Professional Documents
Culture Documents
Indian law does not determine what privacy is, but only the situations where privacy will be
afforded legal protection. Therefore, it must also be shown that the photograph was disclosed in
circumstances importing an obligation of confidence. The meaning of the word confidentiality
and privacy are somewhat synonymous. Confidentiality invokes the equitable principle of
confidence. Here privacy would be understood as the claim of aggrieved celebrities, who have
determined for themselves when, how and to what extent their nude pictures are to be
communicated to others. An argument that may be used by the victims is that the photographs
have been acquired by some form of hacking (or unlawful access to a computer resource),
therefore, any viewer of such photographs may be assumed to have known the photograph was
confidential.
Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal
Data or Information) Rules, 2011 provides protection to personal information. Prior to these
Rules, in India remedies for invasions of privacy existed under tort law and the Supreme Court
of India accorded limited constitutional recognition to the right to privacy (under Article 21).
These Rules provide the only codified provisions protecting the privacy of individuals and their
personal information. Rule 3 of the Rules provides an aggregated definition of sensitive personal
data as follows:
Sensitive personal data or information of a person means such personal information which
consists of information relating to
(i) password;
(ii) financial information such as bank account or credit card or debit card or other payment
instrument details;
(vii) any detail relating to the above clauses as provided to body corporate for providing service;
and
(viii) any of the information received under above clauses by body corporate for processing,
stored or processed under lawful contract or otherwise:
Provided that, any information that is freely available or accessible in public domain or furnished
under the Right to Information Act, 2005 or any other law for the time being in force shall not be
regarded as sensitive personal data or information for the purposes of these rules.
To apply the above Rules, first we would need to establish whether the nude pictures formed
sensitive personal data.
Rule 8 - Reasonable Security Practices : Rule 8(1) of the Rules prescribes reasonable security
practices and procedures necessary for protecting personal information and sensitive personal
data, rule 8(2) asserts that the international standard ISO/IEC 27001 fulfils the protection
standards required by rule 8(1): The international Standard IS/ISO/IEC 27001 on Information
Technology - Security Techniques - Information Security Management System - Requirements
is one such standard referred to in sub-rule
Section 67 and 67A of the IT act prohibit the publication and distribution of obscene and
sexually explicit material respectively, while 67B forbids all publication, distribution, facilitation
and consumption in any manner of child pornography. Section 66E of the same act deal with
punishment for violation of privacy, and explicitly forbids capturing, publishing or transmitting
the image of a private area of any person without his or her consent
In cases where the victims nude or obscene photos are uploaded without consent, the accused is
booked under different sections of the IT act and the Indian Penal Code(IPC). Also the subject
can book cases of defamation under section 500 and 506 of IPC and section 66e and 67a under
the IT act also provide legal remedies under which one can charge the accused.
What happens if a common mans pictures are leaked?
Well, it is obvious that, unlike celebrities, the average individual would not have the resources to
take action in such a situation. We must, therefore, rely on the government to protect our rights.
The Government has provided all citizens the Right to life and personal liberty under Article 21
of the Constitution and the same may be invoked to cast a duty on the Government.
There are criminal offences under The Information Technology Act, 2000, such as unlawful
access to computer resources (that is without permission), disclosure of computer record and
altering computer data without permission, which may apply. The penalties for offences are
listed later. However, to ascertain which provisions under the IT Act would apply first we would
need to establish how the hackers gained access to the photographs.
While the IT Act does have extra-territoriality, I doubt there could be an easy identification of
jurisdiction (and consequently the laws) for raising a claim in such a situation. The hacker, the
cloud provider, the data and the Indian celebrity victim may all be in different countries (and
subject to different laws).
What are the specific offences and punishments under the IT Act?
IT Act, Section 65, tampering with computer source documents: Whoever knowingly or
intentionally conceals, destroys or alters or intentionally or knowingly causes another to conceal,
destroy or alter any computer source code used for a computer, computer programme, computer
system or computer network, when the computer source code is required to be kept or
maintained by law for the being time in force, is punishable with imprisonment upto 3 years, or
with a fine which may extend upto Rs. 2 Lakh, or with both. The object of the section is to
protect the intellectual property invested in the computer. It is an attempt to protect the
computer source documents (codes) beyond what is available under Indian Copyright Law. This
is a cognizable and non- bailable offence. To apply this section to the current scenario, we need
to ensure that the essential ingredients for application of this section are met, which includes
someone:
Again, before applying this provision to the circumstances, one would need to check the essential
ingredients of the section-
The first case here was The State of Tamil Nadu v/s Suhas Katti. This was a case about posting
obscene, defamatory and annoying message about a divorcee woman on a Yahoo message group.
The accused was found guilty of offences under Section 469, 509 IPC and 67 of IT Act 2000 and
convicted to undergo RI for 2 years under 469 IPC and to pay fine of Rs.500/-and for the offence
u/s 509 IPC sentenced to undergo 1 year simple imprisonment and to pay fine of Rs.500/- and for
the offence u/s 67 of IT Act 2000 to undergo RI for 2 years and to pay fine of Rs.4000/- All
sentences to run concurrently. The accused has since paid the fine and is lodged at Central
Prison, Chennai. This is considered the first case convicted under IT Act Section 67. In Avnish
Bajaj (CEO of bazzee.com) case, there were 3 accused, including the service provider (Avnish
Bajaj, later acquitted). The sections relied upon were Section 292 (sale, distribution, public
exhibition, etc., of an obscene object) and Section 294 (obscene acts, songs, etc., in a public
place) of the Indian Penal Code (IPC), and Section 67 (publishing information which is obscene
in electronic form) of the IT Act. In addition, the schoolboy faces a charge under Section 201 of
the IPC (destruction of evidence), for there is apprehension that he had destroyed the mobile
phone that he used in the episode. These offences invite a penalty of imprisonment ranging from
2 to 5 years, in the case of a first time conviction, and/or fines.
Section 72, penalty for breach of confidentiality and privacy: Any person who, in pursuance
of any of the powers conferred under the IT Act, rules or regulation made there under, has
secured assess to any electronic record, book, register, correspondence, information, document or
other material without the consent of the person concerned discloses such material to any other
person may be punished with imprisonment for a term which may extend to 2 years, or with fine
which may extend to Rs. 1 Lakh, or with both.
Sajai Singh is a Bangalore-based partner with law firm J.Sagar Associate. His sectors of
expertise include media, entertainment, retail and franchising, knowledge based industries
(IT/ITES/Life Sciences) and telecom.