India: Privacy Laws in India – Big Brother’s Watching You - (and you can´t do a thing about it!)

Last Updated: 27 March 2002
Article by Saurabh Awasthi

Introduction

"Gradually the scope of legal rights broadened; and now the right to life has come to mean the right to enjoy life--the right to be let alone", - The Right to Privacy, by Samuel Warren and Louis D. Brandeis. It’s astonishing how legal experts in the United States recognized the need to conserve "individual privacy" as early as 1890. However, the lack of an explicit privacy legislation did not hinder their efforts to develop an elaborate edifice of privacy protection principles that form the bedrock upon which contemporary privacy protection regulation rests. As the authors of the above article stated, "The intense intellectual and emotional life, and the heightening of sensations which came with the advance of civilization, made it clear to man that only a part of the pain, pleasure, and profit of life lay in physical things. Thoughts, emotions, and sensations demanded legal recognition, and the beautiful capacity for growth which characterizes the common law enabled the judges to afford the requisite protection, without the interposition of the legislature."

People often think of privacy as some kind of right. Unfortunately, the concept of a 'right' is a convoluted way to start analyzing the idea of privacy, because a right is usually equated with a kind of absolute standard. It would be more useful to think about privacy as a facet of an individual’s personality that one would want to harbor exclusively for themselves. "Privacy is the claim of individuals, groups or institutions to determine for themselves when, how, and to what extent information about them is communicated to others."2. Drilling down to a deeper level, privacy turns out not to be a single interest, but rather has several dimensions:

  • Privacy of the person - Sometimes referred to as 'bodily privacy' This is concerned with the integrity of the individual's body. Issues include compulsory immunisation, blood transfusion without consent, compulsory provision of samples of body fluids and body tissue, and compulsory sterilisation;
  • Privacy of personal behaviour - This relates to all aspects of behaviour, but especially to sensitive matters, such as sexual preferences and habits, political activities and religious practices, both in private and in public places. It includes what is sometimes referred to as 'media privacy';
  • Privacy of personal communications - Individuals claim an interest in being able to communicate among themselves, using various media, without routine monitoring of their communications by other persons or organisations. This includes what is sometimes referred to as 'interception privacy'; and
  • Privacy of personal data - Individuals claim that data about themselves should not be automatically available to other individuals and organisations, and that, even where data is possessed by another party, the individual must be able to exercise a substantial degree of control over that data and its use. This is sometimes referred to as 'data privacy' and 'information privacy'.

Globally, the right to privacy is one of the most carefully guarded rights, especially in an age, where vast amounts of personal information is provided, used, traded and even stolen. With the close coupling that has occurred between computing and communications, particularly since the 1980s, the concept of Privacy can only be ignored at one’s own peril.

This article attempts to examine various privacy legislation models in the United States and their pro-active approach towards addressing various facets of individual privacy; consider the tentative efforts made by the Indian judiciary to protect individual privacy in India by invoking generic concepts like "right to life" and highlight the absence of a privacy model in India that adequately conserves individual privacy or addresses the emergent issues that have arisen given the rapid advancement and convergence of divergent modes of communication in India vis-à-vis a similar privacy enforcement model in the United States.

An originating point of reference in the process of evolving an information privacy law would involve examining the privacy statutes found under other jurisdictions, primarily, the American privacy legaislation, an "ideal law" that has kept pace with the rapidly evolving facets of individual privacy.

The US Federal Privacy Statute

The Federal Privacy Statute lays down a detailed and structured mechanism for both collating of and disclosure of personal information gathered by customer service companies, or any organizations, which may be involved in the process of gathering personal information in the United States. Some of the relevant provisions are relating to, Conditions of disclosure, Accounting of Certain Disclosures, Access to records, Organization requirements, Organization rules, Civil remedies, Rights of legal guardians and Criminal penalties. However, these regulations are subject to both general and specific exemptions, which are laid down in the Statute.

The Federal Privacy Act of 1974 lays down exhaustive conditions of disclosure whereby no agency shall disclose any record which is contained in a system of records by any means of communication to any person, or to another agency, except pursuant to a written request by, or with the prior written consent of, the individual to whom the record pertains, unless disclosure of the record would be; (1) to those officers and employees of the agency which maintains the record who have a need for the record in the performance of their duties; (2) required under section 552 of this title; (3) for a routine use as defined [ … … ]; (4) to the Bureau of the Census for purposes of planning or carrying out a census or survey or related activity pursuant to the provisions of […]; (5) to a recipient who has provided the agency with advance adequate written assurance that the record will be used solely as a statistical research or reporting record, and the record is to be transferred in a form that is not individually identifiable; (6) to the National Archives and Records Administration as a record which has sufficient historical or other value to warrant its continued preservation by the US government, or for evaluation by the Archivist or the designee of the Archivist to determine whether the record has such value; (7) to another agency or to an instrumentality of any governmental jurisdiction within or under the control of the United States for a civil or criminal law enforcement activity if the activity is authorized by law, and if the head of the agency or instrumentality has made a written request to the agency which maintains the record specifying the particular portion desired and the law enforcement activity for which the record is sought; (8) to a person pursuant to a showing of compelling circumstances affecting the health or safety of an individual if upon such disclosure notification is transmitted to the last known address of such individual; (9) to either House of Congress, or, to the extent of matter within its jurisdiction, any committee or subcommittee thereof, any joint committee of Congress or subcommittee of any such joint committee; (10) to the Comptroller General, or any of his authorized representatives, in the course of the performance of the duties of the General Accounting Office; (11) pursuant to the order of a court of competent jurisdiction; or (12) to a consumer reporting agency in accordance with [ …].

Contemporary Privacy issues in the United States

Information Privacy

The previous section introduced information privacy as a combination of the privacy of personal communications and of personal data. Information Privacy is the interest an individual has in controlling, or at least significantly influencing, the handling of data about themselves. The continuing increase in public concern about information privacy should therefore be seen as a reaction to the ways in which information technology is used by organisations, rather than to information technology itself. Privacy laws mostly focus on 'data protection', i.e. they protect data about people, rather than people themselves. This is unfortunate because, although data protection is a more pragmatic concept than the abstract notion of privacy (and it's therefore easier to produce results), it's not what humans actually need.

Data Surveillance

Information privacy is valued very highly by individuals. But it is under threat from particular kinds of management practices, and from advances in technology. This section explains the concept of 'data surveillance'. To do so, it is first necessary to define some underlying terms. Surveillance is the systematic investigation or monitoring of the actions or communications of one or more persons. The primary purpose of personal surveillance is generally to collect information about the individuals concerned, their activities, or their associates. There may be a secondary mode of mass surveillance with an intention to deter a whole population from undertaking some kinds of activity. Two separate classes of surveillance are usefully identified:

Human Identification

Identification is a process whereby a real-world entity is recognised, and its 'identity' established. Identityis operationalised in the abstract world of information systems as a set of information about an entity that differentiates it from other, similar entities. The set of information may be as small as a single code, specifically designed as an identifier, or may be a compound of such data as given and family name, date-of-birth and postcode of residence. Important examples of these techniques are, names - or what the person is called by other people; codes - or what the person is called by an organisation; knowledge - or what the person knows; tokens - or what the person has; biometrics - the term 'biometrics' is used to refer to those person-identification techniques that are based on some physical and difficult-to-alienate characteristic, such as appearance - e.g. the familiar descriptions of height, weight, colour of skin, hair and eyes, social behaviour - e.g. habituated body-signals; general voice characteristics; style of speech; bio-dynamics e.g. the manner in which one's signature is written; statistically-analysed voice characteristics; keystroke dynamics, natural physiography - e.g. skull measurements; teeth and skeletal injuries; thumbprint, fingerprint sets imposed physical characteristics - e.g. dog-tags, collars, bracelets and anklets; brands and bar-codes.

Authentication

Authentication is the process whereby a degree of confidence is established about the truth of an assertion. A common application of the idea is to the authentication of identity. This is the process whereby an organisation establishes that a party it is dealing with is, a previously known real-world entity; or a previously unknown real-world entity. In addition, there are many circumstances in which organisations undertake authentication of value, e.g. by checking a banknote for forgery-resistant features like metal wires or holograms, and seeking pre-authorisation of credit-card payments.

Recent efforts by the US government to address contemporary privacy issues through comprehensive privacy legislations

Thus, the US Federal Privacy Statute seems to be a fairly comprehensive statute with regard to securing, protecting and use of personal information relating to individuals. However, the US Privacy Act was enacted in 1974 and since then, technology has evolved at a spectacular pace resulting in newer, emergent and still-evolving facets of individual privacy. However, it would be far to say that the United States has enacted various legislations (discussed later in the paper) that are seemingly adequate in the effort to conserve and protect individual privacy.

The United States government has dealt in full measure with these emerging privacy issues in the United States by enacting a slew of statutes and legislations and making a concerted effort towards the conservation of individual privacy. Some of the key legislations enacted by the US government are, the Bank Secrecy Act, Cable TV Privacy Act of 1984, Electronic Communications Privacy Act, Fair Credit Reporting Act , Family Educational Right to Privacy Act, Freedom of Information Act, Privacy Act of 1974, Right to Financial Privacy Act of 1978 and the Video Privacy Protection Act of 1988 as also the Children’s Online Privacy Protection Act (COPPA). The main goal of COPPA and the rules there under is to protect the privacy of children using the Internet. Key Provisions of the Final Rule Privacy Notice on the Web Site, Verifiable Parental Consent, Choice Regarding Disclosures to Third Parties, Online Activities for which Parental Consent is Not Required, Coverage of Information Submitted Online, Role of Schools in Obtaining Consent for Students, Safe Harbor Program, and Enforcement

Recent Case Law in the United States and the judiciary’s approach

About.com v. Doe (S.D. N.Y., filed April 11, 2000). The operator of an online chat service filed suit against an anonymous person who had been entering the company's chat rooms and posting obscene messages allegedly intending to harass others. The operator invoked a surviving portion of the Communications Decency Act prohibiting the use of a telecom device to transmit obscene , lewd, or indecent comments with the intent to annoy or harass another. By filing the suit, the plaintiff gained the ability to issue subpoenas to ISPs to learn the identity of the defendant.

United States v. Simons, 206 F.3d 392 (4th Cir., Feb. 28, 2000). A government employee was charged with violating federal laws when the employing agency identified incriminating documents on his computer. The court held that the employee did not have a reasonable expectation of privacy as to the fruits of his Internet use, where the agency had notified employees of limitations on their Internet use and a policy of periodic audits to ensure compliance.

Electronic Privacy Information Center v. Nat'l Security Agency (D. D.C., filed Dec. 3, 1999). A Privacy watchdog group (EPIC) sued NSA. EPIC alleged that NSA is monitoring domestic Internet traffic as part of "Echelon" surveillance network, in violation of U.S. privacy laws, which was upheld by the Court.

U.S. West v. Federal Communications Commission, 182 F.3d 1224 (10th Cir., Aug. 18, 1999). Court struck down FCC rules requiring phone companies to obtain affirmative "opt-in" permission from customers to share customer information (e.g. calling patterns) with third parties. Applying First Amendment analysis, the court held that the rule did not adequately define the government interest protected by the regulations, and that due to availability of "opt-out" procedure the regulations were not narrowly tailored to protect privacy.

Finally in, Bohach v. The City of Reno, 932 F. Supp. 1232 (D.Nev. 7/22/96): Police officers did not have a reasonable expectation of privacy in the content of their internal email, and privacy and wiretap statutes did not immunize them from employer action against them based on monitoring of email ; and United States v. Maxwell, 45 M.J. 406, 1996 C.A.A.F. 116 (1996): A military officer who challenged the constitutionality of an FBI search of his computer files was held to have had a reasonable expectation of privacy in his personal America OnLine email transactions.

Catch 22 situation?

When the government keeps such a vast store of personal information, it can be accessed by sophisticated computer systems. Thus, the issue of privacy--which we might define as independence within a structured group -- arises.

i. Are we creating a more efficient system in which basic services are available to all, or a surveillance state in which our every deed is monitored?

ii. How much does the government need to know in order to serve its citizens properly?

iii. Is there a limit to how much information should be collected?

Governments must strike a balance between allowing citizens to live autonomously and running an organized society. High levels of autonomy allow people to break the rules: to commit crimes, to enter countries illegally, to not pay taxes. Society suffers for the sake of individual privacy. Conversely, if society as a whole is considered more important than the individuals who make it up - when governments keep track of everything to ensure that nobody breaks the rules -- then freedom of an individual, one of the most fundamental human rights, is effectively eliminated.

Indian Context

In the Indian context, the rapidly growing services sector has resulted in both Indian and trans-national corporate entities building up vast, exhaustive and detailed customer databases with a view to providing personalized services such as insurance, personal banking, credit cards etc. These databases contain confidential personal information and may be used by corporates for their own purposes or for that of its affiliates. Also, these databases form a valuable corporate asset, which finds many takers in the market for individual information.

In this regard, any use, disclosure and retention of such information needs to be strictly regulated, through an established privacy enforcement regime. Any prospective Indian privacy law would need to incorporate several facets of the above model, which, comprehensively deals with the collection, and use of personal information. With the emergence of an increasingly uniform set of norms governing commercial legal issues across the globe, it becomes imperative for Indian law makers and the legislature to take note of the void that prevails in the critical area of individual privacy protection.

Judicial trends in India relating to the Concept of Individual Privacy

Privacy under the Constitution of India

In the Indian context, although there is no statutory enactment expressly guaranteeing a general right of privacy to individuals in India, elements of this right, as traditionally contained in the common law and in criminal law, are recognised by Indian courts. These include the principles of nuisance, trespass, harassment, defamation, malicious falsehood and breach of confidence. In addition, several pieces of discrete legislation also recognise this right: for example, the Children Act 1960, which prohibits the publication of names and other particulars of children involved in proceedings under the Act; the Hindu Marriage Act 1955, which imposes similar restrictions on the publication of reports concerning proceedings of matrimonial disputes; and the Copyright Act 1957, which prohibits the unauthorised publication of certain documents, photographs, etc. The Code of Criminal Procedure, 1973, also permits restrictions to be imposed on the publication of reports concerning certain legal proceedings, eg. rape trials.

Under the Indian Constitution, Article 21 of the Indian Constitution is a fairly innocuous provision in itself i.e. "No person shall be deprived of his life or personal liberty except according to procedure established by law" However, the above provision has been deemed to include within it’s ambit, inter-alia, the Right to Privacy – " The Right to be left alone"3 - as the Supreme Court termed it. The concept of right to privacy finds it’s genesis in the case of Gobind v. State of Madhya Pradesh4 wherein the Supreme Court of India in it’s ruling, (speaking through Matthew J.) cited the Preamble of the Constitution of India which is designed to "assure the dignity of the individual". Further, in a detailed exposition on Right to Privacy, the Supreme Court in R. Rajgopal v. State of TN5 laid down that, the right to privacy is implicit in the right to life and liberty guaranteed to a citizen under A.21 of the Constitution, a citizen has a right to safeguard the privacy of his own, his family, marriage, procreation, motherhood, childbearing and education among other matters. None can publish (meaning "make known to the public") anything concerning the above matters without his consent, whether truthful or otherwise and whether laudatory or critical, unless they are part of public records. However, the Supreme Court made the above observations in the context of search and surveillance orders, be that as it may, admittedly the Court made its first foray in evolving the concept of Right to Privacy, which in any event would necessarily have to go through a process of case-by-case development.

Privacy in Tort Law

The Right to Privacy is further encompassed in the field of Torts. The tort of Defamation involves the right of every person to have his reputation preserved inviolate. It protects an individual’s estimation in the view of the society and its defenses are ‘truth’ and ‘privilege’, which protect the competing right of freedom of speech. Essentially, under the law of torts, defamation involves a balance of competing interests. The only concession for an action, which involves infringement of right to privacy, would be for reasons of, prevention of crime, disorder, or protection of health and morals or protection of rights and freedom of others.

Privacy under Contract Law

There exist certain other means by which parties may agree to regulate the collating and use of personal information gathered, viz. by means of a "privacy clause" or through a "confidentiality clause" Accordingly, parties to a contract may agree to the use or disclosure of an individual’s personal information, with the due permission and consent of the individual, in an agreed manner and/or for agreed purposes. Under Indian laws, the governing legislation for contractual terms and agreements is the Indian Contract Act. Therefore, in a contract which includes a "confidentiality clause" i.e. where an organization/company agrees to maintain the confidentiality of information relating to an individual, any unauthorized disclosure of information, against the express terms of the agreement would amount to a breach of contract inviting an action for damages as a consequence of any default in observance of the terms of the contract6.

In the case of an insurance contract, globally, contracts of Insurance are contracts of "Utmost good faith" (Uberrimae Fidei) and the contract is voidable where all material facts are not disclosed. However, the duty of utmost good faith is reciprocal and the insurance company has a corresponding duty to disclose clearly the terms of its offer and duly abide by them. Therefore an insurance proposal, which contains a confidentiality clause regarding personal information provided by the customer, cannot be disclosed without his prior consent. Any breach of such term would invite an action for breach of contractual terms by the insurer-customer. In India, a state-owned insurance corporation would typically include in it’s proposal; an Indemnity clause whereby the customer agrees "that such authority (corporation) having such knowledge or information (regarding the customer), shall at any time be at liberty to divulge any such knowledge or information to the corporation". By agreeing to the above clause, the insurance corporation indemnifies itself against any disclosure related action by the customer, however, such clause/term for disclosure should be construed narrowly and any mala fide disclosure could invite an action against the company, which discloses the information, based on equity and good faith, despite the presence of a standard indemnity clause in the original agreement.

In regard to a customer- insurance company relationship, an insurance company may, solicit personal information about an individual wherein details could be sought, relating to an individual’s family, cultural background, ethnic origin, caste, childhood, education, medical history, information regarding one’s immediate family, their age, profession etc. or, in case of data processing companies, there may be queries with regard to an individuals’ professional pursuits, income, investment decisions, preferences, spending patterns and so on. Despite an express authorization from their customers, with regard to sharing of personal information by corporate entities, there may still be instances where disclosure of certain sensitive and embarrassing information could invite legal action from an individual, claiming that the actions of a company which made an unauthorized disclosure resulted in causing such mental agony, anguish, and social stigma, which he would not have otherwise had to bear or face.

Privacy Obligations under Specific Relationships

There are instances of specific inter-personal relationships wherein one party might be obligated to maintain a certain measure of confidentiality. A doctor-patient, husband–wife, customer-insurance company or an attorney-client relationship; are instances where there exists a strong ethical obligation on the part of one party to protect the privacy of information relating to an individual which may expose him to social humiliation and/or ridicule. In the case of an attorney-client relationship, professional ethics prescribe that certain communications and conversations between the attorney and his client must remain outside the ambit of public knowledge and should be maintained as such. The above principle also receives legal recognition in S.126 of the Indian Evidence Act, 1872.

In the case of X v. Hospital Z7 [doctor-patient relationship], the Supreme Court held, "Right of Privacy may, apart from contract, also arise out of a particular specific relationship which may be commercial, matrimonial or even political. The Court further went on to hold that "… disclosure of even true private facts has the tendency to disturb a person’s tranquility. It may generate many complexes in him and may even lead to psychological problems. In the face of these potentialities, and as already held by this Court in it’s various decisions, the right to privacy is an essential component of the right to life as envisaged by A.21."

From the above discussion, there emerge two critical elements with regard to the assessment of the fairness of disclosure of personal information:

i. The nature and sensitivity of information with regard to an individual and the reasonable consequence of such disclosure

ii. The purpose or rationale for disclosing personal information by the organization/company making such disclosure.

Need for a Privacy Statute

There exists in India an impending need to frame a model statute which safeguards the Right to Privacy of an individual, especially given the emergence of customer-service corporate entities which gather extensive personal information relating to it’s customers. It’s evident that despite the presence of adequate non-mandatory, ethical arguments and precedents established by the Supreme court of India; in the absence of an explicit privacy statute, the right to privacy remains a de facto right, enforced through a circuitous mode of reasoning and derived from an expansive interpretation of either Constitutional law or Tort law.

The urgency for such a statute is augmented by the absence of any existing regulation which monitors the handling of customer information databases, or safeguards the Right to Privacy of individuals who have disclosed personal information under specific customer contracts viz. contracts of insurance, credit card companies or the like. The need for a globally compatible Indian privacy law cannot be understated, given that trans-national businesses in the services sector, who find it strategically advantageous to position their establishments in India and across Asia. For instance, India is set to emerge as a global hub for the setting up and operation of call centers, which serve clients across the world. Extensive databases have already been collated by such corporates, and the consequences of their unregulated operations could lead to a no-win situation for customers in India who are not protected by any privacy statute, which sufficiently guards their interests. Even within the present liberal global regulatory paradigm, most governments would be uncomfortable with a legal regime, which furthers commercial interests at the cost of domestic concerns.

Issues that would need to be addressed by any prospective privacy legislation in India are:

i. Limited Purpose

The particular purpose for gathering information by an organization must be specified at or before the time the information is collected.

ii. Safeguards

In the case of insurance companies or other customer service-related or data processing companies, the gathering and collation of personal information on individuals would need to be conserved and secured by a regulated data security system.

iii. Accountability

Corporates would need to establish a system whereby all information disclosure systems are duly audited/accounted and monitored, keeping in view the rationale/occasion for every disclosure made

iv. Prior Consent

Corporates could include express clauses in their agreements, which include an express authorization from the individual allowing the companies to use/disclose personal information for it’s own internal purposes or that of it’s affiliates or group companies.

v. Limits to Use, Disclosure and Retention

Any information sharing with other members of the insurance industry or with other corporate entities should be made only after seeking an express authorization from the customer.

vi. Information-Sharing

The confidentiality and sensitivity of such information makes it necessary for corporates to avoid any data sharing arrangement or customer information disclosure agreements without the prior consent of the individuals.

Conclusion

In conclusion, the issue that remains to be addressed, is not the shape of the prospective privacy legislation in India, or it’s intricacies, but the need to put in place a privacy law enforcement regime that addresses the nouveau-emergent privacy issues, in the context of convergence of various modes of communication, within a reasonable period of time. As Ronald Dworkin said in his article "Objectivity and Truth: You'd Better Believe It", " We want to live decent, worthwhile lives, lives we can look back on with pride not shame. We want our communities to be fair and good and our laws to be wise and just. These are enormously difficult goals, in part because the issues at stake are complex and puzzling." Complex as it may be, the concept of privacy protection is an area that needs our lawmakers attention, and rightly so.

1 [Originally published in 4 Harvard law review 193 (1890)]

2 [Alan Westin, Privacy and Freedom 7 (1967)]

3 R. Rajgopal v. State of TN : 1994 (6) SCC 632

4 AIR 1975 SC 1378

5 1994 (6) SCC 632

6 Section 74 of the Contract Act

7 1998 (8) SCC 296

[The Author is a practicing Corporate Lawyer and is making infrequent attempts to highlight legal issues that need urgent attention- by law makers and those of us who are the subject of such laws}.

The content of this article does not constitute legal advice and should not be relied on in that way. Specific advice should be sought about your specific circumstances.

To print this article, all you need is to be registered on Mondaq.com.

Click to Login as an existing user or Register so you can print this article.

Authors
 
In association with
Up-coming Events Search
Tools
Print
Font Size:
Translation
Channels
Mondaq on Twitter
 
Register for Access and our Free Biweekly Alert for
This service is completely free. Access 250,000 archived articles from 100+ countries and get a personalised email twice a week covering developments (and yes, our lawyers like to think you’ve read our Disclaimer).
 
Email Address
Company Name
Password
Confirm Password
Mondaq Topics -- Select your Interests
 Accounting
 Anti-trust
 Commercial
 Consumer
 Criminal
 Employment
 Energy
 Environment
 Family
 Finance
 Government
 Healthcare
 Immigration
 Insolvency
 Insurance
 International
 IP
 Law Performance
 Law Practice
 Litigation
 Media & IT
 Privacy
 Real Estate
 Strategy
 Tax
 Technology
 Transport
 Wealth Mgt
Regions
Africa
Asia
Asia Pacific
Australasia
Canada
Caribbean
Europe
European Union
Latin America
Middle East
U.K.
United States
Worldwide Updates
Check to state you have read and
agree to our Terms and Conditions

Terms & Conditions and Privacy Statement

Mondaq.com (the Website) is owned and managed by Mondaq Ltd and as a user you are granted a non-exclusive, revocable license to access the Website under its terms and conditions of use. Your use of the Website constitutes your agreement to the following terms and conditions of use. Mondaq Ltd may terminate your use of the Website if you are in breach of these terms and conditions or if Mondaq Ltd decides to terminate your license of use for whatever reason.

Use of www.mondaq.com

You may use the Website but are required to register as a user if you wish to read the full text of the content and articles available (the Content). You may not modify, publish, transmit, transfer or sell, reproduce, create derivative works from, distribute, perform, link, display, or in any way exploit any of the Content, in whole or in part, except as expressly permitted in these terms & conditions or with the prior written consent of Mondaq Ltd. You may not use electronic or other means to extract details or information about Mondaq.com’s content, users or contributors in order to offer them any services or products which compete directly or indirectly with Mondaq Ltd’s services and products.

Disclaimer

Mondaq Ltd and/or its respective suppliers make no representations about the suitability of the information contained in the documents and related graphics published on this server for any purpose. All such documents and related graphics are provided "as is" without warranty of any kind. Mondaq Ltd and/or its respective suppliers hereby disclaim all warranties and conditions with regard to this information, including all implied warranties and conditions of merchantability, fitness for a particular purpose, title and non-infringement. In no event shall Mondaq Ltd and/or its respective suppliers be liable for any special, indirect or consequential damages or any damages whatsoever resulting from loss of use, data or profits, whether in an action of contract, negligence or other tortious action, arising out of or in connection with the use or performance of information available from this server.

The documents and related graphics published on this server could include technical inaccuracies or typographical errors. Changes are periodically added to the information herein. Mondaq Ltd and/or its respective suppliers may make improvements and/or changes in the product(s) and/or the program(s) described herein at any time.

Registration

Mondaq Ltd requires you to register and provide information that personally identifies you, including what sort of information you are interested in, for three primary purposes:

  • To allow you to personalize the Mondaq websites you are visiting.
  • To enable features such as password reminder, newsletter alerts, email a colleague, and linking from Mondaq (and its affiliate sites) to your website.
  • To produce demographic feedback for our information providers who provide information free for your use.

Mondaq (and its affiliate sites) do not sell or provide your details to third parties other than information providers. The reason we provide our information providers with this information is so that they can measure the response their articles are receiving and provide you with information about their products and services.

If you do not want us to provide your name and email address you may opt out by clicking here .

If you do not wish to receive any future announcements of products and services offered by Mondaq by clicking here .

Information Collection and Use

We require site users to register with Mondaq (and its affiliate sites) to view the free information on the site. We also collect information from our users at several different points on the websites: this is so that we can customise the sites according to individual usage, provide 'session-aware' functionality, and ensure that content is acquired and developed appropriately. This gives us an overall picture of our user profiles, which in turn shows to our Editorial Contributors the type of person they are reaching by posting articles on Mondaq (and its affiliate sites) – meaning more free content for registered users.

We are only able to provide the material on the Mondaq (and its affiliate sites) site free to site visitors because we can pass on information about the pages that users are viewing and the personal information users provide to us (e.g. email addresses) to reputable contributing firms such as law firms who author those pages. We do not sell or rent information to anyone else other than the authors of those pages, who may change from time to time. Should you wish us not to disclose your details to any of these parties, please tick the box above or tick the box marked "Opt out of Registration Information Disclosure" on the Your Profile page. We and our author organisations may only contact you via email or other means if you allow us to do so. Users can opt out of contact when they register on the site, or send an email to unsubscribe@mondaq.com with “no disclosure” in the subject heading

Mondaq News Alerts

In order to receive Mondaq News Alerts, users have to complete a separate registration form. This is a personalised service where users choose regions and topics of interest and we send it only to those users who have requested it. Users can stop receiving these Alerts by going to the Mondaq News Alerts page and deselecting all interest areas. In the same way users can amend their personal preferences to add or remove subject areas.

Cookies

A cookie is a small text file written to a user’s hard drive that contains an identifying user number. The cookies do not contain any personal information about users. We use the cookie so users do not have to log in every time they use the service and the cookie will automatically expire if you do not visit the Mondaq website (or its affiliate sites) for 12 months. We also use the cookie to personalise a user's experience of the site (for example to show information specific to a user's region). As the Mondaq sites are fully personalised and cookies are essential to its core technology the site will function unpredictably with browsers that do not support cookies - or where cookies are disabled (in these circumstances we advise you to attempt to locate the information you require elsewhere on the web). However if you are concerned about the presence of a Mondaq cookie on your machine you can also choose to expire the cookie immediately (remove it) by selecting the 'Log Off' menu option as the last thing you do when you use the site.

Some of our business partners may use cookies on our site (for example, advertisers). However, we have no access to or control over these cookies and we are not aware of any at present that do so.

Log Files

We use IP addresses to analyse trends, administer the site, track movement, and gather broad demographic information for aggregate use. IP addresses are not linked to personally identifiable information.

Links

This web site contains links to other sites. Please be aware that Mondaq (or its affiliate sites) are not responsible for the privacy practices of such other sites. We encourage our users to be aware when they leave our site and to read the privacy statements of these third party sites. This privacy statement applies solely to information collected by this Web site.

Surveys & Contests

From time-to-time our site requests information from users via surveys or contests. Participation in these surveys or contests is completely voluntary and the user therefore has a choice whether or not to disclose any information requested. Information requested may include contact information (such as name and delivery address), and demographic information (such as postcode, age level). Contact information will be used to notify the winners and award prizes. Survey information will be used for purposes of monitoring or improving the functionality of the site.

Mail-A-Friend

If a user elects to use our referral service for informing a friend about our site, we ask them for the friend’s name and email address. Mondaq stores this information and may contact the friend to invite them to register with Mondaq, but they will not be contacted more than once. The friend may contact Mondaq to request the removal of this information from our database.

Security

This website takes every reasonable precaution to protect our users’ information. When users submit sensitive information via the website, your information is protected using firewalls and other security technology. If you have any questions about the security at our website, you can send an email to webmaster@mondaq.com.

Correcting/Updating Personal Information

If a user’s personally identifiable information changes (such as postcode), or if a user no longer desires our service, we will endeavour to provide a way to correct, update or remove that user’s personal data provided to us. This can usually be done at the “Your Profile” page or by sending an email to EditorialAdvisor@mondaq.com.

Notification of Changes

If we decide to change our Terms & Conditions or Privacy Policy, we will post those changes on our site so our users are always aware of what information we collect, how we use it, and under what circumstances, if any, we disclose it. If at any point we decide to use personally identifiable information in a manner different from that stated at the time it was collected, we will notify users by way of an email. Users will have a choice as to whether or not we use their information in this different manner. We will use information in accordance with the privacy policy under which the information was collected.

How to contact Mondaq

You can contact us with comments or queries at enquiries@mondaq.com.

If for some reason you believe Mondaq Ltd. has not adhered to these principles, please notify us by e-mail at problems@mondaq.com and we will use commercially reasonable efforts to determine and correct the problem promptly.