IBC Code: Complete Overview and Drafting Workshop. Register Now!
LCI Learning

Share on Facebook

Share on Twitter

Share on LinkedIn

Share on Email

Share More


An immersive 3D technology inclusive of technological advancements construing to augmented reality, virtual reality is opined as “Metaverse.” Modern technology behaves as an instructional delivery system that can be utilized as a tool to enhance the functioning of the entire learning process by evolving the use of technological developments like digital cameras, PowerPoint presentations, 3D visual effects, etc to stipulate integrative learning amongst learners and academicians.

Metaverse induces collaborative learning through mobility, augmentation, etc amongst individuals that facilitates globalization through the internet. Subject to the spread of information and transmission of knowledge, the internet poses risks at the discretion of ‘Piracy’ and fraud through hacking, phishing, etc.


In June 2013, National Security Agency contractor Edward Snowden released a trove of information on classified U.S. Government surveillance methods where the leaders had warned that the ripple effects of the escape would be destructive and extensive. Later, after 5 years in 2018; it was known that Snowden’s disclosures had put U.S. personnel or facilities at risk, damaged intelligence collection efforts, destabilized U.S. partnerships abroad, and revealed U.S. intelligence operations, capacity, and priorities. Snowden’s leaks led to the evolution of the European Union’s General Data Protection Rules (GDPR) which has subsequently changed the essence of data privacy and protection in the European Union and the world.

The General Data Protection Regulation (GDPR) is a legislation of the European Union that came into force on 25 May 2018. It builds up European Union’s current data protection framework and reinforces rules on personal data protection and privacy in order to prevent the breach of data from being compromised by fraudulent activities like phishing, hacking, identity theft, etc.

It aims to simplify the regulatory environment of the business to assist both citizens and European Union to attain benefits from the digital economy. The current new detective replaces the EU Data Protection Directive 1995 and focuses on keeping the data of digital privacy more transparent by expanding the privacy rights of data subjects.


The regulation lays down procedures to protect people with regard to the processing of personal data and rules associated with the free movement of personal data by respecting the fundamental rights and freedoms of individuals as prescribed under Article 1 of the said act.

The lawful processing of the data under Article 6 of the General Data Protection Regulation (GDPR) sets forward the legal requirements where ‘processing’ is necessary for the course of actions as the performance of a task carried out in the public interest, protection of interests of the data subject of others from corruption and the viability of fundamental rights especially when it’s a child.

But Article 6 has to be read with Article 9 and Article 6(4) as it ascends special protection to categories of data including health, and genetic data to safeguard the interests of the data subjectwho is physically or legally incompetent in giving consent.


When Article 9 (2) (j) is considered with Article 89(1) based on Member state law shall be proportionate to the core of the right to data protection and the fundamental rights and interests of the data subject of a natural person as contended under law.

The authorities of the processor and controller have access to personal data which shall not process except on the instructions from the controller as instructed by Union or Member State Law. It further sets limits on the quantity of the data collected prescribing that the data collection should be ‘limited to what is necessary for relation to the purposes for which they are processed.’

Data Protection is a fundamental right present in Article 8 of the European Union Charter of Fundamental Rights which states that everyone has a right to protect their personal data, it must be transparent to the individuals concerning their personal data, the ‘right to privacy’ of a person must not be breached in any circumstances, the processing of the data must be fair enough concerning the respective person and compliance to this subject must further be regulated by an independent authority.


Article 21 of the Indian Constitution states: “no person shall be deprived of his life or personal liberty except according to procedure established by law”. The objective of this fundamental right is to prevent encroachment upon personal liberty and deprivation of life except according to procedure established by law.

Although ‘protection of the right to privacy, property, and data’ is not specified in the article, the Supreme Court of India interprets and includes it under ‘personal liberty. The IT Act of 2000 was introduced to enact the growth of electronic-based transactions, to provide legal recognition for e-commerce and e-transactions, to facilitate e-governance, to prevent computer-based crimes, and ensure security practices and procedures in the use of information technology globally.

Some existing Indian legislature to counter issues such as Pegasus.

  • The telegraph act 1885 section 5(2)- deals with interception of calls
  • IT act 2000 section 69, article 19(2) - enacted to deal with surveillance of e-communication, following SC guidelines in 1996.
  • In public union for civil liberties V union of India 1996, the SC laid down the guiding principles for interceptions

An important bill in the Indian aspect concerning Data privacy and issues such as Pegasus is the Personal Data Protection Bill.


The Personal Data Protection Bill, 2019 was introduced in Lok Sabha by the Minister of Electronics and Information Technology, on December 11, 2019. Commonly referred to as the “Privacy Bill”, it is intended to protect individual rights by regulating the collection, movement, and processing of data that is personal, or which can identify the individual. But the bill has been withdrawn due to the challenges it creates: -

  • Many contend that the physical location of the data is not relevant in the cyber world as the encryption keys may still be out of reach of national agencies.
  • Technology giants like Facebook and Google are against it and have criticized the protectionist policy of localization as they are afraid it would have a domino effect in other countries as well.
  • The bill had faced major pushback from a range of stakeholders including big tech companies such as Facebook and Google, and privacy and civil society activists.
  • The delays in the implementation of the Bill had been criticized by several stakeholders pointing out that it was a matter of grave concern that India did not have a basic framework to protect people’s privacy.
  • The new Bill could also do away with the classification of personal data from the perspective of data localization, and only use classification for awarding damages to people whose personal data may have been compromised by an entity.


In today's technologically dynamic environment people all around the world are connected by an intangible force of the Internet and the power to access the world lies in the hands of different entities which range from mighty governments to successful corporate entities to individual citizens. Although such powers have been vested in these entities there is always a possibility wherein the power and knowledge are misused which would ultimately weaponry the very identities of vast swathes of people in the world. Most of the existing legal frameworks and customs in place punish data and privacy breaches; international law in regard to information technology and data is relatively new, and because of that, there aren’t any laws to prevent such a breach from happening in the first place.

Government surveillance programs should strictly regulate the use of surveillance tools and the collection of personal information by government and law enforcement agencies. Following the International Principles on the Application of Human Rights to Communications Surveillance should be mandatory. The principles, which state that all communications surveillance must be legal, necessary, and proportionate, should also be applied to open-source intelligence methods such as social media monitoring and biometric surveillance technologies.

Learn the practical aspects of CrPC HERE, CPC HERE, IPC HERE, Evidence Act HERE, Family Laws HERE, DV Act HERE

"Loved reading this piece by Anupriya Roy?
Join LAWyersClubIndia's network for daily News Updates, Judgment Summaries, Articles, Forum Threads, Online Law Courses, and MUCH MORE!!"

Tags :

Category Others, Other Articles by - Anupriya Roy 


Post a Suggestion for LCI Team
Post a Legal Query