This article is written by Dilip S. Vishwakarma, pursuing Diploma in International Data Protection and Privacy Laws from Lawsikho. The article has been edited by Aditi Deshmukh (Associate, LawSikho) and Ruchika Mohapatra (Associate, LawSikho).
Privacy is defined as the freedom to recognize or receive public attention, or the person’s ability to conceal himself or herself and their information. That applies to all forms of conditions, including the digital world. However, when it comes to digital or internet privacy, most people find themselves jumbled about what it stands for. Internet privacy, also known as online privacy or digital privacy, means that one’s personal, financial and browsing information remains private when he or she is online.
Describing the term “privacy” is challenging as it is not the same for every person and culture. Overall, privacy is a discussion with others using various deceptions such as hurdles or boundaries. In a legal framework, privacy is “Right to Privacy” (Warren and Brandeis 1890), whereas others have debated privacy is that the right to stop the disclosure of private information to others (Alan F. Westin 1970), And various peoples opinion on privacy would be the right to not telling other something that doesn’t want them to know, personal life not to be distressed and personal info not to be unlawfully composed, kept, revealed and used.
Nowadays people are blessed with the Internet, where they can connect with anyone in the world, access tons of information, books, audio, video, and much more. It has succeeded to bring lots of changes in one’s life. Not only shady people but cybercriminals or hackers who can check one another’s photos or any online activity and follow all another’s online steps on social networks; the list of digital problems is huge and can damage one’s online knowledge and privacy. Fortunately, there is a lotan individual can do to protect themselves from these problems.
Worried about how much a person shares their personal information online and at risk of being stolen or misused? They are not alone in this who are all facing difficulties and getting attacked by cybercriminals and phishing. Internet privacy is an important issue. But there are steps that can help to manage and protect personal and financial information while visiting their favourite social networking sites, news, and entertainment sites.
By making a few simple changes to devices and accounts, people can keep themselves safe from unwanted external attempts to access their data and protect their privacy from those with whom people refuse to share their information. Getting started is easy. Before proceeding ahead one also has to know the basic difference between privacy and security. In this article the author seeks to explain the difference between privacy and security, roles of privacy protection, what are the changes that one needs to bring, important roles of anti-virus software’s, few precautionary steps and also how to protect online privacy and will go through a few simple steps that can bring changes to protect reputation online.
Difference between privacy and security
Privacy and security are interrelated. Privacy is associated with any rights on which a user has to control their information and how it is used. Think about those privacy policies when it is asked to a user when he or she is asked to read and agree to when they install new smartphone apps.
Security, on the other hand, refers to how a user’s information is protected. User’s Information – personal information, sensitive information about a user – may be in many places. That can challenge users’ privacy and their security.
Some people view privacy and security as the same thing. That’s because these sometimes spill over into the same domain. But they are not the same, and knowing how they are different can help a user to protect themselves in a world that keeps them connected.
Here’s an example- An individual needs to share his personal information with the bank when he or she is trying to check their bank account. What occurs afterwards? At this point, there are three possible conclusions, all related to their personal information (not to the money they may have deposited in the account).
- Privacy and security are maintained. The bank uses its info to open accounts and make available products and services. They go on to protect that data.
- Privacy is compromised, and security is maintained. The bank sells some of its data to a marketer. Note: They may have agreed to this in the bank’s privacy disclosure. The result? Their personal data is in more hands than they may not want.
- Privacy and security are compromised. The bank gets hit by a data breach. Cybercriminals attack a bank database, a security breach. Their information is exposed and could be sold on the dark web. Their privacy is gone. Now they could become the victim of cyber fraud and identity theft.
Laws related to privacy
Privacy is practised as an important fundamental human right. The right to privacy is expressed in all of the major international and regional human rights instruments, including:
United Nations Declaration of Human Rights (UDHR) 1948, Article 12: “No one shall be subjected to arbitrary interference with his privacy, family, home or correspondence, nor to attacks upon his honour and reputation. Everyone has the right to the protection of the law against such interference or attacks.”
- No one shall be subjected to arbitrary or unlawful interference with his privacy, family, home or correspondence, nor to unlawful attacks on his honour or reputation.
- Everyone has the right to the protection of the law against such interference or attacks.
The right to privacy is moreover incorporated in:
- Article 14 of the United Nations Convention on Migrant Workers;
- Article 16 of the UN Convention on the Rights of the Child;
- Article 10 of the African Charter on the Rights and Welfare of the Child;
- Article 4 of the African Union Principles on Freedom of Expression
- Article 11 of the American Convention on Human Rights;
- Article 5 of the American Declaration of the Rights and Duties of Man,
- Articles 16 and 21 of the Arab Charter on Human Rights;
- Article 21 of the ASEAN Human Rights Declaration; and
- Article 8 of the European Convention on Human Rights.
Laws related to digital privacy
Over 126 nations have constitutional statements on the topic of the protection of privacy, in every region of the world.
A significant element of the right to privacy is the right to protection of personal data. While the right to data protection can be conditional on the general right to privacy, some international and regional mechanisms also lay down a more specific right to protection of personal data, including:
- The OECD’s Guidelines on the Protection of Privacy and Transborder Flows of Personal Data,
- The Council of Europe Convention 108 for the Protection of Individuals with Regard to the Automatic Processing of Personal Data,
- A number of European Union Directives and its pending Regulation, and the European Union Charter of Fundamental Rights,
- The Asia-Pacific Economic Cooperation (APEC) Privacy Framework 2004, and
- The Economic Community of West African States has a Supplementary Act on data protection from 2010.
The number of nations that have legislated data protection laws is constantly growing. At present, there are more than 120 nations that have put in place legislation to secure the protection of data and privacy.
GDPR stands for General Data Protection Regulation. It’s the core of Europe’s digital privacy legislation. It is a new set of rules intended to give EU citizens more control over their personal data. It aims to simplify the regulatory environment for business so both citizens and businesses in the European Union can fully benefit from the digital economy.
PIPL – The China Personal Information Protection Law (PIPL) is the new data privacy law in China, targeted at private information protection and addressing the complications with personal data leakage.
PDP BILL – The Personal Data Protection Bill, 2019 was presented in the House of the People (Lok Sabha) by the Minister of Electronics and Information Technology, India. Mr Ravi Shankar Prasad, on December 11, 2019. The Bill pursues to provide for the protection of the personal data of individuals and forms a Data Protection Authority for the same.
The Bill governs the processing of personal data by: (i) government, (ii) companies incorporated in India, and (iii) foreign companies dealing with personal data of individuals in India. Personal data is data that pertains to characteristics, traits or attributes of identity, which can be used to identify an individual. The Bill categorises certain personal data as sensitive personal data. This includes financial data, biometric data, caste, religious or political beliefs, or any other category of data specified by the government, in consultation with the Authority and the concerned sectoral regulator.
California Consumer Protection Act (CCPA) is a law that consents any California consumer to request to see all the information a company has hoarded on them, as well as a full list of all the third parties that data is shared with.
The Health Insurance Portability and Accountability Act of 1996 (HIPAA) is a centralised law that required the formation of national standards to protect sensitive patient health information from being revealed without the patient’s consent or awareness. The US Department of Health and Human Services (HHS) issued the HIPAA Privacy Rule to implement the requirements of HIPAA. The HIPAA Security Rule safeguards a section of information covered by the Privacy Rule.
Though, it is all too mutual that surveillance is executed without regard to these protections. That’s one of the reasons why Privacy International is around — to make sure that the influential and powerful institutions such as government authorities and legal corporations don’t exploit laws and loopholes to invade an individual’s privacy.
Role of privacy protection in web browsing
Privacy protection gives powers to control who can access information about one’s private life and their activities on the internet and when and what they are browsing. Privacy protection plays an important role in web browsing because of the following many good reasons:
- Privacy protection provides the power to choose thoughts and feelings and with whom to share and what to share.
- Privacy protects the information of an individual or of a legal entity that they do not wish to share publicly (such as health or personal employees and finances data).
- Privacy protection helps to protect physical safety (if real-time location data is private).
- Privacy protection helps to protect us as individuals, and as a business, against entities, they depend on or that they are more powerful than others.
The role of privacy protection plays a very important role while surfing on the internet or while using any services provided by any company on the internet where, say, for example, one individual shares a lot of data with that particular company so now the user needs to limit himself or herself by sharing unwanted personal data.
Need to limit the personal data shared on the internet
Providing more information on Facebook, Twitter and Instagram can make it easier for cybercriminal perpetrators to identify identity information of the individuals, which may allow them to steal their identity or access their financial information.
For example, can an identity thief decide whether one’s high school mascot or their childhood favourite hero name is enough to hack into your Facebook account? Yes. This information is sometimes used as security questions to change passwords in financial accounts. Unfortunately, many people do not take this advice seriously. In a 2018 study, the Identity Theft Resource Centre found that around 52 percent of accused shared personally identifiable info on social media sites.
And that is just the beginning. The same study found that about 48 percent of respondents shared information about their children, while about 33 percent shared information about where they lived. 42% of respondents shared information about their social media platforms. To protect online privacy, ignore the “About Me” fields in social media profiles. People don’t have to let people know what year they were born or where they were born – making them an easy target for identity theft. Check out the various privacy settings, too. They may want to limit people who can view their posts from those they have personally invited. Create strong passwords, too, on social media profiles to help prevent others from accessing names. This means using a combination of at least 12 numbers, special characters, and uppercase and lowercase letters. And never use personal, easy-to-guess information – such as date of birth or pet name – as a password.
Importance of anti-virus software
Viruses may not be as common as they were a decade ago, but they still exist. Harmful software on an individual’s computer causes all sorts of risks, from annoying pop-ups to bitcoin mining secrets to scanning personal information. If a person is at risk of clicking malicious links or sharing a computer with many people at home, it is advisable to set up anti-virus software, especially on Windows computers.
If a person’s computer is running Windows 10, then he should use Microsoft’s built-in software, Windows Defender. Windows Defender offers a lot of security to most people, and is the best antivirus option Wires cutter recommends; Experts advise that if a person is using an older version of Windows (whether they recommend upgrading to Windows 10) or using a shared computer, a second layer of protection may be required. For this purpose, Malware byte Premium is their best bet. Malware bytes do not work, they work well with Windows Defender, and do not issue as many notifications as most antivirus applications usually do.
Mac users are right about the fortification installed on macOS, especially if they download the software only from Apple’s App Store and stick to popular browser extensions. If they want a second layer of security, Malware byte Premium is also available on Mac. They should avoid anti-virus programs on their phone completely and stick to downloading trusted apps from official stores.
At a time when corporations, celebrities, and even governments are under attack by cyberbullying, burglary may seem inevitable. But according to former NSA strategist David Kennedy, there are steps you can take to prevent it from happening again. Kennedy shared five tips to protect themselves from hackers.
- Use two-factor authentication.
- Do not repeat the same password everywhere.
- Always update the software of the computers.
- Avoid posting so much information online.
- Be careful when sharing personal information.
How to protect your privacy during web browsing?
Companies and websites track everything that people are doing online. Every Ad, social network, and therefore the website collects information about your location, browsing habits, and more. The data collected reveals more about an individual than any other organisation would possibly expect. You may think you are wise by never posting your medical issues on Twitter or sharing all your beliefs on Facebook, for example, but chances are that the websites you visit regularly provide all the data advertisers need to identify the type of person you are. This is part of how targeted ads stay as one of the new and unresolved issues on the internet.
A browser extension such as Block Origin blocks ads and data it collects. The Block Origin extension also prevents malware from running in your browser and gives you an easy way to close the ad when you want to support sites that you know are safe. Combine Block with Privacy Badger, which blocks trackers, and ads won’t follow you very well. To slow down even more illegal ads, disable interest-based ads from Apple, Facebook, Google, and Twitter. Most of the websites offered offer opt-out data collection, but you need to do so manually. Simple Opt-Out has specific links to opt-out of foremost sites like Netflix, Reddit, and more. Doing so will not abolish the problem altogether, but will greatly reduce the amount of data collected.
One should also install the HTTPS Extension everywhere. HTTPS Everywhere automatically directs you to a secure version of the location where the location supports that, making it difficult for the attacker, especially if an individual is on public Wi-Fi at a cafe, airport, or hotel – to digitally pay attention to what a person is doing.
Some people may want to use a virtual private network (VPN), but it is not necessary for everyone. If one is repeatedly connected to public Wi-Fi, VPN is helpful because it adds a layer of security to their browsing when HTTPS is unavailable. It can also provide some privacy to one’s Internet service provider and help reduce tracking based on their IP address. But all their Internet activity is still rolling through the servers of VPN suppliers, so in using a VPN an individual chooses to rely on that enterprise over their ISP not to store or sell their data. Make sure one understands the pros and cons first, but if they want a VPN, a Wire maker applauds an IVPN.
Precautionary steps to protect your social media accounts while browsing on the web
Social Media Accounts like Facebook, WhatsApp, Instagram, Twitter and Snapchat are heavily in use on a large scale worldwide. Over the past decade, data breaches and password leaks have hit companies like, Facebook, IKEA, Truecaller Unacademy, Marriott, GoDaddy, and lots of more. Nowadays it’s easy for hackers to display information from any one account since people are on various online social media platforms like Facebook, Instagram, Snapchat, Twitter, Gmail and many others. One can check with his Email-Id whether it has been tried or not for cyber-attack. Search for your email address at Am I Pawned? Identifying your email address with hundreds of data breaches. By visiting this Website – https://haveibeenpwned.com/.
When it comes to protecting social media accounts, it is advisable to use a password manager to get and remember unique, complex passwords across the account – this is often the foremost important thing people can do to guard their privacy and security today. Favourite Wire cutter password managers are Last Pass and 1Password. Both can extract passwords, monitor security breach accounts, suggest changing weak passwords, and synchronize your passwords between one’s computer and phone. Password managers seem intimidating to line up, but once installed can only get to browse the web as was common.
As one signs into their accounts, the password manager saves their passwords credentials and advises the changing of weak or duplicated passwords. Over the course of a couple of weeks, when one finishes up with new passwords for many of their accounts. It is advisable to take this point to vary the default passwords on any of their home gadgets – if their home router, smart light bulbs, or security cameras still use the “password” or “1234” password, change them.
Everyone should also use 2-step verification where possible on their online accounts. Many banks and major social networks offer this option. As the name suggests, 2-step verification requires two steps: entering the password and entering only the number they can access. For example, the primary step is to log in to Facebook together with their username and password. In the second step, Facebook sends a temporary code to them via text message or, preferably, an app like Google Authenticator, and they need to enter that code to sign in. There are many ways that one can protect themselves such as installing VPN services from trusted organizations.
Methods to maximise digital privacy
Browse in incognito or private mode
If an individual does not want his computer to store his browsing history, temporary internet files, or cookies, do your web surfing in private mode. Web browsers today offer their own versions of this type of privacy protection. In Chrome, it is called Incognito Mode. Firefox calls its settings a private browser, and Internet Explorer uses the name In Private Browsing for its privacy feature.
If one searches with these methods, others will not be able to retrieve his browsing history from his computer. But these independent mechanisms are not entirely independent. If searched in incognito or private mode, their Internet Service Provider (ISP) can still see their browsing activity. When he or she searches on a company computer, so does their employer. Websites they have visited can also follow them.
So, yes, incognito browsing has some advantages. But it’s far away from the sole tool available to assist people to maintain their privacy while online. Anonymous search engines and private networks can strengthen your online information.
Use a different search engine
If an individual likes most web surfers, then he or she relies heavily on Google as their search engine. But it is not necessary. Privacy is one of the reasons why people choose to use anonymous search engines. This type of search engine does not collect or share users’ search history or clicks. Anonymous search engines can also block ad trackers from websites a user visits.
Use a virtual private network
A virtual private network (VPN) gives the privacy of the Internet and anonymity by creating a private network on a public Internet connection. VPN hides Internet Protocol (IP) addresses so that users’ activities are less likely to be downloaded. Using a VPN is especially important when they have public Wi-Fi in a library, coffee shop, or other public places. A VPN will make it very difficult for cybercriminals to violate users’ online privacy and access their personal information. One can get many free VPN solutions, but it would make a lot of sense to pay for a service from a trusted security provider if they want the highest amount of privacy protection while online.
Be cautious where you click
One of the ways hackers threaten someone’s online privacy is by using attempts to steal sensitive information via phishing attempts. With fraudulent theft of sensitive information, fraudsters try to trick people into providing important financial or personal information. They will do so by sending fake emails from banks, credit card providers, or other financial institutions. Usually, these emails will require people to click on a link and verify their financial information to keep their accounts frozen or closed.
An individual shouldn’t fall for these scams. If he or she clicks on a criminal link to steal sensitive information, they may be redirected to a web-based web page that looks like the home page of a bank or financial institution. But if they enter your account details, they will be sending it to fraudsters after a criminal attempt to steal sensitive information, not any bank, credit union, or credit card company. Before clicking on suspicious links, hover the cursor over the link to view the location URL. If it does not match the financial website then do not click.
Also, keep in mind that banks or other financial institutions will never ask any persons to provide an account or email account. If one receives such an email and is wary, log in directly to their financial provider’s online account. They can then check to see if there are any problems with their account. Or call a financial provider to ask if there are any problems with their account – using a customer service number from one of their statements or the provider’s website, not the one posted on the suspect’s email they have received.
Secure your mobile devices
Most people spend more time searching the web, replying to emails, and watching videos on their smartphones than they do on their laptops. It is therefore important that people make great efforts to protect their online privacy on their phones and tablets as well as their computers.
To get started, people need to be sure to use a passcode to lock their phones. It may seem like a hassle to enter a code every time they want to access their phone’s home screen. But this passcode can provide an extra layer of protection in case their phone is lost or stolen. People need to make sure that their passcode is complex. And it is highly recommended that they should not use their birthday, house number, or any other code that thieves or hackers can guess.
People need to be more cautious when downloading apps. These games and production tools can be infused with harmful viruses. Buy only games from official sources.
People need to use the same precautions, too, when searching the web or reading emails on their mobile devices as they do when using their laptop or desktop computer.
Also, it is highly advisable to don’t ignore software updates, either. These updates often include significant protection against the latest viruses. If an individual continues to ignore it, they may be leaving their operating system and apps vulnerable to attack.
People need to take the charge of their privacy-related safety in their hands. They need to be more cautious about browsing or surfing on the internet. As of now, the digital era has begun in a speedy way that no one has expected this will rise so fast. Hence more awareness will bring them to sense the danger and they can save themselves. Key pointers to keep in mind;
On the consumer’s part:
Before using any web related services, people need to be aware of why and what data is being collected and how it will be used.
Also, install a proper VPN and anti-virus for additional protection while browsing the internet.
On the business part:
If a business is entrusting third parties to handle their customer’s sensitive data or data in large amounts, then it is advisable that business agreements can be seen as an opportunity to ensure that the third party uses the same (or better) safeguards than one business is doing and reserving the right to verify. Not only does this prevent bad things from happening, but it also shows customers, regulators, and opposing counsel that business is taking privacy seriously.
The data that business is collecting, storing, sharing and destroying. They need to take time to classify their data and map their data throughout the organization and with third parties. That business also needs to write policies and procedures for how their consumer’s data will be used properly and what is prohibited.
- https://www.thehindu.com/news/international/china-passes-tough-new-online-privacy-law/article36010276.ece#:~:text=Getty%20Images%2FiStockphoto-,Under%20the%20new%20rules%2C%20state%2Drun%20and%20private%20 companies%20 handling,collection%20and%20obtain%20user%20consent.&text=It%20will%20prevent%20companies%20from,practice%20among%20Chinese%20online%20businesses
Students of Lawsikho courses regularly produce writing assignments and work on practical exercises as a part of their coursework and develop themselves in real-life practical skills.
LawSikho has created a telegram group for exchanging legal knowledge, referrals, and various opportunities. You can click on this link and join: