School of Law

Dr Subhajit Basu FRSA

Associate Professor in Information Technology Law (Cyberlaw)

I am an Associate Professor of Information Technology Law where I teach and research on the regulation of the internet, including issues relating to privacy, data protection, freedom of expression and also e-commerce. I am Chair of British, Irish Law Education and Technology Association (BILETA).

I hold a PhD from Liverpool John Moores University and an LLB from the  University College of Law, Faculty of Law, Calcutta University. I was called to the Bar in 1998 and worked as an Advocate specialising in Corporate Law in India.

I aim to explore the challenges that the Internet has created in transforming our lives, especially in the area of governance and in our legal framework. Understanding and making sense of the increasing amount of “data” that is out there is central to my research. “Big data” can control our lives, and I am particularly interested in how we can better inform and empower consumers. I am also keen to examine how we can update our legal framework to protect privacy and equip the public with the knowledge needed to make informed choices.

I am a co-author of the Book “Privacy and Healthcare Data: ‘Choice of Control’ to ‘Choice’ and ‘Control’?” (Routledge, 2016). The book aims to open up the debate of how data could help medical research. The book also aims to shape and inform policy and to prevent one specific party – government or industry from exerting too much control.

I am the author of the critically acclaimed book “Global Perspectives on E-Commerce Taxation Law (Ashgate, 2008). The book proposed the most effective mean for a collection of consumption taxes which is technically feasible, efficient, and cost-effective. It examined the volatile and rapidly changing intersection of e-commerce and tax law, particularly it focused on how to ensure the efficient collection of consumption taxes concerning the cross-border supply of digital goods and services.

I am currently working on and involved in the following externally funded research projects.

  • Co-Investigator: CRITiCaL - Combatting cRiminals In The Cloud (EPSRC) June 2015 - May 2020. In this project, we seek to understand the different types of crime that can happen in the Cloud, build systems that will allow the detection of this criminal behaviour and enable the use of digital evidence to lead to successful prosecution of Cloud crime perpetrators.

  • Co-Investigator: ‘Review of Legislation and Policy Guidance Relating to Adult Social Care’ (funded by Commissioner of Older People Northern Ireland and Government of Northern Ireland, 2014-2015).The full report for the COPNI can be downloaded here.

  • Co-Investigator: “International Justice for Older Adults - Crossing Barriers as well as Borders” (funded by Borchard Foundation Center on Law and Aging, USA (2011-2013). Inter-disciplinary research on the need for better integration of health and social care (comparative and international perspectives) and rights and responsibilities of older adults and families.

  • Legal Expert and co-investigator on European Commission funded “HuWY”. The project aims to support young people’s eParticipation in policies about the Internet and its governance, through a distributed discussion (2009-2010).

  • Partner on European Commission funded Legal Framework for the Information Society (LEFIS) project on IT and Legal Education (2004) and LEFIS APTICE Thematic Network (2007). The project was responsible for developing, implementing and consolidating a cross-national teaching and research infrastructure which adequately responds to the needs and problems raised by the information and knowledge society.

Professional Activities:

Chair of British, Irish Law Education and Technology Association (BILETA); Fellow of the Royal Society for the Encouragement of Arts, Manufactures and Commerce; Member of the Brazilian Academy of Crime Sciences: Committee on International Cybercrime Law; Research Fellow of African Centre for Cyberlaw and Cybercrime Prevention (ACCP); Advisor to Centre for Law and Technology (Nepal); Member of Advisory Board Centre for Cyber Victim Counselling; Fellow of the Higher Education Academy; Member of Dean’s Council, International Association of Law Schools.

I have been a Visiting Scholar at the Dickinson School of Law, Penn State University. I am visiting Professor of National University of Law, (NLU) India and SGT University, India.

I am the Deputy Editor of International Review of Law Computers and Technology (IRLCT). I also sit on the Editorial Boards of five journals: European Journal of Law and Technology (EJLT); International Journal of Innovation in the Digital Economy; Electronic Journal of e-Government (EJEG); SciFed Journal of Intellectual Property Rights

I regularly receive invitations to speak at national and international conferences and delivered Guest lectures in a large number of Universities both in the UK and abroad concerning all aspects of Information and Technology Law. I have provided consultancy to Cybercrime Research Centre at Nicolaus Copernicus University in Toru?; the Institute for Transport Studies, University of Leeds. I have provided training for policy-makers, government officials and business on E-Commerce Law from around the world. I  worked as an International Consultant for Drafting “Integrated Information Technology Bill” for Nepal (Department of Information Technology, Nepal).

Research Interests

The focus of my research and writing is on “emerging technologies”, especially in the context of the “regulation of cyberspace”. Specifically, I explore how online activities and behaviour can be regulated and how we can provide protection for those using the internet. As a “realist”, I care about the opportunities created by these technologies, in particular ensuring a useful adaptive regulatory framework. I continuously question the political and economic power that technologies offer – a power that can be seised and bought and sold. Who will own these technologies? Who will control them? Who will be ethically responsible for their application and use? My research provokes, and challenges established conventions around regulation.

I am interested in all aspects of regulation of cyberspace and contribute to the critical policy debate around privacy, freedom of expression and innovation. In today’s world, most creative expression takes place on Twitter and Facebook but are they liable for their users’ online activities? Should they be legally responsible for what their users do and say?


I teach in the areas of Information and Technology Law, E-commerce Law, Cybercrime, Intellectual Property Law.

PhD Supervision

I am happy to supervise PhD students in the general areas of my research interests.

Key Publications


  • Basu S, Munns C, Privacy and Healthcare Data: Choice of Control to Choice and Control (Routledge Ashgate, 2015)

    Author URL []

    In order for the information society to realise its full potential, personal data has to be disclosed, used and often shared. This book explores the disclosure and sharing of data within the area of healthcare. Including an overview of how health information is currently managed, the authors argue that with changes in modern society, the idea of personal relationships with a local GP who solely holds and controls your health records is becoming rapidly outdated. The authors aim to encourage and empower patients to make informed choices about sharing their health data. They do this by developing a three-stage theoretical model for change to the roles of the NHS and the individual. The study generates debate to stimulate and inspire new models and policy, and to provoke new visions for the sharing of healthcare data. Such discussion is framed through an exploration of the changing concept of 'privacy' and 'patient control' in healthcare information management. The volume draws on best practices from Europe and the USA and combines these to form a suggested vision for the UK as an early adopter of change. The volume will be essential reading for academics in the field of privacy and data protection, as well as healthcare and informatics professionals across different jurisdictions.

  • Basu S, Global Perspectives on E-Commerce Taxation Law, Markets and the Law (Ashgate, 2007), 1-344

    Author URL []

    It is trite, but true, that taxation of e-commerce is a major concern for international agencies and tax authorities worldwide. In its most advanced form e-commerce allows unidentified purchasers to pay obscure vendors, in ‘electronic cash,’ for products that are often goods, services, and licenses all rolled into one. A payee may be no more than a computer that can take up `residence’ anywhere at the drop of a hat; national boundaries are of no consequence whatsoever. The book looks at the implications of the growth of e-commerce for domestic and international tax systems. It covers a wide array of activities such as discussions on the basic principles that govern direct and indirect taxes, overview of the technological changes that have brought about e-commerce, a concise explanation of how and what happens when e-commerce is conducted, examination of the ways in which businesses are using the new technology in conducting their everyday activities, discussion of the application of existing tax principles to e-commerce, exploration of questions and problems raised by applying tax rules that evolved before e-commerce, and observations and suggestions for a variety of approaches to international tax problems resulting from e-commerce and the associated benefits and problems, since the implications of e-commerce vary from industry to industry, it focus on the broader issues. This book also analyses a number of fast-moving trends in the behaviour of national taxation authorities, web-based companies, certain low-tax (or no-tax) jurisdictions, and international organizations that have significant bearing on the future development of the taxation of e-commerce principally influence of economic organisations like OECD, WTO and EU, in particular the influential OECD ongoing study and the latest and most up to date development in OECD and European Community. It examines how US domestic and international tax rules are being interpreted and adopted in the effort to accommodate e-commerce. How VAT rules in EU countries and other jurisdictions are being restructured. It looks into the issues of revenue loss, specifically into the danger of revenue loss for developing countries. The book also offer solutions and future trends in this field.

Journal articles

  • Basu S, Omotubora A, Beeson M, Fox C, ‘Legal Framework for Small Autonomous Agricultural Robots’, AI and Society 2018
    DOI: 10.1007/s00146-018-0846-4, Repository URL:

    Legal structures may form barriers to, or enablers of, adoption of precision agriculture management with small autonomous agricultural robots. This article develops a conceptual regulatory framework for small autonomous agricultural robots, from a practical, self-contained engineering guide perspective, sufficient to get working research and commercial agricultural roboticists quickly and easily up and running within the law. The article examines the liability framework, or rather lack of it, for agricultural robotics in EU, and their transpositions to UK law, as a case study illustrating general international legal concepts and issues. It examines how the law may provide mitigating effects on the liability regime, and how contracts can be developed between agents within it to enable smooth operation. It covers other legal aspects of operation such as the use of shared communications resources and privacy in the reuse of robot-collected data. Where there are some grey areas in current law, it argues that new proposals could be developed to reform these to promote further innovation and investment in agricultural robots.

  • Omotubora A, Basu S, ‘Regulation for E-payment Systems: Analytical Approaches Beyond Private Ordering’, Journal of African Law 2018, 1-33 (Accepted)
    DOI: 10.1017/S0021855318000104, Repository URL:

    Copyright © SOAS, University of London 2018 Technology-driven payment instruments and services are facilitating the development of e-commerce; however, security concerns beleaguer their implementation, particularly in developing countries. This article considers the limits of private ordering in the regulation of e-payment systems. It uses Nigeria to exemplify a developing country that is increasingly pushing for the adoption of a regulatory framework for e-payment systems based on private ordering. It argues that, although technical standards and self-regulation by the financial industry are important, law is an essential regulatory mechanism that is largely absent. The article proposes that law be used as a mechanism to set and compel compliance with technical and industry standards, thus building trust, catering to public interest concerns and legitimizing the regulatory process.

  • Basu S, ‘International Direct Taxation and E-Commerce: A Catalyst for Reform?’, NUJS Law Review, 10.1 (2017), 19-48
    Repository URL:

    This article critically analyses the challenges e-commerce poses to the traditional source- and residence-based taxation systems. It presents an exploratory study of two fundamental taxation principles that apply to international transactions in general and, more specifically, to e-commerce: the choice of residence-based or source-based taxation in governing the tax treatment of both domestic income accruing to non-residents and foreign income accruing to residents; and use of permanent establishment (PE) status in instituting the economic nexus required to assert jurisdiction over tax business profits. It is argued that in the interpretation and application of the rules, a clear distinction should be made between conceptual and practical issues. While there may be overlap between them, distinct issues exist regarding the normative questions of how and where profits arising from e-commerce should best be taxed as a matter of principle, as well as how such taxes should be implemented. The formulary apportionment of income earned by e-commerce business based on an economically justifiable formula provides a viable solution.

  • Basu S, Malik R, ‘BIG Data: A Challenge to Data Protection?’, India Law Journal 2016
    Repository URL:

    Big data’ in India is set to get ‘bigger’ with the recent launch of Reliance Jio. Through Jio, Reliance is targeting mid-to-low end customers and is striving to digitize millions in rural India by providing them data connectivity at low prices. As customers line in queues to join Jio, the rise in digital adoption is expected to result in greater content consumption and more digital transactions. This upsurge in data usage would yield an exponential increase in the quantity of big data generated. Jio intends to maximize growth and competitiveness by exploiting big data.

  • Munns C, Basu S, ‘The NHS information revolution: 'choice of control' to 'choice' and 'control’, International Review of Law, Computers and Technology, 27.1-2 (2013), 124-160
    DOI: 10.1080/13600869.2013.764132

    This paper provides a novel and critical analysis of the necessary and important balance between 'individual privacy' and 'collective transparency'. We suggest that the onset of the Information Revolution has created a dilemma for the National Health Service (NHS) in terms of how it addresses its obligation to use information to improve best practice in healthcare for society ('collective transparency') whilst also keeping sensitive personal information confidential ('individual privacy'). There is clearly a need to consider both whether the NHS is balancing this critically important informational relationship and whether its approach is fit for purpose. We argue that the NHS's 'proxy-individual' information guardian role could inadvertently mask individuals' intended roles, effectively circumventing autonomy-based laws by limiting the power of individuals to be autonomous. In this article we have identified three issues-first the prevailing 'Mindset' (the 'M') of 'privacy', which is viewed as individualistic, resulting in an overpowering concept of confidentiality; second, the quality and control of Information (the first 'I'); and third, the concept of innovation (the second 'i'), which is being used as a 'solution' rather than a vehicle for transparency. Indeed, transparency is our target of 'best practice,' and we suggest that individual privacy and collective transparency are best embedded within a complementary privacy framework that offers a better fit than the current split of control between the roles of the NHS and the roles of the individual. It is suggested that when facilitated by transparency, 'control' and 'privacy' form a continuum, aligning through the desire for choice. Therefore, the choice of control could facilitate control and choice. Together, they could replace the concept of privacy by empowering 'informed patients' to support the NHS's 'No decision about me, without me' pledge. © 2013 Copyright Taylor and Francis Group, LLC.

  • Basu S, ‘Stalking the Stranger in Web 2.0: A Contemporary Regulatory Analysis’, European Journal of Law and Technology, 3.2 (2012), 1-36

    Author URL []

    In this article, a virtual, community-based concept of regulation is developed to regulate cyberstalking in Web 2.0. Such a concept offers a novel approach based on three elements fundamental to the discussion of regulation of cyberstalking: (1) the differences between physical stalking and cyberstalking; (2) the character of a virtual community and the effects of social interactions; and (3) the scope of experience and reality. This formulation is based on an expansive view of regulation and “normativity” of a virtual community. The author advocates the formation of codes of conduct based on the “rights and responsibilities” discourse, termed here as “protocols,” which reflect optimal sociological conceptions. The philosophical underpinning of protocols recognises the value of community, essentially the connection between individuals and their community. As such, these protocols will assist in the formation of private laws that are practical and acceptable within the virtual community. The aim of this concept of regulation is to ensure that cyberspace remains a lawful and socially useful space.

  • Basu S, ‘Privacy Protection: A Tale of Two Cultures’, Masaryk University Journal of Law and Technology, 6.1 (2012), 1-34

    The paper provides a novel and critical analysis of privacy as an instrumental notion within social and cultural contexts. The argument suggests there is much utility in a novel multiple-perspective approach to the study of privacy in a socio-legal context. It questions our assumptions about privacy by looking to a differing privacy culture - that of the India. It examines the Indian perception of privacy based on India's cultural values and offers an explanation for why India's concept of privacy is beyond the often dominated public-private dichotomy and why it has implicitly or explicitly affected the agenda for privacy theory by placing some issues in the limelight while leaving others backstage. The importance of the argument is due to its critical assessment of the current European approach (from the EC, ECJ and ECHR) where privacy is regarded as an inalienable right with a concrete psychological foundation. I argue that privacy interests are far more extensive and deeper than the European definition which can at best capture only some of the issues which require elucidation when we litigate over privacy.

  • Basu S, Duffy J, Pearson K, ‘Older people and legal advice – the need for joined up and creative approaches’, Journal of Social Welfare and Family Law, 34.1 (2012), 31-37
    DOI: 10.1080/09649069.2012.675463, Repository URL:

    This paper reports the findings from research conducted with older people in Northern Ireland which investigated whether their needs for legal information and advice were being met. One of the unique aspects of the research involved investigating the potential of the internet as a possible source for advising older people in relation to legal problems. The findings suggest that on-line legal information may frequently assist older people in identifying potential answers to their legal questions, but may not be an adequate substitute for personal communication and advice. The research also highlights the need for professionals to work together to meet the needs of older persons for legal advice and to safeguard their interests. Such “joined up” approaches are particularly important, for example, at the point of dementia diagnosis, where information sharing between health and social care professionals may significantly promote the legal and welfare interests of the older person at a vulnerable point in their lives. This paper therefore turns to work by university-based legal clinics in the United States, such as the Elder law Clinic at Pennsylvania State University, where social work or health care professionals, lawyers and law students collaborate to support older people in their search for resolution of legal problems.

  • Basu S, Duffy J, ‘Providing Legal Information and Advice to Older People: as much a question of accessibility as affordability’, European Journal of Law and Technology, 1.3 (2010), 1-32
    Repository URL:

    No continent has as high a proportion of older people as Europe. In this paper, we report the findings of an empirical project examining the legal advice needs of older people. An important element of the project also sought information about the capacity of the internet for meeting the legal advice needs of older people. Overall our findings broadly indicate considerable failings in legal information provision for older people from more traditional advice sources. Whilst we have uncovered some examples of individualised good practice,our research in the main revealed an alarming sense of fear, mistrust, uncertainty and ambivalence among older people towards accessing legal advice. The research was funded by the Changing Ageing Partnership (CAP). We believe our findings have broad implications and applicability across Europe.

  • Basu S, ‘Implementing E-Commerce Tax Policy’, British Tax Review 2004, 46-69


  • Basu S, Jones R, ‘Regulating Cyberstalking’, in Crimes of the Internet, ed. by Schmalleger F and Pittaro M, 1 (USA: Prentice Hall, 2008), 1, 141-165

Conference papers

  • Basu S, Omotubora K, ‘Beyond the present: Privacy and Personalised Medicine’, in ([], 2018) 33rd Annual BILETA Conference, University of Aberdeen, University of Aberdeen, 09/04/2018 - 11/04/2018
    DOI: 10.13140/RG.2.2.23113.24163

    It is not difficult to imagine a world where diseases can be prevented before it struck and cured decisively by harnessing the vast datasets of biomedical information. It may sound futuristic however the world of “data-rich medicine” or “personalised medicine” has made significant progress in last few years. Personalised medicine employs a more precise knowledge of the genomic, clinical and epidemiological characteristics of the patient's disease to inform treatment decision-making. Indeed, it seems inevitable that optimised and individualised health products will form one element of personal ‘whole-life management’ of health according to which genomic data acquired at the beginning of life will be supplemented throughout that life by findings from continuous supplies of additional data on the person as well as from aggregated data gleaned from the whole population. Obviously, both volume and variety stand to increase tremendously in the coming years. It has long been an ideal in different forms and paradigms of medicine – to focus not only on the disease but also on the person. This approach is dependent on widespread data sharing, underpinned by multi-layered sets of data (and powered by big data analytics). It will radically accelerate “personalised medicine”, making discovery and treatment more efficient. However, what if insurance companies, government agencies, or even hackers gain access to the data? Further as more types of data from more varied sources become integrated, the possibilities for re-identification, that is, being able to link ‘pieces’ of information that could be highly sensitive back to the individual, becomes ever more conceivable. We argue that the future of personalised medicine will depend on how we address the relevant legal questions arising from the challenges and limitations concerning the use of big data. We must be mindful of the rights of patients to access their data and control its use and distribution, particularly respecting and enforcing these rights — including the right to privacy. This article is concerned with the data privacy challenges involved with personalised medicine. Can the privacy concerns ever be fully resolved? We make two preliminary points. First, in this article, we argue that regulation should be premised on the basis that one breach of privacy is one too many. Second, regulation should not stifle scientific progress; personalised medicine is our “carrier of hope”. Hence the article seeks to find solutions to ensure the appropriate balance between emerging scientific discoveries with commercial gains and the rights of individuals within a system designed for the express purpose of exchanging critical personal information.

  • Omotubora K, Basu S, ‘Next Generation Privacy for Smart Technologies’, in ([], 2018) 33rd Annual BILETA Conference, University of Aberdeen, 09/04/2018 - 11/04/2018
    DOI: 10.13140/RG.2.2.19330.17606

    The most exciting, disrupting and portend aspect of the “smart” world is a future proliferate with personal data. Artificial intelligence (AI) applications powered by machine learning algorithms can independently create data that is potentially personal, and what is even more fascinating the internet of things (IoT) can convert everyday devices into personal data because of their ability to reveal contiguous information about our daily activities. The fact is, we are going to be surrounded by personal data, and it does not end there. Big data analytics – the automated processing of data - combines the powers of AI with information drawn from IoT and other sources to produce an unprecedented volume of data some of which are personal. Not only does the proliferation of personal data aggravate the already tense debate about the meaning and scope of personal data, but it also creates concerns about how new (personal) data fits into the niche of existing data protection principles. Although EU data protection law promotes a broad interpretation of personal data, and GDPR preserves this approach, we argue in this article that the increasing power of technology challenges long-entrenched definition of personal data under the law. We argue in particular that the main problem with EU law is its overly-broad interpretation of personal data. This argument is closely modelled on the notion of privacy in continental Europe which consistently conflates the jurisprudence of privacy and data protection. We, therefore, propose a reductionist approach using the ‘risk of contextual harm’ as the threshold for the determination of whether data would be subject to protection under a data protection regime or protected by broader privacy laws. This approach is fundamental to addressing both the nebulousness that technology increasingly fosters on the concept of personal data and the preservation of the EU law as the gold standard for data protection.

  • Basu S, ‘The balancing act between Innovation and Regulation: Theory and Practice’, in ([], 2017) NFAIS 59th Annual Conference, Hilton Alexandria (VA) Old Town, 26/02/2017 - 28/02/2017
    DOI: 10.13140/RG.2.2.15883.59683

    The relationships between innovation and the law are dynamic and arguably changing faster now than ever before. In this presentation, I will explore the interactions between technology and the law. As the landscape among stakeholders continues to evolve, sharing data by way of interoperable systems seem to be cultivating at rapid speed. However, there are critical issues such as privacy and responsible data sharing that needs to be unearthed as part of the landscape, the past few years have revealed too many data exposes and information system vulnerabilities. Ironically the laws that are in place to ensure privacy, security and trust have had a complicated evolutionary path. In the context of healthcare data, I will discuss the primarily the legal issues but also ethical implications of building and sharing data repositories, issues related to responsible data exchange and appropriate data usage. It is essential that any regulatory framework while ensures individual’s right to privacy and but also does not impede emerging scientific discoveries with commercial gains where systems will exchange information

  • Basu S, ‘Healthcare Data: Is Consent the Answer?’, in ([], 2016) British and Irish Law, Education and Technology Association, Hertfordshire University, 17/04/2016 - 19/04/2016

    The purpose of this article is to explore issues relating to consent for medical record sharing in healthcare (‘consent’). This article considers the existing models of consent within healthcare and provides a critical analysis of the current policy debate surrounding consent. A lack of understanding of consent forms a major barrier, both by patients and clinicians. From a legal perspective, consent is defined in terms of an agreement or process by which the rights of individuals to agree or to refuse to share their medical record are upheld. In practical terms, consent refers to the process by which a health care provider informs a consumer of their options for sharing of medical records, and associated risks and benefits, and supports them to make a decision about their care. In reality the lack of understanding prevents full and open discussions about consent choices which undermines the Data Protection Act concept of “explicit consent”. This issue will become paramount on introduction of the imminent Data Protection Directive which has an emphasis on explicit informed consent. This article does not deal in detail with the perhaps less controversial area of consent for medical record sharing for direct care (for example treatment by a GP or a surgeon). It focuses instead on sharing of medical record information for indirect care purposes such as research, paying for treating, auditing care services and planning for care. However, there are strong parallels to be drawn on a sociological level. Montgomery v Lanarkshire Health Board marks a significant shift in the test to be applied when considering whether a patient has given consent to medical treatment. We are also believe that this concept should be extended to cover consent for indirect care. It has put clinicians’ practice of consenting patients back into the litigation spotlight. Lord Kerr remarked that: ‘[since Sidaway] …patients are now widely regarded as persons holding rights, rather than as the passive recipients of the care of the medical profession. They are also widely treated as consumers exercising choices… The idea that patients were medically uninformed and incapable of understanding medical matters was always a questionable generalisation.’ The more informed patients are, the more well equipped they become in choosing whether to consent to medical record sharing for both direct and indirect care. We argue that consent is a key concept in the provision of health care which has ethical, legal and practical dimensions.

  • Basu S, ‘Privacy in Public: “Google Glass” and “Creepshots’ BILETA: 29th Annual Conference, UEA. Norwich., 14/04/2014 - 16/04/2014

    This article looks at two interrelated issues that we will be confronting since the invention of “Google Glass”. First, the development of a particular technology that is inevitable and sometimes autonomous and, second, potential victims of that innovation. I argue that the expansion of a technology like “Google Glass”, in particular the use of this technology for taking “creepshots”, blurs the line between what is considered public and private. “Creepshots” are covertly taken sexually indicative photographs, mostly of women, which are posted online without consent. In fact, it is the lack of consent that is the crucial component for a photograph to be classified as a “creep shot”. Vint Cerf argues that “Google Glass” provides ‘an opportunity to experiment with what happens when you allow a computer to become part of your sensory environment. It sees and hears what you see and hear and it can apply its power and the power of the Internet to make use of information in context.’ In any case a simple act of taking photographs of an individual in a public street (which can be done with a wink while using “Google Glass”) will not by itself engage Article 8(1) of ECHR unless there are aggravating factors. It is a trite law to state that the conception of “privacy in public” is amorphous and it is based on a traditional understanding of “reasonable expectation” of privacy. However, the nature of the exposure due to “Google Glass” not only invades an individual’s expectation of privacy, but it also calls into question the traditional definition of privacy and interpretation of that definition. Nevertheless, question also arises as to whether the law protects the “sexualisation” of a female body or part of a body taken out of context. This article further analyses the various challenges for protecting “privacy in public” because of innovations like “Google Glass” and will map out future theoretical directions.


  • Duffy J, Basu S, Davidson G, Pearson KC, Review of legislation and policy guidance relating to adult social care in Northern Ireland, (Commissioner for Older People for Northern Ireland (COPNI), 2015), 1-98
    DOI: 10.13140/RG.2.2.11269.86247, Repository URL:

    Author URL []

    Multi-disciplinary research project is commissioned by the Commissioner for Older People for Northern Ireland to provide a piece of research to review the current position in terms of policy guidance and law and practice in adult social care in Northern Ireland and to make suggestions, based in part on comparing with best practice in other jurisdictions, to the Commissioner, as to the best way to reform the legislation. The legislative review found: 1. Current legislation and policy guidance surrounding Adult Social Care is outdated, confusing and fragmented in Northern Ireland. Definitions and terminology used in the legislation need updated to fully reflect and meet the needs of modern society. 2. The effect of the out of date legislation and policy position is to disadvantage older people in both understanding what social care services are available to them and in terms of how to access these services. 3.Early intervention to assess need is key together with the provision of necessary support to enable older people to be fully involved in decisions about their future care needs. A preventative type of “Support Visit”, similar to that currently offered in Scandinavia, to all over 75 year olds, would enable information and support to be shared and assessments conducted in a more controlled, proactive and consistent way.

Internet publications

  • Basu S, Malick R, India's dodgy mass surveillance project should concern us all, (WIRED, 2017)
    Repository URL:

    India is undertaking the world’s largest biometric ID card project – Aadhaar, also dubbed the "the world's biggest mass surveillance project". The government seems unaware, or unconcerned, that because of an inadequate legal framework for protecting citizens’ privacy this project will have catastrophic consequences. This overzealous project is obtaining demographic and biometric information and being forced upon Indian citizens, with no choice for an individual to opt-out of the system. The Indian government has claimed that setting up Aadhaar would establish a system of protection against wastage and corruption in the dispensation of social benefits.This draconian ID system is linking with every aspect of an individual’s life, from booking train tickets, registering marriages, or seeking scholarships, to mobile phone numbers, bank accounts, and schools and colleges. In many of these cases, it is mandatory.Thus, the government can exert absolute control by cross-referencing all transactions authenticated by or linked with Aadhaar. Indian society and politics has gone through a tectonic shift and is now in the grip of ‘absolutism’. Amid mounting governmental pressure, more than a billion Indians have signed up for Aadhaar. The aggregation of this data, along with various other data sets interlinked to Aadhaar, will enable the government to trace the movements, social relationships, and interactions of residents so that their private lives are laid bare. Seemingly innocuous, data when collated is capable of profiling residents’ lives. Once such data is in the government’s hands, wide latitude in access and use facilitates government abuse. Indeed, coercive application of Aadhaar creates a potential for mass surveillance, which in turn threatens the privacy of Indian citizens. We argue that this systemic mass invasion of privacy will diminish citizens’ autonomy of decision making: the choice of what to make public or keep private will no longer be theirs. In a high-octane, emotionally charged democracy like India, the fear of backlash will stop individuals from expressing disagreement with the government; they will increasingly self-censor their speech and interactions. Subjecting citizens to greater scrutiny and control will tilt the already imbalanced dynamics between the administration and the citizens, leading to erosion of democracy.

  • Basu S, Emerging technologies and the law—Organs-on-Chips, (LexisPSL, 2016)

    Author URL []

    Commercial analysis: Organs-on-chips has been named as one of the top ten emerging technologies of 2016 by the World Economic Forum, but the use of the technology raises questions surrounding privacy, data protection, ownership and criminal exploitation. Dr Subhajit Basu, associate professor of information technology law and deputy director of the Law and Emerging Technologies Research The group at the University of Leeds considers the issues.

  • Basu S, More than 600m Indians don’t have cards. So how can the country ban cash?, (Wired, 2016)
    Repository URL:

    ‘More than 600 million Indians don’t have cards. So how can the country ban cash?’ highlights the current situation in which India finds itself; a government which is pushing for a cashless society, and a population of which only 4.4% have ‘access to a credit or debit card and ‘less than 300 million use the web’. Subhajit argues that the poor have not been considered in the bid for a cashless economy, with ‘lack of education’ being one of the main barriers to the natural diffusion of a digital economy with zero cash. He argues that the digital divide along with the lack of access to a bank account or a debit or credit card is ‘disempowering, discriminating, and fosters dependency’. He asserts that ‘ a government’s action should not put the poor in a disadvantaged position that they do not have the tools or means to circumvent.’ He concludes the article by commenting that ‘good intentions are nothing, if they are not backed by common sense.’

  • Basu S, Should the NHS share patient data with Google's DeepMind?, (Wired, 2016)
    Repository URL:

    In giving Google access to the healthcare data of nearly 1.6 million patients, the NHS has used a loophole around "implied consent". It did not require patient consent for direct care, and the great unknown is how much Google is going to extend the definition of implied consent to fit its purpose.


Media Contact Areas

  • Regulation of Cyberspace
  • Data Protection
  • Privacy and Freedom of Expression Issues related to Social Networking Sites
  • Big Data
  • Cybercrime
  • Digital Divide
  • Regulation of emerging Technologies
  • E-commerce: Data Protection, Consumer Protection, Taxation, Trust 

© Copyright Leeds 2018