Cybercrime: A Threat To Data Privacy

After the right to privacy was declared as an integral part of Article 21^[1] of the Constitution of India in the case of Justice K.S. Puttaswamy (Retd.) & Anr. Vs Union of India & Ors,^[2] this issue gained a lot more limelight. Firstly, the importance of privacy must be interpreted separately to understand the meaning of data privacy. Privacy does not have a well-framed definition, so it can be roughly defined as a person's right to control the usage mechanism of their data. While surfing through the internet, they are not being monitored. Hence, data privacy is a subset of data security that deals with managing data, who is using it, and in what form.

Cybercrime And Data Privacy

“Cybercrime is a criminal offence on the Web, a criminal offence regarding the Internet, a violation of law on the Internet, an illegality committed with regard to the Internet, breach of law on the Internet, computer crime, contravention through the Web, corruption regarding Internet, disrupting operations through malevolent programs on the Internet, electric crime, sale of contraband on the Internet, stalking victims on the Internet and theft of identity on the Internet.”

Cybercrime affects the data privacy of consumers in many ways; distributed denial-of-service (DDoS) attacks are made by the hackers, which bring down the network for a while and in the meantime, the hackers enter into the system for further actions, identity theft is done against the consumer by gaining control over their personal information, it is hazardous as they may perform any criminal act on the name of the consumer, for example, they may hack the password of social media accounts etc., online scams also come under the purview of cybercrime where the promise of rewards and messages of credited amounts are made to the consumer to lure them into it. Phishing is the most common type of cybercrime, where malicious e-mails and attachments are sent to consumers to enter their systems.

The problem in the case of medical genetic data is also quite similar; the information is stored in the DNA banks, also known as genetic databases, which, although they hold several advantages, put up the personal data of individuals at stake. When the data fiduciaries take over this data, it becomes untraceable; hence, individuals do not know the usage and management of their data.

Cybercrime in India is growing continuously. In August 2019, a National Cyber Crime Reporting Portal was initiated by the Ministry of Home Affairs (MHA) to let people report cases of such crimes. The reported instances crossed all the limits, and the count went to more than three lakhs in less than two years. The reports also revealed that people from the cyber hub of the country, especially Maharashtra and Karnataka, were the most victimized.^[3]

In another report put forward by Indian Computer Emergency Response Team (CERT-In), it was revealed that "a total number of 1,59,761; 2,46,514 and 2,90,445 cyber security incidents about digital banking were reported during the years 2018, 2019 and 2020 respectively".^[4]

Legislation To Tackle Cybercrime In India

There are no specific laws to deal with cybercrime. However, some sections of the IT Act 2000 and judicial interpretations are acknowledged in India. Yahoo! Inc. v. Akash Arora & Anr.^[5] was the first case in India related to cybercrime. The Court, in this case on the plea filed by Yahoo, granted the permanent injunction which refrained the defendant Akash Arora from using the trademark of Yahoo.

In Vinod Kaushik & Anr. v. Madhvika Joshi & Ors., the defendant was accused of accessing the e-mail of her father and father-in-law. The Court held the action unauthorized under Section 43 of the IT Act, 2000 and the defendant was made liable. Information Technology Act, 2000 (ITA- 2000) is India's primary law dealing with cybercrime. It was amended in 2008 as the previous act lacked the provisions required to protect one's sensitive personal information provided electronically. Section 43A^[6] was taught in the front, which mandates the corporate body to protect sensitive protection data or information. Without such protection, the body would be liable to compensate the aggrieved party. Furthermore, section 72A^[7] of the act prescribes the penalty for disclosing the personal data of a party by breaching a lawful contract; it says that "the person may be punished with imprisonment for a term not exceeding three years, or with a fine not exceeding up to five lakh rupees, or with both".

Cybercrime is a real threat to an individual's data privacy, including any kind of data stored virtually, whether sensitive or insensitive. The only law to tackle this issue in India is the already discussed Information Technology Act 2000, as amended by the Information Technology (Amendment) Act 2008, by which the judiciary had also given several landmark judgments. Cyberspace lacks any sense of privacy. The numerous websites that provide a range of services to their users repeatedly fall short in protecting their personal information. At least three times this year, hackers gained access to the Sony website, which includes the play station and music websites. Numerous pieces of personal information were stolen, and for over a week, consumers were kept in the dark about the breach. As a consumer, I find it difficult to picture other websites being able to defend themselves from assaults if a major corporation like Sony can't keep its website safe from hackers. A new facet of crime has emerged with the growth of the Internet. The NCRB claims that the IT Act 2000 has given the harmed some relief. Despite this, as the NCRB investigation plainly showed, the IT Act will not totally stop criminals from hacking into websites. The perpetrators of the February 2000 cyberattacks are still at large, and each year there are further attacks on different websites.

Despite advances in passing and putting into practise cyber legislation, cybercrime has not yet been completely eradicated. Governments can only hope that a cybercriminal can be found and punished as there isn't much they can do to stop it. In order to secure their personal information as much as possible, Internet users should be more cautious about the websites they visit and familiarise themselves with their privacy policies.

The author is a student at National Law University, Mumbai. Views are personal.