This article has been written by Apurv Majumdar pursuing a Diploma in Indian Data Protection and Privacy Implementation, Compliance and Regulatory Work from Skill Arbitrage.

This article has been edited and published by Shashwat Kaushik.

Introduction

In this era of always being on the “net,” going digital and the rising number of internet crimes, it is time that we understood some basic facts about internet violence. In this article, we will examine what internet violence is and how it affects or threatens to affect the internet privacy of an individual as well.

What is internet violence

Internet violence is said to take place the moment an offender uses a computer system to do something that inflicts/ causes/ is likely to cause physical, sexual, psychological or economic harm or suffering on another person or group of persons or a juristic entity. The term internet violence also includes the mere facilitating or threatening of such violence. So, we can see that there are three components of internet violence:

• Actual physical, sexual, psychological or economic harm or suffering is being caused.
• A mere threat is being created about the physical, sexual, psychological or economic harm or suffering.
• Facilitating (aiding and abetting) the causing of such harm.

The above goes to show that the width of the components takes into consideration and ropes in a whole lot of people who can be said to be guilty of an act of internet violence when so inflicted. The number of offenders could be more than one in each instance.

Very well-known types of internet violences

Though, of course, the below list is not an all-inclusive one, the most well-known of internet violence are as follows:

• Email fraud- A type of scam that uses email to deceive or trick victims into revealing personal information or transferring funds to fraudulent accounts.
• Social media fraud- A fraudster will pose as one of your friends or send you a phishing link that takes you to a malicious site.
• Banking fraud- There are various types of banking fraud, the most common being check fraud, debit and credit card fraud.
• Ransomware attacks- It is an attack on the victim’s data, files, devices or systems that the attacker/offender locks in such a way that the victim cannot use the data for his own use, and the lock on this data is not removed until the fraudster/attacker/offender receives a ransom payment.
• Cyber espionage- The use of computer networks to gain illicit access to confidential information, typically that held by a government or other organisation.
• Identity theft- Here the offender uses the victim’s private information to apply for loans or open bank accounts and credit cards in other people’s names.
• Spyware- Malicious software that enters a victim’s computer, gathers data from the device and victim, and sends it to third parties without the victim’s consent.

In recent years, phishing (a technique used by cybercriminals to trick people into installing some malicious software, most likely through a link) has become the most prevalent cyber-attack.

The other most common types of internet violence are hacking, shutting down or misusing websites or computer networks; spreading hate and inciting terrorism; distributing child pornography; and grooming: making sexual advances to minors.

In fact, internet violence and privacy threats are two concepts that are highly connected to one another. As a result, the moment an act of internet violence takes place, the internet privacy of a person/organisation gets breached. This is because acts of violence can take place only when a person intrudes into the cyberspace of another person in the most unwanted manner.

Privacy and its components

What is privacy

According to the dictionary definition, it is as follows:

• A state in which one is not observed or disturbed by other people.
• The state of being free from public attention.

But in today’s digital era and the era of the internet, can you vouch that you are always having private time? “No” is the answer!

The right to privacy of human beings

Human beings have always longed for privacy. Since time immemorial, they have been seeking privacy in their personal lives. Despite being a social animal, human beings have always tried to seclude themselves for a while from their daily schedule of activities just to enjoy some privacy. A private time, a private talk, and a private life are what they have always asked for. It is a human right enjoyed by every human being by virtue of his or her existence.

The right to privacy was declared a fundamental right by the Supreme Court. The right to privacy is protected as an intrinsic part of the right to life and personal liberty under Article 21 and as a part of the freedoms guaranteed by Part III of the Constitution.

Internet privacy

Just as you feel the need to secure your household belongings and possessions, so should you protect your online privacy/ internet privacy/digital privacy. Its your right to do so. You have the right to keep private your personal data and any information that relates to the financial, social and physical aspects of your life.

With the advent of the internet and the digital era, gone are the days when a person could be found left to himself all alone. Now, you are being continuously watched by someone or a group at every point of time in your day-to-day life. Be you on the computer, on your smart phone or on the social media portal, you are under strict surveillance, which is not always wanted. Knowingly or unknowingly, every moment your privacy is being compromised.

However secure and secluded you might feel while surfing the net, you are actually not secure. The pages that you visit, the sites that you enter and the kinds of choices that you make are always being watched and more of your chosen stuff is continuously fed to you through your screen.

Internet violence and compromised privacy

One of the worst forms of internet violence is cyber-harassment. In this, the victim is targeted in a specific manner again and again to cause the victim emotional distress, which may invoke in the victim the fear of physical harm as well.

Cyber violence is directly related to the violation of a victim’s privacy. This is because cyber-violence can be perpetrated by an offender against a victim only when the offender has intruded on the victim’s computer to steal and manipulate personal data. The offender’s intention in all these cases is to cause shame and harassment to the victim by publishing or threatening to publish this personal data on the open internet. Cyber-extortion is also connected to this kind of cyber-violence because the offender often connects with the victim and tries to extort money from the victim on the plea that if the offender does not cough up the demanded amount of money, then the personal data (e.g., pictures, private videos, etc.) will be published on the internet for all to see. Such broadcasting of the personal data of the victim is also known as “doxing.”

Cyberviolence also comprises direct threats of violence or direct physical violence. Computer systems may be used in connection with murder, kidnapping, rape and other acts of sexual violence, or extortion. And in each case, it is a case of compromised internet privacy.

Research in the matter suggests that the following could be a few types of privacy that a person can be said to be entitled to:

• Privacy of the individual. You can think of the privacy of the individual as bodily autonomy.
• Privacy of behaviour and action.
• Privacy of communication.
• Privacy of personal data
• Privacy of thoughts and feelings.
• Privacy of location and space.
• Privacy of association.

Having said all of the above, we now need to understand how we must protect our privacy online. You could consider:

• Creating very strong passwords.
• Changing passwords very frequently.
• Adhering to the “password policy” of different websites while maintaining accounts in such websites.
• Being careful about attachments and links in any email or message.
• Being very careful about using free Wi-Fi in a public place, be it a railway station or a restaurant.
• Definitely, do not forget to close all unused accounts; be it an email account, an account in any site or a social media account.
• Be it social media YouTube, or Instagram, think twice before posting any personal information.
• In any social media, limit the audience/ viewership of your posts and stories to the people whom you really know and not always to the world at large
• Make appropriate use of the “privacy” tab in all social media accounts and raise the security settings to a high level.
• As and where available, enable two-factor authentication in your social media and other online accounts.
• Using masked copies of identity proofs like Aadhar cards, etc.
• Building safe online-habits.

The Digital Personal Data Protection Act, 2023

The Digital Personal Data Protection Act 2023, recently passed in India, has garnered significant attention as a landmark piece of legislation aimed at safeguarding the privacy and protection of personal data of individuals in the digital age. While the Act has been passed, it is yet to be notified, leaving many eagerly anticipating its implementation and the subsequent impact it will have on data privacy practices in the country.

As citizens of India, we have many expectations and concerns regarding the implementation of the Digital Personal Data Protection Act 2023. Here are some key aspects we can anticipate and reflect upon:

1. Enhanced data privacy rights:
   • The Act is expected to provide individuals with enhanced rights and control over their personal data, empowering them to make informed choices about how their data is collected, processed, and shared.
   • Individuals may gain the right to access their personal data, rectify inaccuracies, and request the erasure of data under certain circumstances.
2. Data protection obligations for organisations:
   • Organisations that collect, process, and store personal data will be subject to specific obligations under the Act, including obtaining informed consent from individuals, implementing robust security measures, and adhering to data minimization principles.
   • Failure to comply with these obligations may result in penalties and legal consequences.
3. Data localisation requirements:
   • The Act may introduce data localisation requirements, mandating organisations to store certain sensitive personal data within India.
   • This provision aims to enhance data sovereignty and reduce the risk of unauthorised cross-border data transfers.
4. Cross-border data transfers:
   • The Act is likely to regulate the transfer of personal data outside India, ensuring that adequate safeguards and protections are in place to prevent unauthorised access or misuse.
   • Organisations may need to comply with specific conditions and obtain necessary approvals before transferring data across borders.
5. Data protection authority:
   • The establishment of a dedicated Data Protection Authority is anticipated, which will be responsible for enforcing the Act, addressing grievances, and ensuring compliance by organisations.
   • The authority’s role will be critical in promoting a culture of data privacy and safeguarding the rights of individuals.
6. Impact on businesses:
   • The Act may have significant implications for businesses that handle personal data, requiring them to review their data collection, storage, and processing practices.
   • Compliance with the Act may entail investments in technology, training, and legal expertise, potentially impacting operational costs and business processes.
7. International collaboration:
   • The Act’s provisions may align with international data privacy standards and regulations, facilitating cross-border data flows and enhancing India’s standing in the global digital economy.
   • Collaboration with other countries on data protection matters may become more prominent.

The implementation of the Digital Personal Data Protection Act 2023 will undoubtedly have a profound impact on the legal, technological, and societal landscape in India. As we eagerly await the notification and enforcement of the Act, it is crucial for individuals, organisations, and policymakers to engage in discussions and prepare for the changes it will bring. The coming days and months will be pivotal in shaping the future of data privacy in India and its implications for citizens, businesses, and the digital ecosystem as a whole. No law is a fool-proof law, scammers and fraudsters would always be on their prowl to circumvent or by-pass the legal provisions and that is where we need to come up with ideas for amending the law in a significant manner. Experts have observed that the law has been laid down in a user-friendly way in the current data protection law in India, thus making the meaning of the provisions clear to all.

Laws on internet privacy

The Information Technology Act (ITA) 2000 

The Information Technology Act (ITA) 2000 is a landmark piece of legislation in India that addresses various aspects of cybersecurity and electronic commerce. It serves as the primary legal framework for regulating online activities and safeguarding individuals’ privacy rights in the digital realm. While the ITA 2000 was enacted before the widespread adoption of social media and mobile internet, it still provides a foundational framework for addressing privacy concerns in the digital age.

One of the key provisions of the ITA 2000 related to privacy is Section 43A, which deals with the protection of personal data. This section requires companies and organisations that collect, possess, or process personal information to take reasonable steps to protect it from unauthorised access, use, or disclosure. It also gives individuals the right to access their personal data and seek corrections if necessary.

The ITA 2000 also addresses the issue of unsolicited commercial communication, such as spam emails and telemarketing calls. Section 46 of the act prohibits the sending of unsolicited commercial communication without the recipient’s prior consent. It also provides individuals with the right to opt out of receiving such communications.

In addition to these specific provisions, the ITA 2000 also contains broad principles that can be applied to privacy issues in the digital age. For example, Section 43 of the Act requires companies and organisations to protect the confidentiality of information provided by users. This principle can be interpreted to cover a wide range of privacy concerns, including the collection and use of personal data for marketing purposes.

While the ITA 2000 provides a comprehensive framework for privacy protection, it has been criticised for being outdated and not adequately addressing the challenges posed by new technologies and emerging forms of online data collection. In recent years, there have been calls for a more comprehensive data protection law that would align with international standards and provide stronger safeguards for individuals’ privacy rights.

The Right to Information Act (RTI)

The Right to Information Act (RTI), enacted in 2005, represents landmark legislation that empowers Indian citizens to access information held by public authorities.  This groundbreaking law embodies the fundamental principles of transparency and accountability in governance. Here’s a comprehensive elaboration on the RTI Act:

1. Right to access information:
   • The RTI Act grants citizens the legal right to request and receive information from any public authority, including government departments, public sector undertakings, and non-governmental organisations that perform public functions.
2. Wide scope of information:
   • The Act encompasses a broad range of information, including records, documents, e-mails, opinions, advice, press releases, circulars, orders, logbooks, contracts, reports, and any other material held or controlled by public authorities.
3. Timely response:
   • Public authorities are mandated to provide the requested information within a stipulated time frame, typically 30 days from the date of receiving the request. In exceptional circumstances, the time limit can be extended by a maximum of 45 days with clear justification.
4. Single window system:
   • To streamline the process, the RTI Act introduces a single window system, known as the Public Information Officer (PIO). The PIO is designated by each public authority to receive and process RTI requests.
5. Fees and charges:
   • The Act specifies reasonable fees and charges for obtaining information, ensuring that the process remains accessible to all citizens.
6. Appeal mechanism:
   • If an applicant is dissatisfied with the response received or fails to receive a response within the specified time frame, they can file an appeal with the First Appellate Authority (FAA). The FAA is an independent body within the public authority and has the power to review and overturn the decision of the PIO.
7. Information commissions:
   • The RTI Act establishes the Central Information Commission (CIC) and State Information Commissions (SICs) as independent bodies to oversee the implementation of the Act. These commissions have the authority to hear and decide appeals, impose penalties, and promote compliance with the Act.
8. Proactive disclosure:
   • The Act also mandates public authorities to proactively disclose certain categories of information, such as the structure and functions of the organisation, powers and duties of officers, rules and regulations, and financial statements.
9. Exemptions and exclusions:
   • While the RTI Act promotes transparency, it does recognise certain exemptions and exclusions to protect national security, defence, personal privacy, and other legitimate interests.
10. Impact and significance:
    • The RTI Act has significantly contributed to fostering transparency, accountability, and public participation in governance. It has empowered citizens to seek information about government policies, decisions, and the utilisation of public resources.
11. Challenges and implementation:
    • Despite its transformative potential, the implementation of the RTI Act has faced challenges related to resource constraints, lack of awareness, and resistance from certain public authorities. However, the Act has remained a powerful tool in the hands of citizens to question, scrutinise, and ensure responsible governance.

Conclusion

In conclusion, it can be said that as long as human brains keep thinking and innovating, there will be positive as well as negative innovations. By positive innovations, I mean those that are beneficial to mankind and by negative innovations, I mean those that are used to harm the world. Hackers and fraudsters would continue to invent newer ways of defrauding people; accordingly, we would have to keep vigil, develop safer internet habits and be careful while roaming around in the digital world.

References

• https://loksabhadocs.nic.in/Refinput/New_Reference_Notes/English/Right%20to%20Privacy%20as%20a%20fundamental%20Right.pdf
• https://www.enzuzo.com/blog/types-of-privacy
• https://lifelock.norton.com/learn/internet-security/ways-to-help-protect-your-personal-information-online
• https://www.chubb.com/us-en/individuals-families/resources/6-ways-to-protect-your-personal-information-online.html