International Frameworks for Handling Privacy Issues In Cyber Laws:

INTRODUCTION:

Article 12 of the Universal Declaration of Human Rights and Article 17 of the International Covenants on civil and Political Rights provide that no one shall be subjected to arbitrary or unlawful interference with his or her privacy, family, home or correspondence, nor to unlawful attacks on his or her honor and reputation.

They further state that “everyone has the right to the protection of the law against such interference or attacks.” While the right to privacy under international human rights law is not absolute, any instance of interference must be provided by law and subject to a careful and critical assessment of its necessity and proportionality. In this article we will discuss about the privacy issues in cyber law and international framework in handling privacy issues.

CONCEPT OF RIGHT TO PRIVACY:

The right to privacy is central to the enjoyment and exercise of human rights online and offline. It serves as one of the foundations of a democratic society and plays a key role for the realization of a broad spectrum of human rights, including in the digital sphere, ranging from freedom of expression, freedom of association and assembly, access and enjoyment of economic and social rights. Interference with the right to privacy can also have a disproportionate impact on certain individuals and/or groups, thus exacerbating inequality and discrimination. ‘Privacy’ has been internationally regarded as a fundamental civil liberty since the 1940s. The Universal Declaration of Human Rights also talks about privacy. The 1950 European Convention on the Protection of Human Rights and Fundamental Freedoms includes a similar clause. A more modern definition of the term ‘privacy’ is “the claim of individuals, groups, or institutions to determine when, how, and to what extent information about them is communicated to others. Personal Information is generally defined as any information relating to an identified or identifiable natural person. It may be referred to as personal data, personal information, non-public personal information, etc. Examples include, Email Address, Government Identifier (e.g. PAN Number, PF account number, etc.), Account Number (Bank Account, Credit Card, etc.), Driving License Number, IP Address, Biometric Identifier, Photograph or Video Identifiable to an Individual and any other unique identifying number, characteristic or code, but these examples are not limited. With the growth of digital age, more and more personal information of consumers, citizens finds its way into massive databases held by the private sector, and the governments. Access to such data in such databases raise three social concerns that drive the issue of privacy. These include,

  • individuals’ fears about: how personal information is used or shared,
  • how it is protected.
  • who is accountable.

PRIVACY ISSUES IN CYBER LAW:

Privacy issues in cyber law refer to the challenges and concerns related to the protection of personal data and the privacy of individuals in the digital realm. These issues arise due to the widespread use of the internet, digital communication, and data processing technologies. However some of the  key privacy issues in cyber law include:

  • Data Breaches and Cybersecurity

A data breach involves the release of sensitive information. Many types of online attacks have a primary goal of causing a data breach to release information such as login credentials and personal financial data.Also includes Unauthorized access, disclosure, alteration, or destruction of personal data. Data breaches are a major security concern because sensitive data is constantly being transmitted over the Internet. This continuous transfer of information makes it possible for attackers in any location to attempt data breaches on almost any person or business they choose.

Major Challenges Includes Protecting data from cyberattacks, ensuring timely breach notifications, and mitigating the impacts of data breaches.

  • Data Collection and Consent

 The extensive collection of personal data by businesses, governments, and other entities, often without explicit user consent.

Challenges: Ensuring that consent is informed, specific, and freely given. Addressing issues related to the collection of data from minors and vulnerable populations.

  • Data Usage and Purpose Limitation:

Using personal data beyond the scope for which it was originally collected. Example. If you go to a doctor, you trust that your information will only be used to treat you and to bill you or your insurance company. The doctor may not sell your diagnosis and contact information to a pharmaceutical company, so they can market a new medicine to you. That would be an incompatible use of your data.

Challenges: Ensuring that data is used only for specified, legitimate purposes and not repurposed without additional consent.

  • Cookies and Tracking Technologies

Use of cookies and other tracking technologies to monitor online behavior, In other words, Each time a person visits a website, various information regarding the user’s activities are collected and sent to the website that created these cookies. The data collected is hence sold to the advertisers. Tracking of one’s interests, preferences, and search trends is done through this.

 Challenges: Ensuring user awareness and consent for tracking activities. Managing compliance with cookie laws and regulations.

Addressing these privacy issues requires a comprehensive legal framework, robust enforcement mechanisms, and ongoing collaboration between governments, businesses, and civil society to adapt to evolving technological landscapes and emerging threats.

INTERNATIONAL FRAMEWORK FOR HANDLING PRIVACY ISSUES:

Since 2013, the United Nations General Assembly and the Human Rights Council have adopted numerous resolutions on the right to privacy in the digital age, therefore, International frameworks for handling privacy issues in cyber law encompass various treaties, guidelines, and organizations that aim to standardize and enforce data protection and privacy standards across different jurisdictions. Here are some key components:

  • General Data Protection Regulation (GDPR)

The GDPR is the toughest security law in the world. It came into effect on May 25, 2018, and Provides comprehensive data protection and privacy for individuals within the EU and regulates the export of personal data outside the EU. GDPR has strict compliance for inter country data transfers. For example, if you are an Indian organization that collects and then transfers the personal data from EU to India, then you will have to comply with the General Data Protection Regulations. On a circumstantial basis, you might even need to enter into a Data Transfer Agreement.Its Key Features includes Consent requirements, data subject rights (e.g., right to access, right to be forgotten), data breach notifications, and hefty fines for non-compliance.

  • OECD Guidelines on the Protection of Privacy and Transborder Flows of Personal Data

 Organisation for Economic Co-operation and Development (OECD),It  Provides a set of guidelines for member countries to harmonize their privacy regulations and facilitate international data flows.Key Features includes, Collection limitation, data quality, purpose specification, use limitation, security safeguards, openness, individual participation, and accountability.

Recommendations made:

  1. That Member countries take into account in their domestic legislation the principles concerning the protection of privacy and individual liberties set forth in the Guidelines contained in the Annex to this Recommendation which is an integral part thereof
  2. That Member countries endeavour to remove or avoid creating, in the name of privacy protection, unjustified obstacles to transborder flows of personal data.
  3. That Member countries co-operate in the implementation of the Guidelines set forth in the Annex
  4. That Member countries agree as soon as possible on specific procedures of consultation and co-operation for the application of these Guidelines.
  • Asia-Pacific Economic Cooperation (APEC) Privacy Framework

Region: Asia-Pacific

 A framework designed to encourage the development of consistent privacy protections across the APEC member economies.Its Key Features include Preventing harm, notice, collection limitation, uses of personal information, choice, integrity of personal information, security safeguards, access and correction, and accountability.

  • United Nations Guidelines for the Regulation of Computerized Personal Data Files

Organization: United Nations

 Provides guidelines for member states to develop policies for the protection of personal data in computerized databases.Its Key Features includes, Data quality, purpose specification, non-discrimination, security, and supervision.

  • Cross-Border Privacy Rules (CBPR) System

 Facilitates the safe transfer of personal data across borders among APEC economies.

Its Key Features includes Certification by an APEC-recognized Accountability Agent, ensuring compliance with APEC Privacy Framework standards.

  • International Conference of Data Protection and Privacy Commissioners (ICDPPC)

 ICDPPC vision is to maintain an environment in which privacy and data protection authorities around the world are able effectively to act to fulfil their mandates, both individually and in concert, through diffusion of knowledge and supportive connections. Its Key Features include Resolutions and declarations on privacy issues, collaborative efforts for regulatory convergence.

IMPACT OF INTERNATIONAL FRAMEWORK FOR PRIVACY ISSUES:

The international framework for handling privacy issues in cyber law has had significant impacts on various aspects of data protection, privacy rights, and international cooperation. These impacts are evident in regulatory harmonization, enhanced data protection practices, and increased accountability. Here are the key impacts:

  • Regulatory Harmonization

 International frameworks like the GDPR have set a high standard for data protection, influencing other regions to adopt similar regulations. Countries worldwide are updating their laws to align with these standards, leading to more consistent data protection practices globally. The GDPR, has also inspired data protection laws in countries like Brazil (LGPD), Japan (APPI), and South Korea (PIPA), promoting a global standard for privacy.

  • Enhanced Data Protection Practices

 Organizations worldwide is  required to implement stringent data protection measures, such as data minimization, privacy by design, and regular data protection impact assessments. This has improved the overall handling of personal data.

  • Strengthening Individual Rights

 Individuals now have stronger rights regarding their personal data, including the right to access, rectify, erase, and port their data. These rights empower individuals to have more control over their personal information. Also, The right to erasure, or the right to be forgotten, allows individuals to request the deletion of their data under certain conditions, enhancing personal privacy.

  • International Data Transfers:

Cross-Border Privacy Rules (CBPR): Initiatives like the APEC CBPR system promote compatible privacy protection standards among member economies, facilitating smoother cross-border data flows.

  • Increased Accountability and Enforcement:

 The establishment of data protection authorities (DPAs) and their cooperation at the international level (e.g., through the International Conference of Data Protection and Privacy Commissioners) has strengthened enforcement of privacy laws.

Penalties and Fines: Significant penalties for non-compliance, such as those under the GDPR, have incentivized organizations to prioritize data protection. These fines can be substantial, reaching up to 4% of global annual turnover.

In conclusion we can say that, the international framework for handling privacy issues in cyber law has significantly improved global data protection standards, empowered individuals with greater control over their personal data, and promoted international cooperation. However, it also presents challenges such as jurisdictional conflicts and the need to keep pace with technological advancements.

“PRIME LEGAL is a full-service law firm that has won a National Award and has more than 20 years of experience in an array of sectors and practice areas. Prime legal fall into a category of best law firm, best lawyer, best family lawyer, best divorce lawyer, best divorce law firm, best criminal lawyer, best criminal law firm, best consumer lawyer, best civil lawyer.”

Article by:Sowmya.R

 

 

 

Primelegal Team

Leave a Reply

Your email address will not be published. Required fields are marked *