Skip to main content

Data Privacy Issues Due to Increased use of Technology – An Assessment through the Functioning of Cyber Cookies in India



Author: Anna Mary Mathew

INTRODUCTION

Privacy in normal connotation can be defined as the protection of personal as well as sensitive personal information from being made known to third parties unless it is given specifically assent by the person whose information is released. Data privacy is the term that is accorded to protection of personal information in technological space. This brings us to the next question as to if there is any difference between data privacy and security.

Security comes under the broader head of Data privacy. Security ensures that an individual’s personal information stored in the form of data is inaccessible through malicious software, but how about the technology that is present in the websites in the form of cyber cookies. Some of these cookies do not even seek prior approval from collecting our data. Hence, a clear breach of our privacy is committed. This blog will examine India’s stance with regard to data privacy specifically through the focal point of cyber cookies.

CYBER COOKIES AND DATA PRIVACY

A cyber cookie is a text file that is embedded on a website, which enables the creator to distinguish your computer in a network server. Ideally, cyber cookies will aid the website owners to provide users with optimum browsing experience, as cookies will monitor the activities and ascertain the inclination of the user and personalise the website according to liking of the user. This in a way will benefit both the user and the website owner. 

There are various types of cookies, out of the total variety of cookies the strictly necessary cookies are the most important kind, as these are the only cookies that essentially fulfil the purpose of its creation. These cookies are necessary to browse the website and access the basic features of the website like adding items to a cart etc. There are other kind of cookies such as, persistent cookie. This is the cookie that is present in the hard disk of the user and it will remain there until it is erased manually or till its expiration period is exhausted.

There is another peculiar, but rather dangerous form of cookie called the third-party cookie. These cookies retain the information of the user of a device and shares this information to a third-party advertiser. Now, imagine a scenario without our prior-approval these website owners are sharing our information to third-parties. This is an absolute breach of privacy.

INDIA’S STANCE ON CYBER COOKIE REGULATION

It is rather disappointing to say that India till date does not have a law that is exclusively present to protect personal information in the form of data stored in electronic devices, neither is it a party to international convention that focus on guaranteeing data protection, such as Group Data Protection Regulation of the European Union or the Personal Data Protection Policy.

In India, through the Supreme Court case law Justice K S Puttaswamy V. Union of India, (2017) 10 SCC 1 (India), it is a well-known fact that right to privacy has been recognised as a fundamental right and as a facet of Article 21 of the Indian Constitution. Even though, clearly right to privacy has been has been emphasised by Indian laws, cyber cookies are still in existence and is still embedding personal information of individuals into their database.

Currently as there exists no specific law to address this issue, we have to look into a general law which is relevant to the cyber space of India, the Information Technology Act, 2000. In the Information Technology Act, 2000. There exists two sections, 43A and 72A which propounds on compensation provided to individuals in case sensitive personal data is breached.

Section 43A only looks into situations where “sensitive personal information” is collected. Hence, it is absolutely necessary to identify as to whether a cookie collects sensitive personal information or not, a categorization that can be considered as sensitive personal information has been provided under Section 3 of the Data Protection Rules 2011. It specifies about bank account number etc. Even though superficially it might seem as a cyber cookies might not collect any sensitive personal information. But as we have seen in the functioning of a cyber cookie, how it gets embedded on a website. Once it gets embedded it has full access to the activity of an individual, in fact we cannot even apprehend as to the amount of data they’ll be able to access if they can oversee the entire activity that we engage in.

Being mindful about the possible mishaps that can happen with the growth in the use of technology the government introduced The Personal Data Protection Bill, 2019. Even though this is an idealistic law, that is, if it comes into existence then it can essentially resolve a significant amount of data privacy issues that are present in the current world. It is still kept in deliberation. The parliamentary session for the deliberation on the implementation of the bill keeps extending indefinitely.

However, there is another moot question that is very relevant to data protection. Should only personal data be regulated, shouldn’t there be some kind of regulation made to non-personal data as well. Because, even though by definition non-personal data might not be considered as vital, in certain circumstances non-personal data can lead to gaining access to personal data. This is because the cyberworld is growing profusely and if situations like these are apprehended beforehand then some amount of cyber-crimes can be reduced.

A classic example that can be provided to specify as to what will qualify as a personal information and what qualifies as a non-personal information is that: If I place an order for food through a food delivery app on my mobile phone then the application collects information such as my name, age, gender and contact number. The name and the contact number of the person making the order will qualify as personal information and the rest as non-personal information. In this scenario, if a cyber expert wants to commit a cybercrime a mere access to non-personal information can lead to obtaining personal information.

CONCLUSION

Therefore, when cookies were created in the year 1994 it was with an intent to benefit the users as well as the owners of business. However, with the growth of technology people are making new ways to misuse the data obtained through this medium and commit cybercrimes. Hence, what India requires to do urgently is that, it should first pass the Data Protection bill, this will provide significant protection to internet users and in turn will safeguard this important data of individuals.

Comments

Post a Comment

Share your views

Popular posts from this blog

Para Legal Services in India

  Author: Kunal Keshri, Bennett University Abstract Paralegal service is an emerging legal field. Objective of this topic is to get an understanding of the function that paralegals play in the administration of justice. To be aware of the challenges involved in the actual implementation of paralegal services. In order to determine the real and practical conditions of the system of enforcement for Para-Legal Services, such as Legal Services authorities, Committees, Legal Aid Clinics, Law Colleges or Universities, and other Institutions, it is necessary to identify these conditions. To provide findings, solutions, suggestions, as well as an effective and practical approach and implementation, with the goal of protecting, developing, educating, and improving the welfare of economically weaker and vulnerable sections of the population. Introduction Paralegal Services serve a key role in the administration of justice as one of the primary foundations, ensuring the ends and delivery of j...
4 comments
Read more

Attestation , Revocation, Alteration and Revival of Wills

  Author: Amit Sheoran, Symbiosis Law School, Nagpur People were worried about their lives after the corona pandemic. Because in Corona, no one was aware that anything could happen at any time. That is why they start thinking that if they die, then what will happen with their property and, as a result, they start making plans. A question arises in our mind after hearing the word will. What is will? It is defined under 2(h) of the Indian Succession Act, 1925. A will is a testamentary document by which a person bequeaths his property in the name of any other person. It will be effective after the death of the testator. The property will devolve on the person in whose favour it is bequeathed after the death of the testator. A will can be changed, revoked, or altered at any point of time after it is made. A will can be written more than once.All wills are revocable at any time during the life of the person and are confidential documents. A will can be attested, revoked, altered, and al...
11 comments
Read more

Impact of Globalization on Legal Profession

  Author: Rahul Gour, BML MUNJAL UNIVERSITY, Gurugram [email protected]    INTRODUCTION  Globalization is causing a fundamental transformation in the legal profession. Many countries are active in the legal profession, and there is also excess to the domestic economies as a result of globalisation. Globalization has wrought significant changes in the instruction of law students, the training of advocates, and the honing of advocates' professional abilities to address the problems posed by globalisation and the universalization of law. The legal industry's standard has risen, and lawyers must now be competent in addressing a wide range of cases. Political globalisation, economic globalisation, and technological globalisation are the three main drivers of globalisation. Globalization draws individuals from all over the world closer together, resulting in a new system of global governance as well as a global civil society. The legal profession has been affected ...
3 comments
Read more