ABSTRACT
The main aim of this paper is to initiate a serious debate on right to privacy and data protection in the Indian perspective. Data privacy is a fundamental right and is recognised under the Universal Declaration of Human Rights, the International Covenant on Civil and Political Rights, and various other international covenants. The Constitution of India also recognises the right to privacy under Article 21. One would wonder why this question of whether the right to privacy is a fundamental right or not, was brought before a bench with nine judges. In 2017, a bench of five judges in the Supreme Court which was hearing the case on Aadhar Card and the Right to Privacy, said that they wanted a nine-judge bench to first decide if privacy is a fundamental right, before deciding on the main Aadhaar Case.
INTRODUCTION
A right to privacy is explicitly stated under Article 12 of the 1948 Universal Declaration of Human Rights:
No one shall be subjected to arbitrary interference with his privacy, family, home or correspondence, nor to attacks upon his honour and reputation. Everyone has the right to the protection of the law against such interference or attacks. While the Centre had argued that right to privacy is not a fundamental right, the petitioners had contended that when a citizen gives his biometrics and personal details to the government and when in turn it is used by commercial organisations, it is a breach of privacy. The trigger is the government’s Aadhaar scheme, which collects personal details and biometrics to identify beneficiaries for government welfare schemes. A bunch of petitions were filed in the Supreme Court in 2015 terming Aadhaar a breach of privacy. The petitioners argued that Aadhaar enrolment was the means to a totalitarian state and an open invitation for personal data leakage. Article 21 protects the right to privacy and promotes the dignity of the individual. Telephone tapping is an invasion of right to privacy and freedom of speech and expression and also the Government cannot impose prior restraint on publication of defamatory materials against its officials and if it does so, it would be violative of Article 21 and Article 19(1)(a) of the Constitution.
Privacy and data protection require that information about individuals should not be automatically made available to other individuals and organizations. Each person must be able to exercise a substantial degree of control over that data and its use. Data protection is a legal safeguard to prevent misuse of information about an individual person on a medium including computers. It is adoption of administrative, technical, or physical deterrents to safeguard personal data. Privacy is closely connected to data protection. An individual’s data like his name, address, telephone numbers, profession, family, choices, etc. are often available at various places like schools, colleges, banks, directories, surveys and on various websites.
The right to privacy is an element of various legal traditions to restrain governmental and private actions that threaten the privacy of individuals. Over 150 national constitutions mention the right to privacy. Since the global surveillance disclosures of 2013, initiated by ex-NSA employee Edward Snowden, the inalienable human right to privacy has been a subject of international debate. In combating worldwide terrorism, government agencies, such as the NSA, CIA, R&AW and GCHQ, have engaged in mass, global surveillance. There is now a question as to whether the right to privacy act can co-exist with the current capabilities of intelligence agencies to access and analyse virtually every detail of an individual’s life. A major question is that whether or not the right to privacy needs to be forfeited as part of the social contract to bolster defence against supposed terrorist threats. In addition, threats of terrorism can be used as an excuse to spy on general population.
DEVELOPMENT OF PRIVACY LAW IN INDIA
Ancient India
The concept of privacy can also be pragmatic in the ancient text of Hindus. Looking at the Hitopadesh which enumerates that certain matter such as worship, sex and family matters should be protected from disclosure. The very concept is not entirely non-familiar to Indian Culture, but some jurist like Sheetal Asrani-Dann has certain doubts about the right to privacy in India, in view of this, she also explains Upendra Baxi’s view, but, Upendra Baxi is clearly alarmed with kindness, sympathy, humanity or gentleness, which is an unabated curiosity; it is not about ill-will. Even privacy in ancient times was related to ‘Positive Morality’. So, in spite of this, right to privacy was vague in the ancient Indian text
This is a recent case of Right to Privacy which was brought by 91-year old retired Karnataka High Court Judge Puttaswamy against the Union of India before a nine-judge bench of the Supreme to determine whether the Right to Privacy was guaranteed as a fundamental right under the Indian Constitution.
This case was actually concerned with an issue to a challenge to the government’s Aadhaar scheme (a form of uniform biometrics-based identity card) in which the government made it mandatory for availing the government services and benefits. The issue was made before a three-judge bench of the Supreme Court on the basis that this scheme violated the right to privacy. Accordingly, a Constitution Bench was set up and concluded that there was a need for a nine-judge bench to determine whether there is a fundamental Right to Privacy within the provision of Article 21 of Constitution of India. It was argued by the petitioner before the bench that Right to Privacy is a Fundamental right and should be guaranteed as right to life with dignity under Article 21 of the Constitution. Submissions made by the respondent were that the Constitution only recognized personal liberty which may include Right to Privacy to a limited extent.
The proposed data protection framework is true to the ratio of the judgement of the Supreme Court of India in Puttaswamy’s case. The Supreme Court held that the right to privacy is a fundamental right flowing from the right to life and personal liberty as well as other fundamental rights securing individual liberty in the constitution. Privacy itself was held to have a negative aspect, (the right to be let alone), and a positive aspect, (the right to self-development). The sphere of privacy includes a right to protect one’s identity. The right recognises the fact that all information about a person is fundamentally her own, and she is free to communicate or retain it to herself. The core of informational privacy, thus, is a right to autonomy and self- determination in respect of one’s personal data. The court observed the following-: “Formulation of a regime for data protection is a complex exercise which needs to be undertaken by the State after a careful balancing of the requirements of privacy coupled with other values which the protection of data sub-serves together with the legitimate concerns of the State.” Privacy too can be restricted in well-defined circumstances. 1. There is a legitimate state interest in restricting the right. 2. The restriction is necessary and proportionate to achieve the interest. 3. The restriction is by law.
KEYWORDS
Right to Privacy, Data Protection, Data Fiduciary, Data Principal, covenants etc.
REVIEW OF CASE LAWS
CONSTITUTIONAL RELEVANCE OF RIGHT TO PRIVACY Article 21 of the Indian Constitution lays down the foundation for various rights provided to the citizens and holds immense significance in a free and democratic society. It is one of the most organic and progressive provisions, the heart of the Indian Constitution which lays down the basis for other laws in our country. Right to privacy finds its place in Article 21 as well as in various international human rights instruments which regard it as an essential element to preserve human dignity and considers it as an inalienable and natural right, inherent to human beings. In the initial years of post-independence, the Indian courts had a different approach to the right to privacy. They focused on the textual interpretation of fundamental rights, refusing to include the right to privacy in its scope and intent. For the first time in India, infringement of privacy was raised in the M. P. Sharma case, challenging the constitutional validity of warrant issued to conduct search and seizure of documents on a probe indicating malpractices within the company. The Hon’ble Supreme Court (“SC”) ruled that search and seizure by the police officers are not unconstitutional. It is a power exercised by the state for ensuring social security. The SC held that right to privacy isn’t the concern in this case, but the issue is whether search warrants used for procuring shreds of evidence is violative of right against self-incrimination or not. Subsequently, in the Kharak Singh case, the validity of surveillance of the accused by conducting a domiciliary visit was questioned. The counsels for the petitioner argued that surveillance, as provided in Regulation 236 of Chapter XX of the Uttar Pradesh Police Regulations is violative of right to privacy. The court only ordered for the deletion of Regulation 236(b) authorizing domiciliary visits at night, to be unconstitutional and further held that privacy as a fundamental right is not guaranteed under the Indian Constitution.
Justice K. S. Puttaswamy (Retd.) and Anr. vs Union Of India And Ors
This case was actually concerned with an issue to a challenge to the government’s Aadhaar scheme (a form of uniform biometrics-based identity card) in which the government made it mandatory for availing the government services and benefits. The issue was made before a three-judge bench of the Supreme Court on the basis that this scheme violated the right to privacy. Accordingly, a Constitution Bench was set up and concluded that there was a need for a nine-judge bench to determine whether there is a fundamental Right to Privacy within the provision of Article 21 of Constitution of India. It was argued by the petitioner before the bench that Right to Privacy is a Fundamental right and should be guaranteed as right to life with dignity under Article 21 of the Constitution. Submissions made by the respondent were that the Constitution only recognized personal liberty which may include Right to Privacy to a limited extent.
Issues to be considered
Protection from arbitrary and unlawful interference: by the Government and private parties– The legislation must ensure that an individual’s right to privacy is not interfered with in an arbitrary and unlawful fashion. Presently, judicial precedents prohibit violation of the right to privacy of an individual by Government agencies. A comprehensive law must provide for protection from intrusion by the Government as well as private parties. The law must also address issues relating to trespass upon individual privacy, audio and video surveillance and interception of communications (including digital and electronic communications). It must also try and prohibit/curtail the use of cutting-edge technology to trespass upon privacy rights and personal data
SUGGESTIONS
Modes of Regulation Considering that the international community regards the right to privacy and data protection as a basic human right, India may be under a moral as well as legal obligation to enact privacy and data protection regulations. There are two modes in which regulations can be adopted: Self-regulation and Government regulation • Self-regulation – India could consider promoting an initiative among Indian industries, especially those interested in the growth of e-commerce. Self-regulation by the industry offers the advantage of a flexible policy made by those who know the trade practices and are motivated by the desire of customers. Self-regulation is also cost efficient to the government, as enforcement mechanisms need not be established. However, a large and heterogeneous group of agents may make self-regulation difficult. However, there is also the risk that a self regulatory solution would be to set the lowest standard. • Government Regulation – Alternatively, the Indian government could adopt specific legislation to address privacy and data protection issues. Even countries like the US that have primarily taken a self-regulatory approach to protecting privacy on the Internet, are slowly moving towards Government regulation to bring about uniformity and effective application of privacy standards.
CONCLUSIONS
Urgent Need for Privacy Regulations Keeping in mind the growth and implications of international trade, especially with the influence of the Internet, it is imperative that India cooperate with the world community to establish laws strictly pertaining to protection of privacy and personal data. Currently countries (eg, EU countries) are unwilling to trade with India due to inadequate privacy regulations. This is particularly relevant, as India becomes an outsourcing centre for several back-office operations such as credit processing, medical transcription. The threat of privacy is also an obstacle towards facilitating a secure environment for communication over the Internet. Unless these issues are addressed India cannot take full advantage of the tremendous opportunities and benefits that e-commerce presents to developing nations such as ours. A legal framework needs to be established setting specific standards relating to the methods and purpose of assimilation of personal data offline and over the Internet. Consumers must be made aware of voluntarily sharing information and no data should be collected without express consent. The future of India’s trade depends on striking an effective balance between personal liberties and secure means of commerce.
SOURCES
Suyash Rai, “A Pragmatic Approach to Data Protection,” The Leap Blog, accessed on May 10, 2020, https://blog.theleapjournal.org/2018/02/a-pragmatic-approach-to-data-protection.
“India’s Personal Data Protection Bill, 2019,” accessed on May 23, 2020, https://www.pwc.in/assets/pdfs/consulting/cyber-security/data-privacy/indias-personal-data-protectionbill-2019.pdf.
Nishith Desai Associates Legal and Tax Counselling Worldwide
Ban on Zoom: India Needs Data Protection Law to Ensure User Privacy and Security,” Financial Express, May26,2020, https://www.financialexpress.com/opinion/ban-on-zoom-india-needs-data-protection-law-to-ensure-user-privacy
Sushmita Karnatak
BA LL.B First year
ILS LAW COLLEGE,PUNE