Data PrivacyAnonymity and Internet Privacy: Reality Or Myth

January 25, 20230


Internet privacy and anonymity shelter a wide range of issues and topics. Internet privacy can be defined as the right or mandate of personal privacy concerning the storing, re-purposing, provision to third parties, and displaying of information pertaining to oneself via the Internet.” On the other hand, Internet anonymity is operating with an anonymous identity avoid attributability.

The present blog highlights the concept of Internet Privacy and Anonymity in addition to its functionality with respect to the law and developing jurisprudence.


The phrase privacy can refer to anything from the state of being alone or undisturbed, freedom from interference or public scrutiny, to the right to remain anonymous. In legal terms, privacy includes three elements: secrecy, anonymity, and solitude.

However, the dynamism of the Internet has brought about changes in the method of producing, collecting, combining, sharing, storing, and analysing personal data. In the era of expanding cyberspace, numerous digital traces are left by users on social media, e-commerce sites, search engines, emails, and other platforms.

The Internet provides convenience for social contact, business, and entertainment, but it also provides aid to the offenders to access millions of private accounts or personal details in seconds using powerful hacking programmes, posing serious dangers to the Internet privacy.

A faceless or modified identity leads to the masking of the actual identity of a person, thus giving rise to two concepts: total anonymity and pseudonymity. There are multifarious service providers known as remailers which are basically computers on the Internet that forward electronic mail or files to other network addresses.

Remailers strips the header from the original email so that the information regarding the source of the message is no longer attached to the email. Several anonymity services substitute the header with anonymous addresses. Therefore, the eventual recipient of the message is then unaware about the sender of the email and where it originated. Thus, making the origin of communication untraceable by using total anonymity.


In the 1960s, as technology advanced rapidly, interest in the Right to Privacy in cyberspace began developing. The recognition of the multipotentiality in technology led to the realization that a framework of governance for gathering and handling personal information was the need of the hour. The first data protection law ever passed was in the German state of Hesse in 1970, and it was then followed by national laws in Sweden in 1973, the United States in 1974, and Germany in 1977. These laws marked the beginning of contemporary legislation in this area.

The ever-widening functionality of the Internet ranging from education to advertising, led organizations such as the United Nations to bring out resolutions to regulate virtual crimes. In 2012, the United Nations Human Rights Council (hereinafter referred to as “UNHRC”), by a resolution, affirmed that freedom of expression on the Internet is a basic human right which implies that the rights of an individual existing offline must also be protected online. Subsequently in India as well, the Right to Privacy was recognised as a fundamental right under Article 21 of the Constitution under which one’s privacy in cyberspace was also safeguarded.

The ongoing technology revolutions and increasing ambit of cyberspace has also proliferated the intensity and frequency of data crimes. Incidents of bullying, harassment, data theft, terrorism etc. snowballed into forming the most commonly committed crimes. This led to the passing of regulatory laws governing personal data and data privacy in various countries.

In India, the Information Technology Act, 2000 (hereinafter referred to as IT Act) sets out guidelines for the regulation of data and governs various online transactions related to the exchange of information. The legislation enshrines provisions for safeguarding online privacy, and in other cases, diluting online privacy. Provisions that clearly protect user privacy include: penalizing child pornography, penalizing hacking and fraud and defining data protection standards for a body corporate.

In order to regulate the increasing crimes by virtue of anonymity, the Information Technology (Guidelines for Cyber Cafe) Rules, 2011 (hereinafter referred to as “Cyber Cafe Rules”)were notified under the IT Act. In accordance with the Cyber Cafe Rules, Cyber cafes must, among other things, keep the following information for each user, for a full year:

  • Specific identity information, including name, address, phone number, gender, date, computer terminal identification, log-in time, and log-out time. The same agency must record these facts on a monthly basis as instructed.
  • Cyber cafes are required to keep track of the websites visited in the past year as well as the logs of any proxy servers they have installed.
  • Last but not least, the proprietor of the cyber cafe must immediately turn over all relevant records, information, and documents to any officer designated by the registration agency.

Since users of cyber cafes cannot access the facility anonymously and all of their information, including browser history, is saved on an a-priori basis, the identification and retention requirements of these regulations actually have an impact on both privacy and freedom of speech.

By establishing broad criteria of access to law enforcement and security organisations and giving the Government the authority to decide which methods people can use to defend their privacy, the IT Act also permits intrusion with user privacy online.


The momentous developments in the area of Internet privacy and anonymity have raised serious questions on the implementation of the law in place. Even after the presence of numerous legislations to effect and the pronouncement in various landmark judgments such as in the case of Justice K.S. Puttaswamy. (Retd.) v. Union of India, 2017 10 SCC 1 incidents of illegal surveillance, breach of privacy, and divergence of sensitive data through scams have taken the Right to Privacy for a toss.

In the absence of adequate safeguards against the misuse of sensitive and personal data, the Government has digitized valuable personal data through a variety of digital ecosystems such as the National Digital Education Architecture, Unified Health Interface, Account Aggregator framework, etc., thus putting netizens in a dilemma.

Enraged by the aggravating instances of privacy violations the legislation passed the Telecom Bill, 2022 (hereinafter referred to as The Bill) to curb the possibility of setting up anonymous accounts on social media communication services like WhatsApp, Facebook, Instagram, Zoom etc. I

Subsequently, the Digital Personal Data Protection Bill, 2022 (hereinafter referred to as DPDP Bill) was also introduced in December 2022. The DPDP Bill has excluded the aspect of anonymity from its ambit, which has led to debate wherein the side supporting has vehemently argued that anonymity is a part of Right to Privacy and freedom of speech and expression. On the contrary, the other side has expressed that online anonymity facilitates a healthy discussion without exposing oneself to the risk of virtual harm and abuse.


Internet is omnipresent and so are the hazards that it beholds. In today’s times, cyberspace is not merely a technological innovation, rather, it is a mode of transaction in itself. Given the significance of virtual reality, allied rights and their protection is a pressing priority. Internet privacy and anonymity are virtual demands of democracy. In order to protect the same, a proper governance framework is quintessential.

In the absence of regulatory mechanisms, intrusion into private cyberspace is possible and leads to significant economic and social harm. Even though the idea of Internet privacy and anonymity is all-pervasive, the social reality of intrusion in private virtual space has not changed for many.

– Team AMLEGALS assisted by Ms. Ayushi Tripathi (Intern)

For any queries or feedback, please feel free to get in touch with or

Leave a Reply

Your email address will not be published. Required fields are marked *

Current day month ye@r *

© 2020-21 AMLEGALS Law Firm in Ahmedabad, Mumbai, Kolkata, New Delhi, Bengaluru for IBC, GST, Arbitration, Contract, Due Diligence, Corporate Laws, IPR, White Collar Crime, Litigation & Startup Advisory, Legal Advisory.


Disclaimer & Confirmation As per the rules of the Bar Council of India, law firms are not permitted to solicit work and advertise. By clicking on the “I AGREE” button below, user acknowledges the following:
    • there has been no advertisements, personal communication, solicitation, invitation or inducement of any sort whatsoever from us or any of our members to solicit any work through this website;
    • user wishes to gain more information about AMLEGALS and its attorneys for his/her own information and use;
  • the information about us is provided to the user on his/her specific request and any information obtained or materials downloaded from this website is completely at their own volition and any transmission, receipt or use of this site does not create any lawyer-client relationship; and that
  • We are not responsible for any reliance that a user places on such information and shall not be liable for any loss or damage caused due to any inaccuracy in or exclusion of any information, or its interpretation thereof.
However, the user is advised to confirm the veracity of the same from independent and expert sources.