36
The resolution urges an end to digital dragnets, without naming the countries. It also calls on
the World Body's Human Rights Commissioner, Navi Pillay, to report on "the protection and
promotion of the right to privacy in the context of domestic and extraterritorial
surveillance."37
34

http://gilc.org/privacy/survey/intro.html#fnlnk0001 (Last seen 6th October 2014, 8:01

am).
35
http://www.un.org/ga/search/view_doc.asp?symbol=A/RES/68/167 (Last seen 6th
October 2014, 12:27 pm).
36
Mr. Snowden is a former National Security Agency contractor in the US who has been
charged with leaking details of several secret mass electronic surveillance programmes
to the press. He fled the country this past spring after the news broke, and according to
media reports, he is currently in Russia.
37
Pillay this year referred to the case of indicted NSA leaker Edward Snowden as
evidence of the need for countries to protect those who reveal human rights violations.
Snowden, who fled the United States in the spring in fear of reprisal, has been charged in
absentia with three felonies in connection with his leaking of classified information on
domestic and foreign data sweeps. Visit-http://articles.latimes.com/2013/dec/19/world/lafg-wn-un-surveillance-privacy-rights-edward-snowden-20131219 (Last seen 6th October

ONLINE PRIVACY

Page 19

GUJARAT NATIONAL LAW UNIVERSITY

The resolution extends the general human right of privacy to the online world and clearly
takes aim at the USA for its recently-revealed activities in clause 4, which Calls upon all
States to perform the following actions.:
(a) To respect and protect the right to privacy, including in the context of digital
communication;
(b) To take measures to put an end to violations of those rights and to create the conditions to
prevent such violations, including by ensuring that relevant national legislation complies with
their obligations under international human rights law;
(c)To review their procedures, practices and legislation regarding the surveillance of
communications, their interception and collection of personal data, including mass
surveillance, interception and collection, with a view to upholding the right to privacy by
ensuring the full and effective implementation of all their obligations under international
human rights law;
(d) To establish or maintain existing independent, effective domestic oversight mechanisms
capable of ensuring transparency, as appropriate, and accountability for State surveillance of
communications, their interception and collection of personal data; 38
On 30th June 2014, the final report on The Right to Privacy in Digital Age was made public
by e Office of the United Nations High Commissioner for Human Rights.39
Sadly, UN resolutions of this sort aren't binding and can be flouted without consequence.

Laws of privacy protection in various Countries

There are currently several models for privacy protections extant in various countries. In
some countries, a number of models are used simultaneously.

2014, 12:14 pm).

38
http://www.theregister.co.uk/2013/12/19/united_nations_signs_off_on_right_to_privacy_i
n_the_digital_age/ (Last Seen 6th October 2014, 12:20 pm).
39

http://www.ohchr.org/en/hrbodies/hrc/regularsessions/session27/documents/a.hrc.27.37_e
n.pdf (Last seen 6th October 2014, 12:25 pm).

ONLINE PRIVACY

Page 20

GUJARAT NATIONAL LAW UNIVERSITY

The regulatory model adopted by Europe, Australia, Hong Kong, New Zealand, Central and
Eastern Europe and Canada is that of a public official who enforces a comprehensive data
protection law. This official, known variously as a Commissioner, Ombudsman or Registrar,
monitors compliance with the law and conducts investigations into alleged breaches. In some
cases the official can find against an offender. The official is also responsible for public
education and international liaison in data protection and data transfer. This is the preferred
model for most countries adopting data protection law. However, the powers of the
commissions vary greatly and many report serious lack of resources to adequately enforce the
laws.

1. European Union
Law: European Union Data Protection Directive of 1998 & EU Internet Privacy Law of
2002 (DIRECTIVE 2002/58/EC)
The EU tightly regulates consumer data through the European Convention on Human Rights
and its courts. Data collection by member states directly falls under this law. The EU also
regulates the automated collection of data. If information is going to be exchanged between
the EU and the US, American companies that receive the data have to comply with whats
known as the "Safe Harbour" framework, which ensures the companies comply with EU law.
Users from the EU, in fact, are often given greater privacy controls over their online accounts
on sites such as eBay and Amazon because of these laws.40
Each EU country has its own data privacy model to enforce laws, although enforcement
varies greatly between countries. Within the EU, Spain and Germany are widely seen as
swinging the toughest data privacy sticks. Regulators there slap violators with large fines
when they violate consumer privacy rights. Spain, for example, lodges the maximum number
of data protection complaints and hands out the most severe fines in the EU. Spains data
agency has handed out several 300,500 euro ($393,355) fines for illegal data transfers,
according to the law firm White & Case. Germans are sensitive about data privacy too,

40

http://resources.infosecinstitute.com/differences-privacy-laws-in-eu-and-us/ (Last Seen

6th Ocotber 2014, 11:53 am).

ONLINE PRIVACY

Page 21

GUJARAT NATIONAL LAW UNIVERSITY

including employee data, said Martin Munz, a partner in White & Cases Hamburg Germany
office. And data regulators there also issue stiff fines up to 250,000 euro ($327,250).41
2. Canada
Law: The Privacy Act - July 1983 Personal Information Protection and Electronic Data Act
(PIPEDA) of 2000 (Bill C-6)
Since 2001, Canadians have been protected by the Personal Information Protection and
Electronic Documents Act. The law covers how private companies and government agencies
can use information and how they need to disclose its collection. There are exceptions for
libraries, journalists, individuals and Canadas intelligence agencies.42
3. Hong Kong
Law: Personal Data Ordinance (The "Ordinance")
Hong Kong is administered by an autonomous government (hence the Special
Administrative Region designation). Citizens of Hong Kong are guaranteed the freedom of
speech and press, and the government respects those rights. However, its online privacy laws,
enacted in 1993 are fairly basic. The laws prohibit using a computer with an intent to commit
an offense; with a dishonest intent to deceive; with a view to gain for oneself or another or
with a dishonest intent to cause loss to another.43
4. United States
Law: In US, there is an entire list of Federal & State laws governing the provisions of
Privacy.44
Some countries such as the United States have avoided general data protection rules in favor
of specific sectoral laws governing, for example, video rental records and financial privacy.
In such cases, enforcement is achieved through a range of mechanisms. There is no single law
41

http://www.bbc.com/capital/story/20130625-your-private-data-is-showing (Last seen

6th October 2014, 11:42 pm).
42
http://blog.vr.org/2014/05/privacy-laws-around-world/ (Last Seen 6th October 2014,
11:51 am).
43
Ibid.
44
To get a better insight, the following can be visited http://www.informationshield.com/usprivacylaws.html ( Last Seen 6th October 2014, 11:48
am).

ONLINE PRIVACY

Page 22

GUJARAT NATIONAL LAW UNIVERSITY

with regards to individual data and the protection of consumer data, or laws with regards to
gathering, acquiring, storing or the use of that data. The US uses a patchwork of laws that
address different kinds of data. HIPAA, for example, regulates the health history of the
individual and the use and disclosure of that information. The Fair Credit Reporting Act
allows consumers the ability to view, correct, contest, and limit the uses of credit reports. The
Electronic Communications Privacy Act is meant to protect individuals from the interception
of data - however, the law was written with loopholes such as implied consent when reading a
communication or accepting employment. The problem with this approach is that it requires
that new legislation be introduced with each new technologies so protections frequently lag
behind. The lack of legal protections for genetic information in the US is a striking example
of its limitations.. In other countries, sectoral laws are used to compliment comprehensive
legislation by providing more detailed protections for certain categories of information, such
as police files or consumer credit records.45

5. China
Law: The Rules Regarding the Protection of Personal Information of Telecommunications
and Internet Users, 2013
Chinas position on internet is clear - it prohibits any websites that it feels will cause a
disturbance within its borders. This definition changes daily and its censorship program
encompasses internet activity from websites to social media feeds. The country does have
several privacy laws on the books. The latest, enacted in 2013 is The Rules Regarding the
Protection of Personal Information of Telecommunications and Internet Users, which
regulates personal information as it pertains to e-commerce. Chinese tort courts have upheld
that privacy cannot be infringed upon and can be liable under the court; its criminal courts
have maintained that telecoms companies are criminally liable for releasing a customers
information. However, it remains to be seen if Chinas new law regarding privacy will do
much, as the older law, The Decision on Strengthening the Protection of Online Information,

45

http://gilc.org/privacy/survey/intro.html#fnlnk0001 (Last Seen 6 th October 2014, 11:50

am).

ONLINE PRIVACY

Page 23

GUJARAT NATIONAL LAW UNIVERSITY

wasnt clear as to what the responsibilities of the government were. The law was not fully
implemented because of this.46
6. Laws under other jurisdictions around the World
"The EU has strong standards and enforcement. And the rest of the world is playing catch up." says Daniel
Cooper, a partner at the London office of Covington & Burling.
Asia, meanwhile, is also coming along the data privacy curve pretty quickly. Singapore
passed a data privacy law last year that protects all personal data ten years after a persons
death. And South Korea has some of the strongest data privacy laws in Asia, even covering a
persons image or voice.
The EU has also used its collective clout to drive change in privacy rules in other countries,
mainly through trade. Central and South American countries such as Peru, Uruguay, Costa
Rica and Mexico have hammered out data privacy laws in the past few years in hopes of
complying with the EU Data Protection Directive to further open trade with South American
businesses. Argentina, which offered its own data privacy rules in 2000 mainly to do more
trade with Europe, also meets the EUs standards.
Several other South American countries, including Brazil, are in the midst of formulating
privacy laws. Australia has also hammered out a bare bones data privacy law that has been
added to over the years, although the countrys laws do not meet the EU standards, since
Australian data isnt as rigorously protected.47
Data protection can also be achieved - at least in theory - through various forms of self
regulation, in which companies and industries establish codes of practice. However, the
record of these efforts has been disappointing, with little or no evidence that the aims of the
codes are regularly fulfilled. Adequacy and enforcement are the major problem with these
approaches. Industry codes in many countries have tended to provide only weak protections
and lack of enforcement. This is currently the policy promoted by the governments of United
States, Singapore and Australia.

46
47

Supra Note 11.

Supra Note 10.

ONLINE PRIVACY

Page 24

GUJARAT NATIONAL LAW UNIVERSITY

With the recent development of commercially available technology-based systems, privacy
protection has also moved into the hands of individual users. Users of the Internet can employ
a range of programs and systems which will ensure varying degrees of privacy and security
of communications. Recently, the European Commission evaluated some of the technologies
and stated that the tools would not replace a legal framework.

Landmark Decision - C 131-12

Right to be Forgotten Under Online Privacy

In 2010, a Spanish citizen lodged a complaint against a Spanish newspaper with the national
Data Protection Agency and against Google Spain and Google Inc. The citizen complained
that an auction notice of his repossessed home on Googles search results infringed his
privacy rights because the proceedings concerning him had been fully resolved for a number
of years and hence the reference to these was entirely irrelevant. He requested, first, that the
newspaper be required either to remove or alter the pages in question so that the personal data
relating to him no longer appeared; and second, that Google Spain or Google Inc. be required
to remove the personal data relating to him, so that it no longer appeared in the search results.
The Spanish court referred the case to the Court of Justice of the European Union asking:
(a) whether the EU's 1995 Data Protection Directive applied to search engines such as
Google;
(b) whether EU law (the Directive) applied to Google Spain, given that the company's data
processing server was in the United States;
(c) whether an individual has the right to request that his or her personal data be removed
from accessibility via a search engine (the 'right to be forgotten').
In its ruling of 13 May 201448 the EU Court said:
a) On the territoriality of EU rules : Even if the physical server of a company processing data
is located outside Europe, EU rules apply to search engine operators if they have a branch or

48

http://curia.europa.eu/jcms/upload/docs/application/pdf/2014-05/cp140070en.pdf (Last
Seen 6th October 2014, 12:42 pm).

ONLINE PRIVACY

Page 25

GUJARAT NATIONAL LAW UNIVERSITY

a subsidiary in a Member State which promotes the selling of advertising space offered by the
search engine;
b) On the applicability of EU data protection rules to a search engine: Search engines are controllers of personal data. Google can therefore not escape its responsibilities before European
law when handling personal data by saying it is a search engine. EU data protection law
applies and so does the right to be forgotten.
c) On the "Right to be Forgotten": Individuals have the right - under certain conditions - to
ask search engines to remove links with personal information about them. This applies
where the information is inaccurate, inadequate, irrelevant or excessive for the purposes of
the data processing (paragraph 93 of the ruling). The court found that in this particular case
the interference with a persons right to data protection could not be justified merely by the
economic interest of the search engine. At the same time, the Court explicitly clarified that
the right to be forgotten is not absolute but will always need to be balanced against other
fundamental rights, such as the freedom of expression and of the media (paragraph 85 of the
ruling). A case-by-case assessment is needed considering the type of information in
question, its sensitivity for the individuals private life and the interest of the public in
having access to that information. The role the person requesting the deletion plays in public
life might also be relevant.49
The Court in its judgement did not elevate the right to be forgotten to a "super right"
trumping other fundamental rights, such as the freedom of expression or the freedom of the
media.
On the contrary, it confirmed that the right to get your data erased is not absolute and has
clear limits. The request for erasure has to be assessed on a case-by-case basis. It only
applies where personal data storage is no longer necessary or is irrelevant for the original
purposes of the processing for which the data was collected. Removing irrelevant and out
dated links is not tantamount to deleting content.

49

Ibid.

ONLINE PRIVACY

Page 26

GUJARAT NATIONAL LAW UNIVERSITY

The Court also clarified, that a case-by-case assessment will be needed. Neither the right to
the protection of personal data nor and the right to freedom of expression are absolute
rights. A fair balance should be sought between the legitimate interest of internet users and
the persons fundamental rights. Freedom of expression carries with it responsibilities and
has limits both in the online and offline world.
The case itself provides an example of this balancing exercise. While the Court ordered
Google to delete access to the information deemed irrelevant by the Spanish citizen, it did
not rule that the content of the underlying newspaper archive had to be changed in the name
of data protection (paragraph 88 of the Courts ruling). The Spanish citizens data may still
be accessible but is no longer ubiquitous. This is enough for the citizens privacy to be
respected.
This is exactly the spirit of the proposed EU data protection Regulation : empowering
individuals to manage their personal data while explicitly protecting the freedom of
ONLINE PRIVACY

Page 27

GUJARAT NATIONAL LAW UNIVERSITY

expression and of the media Article 80 of the proposed Regulation includes a specific
clause which obliges Member States to pass national legislation to reconcile data prosection with the right to freedom of expression, including the processing of data for
journalistic purposes. The clause specifically asks for the type of balancing that the Court
outlined in its ruling whereas todays 1995 Directive is silent implying that data protection
could rank above freedom of the media. The Commission proposes to strengthen freedom
of expression and of the media through the revision of Europes data protection rules.
The proposed Data Protection Regulation strikes the right balance between the right to the
protection of personal data and freedom of expression.50
0101010101000
Accordingly, Google has started to remove search results, following the judgement's 'right to
be forgotten' ruling.
Europe's top court ruled that people have the right to have 'inadequate' and 'irrelevant' results
about them wiped from the web, which led to the tech giant being bombarded with requests.
Searches for peoples names now include a message at the bottom of the results page that
says results may have been removed under data protection law in Europe.51

50

http://ec.europa.eu/justice/dataprotection/files/factsheets/factsheet_data_protection_en.pdf (Last Seen 6th Ocotber

2014, 12:47 pm).
51
http://www.dailymail.co.uk/sciencetech/article-2670600/Google-starts-removing-searchresults-Tech-giant-warns-users-links-deleted-right-forgotten-rule.html (Last seen 6th
October 2014, 1:05 pm).

ONLINE PRIVACY

Page 28

GUJARAT NATIONAL LAW UNIVERSITY

The tech giant is not new to notice-and-takedown removals, to do with defamation, for
example. It also has experience dealing with take-down requests in its YouTube video
website, which has a process to remove uploads that infringe copyrights.
But the ruling marks an entirely new process for search engines.
Google is the dominant search engine in Europe, commanding about 93 per cent of the
market, according to StatCounter global statistics. Microsoft Corp's Bing has 2.4 per cent and
Yahoo Inc has 1.7 per cent of market share.
A spokesman for Microsoft's Bing told MailOnline: "We're currently working on a special
process for residents of the European Union to request blocks of specific privacy-related
search results on Bing in response to searches on their names."52

V.

CONCLUSION

Inc. magazine reports that the Internet's biggest corporations have hoarded Internet users'
personal data and sold it for large financial profits. The situation is indeed grave and demands
immediate attention. However, while dealing with the issue of internet privacy, one must first
be concerned with not only the technological implications such as damaged property,
corrupted files, and the like, but also with the potential for implications on their real lives.
One such implication, which is rather commonly viewed as being one of the most daunting
fears risks of the Internet, is the potential for identity theft.
Online data collection by search engines allows Internet businesses to track consumers
online roadmap, everything from the sites they visit to the purchases they make. This poses
52

Ibid (Last seen 6th October 2014, 1:10 pm).

ONLINE PRIVACY

Page 29

GUJARAT NATIONAL LAW UNIVERSITY

problems globally to those who are web users around the world, especially in a world where
there is no overarching privacy policy. The general consensus of this issue regarding
international privacy violations is that, since the Internet is global, the privacy policies should
also be global and unified. Currently, as of March 2012, the need for a set of unified privacy
policies has been met by the European Union with proposed legislation. The Data Protection
Regulation is a proposed set of consistent regulations across the European Union that will
protect Internet users from clandestine tracking and unauthorized personal data usage.
Some experts such as Steve Rambam, a private investigator specializing in Internet privacy
cases, believe that privacy no longer exists; saying, "Privacy is dead get over it". In fact, it
has been suggested that the "appeal of online services is to broadcast personal information on
purpose." On the other hand, in his essay, The Value of Privacy, security expert Bruce
Schneier says, "Privacy protects us from abuses by those in power, even if we're doing
nothing wrong at the time of surveillance."

ONLINE PRIVACY

Page 30

GUJARAT NATIONAL LAW UNIVERSITY

VI.

REFERENCES

Conventions, Statutes and Reports referred:

1. Convention for the Protection of Individuals with regard to the Automatic Processing
of Personal Data Convention , ETS No. 108, Stasbourg, 1981
2. Indian Telegraph Rules, 1951
3. Information Technology Act, 2000
4. OECD, Guidelines governing the Protection of Privacy and Transborder Data Flows
of Personal Data , Paris, 1981
5. Preliminary of The Privacy Protection Bill, 2013
6. The Calcutt Committee, Report of the Committee on Privacy and Related Matters,
1990

Web Refernces:

1. David Flaherty, "Protecting Privacy in surveillance societies", University of North

Carolina Press, 1989
2. Hafeez, M., 2009. Crime Line: Curiosity was his main motive, say city police. Crime
Line. Available at:http://mateenhafeez.blogspot.com/2009/05/curiosity-was-his-mainmotive-say-city.html (Accessed on 30-09-2014)
3. http://articles.latimes.com/2013/dec/19/world/la-fg-wn-un-surveillance-privacyrights-edward-snowden-20131219 (Last seen 6th October 2014, 12:14 pm)
4. http://blog.vr.org/2014/05/privacy-laws-around-world/ (Last Seen 6th October 2014,
11:51 am)
5. http://cis-india.org/internet-governance/blog/privacy/safeguards-for-electronicprivacy (Accessed on 29-09-2014)
6. http://cis-india.org/internet-governance/telecommunications-internet-privacy.pdf
(Accessed on 29-09-2014)
7. http://cis-india.org/internet-governance/telecommunications-internet-privacy.pdf.
8. http://curia.europa.eu/jcms/upload/docs/application/pdf/2014-05/cp140070en.pdf
(Last Seen 6th October 2014, 12:42 pm)
9. http://cybercellmumbai.gov.in/html/case-studies/case-of-fishing.html (Accessed on
30-09-2014)

ONLINE PRIVACY

Page 31

GUJARAT NATIONAL LAW UNIVERSITY

10. http://ec.europa.eu/justice/dataprotection/files/factsheets/factsheet_data_protection_en.pdf (Last Seen 6th Ocotber
2014, 12:47 pm)
11. http://gilc.org/privacy/survey/intro.html (Last seen 6th October 2014, 1:15 am)
12. http://gilc.org/privacy/survey/intro.html#fnlnk0001 (Last seen 6th October 2014, 8:01
am)
13. http://gilc.org/privacy/survey/intro.html#fnlnk0001 (Last Seen 6th October 2014,
11:50 am)
14. http://papers.ssrn.com/sol3/papers.cfm?abstract_id=2357266
15. http://resources.infosecinstitute.com/differences-privacy-laws-in-eu-and-us/

(Last

Seen 6th Ocotber 2014, 11:53 am)

16. http://ssrn.com/abstract=1682465
17. http://ssrn.com/abstract=2188749
18. http://ssrn.com/abstract=2357266
19. http://www.bbc.com/capital/story/20130625-your-private-data-is-showing (Last seen
6th October 2014, 11:42 pm)
20. http://www.bullguard.com/bullguard-security-center/internet-security/social-mediadangers/privacy-violations-in-social-media.aspx (Accessed on 01-10-2014).
21. http://www.dailymail.co.uk/sciencetech/article-2670600/Google-starts-removingsearch-results-Tech-giant-warns-users-links-deleted-right-forgotten-rule.html

(Last

seen 6th October 2014, 1:05 pm)

22. http://www.electroniccourts.in/privacylawsindia/?p=13
23. http://www.informationshield.com/usprivacylaws.html ( Last Seen 6th October 2014,
11:48 am)
24. http://www.legalserviceindia.com/articles/art222.htm
25. http://www.ohchr.org/en/hrbodies/hrc/regularsessions/session27/documents/a.hrc.27.3
7_en.pdf (Last seen 6th October 2014, 12:25 pm)
26. http://www.oxforddictionaries.com/definition/english/privacy
27. http://www.prsindia.org/parliamenttrack/report-summaries/cyber-crime-cybersecurity-and-right-to-privacy-3158/
28. http://www.theregister.co.uk/2013/12/19/united_nations_signs_off_on_right_to_priva
cy_in_the_digital_age/ (Last Seen 6th October 2014, 12:20 pm)
29. http://www.un.org/ga/search/view_doc.asp?symbol=A/RES/68/167 (Last seen 6th
October 2014, 12:27 pm)
ONLINE PRIVACY

Page 32

GUJARAT NATIONAL LAW UNIVERSITY

30. http://www.usnews.com/news/articles/2013/12/23/2014-consumers-seek-onlineprivacy (Last seen 6th October 2014, 1:07 am)
31. Shalini Singh, Govt. violates privacy safeguards to secretly monitor Internet traffic,
The

Hindu,

September

9,

2013,

available

on

http://www.thehindu.com/news/national/govt-violates-privacy-safeguards-to-secretlymonitor-internet-traffic/article5107682.ece (Accessed on 01-10-2014)

ONLINE PRIVACY

Page 33