Skip to main content

Data Privacy Issues Due to Increased use of Technology – An Assessment through the Functioning of Cyber Cookies in India



Author: Anna Mary Mathew

INTRODUCTION

Privacy in normal connotation can be defined as the protection of personal as well as sensitive personal information from being made known to third parties unless it is given specifically assent by the person whose information is released. Data privacy is the term that is accorded to protection of personal information in technological space. This brings us to the next question as to if there is any difference between data privacy and security.

Security comes under the broader head of Data privacy. Security ensures that an individual’s personal information stored in the form of data is inaccessible through malicious software, but how about the technology that is present in the websites in the form of cyber cookies. Some of these cookies do not even seek prior approval from collecting our data. Hence, a clear breach of our privacy is committed. This blog will examine India’s stance with regard to data privacy specifically through the focal point of cyber cookies.

CYBER COOKIES AND DATA PRIVACY

A cyber cookie is a text file that is embedded on a website, which enables the creator to distinguish your computer in a network server. Ideally, cyber cookies will aid the website owners to provide users with optimum browsing experience, as cookies will monitor the activities and ascertain the inclination of the user and personalise the website according to liking of the user. This in a way will benefit both the user and the website owner. 

There are various types of cookies, out of the total variety of cookies the strictly necessary cookies are the most important kind, as these are the only cookies that essentially fulfil the purpose of its creation. These cookies are necessary to browse the website and access the basic features of the website like adding items to a cart etc. There are other kind of cookies such as, persistent cookie. This is the cookie that is present in the hard disk of the user and it will remain there until it is erased manually or till its expiration period is exhausted.

There is another peculiar, but rather dangerous form of cookie called the third-party cookie. These cookies retain the information of the user of a device and shares this information to a third-party advertiser. Now, imagine a scenario without our prior-approval these website owners are sharing our information to third-parties. This is an absolute breach of privacy.

INDIA’S STANCE ON CYBER COOKIE REGULATION

It is rather disappointing to say that India till date does not have a law that is exclusively present to protect personal information in the form of data stored in electronic devices, neither is it a party to international convention that focus on guaranteeing data protection, such as Group Data Protection Regulation of the European Union or the Personal Data Protection Policy.

In India, through the Supreme Court case law Justice K S Puttaswamy V. Union of India, (2017) 10 SCC 1 (India), it is a well-known fact that right to privacy has been recognised as a fundamental right and as a facet of Article 21 of the Indian Constitution. Even though, clearly right to privacy has been has been emphasised by Indian laws, cyber cookies are still in existence and is still embedding personal information of individuals into their database.

Currently as there exists no specific law to address this issue, we have to look into a general law which is relevant to the cyber space of India, the Information Technology Act, 2000. In the Information Technology Act, 2000. There exists two sections, 43A and 72A which propounds on compensation provided to individuals in case sensitive personal data is breached.

Section 43A only looks into situations where “sensitive personal information” is collected. Hence, it is absolutely necessary to identify as to whether a cookie collects sensitive personal information or not, a categorization that can be considered as sensitive personal information has been provided under Section 3 of the Data Protection Rules 2011. It specifies about bank account number etc. Even though superficially it might seem as a cyber cookies might not collect any sensitive personal information. But as we have seen in the functioning of a cyber cookie, how it gets embedded on a website. Once it gets embedded it has full access to the activity of an individual, in fact we cannot even apprehend as to the amount of data they’ll be able to access if they can oversee the entire activity that we engage in.

Being mindful about the possible mishaps that can happen with the growth in the use of technology the government introduced The Personal Data Protection Bill, 2019. Even though this is an idealistic law, that is, if it comes into existence then it can essentially resolve a significant amount of data privacy issues that are present in the current world. It is still kept in deliberation. The parliamentary session for the deliberation on the implementation of the bill keeps extending indefinitely.

However, there is another moot question that is very relevant to data protection. Should only personal data be regulated, shouldn’t there be some kind of regulation made to non-personal data as well. Because, even though by definition non-personal data might not be considered as vital, in certain circumstances non-personal data can lead to gaining access to personal data. This is because the cyberworld is growing profusely and if situations like these are apprehended beforehand then some amount of cyber-crimes can be reduced.

A classic example that can be provided to specify as to what will qualify as a personal information and what qualifies as a non-personal information is that: If I place an order for food through a food delivery app on my mobile phone then the application collects information such as my name, age, gender and contact number. The name and the contact number of the person making the order will qualify as personal information and the rest as non-personal information. In this scenario, if a cyber expert wants to commit a cybercrime a mere access to non-personal information can lead to obtaining personal information.

CONCLUSION

Therefore, when cookies were created in the year 1994 it was with an intent to benefit the users as well as the owners of business. However, with the growth of technology people are making new ways to misuse the data obtained through this medium and commit cybercrimes. Hence, what India requires to do urgently is that, it should first pass the Data Protection bill, this will provide significant protection to internet users and in turn will safeguard this important data of individuals.

Comments

Post a Comment

Share your views

Popular posts from this blog

Registration of LLP and Laws

  Name – Shweta Pandit College - National Law School Of India University, Bangalore. Introduction- LLP(Limited Liability Partnership) is a limited liability company, you will find the characteristics of both a corporation and a partnership in this form of a company. LLP came into effect in 2008 when the Limited Liability Partnership Act was passed in India..  LLP- Limited Liability Partnership, is a partnership where partners have limited liability and are responsible only for the loss/damage created by themselves and not by any of their partner or partners. Partners in LLP have a fair share of say in the workings of the business.  Registration of LLP- It is a long process to register a LLP, the few steps involved in the process are discussed as follows: First step is to get the DSC, which is a Digital Signature Certificate from the government agencies such as E-Mudra, NSDL, IDRBT Certifying Authority, National Informatics Center, CDAC and each agency has its own costs of providing ser
15 comments
Read more

Attestation , Revocation, Alteration and Revival of Wills

  Author: Amit Sheoran, Symbiosis Law School, Nagpur People were worried about their lives after the corona pandemic. Because in Corona, no one was aware that anything could happen at any time. That is why they start thinking that if they die, then what will happen with their property and, as a result, they start making plans. A question arises in our mind after hearing the word will. What is will? It is defined under 2(h) of the Indian Succession Act, 1925. A will is a testamentary document by which a person bequeaths his property in the name of any other person. It will be effective after the death of the testator. The property will devolve on the person in whose favour it is bequeathed after the death of the testator. A will can be changed, revoked, or altered at any point of time after it is made. A will can be written more than once.All wills are revocable at any time during the life of the person and are confidential documents. A will can be attested, revoked, altered, and also r
11 comments
Read more

Indian Depository Receipts: Requisites and Benefits

  Yash Miniyar Maharashtra National Law University, Aurangabad A. INTRODUCTION Depository Receipts are a form of transferable instruments, which aid in the flow of general trade in a stock exchange at a given time. They are classified as financial securities in the form of equity that are issued by listed companies. The depository receipt is a form of certificate which denotes the valid holding of the security or shares of a given company. One of the most recognised and busiest forms of depository receipts in the world is the American Depository Receipts, which allows in trading of shares or securities of foreign companies. These receipts act as a form of investment for potential investors in order to diversify their assets and hold shares of their desired companies. This not only allows the economic diversification but also the geographic diversification. These depositories act as mediums to curb the hindrances or the obstacles which prevented people from making foreign investments,
Post a Comment
Read more