Data Privacy Issues Due to Increased use of Technology – An Assessment through the Functioning of Cyber Cookies in India
Author: Anna Mary Mathew
INTRODUCTION
Privacy in normal connotation can be defined as the protection of personal as well as sensitive personal information from being made known to third parties unless it is given specifically assent by the person whose information is released. Data privacy is the term that is accorded to protection of personal information in technological space. This brings us to the next question as to if there is any difference between data privacy and security.
Security comes under the broader head of Data privacy. Security ensures that an individual’s personal information stored in the form of data is inaccessible through malicious software, but how about the technology that is present in the websites in the form of cyber cookies. Some of these cookies do not even seek prior approval from collecting our data. Hence, a clear breach of our privacy is committed. This blog will examine India’s stance with regard to data privacy specifically through the focal point of cyber cookies.
CYBER
COOKIES AND DATA PRIVACY
A cyber cookie is a text file that is embedded on a website, which enables the creator to distinguish your computer in a network server. Ideally, cyber cookies will aid the website owners to provide users with optimum browsing experience, as cookies will monitor the activities and ascertain the inclination of the user and personalise the website according to liking of the user. This in a way will benefit both the user and the website owner.
There are various types of cookies, out of the total variety of cookies the strictly necessary cookies are the most important kind, as these are the only cookies that essentially fulfil the purpose of its creation. These cookies are necessary to browse the website and access the basic features of the website like adding items to a cart etc. There are other kind of cookies such as, persistent cookie. This is the cookie that is present in the hard disk of the user and it will remain there until it is erased manually or till its expiration period is exhausted.
There is another peculiar, but rather dangerous form of cookie called the third-party cookie. These cookies retain the information of the user of a device and shares this information to a third-party advertiser. Now, imagine a scenario without our prior-approval these website owners are sharing our information to third-parties. This is an absolute breach of privacy.
INDIA’S
STANCE ON CYBER COOKIE REGULATION
It is rather disappointing to say that India till date does not have a law that is exclusively present to protect personal information in the form of data stored in electronic devices, neither is it a party to international convention that focus on guaranteeing data protection, such as Group Data Protection Regulation of the European Union or the Personal Data Protection Policy.
In India, through the Supreme Court case law Justice K S Puttaswamy V. Union of India, (2017) 10 SCC 1 (India), it is a well-known fact that right to privacy has been recognised as a fundamental right and as a facet of Article 21 of the Indian Constitution. Even though, clearly right to privacy has been has been emphasised by Indian laws, cyber cookies are still in existence and is still embedding personal information of individuals into their database.
Currently as there exists no specific law to address this issue, we have to look into a general law which is relevant to the cyber space of India, the Information Technology Act, 2000. In the Information Technology Act, 2000. There exists two sections, 43A and 72A which propounds on compensation provided to individuals in case sensitive personal data is breached.
Section 43A only looks into situations where “sensitive personal information” is collected. Hence, it is absolutely necessary to identify as to whether a cookie collects sensitive personal information or not, a categorization that can be considered as sensitive personal information has been provided under Section 3 of the Data Protection Rules 2011. It specifies about bank account number etc. Even though superficially it might seem as a cyber cookies might not collect any sensitive personal information. But as we have seen in the functioning of a cyber cookie, how it gets embedded on a website. Once it gets embedded it has full access to the activity of an individual, in fact we cannot even apprehend as to the amount of data they’ll be able to access if they can oversee the entire activity that we engage in.
Being mindful about the possible mishaps that can happen with the growth in the use of technology the government introduced The Personal Data Protection Bill, 2019. Even though this is an idealistic law, that is, if it comes into existence then it can essentially resolve a significant amount of data privacy issues that are present in the current world. It is still kept in deliberation. The parliamentary session for the deliberation on the implementation of the bill keeps extending indefinitely.
However, there is another moot question that is very relevant to data protection. Should only personal data be regulated, shouldn’t there be some kind of regulation made to non-personal data as well. Because, even though by definition non-personal data might not be considered as vital, in certain circumstances non-personal data can lead to gaining access to personal data. This is because the cyberworld is growing profusely and if situations like these are apprehended beforehand then some amount of cyber-crimes can be reduced.
A classic example that can
be provided to specify as to what will qualify as a personal information and
what qualifies as a non-personal information is that: If I place an order for
food through a food delivery app on my mobile phone then the application
collects information such as my name, age, gender and contact number. The name
and the contact number of the person making the order will qualify as personal
information and the rest as non-personal information. In this scenario, if a
cyber expert wants to commit a cybercrime a mere access to non-personal
information can lead to obtaining personal information.
CONCLUSION
Therefore, when cookies
were created in the year 1994 it was with an intent to benefit the users as
well as the owners of business. However, with the growth of technology people
are making new ways to misuse the data obtained through this medium and commit
cybercrimes. Hence, what India requires to do urgently is that, it should first
pass the Data Protection bill, this will provide significant protection to internet
users and in turn will safeguard this important data of individuals.
Comments
Post a Comment
Share your views