Legal News and Insight around the Globe!

Behind the Lens: Punishment for privacy violation Under Information Technology Act

Tanishka Tiwari

Published on: October 25, 2023 at 12:10 IST

The law does not define privacy; instead, it determines which instances of privacy shall be legally protected. It is worth noting that the common law lacks a general right to privacy, and the Indian Parliament has hesitated to adopt one.

The terms confidentiality and privacy are relatively interchangeable. Confidentiality entails a expressed or implicit basis of an independent equitable concept of trust. Individuals, groups, or institutions can decide when, how, and to what extent information about them is shared with others. The right to privacy is more of an implication. It is the “right to be left alone.”

Every citizen in India has the right to privacy and to defend themselves from anguish, social harm, embarrassment, and other forms of harassment, including any invasion of privacy that threatens human dignity, reputation, etc. As a result, as one of the fundamental rights guaranteed by our Constitution, citizens have the right to privacy.

Definition of privacy, confidentiality, and personal data by Indian laws

According to Indian law, it does not define privacy but rather gives legal protection in cases where privacy would be granted. As a result, it must be demonstrated that the images were divulged while under an obligation of confidentiality.

The terms ‘privacy’ and ‘confidentiality’ are sometimes used interchangeably. ‘Confidentiality’ refers to the equitable system of confidence, but ‘privacy’ refers to the claim of ‘aggrieved’ individuals (celebrities) who have determined for themselves when, how, and to what extent their naked images or movies will be released to others.

If the ‘victims’ need to use evidence, it may be images or films obtained by hacking (or unauthorised access to a computer resource) by someone. Nonetheless, the viewer of such movies or pictures may be expected to understand that the recording and snapshot were private.

In India, remedies for invasion of privacy existed under tort law, and the Supreme Court of India admitted to limiting constitutional recognition to the right to privacy under Article 21 of the Indian Constitution.1

To secure personal information, the Information Technology (Reasonable Security Practises and Procedures and Sensitive Personal Data or Information) Rules, 2011, were enacted. Individual privacy and personal information are only protected by the codified terms of this rule.

According to Rule 3 of this, the aggregated definition of sensitive personal data is as follows: Sensitive personal data or knowledge of a person consists of such private information as the following:

  • Password
  • Physical, mental, and physiological health conditions
  • Sexual orientation
  • Financial data such as bank account, debit card, credit card, or any other payment device details
  • Medical records and history
  • Biometric information
  • All these details relating to the above clauses as provided to the body corporate for providing assistance and services
  • Any of the information is obtained under the above clauses by the body corporate for processing, storing under lawful contract, or otherwise

Provided that whatever information that is easily accessible or available in the public domain or furnished under the Right to Information Act, 2005 or any other law for the time being in force shall not be regarded as sensitive personal data or information for these rules.

To implement the previous principles, we must first determine if the naked photographs or videos contain ‘sensitive’ personal data. Following Rule 8 – Reasonable Security Practises:

  • A corporate body or a person acting on its behalf is deemed to have followed reasonable security practices and procedures and implemented security control measures under their established information security plan and policies.
  • The International Standard IS/ISO/IEC 27001 on “Information Technology – Security Techniques – Information Security Management System – Requirements” is a standard mentioned in sub-rule (1).

Violation of privacy or incursion of privacy

Considering various states where the same law is interpreted differently in our country. On the one hand, the law that outlaws distributing intimate recordings may also permit videotaping and image capture without one’s knowledge or consent. The state that includes both practices is called a violation or invasion of privacy. In some areas, capturing your image or video without your agreement is classified as illicit conduct or voyeurism.

The most generous thing to do is determine if you are subject to a one-party or all-party consent obligation. Both state and national laws can impact a video recording, and the rules are more stringent. So, whatever law is more stringent is more likely to be obeyed; if your state has more strict rules than general laws, you should follow your state laws.

However, Closed Circuit Television (CCTV) is the practice of recording actions in open public places such as homes and offices for security purposes. On the other hand, residential CCTV may need more elements to claim privacy because it is a remote technology that is neither proximate nor mainly targeted. When it comes to closed, intimate locations like homes, the accusation of privacy invasion due to CCTV becomes a legal battle for individual privacy.

In the matter of Smt. Dheeraj Bala v. Rajinder Kumar, 2015 The Delhi High Court addressed this issue. Without the plaintiff’s permission, the defendants installed a CCTV camera on the wall adjacent to the common stairwell. The stairwell led to the building’s second floor. The court ruled that installing CCTV in regularly used areas of a neighbourhood does not violate personal space.

The court agreed that the plaintiff’s concern about an image being modified and spread is understandable and valid. The court also accepted the defendant’s claim that his actions were negligent. The court determined that the camera on the communal stairwell wall needed to be removed immediately after balancing the rights and purposes. However, they allowed installation on the second-floor roof or at the front gate.

Specific offences and punishments under the IT Act

The Information Technology Act, 2000, approved by Parliament, defines data, computer database, information, electronic form, originator, addressee, etc., and provides civil liability if anybody accesses or secures access to a computer, computer system, or computer network, creates criminal liability for anyone who accesses or secures access to a computer, computer system, or computer network, declares any computer, computer system, or computer network to be a protected system, imposes penalties for breaches of confidentiality and privacy, establishes a hierarchy of regulatory authorities, including adjudicating officers and the Cyber Regulations Appellate Tribunal, and so on.

This Act contains numerous sections. Only those portions that define the punishment and offence in the case of a breach of privacy are discussed here.

According to Section 72 of this Act,2 the penalty for breach of privacy and confidentiality is any person who, in the exercise of the powers conferred by this Act, rules or regulations made thereunder, secures access to any electronic record, register, book, document, correspondence information, or any other material without the consent of the concerned person and discloses such material to any other person. Shall be punished with imprisonment for a term of up to two years, or with a fine of up to one lakh rupees, or both.

The fact of the case in State of Tamil Nadu v. Suhas Katti (2004)3 is about an irritating and defamatory comment against a divorced woman on a Yahoo messaging group. Because the accused was found guilty of charges under Sections 469,4 5095 of the Indian Penal Code and 67 of the Information Technology Act 2000,6 he was sentenced to two years in prison and fined Rs.500/- under Section 469 of the Indian Penal Code.

The court held in the case of Avnish Bajaj v. State that the entire case brings out a prima facie case considering the offences under Sections 292(1)(a)7 and 292(2)(d)8 of the Indian Penal Code and Section 67 of the IT Act, which are made out against BIPL named as EIPL in respect of the listing and the video clip. As a result, the petitioner will be released in this matter for the charges under Sections 2929 and 29410 of the IPC. The petitioner faces a prima facie case for the crime under Section 67.

As a result, while the petitioner’s case for the charges under Sections 292 and 294 IPC is dismissed, the offence under Section 67 read with Section 8511 of the IT Act 2000 shall proceed.

Conclusion:

In conclusion, implementing punitive measures for privacy violations in India, specifically targeting those responsible behind the lens, signifies a significant progression in safeguarding individual rights within an increasingly interconnected global community. This legal framework recognizes the paramount significance of privacy in the era of digital advancements and endeavours to deter and penalise individuals who infringe upon it. This approach acknowledges the broader responsibility associated with such actions by assigning accountability not only to the violator but also to the person capturing and disseminating images or videos. To ensure the effectiveness of this legislation, it must be accompanied by robust enforcement mechanisms and public awareness campaigns.

Additionally, striking a harmonious balance between the right to privacy and freedom of expression is complex. Legal provisions must be continuously reviewed and refined to adapt to the ever-changing technological landscapes and societal norms. Furthermore, it is crucial to actively encourage initiatives that promote education and awareness to foster a culture that respects privacy rights, both in the digital realm and in the physical world.

Ultimately, introducing punitive measures for those behind the scenes represents a commendable stride towards safeguarding individual privacy in India. As technology advances, it is crucial that legal frameworks evolve in parallel to uphold the fundamental rights and dignity of every individual. This nuanced approach aptly acknowledges the intricacies of our digital age and serves as a beacon of hope for a society that is more conscious of the importance of privacy.

References

Endnotes

1. Constitution of India, 1949, Art.21

2. The Information Technology Act, 2000, s.72, No.21, Acts of Parliament, 2000 (India)

3. C No. 4680 of 2004

4. The Indian Penal Code, 1860, s.469, No.45, Acts of Parliament, 1860 (India)

5. The Indian Penal Code, 1860, s.509, No.45, Acts of Parliament, 1860 (India)

6. The Information Technology Act, 2000, s.67, No.21, Acts of Parliament, 2000 (India)

7. The Indian Penal Code, 1860, s.292(1)(a), No.45, Acts of Parliament, 1860 (India)

8. The Indian Penal Code, 1860, s.292(2)(d), No.45, Acts of Parliament, 1860 (India)

9. The Indian Penal Code, 1860, s.292, No.45, Acts of Parliament, 1860 (India)

10. The Indian Penal Code, 1860, s.294, No.45, Acts of Parliament, 1860 (India)

11. The Information Technology Act, 2000, s.85, No.21, Acts of Parliament, 2000 (India)