ABSTRACT
This paper chiefly categorized in the arena of privacy and technology and this paper, it deals with the term of privacy and data collection and constitutionality of privacy term, as the right to privacy as a fundamental right under the constitution of India and touch the different areas related to privacy issue like- cyber-crime, Aadhar card issue, biometric issue and whether privacy is a fundamental right or not? This paper also tried to look at the different countries’ laws on privacy so, that it will give the token of an idea to Indian legislation while drafting act roubustly. and bring out the important aspect in this whole paper through this research, that privacy can’t eradicate but how we can use privacy in a seminal manner, it matters a lot for the present generation and posteriority.
INTRODUCTION:
“You can have security and not have privacy, but you cannot have privacy without security”- Tim Mather
Privacy and technology both are opposite, and this issue becomes more vital from the point of view of citizen rights and security. And this is also important to acknowledge that privacy only preserves when we have proper knowledge and function of artificial intelligence and technology without that it is quite immutable to control the progress of the technological machine, and this is why this issue is important to address but it is more important than ordinary citizens who don’t know much about this term and nature of this problem. it is crucial to make an appraisal of that the technology is more important than the privacy? or privacy of the individual can be compromised for technology and development of one’s nation. This paper deals with the constitutionality and different legal pronouncements of judges and where the Indian privacy laws are lacking in maintaining the secrecy of data and transparency in their proceedings and this the fact of the matter that privacy can be achieved by only two ways – legal implementation and right usage of technology by citizens.
RESEARCH METHODOLOGY:
Academic and legal research conducted in the arena of privacy and significance of cutting-edge technology and this research is mostly based on the journals, legal websites content piece of work, research papers. And this research paper is covering the arena of law aspects with social factors as well. And it is a mixture of both academic and legal research knowledge that is importantly related what human privacy and technology’s role, and what are the rules and grey areas of laws on this issue.
REVIEW OF LITERATURE:
The word privacy is a Latin word “Privatus” which means “separate from rest.”[1] This term can simply mean individuals or groups are capable enough to seclude their privacy from others and they have the right to reveal their information only to limited people. Privacy defines as the right of one’s individual to decide whether their information is accessible to the public or not. And from this term, three questions arise that what, when, and who can access their private information. Under article 21 of the constitution of India “protection of life and personal liberty” states that every person has the right to live their life with dignity and everyone has personal liberty. Privacy is quite similar in terms of words interpretation; however, they are different in terms of meaning, and such words are -confidentiality and secret. Privacy is not any secret, but privacy can be understood in terms of one’s privacy related to body, sexuality, religion, belief, like-dislike, and choices what they make in their life. As per the definition of international human rights according to them, they recognized the privacy terms in the different areas they are- privacy of personal data, person, personal communication, and personal behavior.[2] In today’s time in cutting-edge technology protecting your privacy is a difficult task and despite various categories of technologies with high advancement features, it’s a quest to protect and maintain secrecy throughout your life. The role of law is still a debate to resolve in terms of providing securities to the citizens. Digitalization and e-commerce are still areas where stringent laws are yet to be made in construed manner. For example- when we create an email-id and use that email for various purposes like the passing of personal data related to online banking, online shopping, working on different websites, and many more. it is not an exhaustive list; however, we have to understand this whole concept of privacy issue that now our bedroom is not a private place in the 21st century.
If we trace back then we will come to know this fact that it started with the industrial revolution, and led to discover the initialization, computerization, and globalization and along with that some threats also increase like- Aadhar card, cyber-crime, and online fraud. It is important to understand this nuance related to the safeguarding of citizens in the eye of law- according to our Indian law system only two kinds of people exist- a natural person who is a living person and on the other side juristic person who is not a natural person, however, it posses the legal personality like- company and according to this data protection legislation it will apply only to a natural person.[3]
The concept of data protection is also important to address in the arena of privacy and it become worldwide essential to protect their privacy. Data protection term is derived from the German term “Date Schutz”[4] and the concept of data protection is likely to be connected to the term privacy. And it is also important to understand this notion that data protection is not confined to the privacy term; however, other areas are also involved in like- autonomy, liberty, and freedom. And privacy can be protected only when the data of one Individual is protected. this is how these two terms are interdependent. The term of data protection of information also deals with the data subjects which deal with the term of living individuals.[5] It is important with this term to address the European Union laws which have stringent data protection of the law and according to the European Union law, personal data can only be collected legally under European Union law for an only legitimate purpose, not for any illegal purpose. moreover, under this European law, if any organizations are collecting the data of individuals, then the organization must protect the personal data from any misuse and respect the privacy of users under European Union law.
Constitutionality of privacy and data protection is also important to address here, under the Indian constitution, right to freedom of speech and expression under Article 19(1)(a)[6] and right to life and personal liberty under article 21[7] the constitutional provision is pivotal and directly related to the privacy of induvial. Sir John Simmons said this- “human rights are rights possessed by all human beings, simply virtue of their humanity, naturalness, inalienability, non-forfeit ability, and universality[8]. With that, it is also important to understand that the different areas of privacy and data protection and privacy is more related to solitude, isolation, and seclusion. Data protection can be protected only if one’s privacy rights are not transgressed, and these two terms emerge from technological development.
Privacy and data protection are also related to the right to information act, 2005 because it was also important to understand this notion in different aspects. Under the right to information, a citizen can get the information related to their queries and in any democratic country, transparency is vital for any sovereign country. But this information can only be posses by legal procedures. Now, as per this Act, 2005, under section 2(j)[9] it talks about the definition of the right to information. And with the new development in the arena of digitalization after landmark judgment in the case of Shreya Singhal v. UOI[10] after that information technology (amendment ) Act 2008, was introduced and this act explicitly talks about the cybercrime and protection from that crimes, computer-based frauds, furthermore, this act is essential from point of view of the data protection, till there is no specific rule in this regard, however, somehow Indian system came up with this section of 43A[11] and section 72A[12] which chiefly deals with data protection.
LEGAL JOURNEY IN THE ARENA OF PRIVACY:
In the 1950s the legal journey of privacy and data protection was started in this arena and with the case laws and with technological development, changes occurred in the legal system of India they are-
M.P Sharma v. Satish Chandra– In this case supreme court held that the contention that search and seizure violated article 19(1) (f) of the constitution. The court also observed in this case that mere search by itself did not affect any right to property, and though seizure affected it, such effect was only temporary and was a reasonable restriction on the right to privacy[13].
Kharak Singh v. State- In this case, the right to privacy has been developed in the constitutional sphere of India under Article 19(1)(a) and Article 21. And the right to liberty is also addressed in this case by former justice Suba Rao[14].
Govind v. State of Madhya Pradesh- in this case, the supreme court develop the law on privacy issues by holding the domiciliary visit of the police and disclosure of the information[15].
R Rajagopal v. State of Tamil Nadu- In this case, the petitioner was the editor, printer, and publisher of a Tamil weekly magazine published in Madras who sought an order restraining the state of Tamil Nādu from interfering with the authorized publication of the autobiography of auto Shankar, condemned prisoner awaiting the death penalty which was based on public record. In this case, this court also vouch that the right to be let alone, for every citizen of this country to be safeguard by their privacy[16].
Bennett Coleman v. Union of India- In this case, the court held that it is indisputable that freedom of the press meant, the right of all citizens to speak, publish and express their views, and freedom of speech and expression includes within its compass the right of all citizens to read and then be informed[17].
Indian Express Newspaper (Bombay) v. Union of India- In this case, the court held that the basic purpose of freedom of speech and expression is that all members should be able to form their beliefs and communicate them freely to others. In sum, the fundamental principle involved here is the people’s right to know[18].
PUCL v. Union of India– In this case, the court held the right to information was further be elevated to the status of human rights, necessary for making governance transparent and accountable. The supreme court has consistently held that the right to information is inherent in article 19 of the constitution of india[19].
District Registrar and Collector, Hyderabad v. Canara Bank- in this case, the supreme court contended that the search and seizure by the enforcement agency and registers, books, records, papers, documents, or other proceedings to collect evidence and discover the fraud and omission of stamp duty payable or not of individuals have come under the infringement situation, secrecy and confidentiality must be maintained[20].
Shankar Agarwal v. State Bank of India– In this case, Calcutta high court held that the banker is under an obligation to secrecy. According to Lord Halsbury’s laws of England, it is implied term of the contract between a banker and his customer that the banker will not divulge to a third person without the express and implied consent of the customer either the state of the customer account or any of the transaction with the bank or any information relating to the customer acquired through the keeping of his account unless the banker is completed to do so by order of a court or the circumstances give rise to a public duty of discourse or protection of the bankers own interest requires it[21].
Against this backdrop, the judgment of the Delhi state consumer disputes redressal commission, which imposed a total fine of Rs. 75 lakhs on airtel, the cellular operator’s association of India, ICCI bank and American Express bank for consumer harassment by unsolicited telemarketing’s calls and text messages assumes enormous significance[22].
In 1997, the supreme court of India directed the reserve bank of India to the institute to implement measures to reduce unsolicited calls on the ground that the right to privacy is a fundamental right[23].
There is another instance of case related to one controversy where Maneka Gandhi moved to the Delhi high court against Khushwant Singh autobiography truth, love and little malice claiming it had violated her privacy, in this court judgment went in favor of Khushwant Singh where they held that article 21 is enshrined and invoked only against the state action and not against private entities[24].
There is one of the landmark cases in the constitutional arena which is crucial to address here in respect of the health sector, Mr. X v. Hospital Z, in this case, the supreme court articulated on sensitive data to health. in this case, the appellant’s blood test was conducted at the respondent’s hospital, and he was found to be HIV+ status. Several persons including the members of his family and those belonging to their community came to know of HIV+ status and were ostracized by the community. He approached the national commission against the respondent hospital claiming damages for disclosing information about his health, which, by norms of ethics, according to him, ought to have been kept confidential. The national commission summarily dismissed his complaint. consequently, he moved to the Supreme Court by way of an appeal. The supreme court observed that as one of the basic human rights, the rights of privacy was not treated as absolute and was subject to such action as may be lawfully taken for the prevention and of crime or disorder or protection of health or morals of rights and freedom of others[25].
COMPARISON WITH OTHER COUNTRIES RELATED TO PRIVACY LAWS:
EUROPEAN UNION- In 2018, GDPR, the general data protection regulation became enforceable, and it became the most stringent and robust privacy law in the whole world. And this law of the European Union inspired other countries to create the privacy laws. And this law protects the privacy of one’s individual and data.
FRANCE- In France the data protection Act, 1978, (revised in 2004), this law in France chiefly protecting the rights of the individuals, this law DPA applicable on the data collection which is used for several things, and it can be applied to anyone like- to identify the person, location of the person in France, and this why google fined by the French data protection authority which is violating the French privacy laws. As per this act, if any person wants to access anything, then firstly, he must take consent from the user related to the purpose of processing, data address of data controller, identity, time duration of keeping the data with themselves and give the information regarding the who can access the data, and its security.
GERMANY- In Germany as per the federal data protection Act of 2001, this act states that the collection of any data which is personal data is prohibited in this act except if consent is acquired. In this act also, if data is collected then, he has to give the information related to its purpose and the person has to specify the purpose and after this person can’t use this data for any other purpose.
UNITED KINGDOM- In this country information commissioner’s office is there to uphold the information rights in the public interest. As the data protection act of the United Kingdom, it stated that the process must be fair, transparent about the collection of data and usage of data, and in this act, they specify the process of browser cookies and have to explain to them why they are using, what they will do with that data and such data they can acquire only through the consent of the user.
UNITED STATES- In this country like other countries there is no proper codification of laws, at the federal level, and they’re a lot of confusion regarding the privacy rules because of the lack of proper codification in these areas of privacy laws. as per the federal trade commission and it chiefly deals with the privacy laws related to business and as per this Act, they don’t prohibit illegal practices. In the United States, there are some laws which are dealing in these areas of privacy laws like- health insurance portability and accountability rule, children’s online privacy protection rule, California online privacy protection Act. Along with that other privacy laws are related to the Washington privacy Act and California consumer privacy Act.
SOUTH KOREA- In south Korea, Telecommunication Act stipulated the definitions related to information and communication service providers. As per this act consent is important for the collection of any data and personal information, however, they also stated that consent must be valid and the person who is taking consent must give their details related to name, the purpose of obtaining the information, and contact.
PHILLIPPINES- This country is known for their toughest data laws, as per the Act in the Philippines, if anyone collects the data then he has to be specific in terms of collecting data and take the informed consent from the user before using it and he has to states the declaration of purpose.
ITALY- Italy has stringent codification related to electronic marketing and before tracking the user personal data, advertising such data for marketing purpose before everything user must know the collection, purpose of collection and method of collection of data under this law.
CANADA- In Canada, there is an act related to privacy which is personal information protection and electronic data Act which stipulates the merged and process of collecting the data, storage, online data for commercial use and it is important to draft their privacy policy and explicitly mention all the process and methods in the public domain.
AUSTRALIA- In this country, consists of 13 principles under privacy principles which manifestly deals with the data collection and management of the personal information, and as per this act it is also important that privacy policy must be up-to-date and clearly states everything. As per this Act it is crucial to state the reason why and how they are collecting the personal data.
CONCLUSION
“All human beings have three lives: public, private, and secret.” Human privacy and technology are dealt with in various aspects and after dealing with different aspects it is important to note that privacy term is not just related to data collection, however, privacy is a most vital organ of one’s human life, system, and nation. And privacy is not just violated, however, somewhere we have to compromise with our privacy in daily basis life and it is a need of an hour to make introspection regarding whether your rights are protected or not? However, this is also true to accede with the reality that if you are living in this 21st century, so you must know how to deal with your privacy it is the question and answer itself.
[1] Wikipedia, http://en.wikipedia.org/wiki/privacy, (last visited Sept. 10, 2021).
[2] PRIVACY AND HUMAN RIGHTS, http://gilc.org/privacy/survey/intro.html, (last visited Sept. 10, 2021)
[3] S. Sandesh Saravanan and M. Kannappan, An Overview of the Changing Data Privacy Landscape in India with Regard to the Role of Data Controllers, 119, IJPAM, 919, 920, (2018).
[4] Dr. Jayant Ghosh and Uday Shankar, ‘Privacy and Data Protection Laws in India: A Right Based Analysis, Bharti Law Review, 54, 57-58, (2016).
[5] Id.
[6] Article 19(1) in The Constitution of India 1949-
(1) All citizens shall have the right, (a) to freedom of speech and expression.
[7] Article 21 in The Constitution of India 1949- Protection of life and personal liberty No person shall be deprived of his life or personal liberty except according to procedure established by law
[8] Dr. Jayant Ghosh, supra note 4, at 59
[9] Section 2(j) in The Right to Information Act, 2005-
(j) “right to information” means the right to information accessible under this Act which is held by or under the control of any public authority and includes the right to—
(i) inspection of work, documents, records.
(ii) taking notes, extracts, or certified copies of documents or records.
(iii) taking certified samples of material.
(iv) obtaining information in the form of diskettes, floppies, tapes, video cassettes or in any other electronic mode or through printouts where such information is stored in a computer or in any other device.
[10] AIR 2015 SC 1523
[11] Section 43A in The Information Technology Act, 2000-
43A Compensation for failure to protect data. -Where a body corporate, possessing, dealing or handling any sensitive personal data or information in a computer resource which it owns, controls or operates, is negligent in implementing and maintaining reasonable security practices and procedures and thereby causes wrongful loss or wrongful gain to any person, such body corporate shall be liable to pay damages by way of compensation to the person so affected. Explanation. -For the purposes of this section, –
(i) “body corporate” means any company and includes a firm, sole proprietorship or other association of individuals engaged in commercial or professional activities.
(ii) “reasonable security practices and procedures” means security practices and procedures designed to protect such information from unauthorised access, damage, use, modification, disclosure or impairment, as may be specified in an agreement between the parties or as may be specified in any law for the time being in force and in the absence of such agreement or any law, such reasonable security practices and procedures, as may be prescribed by the Central Government in consultation with such professional bodies or associations as it may deem fit;
(iii) “sensitive personal data or information” means such personal information as may be prescribed by the Central Government in consultation with such professional bodies or associations as it may deem fit.
[12] Section 72A in The Information Technology Act, 2000
72A Punishment for disclosure of information in breach of lawful contract. -Save as otherwise provided in this Act or any other law for the time being in force, any person including an intermediary who, while providing services under the terms of lawful contract, has secured access to any material containing personal information about another person, with the intent to cause or knowing that he is likely to cause wrongful loss or wrongful gain discloses, without the consent of the person concerned, or in breach of a lawful contract, such material to any other person, shall be punished with imprisonment for a term which may extend to three years, or with fine which may extend to five lakh rupees, or with both.
[13] AIR 1954 SCR 1077.
[14] AIR 1963 SC 1295.
[15] AIR 1975 SC 1378.
[16] (1994) 6 SCC 632.
[17] AIR 1973 SC 60.
[18] (1985) 1 SCC 641.
[19] (2004) 2 SCC 476.
[20] AIR 2005 SC 186.
[21] AIR 1987 Cal 29.
[22] Shrikant Ardhapurkar, Tanu Srivastava, Swati Sharma, Mr Vijay Chaurasiya, Mr. Abhishek Vaish, Privacy and Data Protection in Cyberspace in Indian Environment, 2(5), IJEST, 942, 945, (2010).
[23]Id.
[24]Id.
[25]Id. at. 946.