This article is written by Smriti Katiyar (Associate, LawSikho). The article has been edited by Zigishu Singh (Associate, LawSikho) and Smriti Katiyar (Associate, LawSikho).

Introduction

If one were to visit the Cellular Jail in Andaman & Nicobar Islands, they would unwittingly admire the peculiar manner in which the building has been designed, wherein the six blocks, housing one hundred and sixteen prison cells each have been built to resemble the spokes of a wheel emanating from a high watchtower in the center, which was used to station the prison security. However, very few would realize that the building was designed in this unique manner not to serve any aesthetic purpose, but to deliberately enable the prison guards to constantly observe the behaviour of the prison inmates in their solitary cells, without even being seen by them. Over time, it would allow those in power, such as the State acting through its prison guards in the present example, to use the knowledge gathered by observing its subjects, such as the political prisoners in the jail, to discriminate, blackmail, stifle and oppress them if they were to ever pose a threat to their power whilst at the same time maintaining a stronghold over their power by deciding what is and what is not socially acceptable behaviour. This form of constant monitoring by an authority in power would ultimately have a chilling effect wherein the subjects of power would be coerced to unquestioningly abide by any law imposed by the authority.

Unfortunately, this method of surveillance is still employed in present times by the modern state and private associations to gather information about the location, activities, associations, preferences, and behaviour of individuals, whether incarcerated or innocent, through various technologies such as CCTVs, whole-body imaging scanners, RFID enabled documents, biometrics as well as through gag orders and laws that allow roving wiretaps or that make it mandatory to provide personal information at the time of enrolment or employment or that allow intercepting personal communication or disclosure of sensitive personal information in the name of safeguarding national security and public interest, thereby enabling such entities to constantly intrude into the personal lives of individuals and gather such information as may be useful to serve their vested interest. In such a scenario, should we individuals surrender ourselves at the altar of this invisible power that aims to control us so that it can further its own end goals? Should we sacrifice our freedoms to attain greater security and social good? Or do we have a right to be left alone? Essentially, do we have a right to privacy, whether absolute or qualified?

However, before we can claim that every individual has a right to privacy, it becomes necessary to establish what we mean by the term privacy. Unfortunately, the concept of privacy is in disarray because there is no clear consensus on what constitutes privacy – whether and to what extent it encompasses space, location, communication, data, behaviour, association, action, thoughts, and feelings of an individual. The lack of clarity in defining privacy makes the task of defining the acts that constitute a violation of the right to privacy all the more difficult. Thus, it becomes easy to infringe the right to privacy of individuals simply because the grounds on the opposite side such as security, public interest, executive, and judicial necessity have been articulated better as concepts qua the concept of privacy. Consequently, issues of privacy violations are often deflated not only by Courts and policymakers but also by individuals themselves who routinely give out personal information without thinking of its larger repercussions. Therefore, it is necessary to establish the various facets of privacy as an independent concept and thereafter safeguard the right to privacy of every individual, because not only is privacy an essential bulwark of a democratic society but also important for the autonomy, freedom, creativity and psychological well-being of an individual. 

Download Now

In the backdrop of this growing discussion about privacy in the last few decades, several multinational laws, guidelines, and directives have been formulated to protect the right to privacy. For instance, The United Nations Universal Declaration of Human Rights, 1948 stipulates that “No one shall be subjected to arbitrary interference with his privacy, family, home or correspondence, nor to attacks upon his honor and reputation.” The International Covenant on Civil and Political Rights states that “No one shall be subjected to arbitrary or unlawful interference with his privacy, family, or correspondence, or to unlawful attacks on his honor and reputation Similarly, The European Convention of Human Rights, 1950 provides that “everyone has the right to respect for his private and family life, his home and his correspondence.” In pursuance of these international obligations, several nations across the globe have made an effort to protect the right to privacy. For instance, even though the constitution of the USA nowhere explicitly mentions the term privacy, the Courts have interpreted its provisions to include the right to privacy implicitly, thereby safeguarding the decisions that people make about their sexual conduct, birth control, and health from any arbitrary and unwarranted interferences by the State. The UK, on the other hand, has enacted the Data Protection Act, 1998 which governs how the personal information of individuals may be used and prevented from breaches by the State and third parties.

Moreover, the Supreme Court of India, in a recent landmark judgment, has explicitly granted the right to privacy as an independent right to all individuals. However, while on one hand, the apex Court has granted all individuals a right to privacy, the legislature, on the other hand, has been tardy in amending the existing policies and laws which infringe the right such as the AADHAR Act, policy on collection and storage of biometric data, policy on maintaining the privacy of medical records and Section 377 which criminalizes homosexual acts as well as in enacting additional laws to strengthen protection to the right in areas where there is a lacuna such as comprehensive laws to protect data, regulating data trading and safeguarding financial privacy. Therefore, while the Courts in the UK have not only formulated but also implemented that “every Englishman’s home is his castle” where the individual has the “right to be let alone”, it will be interesting to view how the right to privacy, which has been recently guaranteed to the individuals in India, is interpreted, developed and upheld soon.

In the debate of privacy versus national security, one must not forget that if privacy is dear to the individual, so is the security of the state the individual lives in. How far is one willing to go and waive off his right to privacy in order to help the state for collection of data and using the information for security measures? Upto what extent should there be Intervention by state and should they be given unchechecked, unsolicited and unfettered power to obtain the data through surveillance? Various bills have been passed and measures have been taken to harmonize the conflicting interests of both.

Interpretation and analysis of the Aadhar Judgement

Major issues and concerns : impact of 2017 judgement

The right to protect privacy of an individual is enumerated in the Universal Declaration of Human Rights, 1948 (UDHR) “No one shall be subjected to arbitrary interference with his privacy, family, home or correspondence, or to attacks upon his honor and reputation Everyone has the right to the protection of the law against such interference or attacks.” “The principle of Right to Privacy is also contained in the International Covenant on Civil and Political Rights, 1976. The requirements under both the International treaties are that the state shall implement certain legislations to protect the right of privacy and attacks on reputation. As India is signatory to both the treaties, it is the mandate duty of India to pass such legislation but still India has not passed any separate and independent legislation dealing with the subject matter.”

“The Constitution of India does not explicitly guarantee fundamental right to Privacy though Judicial Activism has brought it within the realm of Fundamental rights.” Article 21 states “no person shall be deprived of his life or personal liberty except the procedures established by law.” “The Supreme Court of India deduced the Right to Privacy from Article 21 wherein the court held that personal liberty means life free from any encroachments that are unsustainable in law.” The court in a landmark judgment held that “the concept of liberty in Article 21 was comprehensive enough to include privacy and an unauthorized intrusion into an individual’s home and thus disturbance caused violates his personal liberty.” “In People’s Union for Civil Liberties (PUCL) v Union of India, the court explained the right to privacy to be under Article 21 in consonance with Article 17 of International Covenant on Civil and Political Rights, 1968. The gross violations of the right to privacy encouraged the Judiciary to take a proactive role in protecting the right and providing the affected person adequate compensation and damages.”

In August 2017, the Supreme Court of India passed a judgment in the case of Justice K S Puttaswamy vs Union of India (Supreme Court of India, WRIT PETITION (CIVIL) NO 494 OF 2012), in which fundamental rights, as provided in the Constitution of India, were interpreted to include the right to privacy. As a consequence of this judgment, the Government of India has an obligation both to ensure that its actions do not violate a citizen’s privacy and to ensure that such rights are not violated as a result of its inaction—including its failure to enact suitable legislation.

Data protection and aadhaar : the biometric authentication system

The case had its inception in 2012, when Justice K S Puttaswamy, a former Karnataka High Court judge, filed a petition before the Supreme Court questioning the validity of the “Aadhaar” project on grounds of, amongst other things, its transgression on the Indian citizen’s fundamental rights. The “Aadhaar” project is a 12-digit unique identification number that is issued to Indian citizens based on their biometric and demographic data. It is the largest biometric database in the world, with over 1.25 billion Indian citizens registered. The project raised several privacy concerns due to the almost mandatory requirement of enrolment and the lack of safeguards provided by the Government to protect the data collected. The argument made by the Government was that there was no constitutionally guaranteed right to privacy in India. Reliance was placed on two earlier Supreme Court judgments, M ​P ​Sharma ​vs. Satish ​Chandra and Kharak ​Singh ​vs. State ​of ​Uttar ​Pradesh, which denied the existence of a constitutional right to privacy. Since these cases were decided by six- and eight-judge benches, respectively, the Supreme Court referred the matter to a constitutional bench of nine judges in 2015. Two years later, this bench overruled the two cases to the extent that they decided that privacy is not a constitutionally guaranteed right.

“The Court decided that the protection of individual autonomy was a valid justification for the right to privacy, especially in the context of a global, information-based society. The judgment recognized the right of an individual to exercise control over his/her personal data. The Court opined that the ability of a person to control his/her own life would also encompass his/her right to control his/her existence on the internet. The Court further recognized the complexity involved in data protection and directed the Government to enact a comprehensive data protection law.”

Another important aspect of the Court’s ruling was the implicit recognition of a “right to be forgotten.” The Court stated as follows:

“People change and an individual should be able to determine the path of his life and not be stuck only on a path of which he/she tread initially. An individual should have the capacity to change his/her beliefs and evolve as a person. Individuals should not live in fear that the views they expressed will forever be associated with them and thus refrain from expressing themselves.”

“Thus, the European Union Regulation of 2016 has recognized what has been termed as ‘the right to be forgotten’. This does not mean that all aspects of earlier existence are to be obliterated, as some may have a social ramification. If we were to recognize a similar right, it would only mean that an individual who is no longer desirous of his personal data to be processed or stored, should be able to remove it from the system where the personal data/ information is no longer necessary, relevant, or is incorrect and serves no legitimate interest. Such a right cannot be exercised where the information/ data is necessary, for exercising the right of freedom of expression and information, for compliance with legal obligations, for the performance of a task carried out in public interest, on the grounds of public interest in the area of public health, for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes, or for the establishment, exercise or defences of legal claims. Such justifications would be valid in all cases of breach of privacy, including breaches of data privacy.”

“These observations may increase the likelihood of the right to be forgotten or a similar right being incorporated into the forthcoming law. This right is distinct from the right to privacy which involves information that is not publicly known. It involves the removal of information that was publicly known at a certain time so that third parties cannot access it. Opinions about the right to be forgotten, which is a relatively new concept, differ significantly between the European Union, where it has more historical support, and the United States, where the right of free speech and the right to know have typically been favored over the deletion of truthfully published information.”

“If the right to be forgotten is codified into Indian law, search engines, social media platforms and media companies operating in India will be most affected. These entities may need to reconsider their internal processes and procedures for receiving and processing requests from members of the general public for the deletion of data. Google’s ongoing dispute with the French data protection agency, CNIL, illustrates how complex matters can become.” Now that the phrase “fake news” has become so common, the debate will become more urgent globally.

“With much appreciation and fame over the judgement which made Right to Privacy- a fundamental right’ by the Supreme Court, there still exists the issue of Aadhaar being valid or not which is still pending. Much controversy has lit upon the conflict of Aadhaar, specifically, The Aadhaar Act, 2016 and the Right to Privacy of every citizen of the country being violated through it. The problems with the Aadhaar Act, 2016 in concern to privacy are mainly two parts: firstly, Aadhaar Act making Aadhaar compulsory for every citizen and also making its compulsory linkage to other services, including PAN and phone numbers. It further makes an amendment to the Income Tax Act wherein for tax returns to be processed, one needs to link their Aadhaar number to their PAN. A failure to do this could also lead to invalidity of the respective PAN. These legislations are a forced compulsion for the citizens to link their Aadhaar to these documents which is a problem as Aadhaar inherently requires a lot of personal and confidential information like biometrics, fingerprints, etc. which connects to the second issue of data security.”

The Aadhaar Act, 2016 allows sharing of data under the Aadhaar numbers for the purposes of national security which is a vague and undefined term. Further, Aadhaar is applicable to commercial purposes as well and has the participation of private parties in its data access which leaves the citizens a huge risk of data leak given that there are no existing privacy laws in India. The active government wants the Aadhaar policy to continue and is gradually making Aadhaar mandatory for more documents, for e.g., driving license, which is in plan to also be mandatorily linked to Aadhaar.

The two core issues of the Aadhaar Act, its contradictions to the right to privacy and also its further consequences and misuses which have already started coming to existence. It further mentions the unique identification program in the United States (i.e, the Social Security Number) and its comparison to Aadhaar. It reflects upon how there is a much better possible regard to privacy when it comes to legislation with the intent of providing unique identity and for national security purposes. This links to the unnecessary essentials and requirements that are constantly being brought in by the present government and how it causes fundamental problems in the society.

The problem with linkage

The Supreme Court in March, 2017 declared that Aadhaar cannot be made mandatory for availing governments’ schemes and subsidies. These include the PAN, Income Tax Filings, booking train tickets, etc., all of which now mandatorily require Aadhaar number for its processing. The BJP government, however, in its Financial Bill, 2017 added an amendment to the Income Tax Act, 1961. This amendment added a section which makes it compulsory for citizens to link their Aadhaar numbers to their PAN for the purposes of Income Tax processes as well. The compulsory linkage further makes a PAN number invalid if not linked to the Aadhaar until a prescribed date by the Central Board of Direct Taxes (which presently is the 31st of December, 2017).

The legislation, by making such compulsory legislation, violated the Judiciary’s decisions and observations. This was criticized by the Supreme Court as well because the compulsory linking of Aadhaar to PAN and further for the purposes of Income Tax returns makes it practically mandatory for any citizen to have an Aadhaar. This is in direct contradiction with the Supreme Court’s intention to make Aadhaar voluntary. The dependence of Aadhaar on PAN and other services makes essential services and subsidies exclusive to only Aadhaar holders. A similar problem was identified by the Rajya Sabha before passing the Aadhaar Bill in 2016 where it opposed the Lok Sabha on several grounds one of them being the issue of Aadhaar being mandatory or not.

This recommendation was given during the due process of the bill and was at a later stage accepted by the Lok Sabha before enactment of the bill. As a result, there exists section 7 in the Aadhaar Act, 2016 which states that any citizen who is not assigned an Aadhaar number will be provided with alternate and viable means of identification for delivery of a service, benefit or subsidy. The mandatory linking of PAN with Aadhaar having a further validity of tax returns is a clear violation of this section as it is ultimately being made voluntarily mandatory.

The conflict was taken up in the parliament and the Minister of Information and Broadcasting replied that the citizens not having Aadhaar shall be enrolled for one and an alternative method will be provided till an Aadhaar number is assigned to her. This statement directly negates the entire purpose of the optional clause in the Act. However, the Supreme Court in its judgement on the validity of Section 139AA, gave a partial satisfaction to both sides of the debate as it made the linkage compulsory only for existing Aadhaar holders.

Data security and infringements

An individual’s unique identifiers such as fingerprint and retina scans are linked to his/her Aadhar number. Authentication is carried out by comparing this information with the stored information of an Aadhaar cardholder. With the continuous increase in the number of facilities that mandatorily require Aadhaar information, the possibility of the misuse of Aadhaar information is also increasing, both by the state and private entities.

The Aadhaar Act has a clause that allows the Aadhaar information of an individual to be made available for state use in case of matters concerning “national security”. This went through despite objections in the Rajya Sabha about the possible misuse of the term “national security”.

Along with misuse by the state, misuse by private agents is also a huge concern especially since the registration process for Aadhaar is carried out by private contractors who have access to all the incoming Aadhaar data. Identity theft then becomes very plausible since that information can be used to avail government-provided services in the name of the victim.

Another problem is the ease with which anyone can just walk into an Aadhaar registration center and enroll themselves. Immigrants, especially illegal immigrants can also enroll which becomes an obvious security threat. There have been allegations that this ease of enrollment has stemmed from political motivations of cashing in on the immigrant “vote bank”.

One concern is related to data security. There are a number of organizations which require a customer to share his/her Aadhaar information as part of their “Know Your Customer” policy.There have been multiple instances where customers’ sensitive information has been leaked/hacked. This raises serious questions over the state of cyber-security technology in the country and the risk vs. reward of having a centralized database containing sensitive PII (Personally Identifiable Information).

Comparison to Social Security Number

Fundamental rights directly link to the status of democracy in a country.

Aadhaar is not the only digital identification service run by a government. Other countries have also been running similar programs, like the Social Security Number in the USA. However, there are some key differences which make Social Security Number a better alternative to Aadhaar in matters of security and hence privacy. First, the laws relating to security of personal information are much more stringent in the USA as compared to India. Second, the use of Social Security Number is restricted only to State agencies which is in contrast to India, where the use of Aadhaar is continuously increasing in the private sector as well. Moreover, the design of the SSN system inherently reduces the risk of data theft by separating the storage of the number from other sensitive PII.

The push from the government in popularising the use of Aadhaar and linking it to other user information such as tax records through the Permanent Account Number are aimed at curbing fraud and other crimes. This gives rise to the age old security vs privacy debate. While security is a major concern, so is the privacy and hence freedom of the citizens of a country. If left unchecked, Aadhaar could become a tool for oppression by enabling individual surveillance in the hands of the government and a breeding ground for identity theft in unsecured data stores of private entities.

One way of controlling the blast radius from any security lax is to reduce the connectivity of Aadhaar to other sensitive PII and use it only as a means of authentication, much like the Social Security Number of the United States of America. Going forward, the burning question for us to answer is the compromise we are willing to make between the security and privacy of the people of the biggest democracy in the world, a status which could come under serious threat if the privacy of citizens is ignored.

An analysis of the negative and positive aspects

The Hon’ble Supreme Court of India in its 9-bench hearing and judgement has confirmed the Right to Privacy as a fundamental right. Even earlier it was a recognized right, but under common law. This makes it clear that Right to Privacy is a fundamental right. But it is not an absolute right. No Govt. including the freest of democracies, confer absolute rights on a citizen. It will come with its checks and balances, even within the scope of right to life and liberty. (For instance, it has to be subsumed under certain conditions of state security, public health and public morality).

There are few demerits, except perhaps in understanding and implementation both by the media and the legislature. A person’s privacy is not absolute. It needs to be defined according to the context. An individual has various levels of conduct. Roughly speaking:

●      At the primary level he/she is with and within himself/herself. Like in food habits, dress, private behaviour, thoughts, etc.

●      Within the close social unit like family and home.

●      A little further out – to his/her specific community,

●      Then his/her engagement with general society, state, and law systems.

To the extent that the use or misuse of this right is allowed or not, depends on the effect or repercussions of his/her conduct on those affected entities within which it functions (like home and family, community, general society). In short, your rights cannot transgress on the rights of others.

E.g.: Right to privacy in the bedroom is naturally an unambiguous right. But if it involves something like paedophilia, or bestiality or sadomasochism then it can definitely come under question.

Or, the right to privacy on the Net is a fundamental right. But if it threatens the safety of someone or society or the security of the State, then it can be questioned.

So is the case with all fundamental rights. The context has to determine its application. And the context also has to decide whether it has been transgressed or not. Also remember, the context can change with time and social ethos.

Now we will discuss the merits and demerits:

Merits

●      Know about them,

●      Emergency use,

●      Protect,

●      Identity,

●      Avoidance of copy,

●      Watchdog.

Demerits

●      Secure,

●      Leaks of the information,

●      Proper maintenance,

●      More technical knowledge,

●      Technology expertise,

●      Confinement/Slave,

●      Hit the freedom,

●      Fear.

The above points have been applicable to nation Fundamental Rights of the “Right to Privacy”.

The Supreme Court cannot declare a clear judgement regarding the Aadhaar card from 2014 to present the action of card process on going till now. Every parliament rule, once a bill has passed before that president, has to be discussed with the Supreme Court of judges regarding the bill or advice of laws doubts.

Afterwards, the Supreme Court has it says Ok, conformity of the bill is not inconsistent with our constitution then only can proceed further actions. On the ground, the Supreme Court knows very well regarding the Aadhaar card matters and has a collection of user biometric information. But, at the initial stage the supreme court has given sanction to the plan of Aadhaar card. Hence, at the final stage it is said that Right to privacy is Fundamental right. Aadhaar projects had been spent more money for training of the staff and wastage of time, unnecessary actions were taken by the people.

The need of Privacy Law in India

Technology has become the backbone of the way things work around us in this 21st century. That has brought a lot of data into our lives and this personal information is always out there and we are unaware of how this gets used. Birth dates, financial information, personal audio and video format data and  everything related to our likes and dislikes is available to anyone tech savvy enough to get it. The same data is used by digital marketing companies to tailor make ads and target specific groups of people and on the other hand the same info if used with an ill intent can be used for harassment and ransom. Disappearing from the radar and living in a pre-historic time period is not a pragmatic approach and in today’s world each transaction creates more digital data and increases our risk and exposure to cause harm to privacy. Time and again with the identification of bugs and scandals, personal info is leaked and is available  to anyone who knows where to look for it.[13]

Steps have been taken in the past to get privacy under the ambit of legislation. In 2009 BJD’s Baijayant Panda had introduced a Bill in front of the Manmohan Singh led UPA-2. The party later drafted its own Privacy Bill and Panda had once again reintroduced a Bill to raise awareness around the issue. Panda’s latest endeavour titled the Data(Privacy and Protection) Bill, 2017 has been presented before the House of Commons, Lok Sabha and is pending its approval. Its previous iteration was called the  Prevention of Unsolicited Telephone Calls and Protection of Privacy Bill. The crux of this bill was to prevent the invasion of privacy by call centres who try to forward their business interests to the unassuming common public.  The 2009 bill was a private member bill and it defined privacy stating that, “every person shall have the right to privacy and freedom to lead and enjoy his life without any unwarranted infringement.”

Adding to the list of vocal politicians on the need for privacy laws is Rajya Sabha MP Rajeev Chandrasekhar who had proposed a privacy bill in 2010. BJP Lok Sabha MP Om Prakash Yadav and Trinamool Congress Rajya Sabha MP Vivek Gupta had also introduced two bills  in 2016 but none of these efforts have received a thumbs up from the Parliament.

Panda’s latest iteration of the bill points towards the consent aspect of online data handling and privacy. It states that the person shall have the sole right and final right to modify or remove personal data from any online database, present in any part of the country, public or private. Regarding the cases that will be exceptions to the bill, the resolution is proposed on a case by case basis.

The necessity of a legislation on the Right to Data Privacy

Ever since the advent of the telephonic and information age in the late 20th century various legislations have been put in place which cover different aspects related to Telephones, Cellular data and IT. These legislations do provide guidelines around the issues pertaining to the mentioned industries but leaves a lot to be desired in the case of Right to data Privacy. Also the precedent set by Jurisprudence in our country does not inspire a lot of confidence as the interpretation is highly subjective. Cases have been there where a bench has voiced differing opinions in important cases clearly demonstrating the divergence in understanding. Summing up these issues there is a rising consensus amongst the Judiciary to put a new legislation in place to provide Rights to the citizens of this country to protect their identity online.

The laws which are already in place fall short in providing any security or investigation to the victims of the data attacks on an international scale, primarily in Nigeria and China. The economic cost of such attacks is extremely high and several Anti-Virus companies are predicting the rate of such events to sharply rise in the coming future. Sony, Snapchat, Yahoo, Apple are just some of the big international players who have been targeted for user data. Besides our own nation has faced multiple such incidents, Zomato, Reliance Jio and Aadhar are to name a few.

The Government has risen to the need of the hour and has proposed to enact specific legislations on Privacy. The proposed bill on being implemented will empower the user by overriding the IT Rules and giving an individual’s privacy back. Cases pertaining to protection of national security, national integrity or sovereignty, public order and prevention of crime will be an exception to the law. The following are the reasons for the delay in implementing the Privacy Bill.

1.  “A disagreement between the judiciary and intelligence agencies over whether or not the agencies ought to be under the scrutiny of a competent court with respect to interception of personal data when they deem it necessary.” 

2.  “A debate over the extension of protection granted by the legislation to all residents’ of the country (as opposed to only the citizens).”

The latest draft of the Bill is being discussed behind closed doors but it is supposed to be more transparent than the IT Rules. It specifically states that the personal data should be treated in a fair and lawful manner. Authorities involved in handling such sensitive personal data will be under obligation to treat it as confidential and in no way share it with any third party. The data controller and processor must strive to maintain the quality and accuracy of the data and prevent it from destruction. The Bill also puts the authority of Intelligence agencies under check and states that the said agencies will have to minimize the number of people in their organization to whom the data will be made available and the extent to which such data can be copied.

Data along which the exposure to fraud and privacy invasion also poses the threat of surveillance. To protect the interests of the citizens Chapter IV of the Privacy bill handles the issues around the Data Protection authority. It outlines the process of appointment of key chair people and their removal, functions of such authority, powers and the powers relating to enquiries.

Necessity of legislation of Right to Data Privacy (2017)

Orissa MP Baijayant Panda has introduced the Data Privacy and Protection Bill in the parliament as a private bill with the intention to raise awareness around the issue of the right to data privacy of individuals in the digital age. A guiding force behind this Bill was the 9 judge constitutional bench in the Supreme Court looking into the right of privacy and by extension Aadhar. The Bill narrows down the issue to data privacy alone but the bench is looking into privacy as a whole.

Legal data protection : a historical insight 

Historically the first nation to introduce guidelines around legal Data Protection was the US, where they introduced the US Privacy Act 1974. Since then more than 100 countries have integrated rules regarding data Privacy in their legislation as reported by Privacy International. Data Protection is a legal right in the UK and it is under review to align with that of the EU which in itself is said to have one of the most comprehensive rules in this field. 

In our own nation there have been multiple instances where the judiciary has given judgements based on different interpretations of the concept, indicating on one hand that the matter is subject to national security consideration and yet on the other hand begs to draft some solid guidelines to eliminate any doubt. The rulings were the basis of the IT Act of 2002, Indian Telegraph Act of 1885 which provided for extraction of data without any consent. Under these cases the only way to protect an individual’s interest was only after the approval of a senior officer as laid down by the respective acts and the case shall have to be in the interest of national security or greater public good. Clearly these acts have an out-dated style and cannot keep up with the modern day advancements in the cyber data breach incidents. They also do not hold up to the standard of getting individual consent before processing any personal data. The most the IT ACT(2008 amendment) provides is penalties for offenders and protection against breach of sensitive data privacy but beyond that it does not crystallise the process to be followed to collect, store and process data to name a few.

Objectives of the Proposed Bill

The Bill aims to constitute a Data Privacy Authority at a national level which will strive to protect the digital privacy of its citizens. The gargantuan amount of data produced everyday on the social media platforms exposes a lot of personal data and till date they have been protected by the Privacy agreements signed in accordance to the US law. There have been a lot of data breaches in the past of such US based companies and then grievance redressal in such cases becomes a herculean task. Hence the authority will strive to define the extent of privacy and establish methods to identify data leakages, protection and monitoring mechanisms. 

Establishing the right to privacy

Consent will be the core value of the Bill, it will give that power in the hands of the citizen, the way it should be and is followed in other countries. It will also make provisions to determine the nature of data stored, altering or rectifying existing data. It also irons out the problem of the uniform storage of data compatible to universal standards and secure enough to be transmitted amongst the service providers without any threat. 

Features

• Profiling of individuals and setting up data processing is a welcome addition with the Bill.

• Elimination of interpretation by clearly setting down definitions helps maintain the balance from tipping into the hands of the state which oftentimes can use sweeping generalizations in its own favour.

• For example, Section 66A of the Information Technology Act, which was repealed by the Supreme Court in 2015.

•Empowers the individual by following a rights based approach and mandating consent for collection and processing data.

• It also gives the power to alter or delete any information from a public or private database to the individual itself.

•Moreover the exceptions against this right is supposed to be handled on a case by case consideration.

•The bill allows for grievance redressal through the appointment of an Information assurance officer with an arrangement for offer to the Data Privacy and Protection Authority (DPPA).

•Right to Privacy is proposed to be added to the Fundamental rights to the citizens of our country.

•Ensures that the data collectors and data processors collect and process data in a predefined law abiding manner.

•Ensures the security of the data in transit by setting up obligations on the data intermediaries.

•Surveillance by the state will be limited by the guidelines mentioned in the interest of Security.

•Authorises the Data Privacy and Protection Authority to raise concerns by the individual against the government or independent institutions and get compensation for losses and even imprisonment for the guilty Provides the option for impact assessment and consultation by the DPPA.

Standard operating procedure for data collection, transfer and storage

Data storage providers land with the responsibility to receive consent from the user regarding usage of their data as well as ensuring secure data storage. Well outlined provisions have been made for the disabled and minors.The bill drafts a time framework during which data can be stored.        

National security implications

The bill integrates the national security aspect in line with the existing bill but additionally provides for surveillance of individuals and groups under investigation of activities which could cause national harm or threat of any sort.

Safeguards and constitutional authority

The bill has come up with its own set of penalties and punishments for offences related to the invasion of data privacy, hacks to confidential data etc. It shall override the already set up penal conditions under the IT Act and the Telecom Regulatory Authority of India Act.

 Regulatory structure as proposed by the bill

The bill proposes the setting up of a Data Privacy and Protection Authority (DPPA) which will have members from both the legal and technical community, preferably equal in count, which will undertake the cases brought under its purview. They will also be empowered to conduct inspections of data controllers and processors to ensure no malpractice happens. They can also have consultations to improve the data security  and privacy to meet the changing needs of the day. This Bill has raised a lot of discussion around the topic and though in the current scenario the chances of it passing are grim due to political issues, it still sets the right precedent as and when such a bill gets passed.

The Bill aims to give the citizens the Right to Privacy as a statutory right under Section 4 of the Constitution but this right is only pursuant to Articles 19 and Article 21.

Philosophy and importance of mass surveillance                                              

There is a very common sentiment. In this debate even with people who are comfortable with mass surveillance, They say there is no real harm that comes from this large scale of mass Surveillance invasion because only people who are engaged in bad acts have a reason to want to hide and to care about their privacy. This world view is implicitly grounded in the proposition that there are two kinds of people in the world: good people and bad people. Bad people are those who engage in terrorist attacks and violent criminalities. They have reason to hide, have reason to care about their privacy. By contrast, the good people are the people who go to work, come home, watch television , and spend time with family. They use internet not for planning bombing attacks, rather they use to exchange mails, share recipe and read news and these people find nothing wrong in surveillance they do not have any reason to fear the government monitoring them

The people who are saying it, are engaged in a very extreme act of self-depreciation, what they are really saying is, “I have agreed to make myself such a harmless and unthreatening and uninteresting person that I actually do not fear having the government know what it is that I am doing.” This mind-set has found what I think is its purest expression in an 2009 Interview with the long-time CEO of Google – Eric schmidh, who when asked about all the different ways in which his company is causing invasion of privacy for hundreds and millions of people around the world, he said, “if you are doing something you don’t want other people to know, maybe you shouldn’t be doing it in the first place.” Now, there’s all kinds of things to be said about this mentality, the first of which is that the people who say that privacy isn’t really important, they don’t actually believe it and the way you know that they don’t actually believe it , is it while they say their words that privacy actually doesn’t matter but their action takes all kinds of steps to safeguard their privacy. They put passwords on their emails, social media accounts. They put locks under their bathrooms, bedroom doors, all steps to prevent people from entering what they call their privacy and private space.

The very same Eric Schmidt, the CEO of Google, ordered his employees at Google to cease speaking with an online internet magazine- CNET, after CNET published an article full of personal, private information about Eric schmidt, which it exclusively obtained from Google searches and using other Google products, this same division could be seen with CEO of Facebook, Mark Zuckerberg who in an infamous interview in 2010 – pronounced that, “privacy is no longer include social norm”, in 2014  Mark Zuckerberg and his wife purchased a house along which all 4 adjacent houses in Palo Alto for 30 million dollars so that they can enjoy their privacy

And to prevent other people from monitoring what they do in their personal lives. Over the last few months while researching about the said topic, everybody who mentioned that he or she doesn’t worry about invasion of privacy because they don’t have anything to hide , but when asked in return to take out a pen and give their email addresses and passwords of all email accounts  not just the nice respectable work emails in their name but all of them, because what harm would there be in just wanting to scroll through what they’re doing online, read through what I want to read and publish what I find interesting after all if they are doing nothing wrong , they should  have nothing to hide, not a single person in reality takes up on that  offer.- There is a reason for that, that we as human beings even though some of us in words do not oppose surveillance, we Instinctively understand the profound importance of it. It is true that human beings are social animals ,which means that we have a need for other people to know what we are doing , and saying and thinking, which is why while we voluntarily publish information about ourselves online, but it’s equally essential to feel what it means to be a free and fulfilled human being is to have a place where we can go and be free from the judgemental eyes of the people, there is a reason why we seek that out and the reason is that all of us not just terrorists and criminals but all of us have thing to hide.

There are all sorts of things that we do or think or  tell our physician or lawyer or our psychologist or our spouse or our best friend that we would be mortified for the rest of the world to learn, we make judgements every single day about the kind of the things that we say or think or do or  are willing to have other people know and the kind of things we say or think or do which we don’t want anyone to know about people can very easily in words claim that they don’t value their privacy but their actions after negate the authenticity of that being. 

There is a reason why privacy is so craved universally and distinctively, it is not just reflexive thing like drinking water and breathing air, the reason is that when we are in a state where we can be monitored and where we can be watched, our behaviour changes dramatically, the range of behavioural options that we consider, when we think we are being watched on surveillance is reduce. This is just a fact of human nature that has been recognised in social science and literature and in religion and other virtually in every field and discipline. There are dozens of psychological studies which prove that when somebody knows that they are being watched, or might be watched, the behaviour they engage in is usually more conformist and compliant. Human shame is a very powerful motivator and as is the desire to avoid it and that is the reason that when people are in a state of being watched, they make decisions not that are the by-products of their own agency but out of the expectation that the others have of them and the mandates of other societal orthodox. this realisation was exploited most powerfully for the pragmatic ends by 18th century philosopher Jeremy Bentham, who set out to resolve an important problems ushered by in industrial age, where for the first time the institutions had become so large and centralized that they were no longer to control or monitor individual members and, the solution he devised was an architectural design, originally intended to be implemented in the prisons that he called “panopticon”.

“The primary attribute of which was construction of an enormous tower in the centre of the institution where whoever controlled the institution could at any moment watch any of the inmates, although they could not watch all of them at all times and crucial to this design was that the inmates could not see into the panopticon tower so that they never knew if they are being watched or even when. And what made him so excited about this discovery was that the prisoners would have to assume that they are being watched at any given movement which would be the ultimate enforcer for obedience and compliance.” The 20th century French philosopher ‘Michel Foucault’ realised that the model could be used not only for prisons, but every institution that seeks the control of human behaviour- schools, hospitals, factories, workplaces and what he said that, “This framework discovered by the Bentham is the key means of societal control from modern western societies which no longer need the older overt weapons of tyranny – punishing or imprisoning or killing the dissidents, or legally compelling because mass surveillance create a prison in the mind that is a much more subtle and much more effective means of fostering compliance with social norms over social orthodoxy and much more effective that crude\brood force can ever be.”

The most iconic work of literature about surveillance and privacy is George Orwell’s novel 1984. Whenever it is brought upon in a debate about surveillance, people instantaneously dismiss it as inapplicable. The conversation generally starts with, “well in 1984 there were monitor’s in people’s homes. They were being watched at every given moment and that has nothing to do with the surveillance that we face.”

That is an actual fundamental Misapprehension of the warnings that Orwell issued in 1984. The warning that he was issuing was about a surveillance state not that monitored everybody at all times, but where people were aware that they can be monitored at any given moment.

Here is how Orwell’s narrator, Winston Smith describes the surveillance system that they faced : “There was, of course, no way of knowing whether you were being watched at any given moment.”  He went on to say, “At any rate they could plug in your wire whenever they wanted to. You had to live, did live,  from habit that became instinct,  in the  assumption  that every sound that you made was overheard and except in the darkness every movement  scrutinized.”

The Abrahamic  religions  similarly posit that there is an invisible, all knowing authority who,  because of its  omniscience, always watches whatever you are doing, which means you never have a private moment, the ultimate for enforcing obedience to its dictates. What all of these seemingly disparate works recognize, the conclusion that they all reach, is that the society in which people can be monitored at all times is a society that breeds conformity and obedience and submission, which is why every tyrant, the most overt to the most subtle, craves that system. Conversely, and even more importantly, it is a realm of privacy, the ability to go somewhere where we can think and reason and interact and speak without the judgemental eyes of others being cast upon us, in which creativity and exploration and dissent exclusively reside, and that is a the reason why when we allow a society to exist in which we’re subject to constant monitoring, we allow the essence of human freedom to be severely crippled.” In conclusion to this, the last point that has been observed about this mind-set, “The idea that only people who are doing something wrong have things to hide and therefore reasons to care about privacy, is that it entrenches two very destructive messages, two destructive lessons, the first of which is that the only people who care about privacy, the only people who will seek out privacy, are by definition bad people.” This is a conclusion that we should have all kinds of reasons for avoiding, the most important of which is that when you say, “somebody is doing bad things,” you probably mean things like plotting a terrorist attack or engaging in violent criminality, a much narrower conception of what people who wield power mean when they say, “ doing bad things.” for them, “ doing bad things” typically means doing something that poses meaningful challenges to the exercise of our own power, the other really destructive and even more insidious lesson that comes from accepting this mind set is there’s an implicit bargain that people who accept this mind set have accepted, and that bargain it this that, “if you’re willing to render yourself sufficiently harmless, sufficiently unthreatening to those who wield political power, then and then can you be free of the dangers of surveillance. It’s only those who are dissidents, who challenge power, who have something to worry about.”

“There are all kinds of reasons why we should want to avoid that lesson as well. You may be a person who, right now, doesn’t want to engage in that behaviour, but at some point in future you might. Even if you’re somebody who decides that you never want to, the fact that there are other people who are willing to and able to resist and be adversarial to those in power – dissidents and journalists and activists and a whole range of others- is something that brings us all collective good that we should want to preserve. Equally critical is that the measure of how free a society is not how it treats its good, obedient, compliant citizens, but how it treats its dissidents and those who resist orthodoxy. The most important reason is that a system of mass surveillance suppresses our own freedom in all sorts of ways.” It renders off-limits all kinds of behavioural choices without even knowing that it’s happened. The renowned socialist activist Rosa Luxemburg once said, “He who does not move, does not notice his chains.” “We can try and render the chains of mass surveillance invisible or undetectable, but the constraints that it imposes on us do not become any less potent.”

Why privacy? The Indian Privacy Code, 2018

Cambridge analytica, NAMO app, Paytm, adhar card, there is one thing very common among the controversies that has risen around all these apps in recent times. It is alleged that all these apps are trying to steal personal data. So what is there in that data that is worth stealing? What is the solution?

The controversy of Cambridge Analytica shook the Governments across the entire world. And since then, they have started making laws related to data protection and data privacy.

In 2018, In the state of Uttar Pradesh, potato farmers wanted to protest against the controversy which was there at that time due to the intermediaries in the business and low price at which they had to sell their product. The Farmers allegedly dumped potatoes outside the houses of the government officials. The Uttar Pradesh government got agitated with this and to catch the people responsible who exactly had done this, they tapped more than ten thousand phone calls. It would be some 10-20 people who must have dumped it, but, extra nine thousand nine hundred and eighty people’s phone calls got taped. All the conversations that must’ve happened between the innumerable people got taped.

In another case, in Andhra Pradesh, a government website publicly displayed people’s private information. They did not do it intentionally but since the website was so insecure that it happened anyway. This data was about a government medical store and the information about the people, their phone number and the details of the medicine purchased by them. Stringent data protection laws must be made where the people carrying sensitive data can be held accountable for such mishaps and there is a proper management system if and when such a leak of data crisis arises.

Furthermore, privacy is a fundamental right just like the other rights in the constitution, this was then declared by the SC. After this decision by the SC, the government was compelled to take action against it. The government’s ministry of information technology had appointed an expert panel to draft the new data protection law, this expert panel was headed by the supreme court’s judge B.N shri krishna. They were given a task to prepare a draft based on which a law could be made. Considering the draft inadequates, a group of common people, from every walk of life, the experts and organisations got together, who felt the need to step forward and take an initiative  and took it upon themselves to form a strong policy draft to be presented in the parliament. In this group there were 13 different groups which included legal experts, policy analysts and lawyers. Together they all prepared a draft for data privacy which they have named as Indian privacy code 2018. This draft was supposed to be a modern bill, which means that if the government wants to make this as law then they will have to bring this in the parliament and pass this to make a strong data protection law. 

The unique thing about this bill was that those people had brought the entire draft in front of the common people. Their website was saveourprivacy.in.  Where anybody could read their 20-25 pages draft line by line in this website and even give the suggestion.

A person could highlight any part, line and annotate it to write their comments too. it’ was the first time such an open law has been kept for the public to analyse.

A brief summary of the bill to understand why this was so important for everybody and why it’s important to defend this fundamental right to privacy. As a summary they had given seven principles of privacy:

First principle says individual rights are at the centre of privacy. That means that an individual needs privacy the most. A government or a company does not need privacy, in fact the more they are transparent, the more it is beneficial for the country.

Second principle says that data protection law must move ahead with technology. There should be exceptions in it but they should be clearly defined and limited, it should not happen that the law gets pressurised under the exceptions. 

Third principle says that a new strong and independent body should be made named privacy commission. This commission will look after the privacy related matter and will see how well is this law being implemented. It will have investigative powers and will also see that the law is not getting outdated and is getting changed with time. 

Fourth principle stated that the government should respect the user’s privacy. That a government should respect an individual’s right. This new commission will have its authority valid on the government as well.

Fifth principle says that surveillance should also be considered in privacy. Phone tapping by the government or illegal raids in people’s houses also comes under infringement of privacy.

Sixth principle is that the right to information law should also be empowered here and it should be strengthened and protected. 

International protections and harmonisation to protect the open internet must be incorporated. That means if there is any good law being made in the world, it should be adopted and get inspired to implement them here. Like recently a very strong data protection law was introduced in Europe called GDPR. 

Indian privacy code has taken a lot of inspiration from GDPR, few things are used as it is. And few areas adopted as per the Indian standards.

Like in GDPR, if you open any website in Europe, then the website will have to ask you whether they can track you or not? You can either accept or decline. so, this was a term in GDPR, now Indian privacy code adapted  it with a straight ahead of just accept and decline as the majority of the country’s population is not well read.

These 7 principles are basically a summary of what is there in the Indian privacy code, and why is this necessary and it’s so important there are many reasons for it. 

The earlier stated two examples of Uttar Pradesh and Andhra Pradesh were mentioned to bring into perspective that how government misuses its power to carry out surveillances and that in Andhra Pradesh how data when leaked by mistake also has severe consequences if fallen in the wrong hands, now let’s move a step ahead and see how is data which is available publicly  can be misused in a dangerous way example of cambridge analytica and how voting manipulation can be done using your data seems like a poster case for everything which is wrong with the system, the ignorance and non-stringent data protection laws.

Cambridge Analytica used Facebook likes to spread propaganda for political parties, by understanding pattern behaviours and likes of the individuals and accordingly targeting them with spreading selective propaganda using the things people enjoy, this is nothing but manipulation.

Returning back to the topic of the code, it is also mentioned in the Indian privacy code 2018 that if the government invades privacy then it should have a legitimate state purpose and that state purpose should be proportional to the extent of privacy being invaded. So if there is a small crime like someone has slapped somebody then 10,000 people’s phone getting tapped like in the potato case is infringement of privacy by using arbitrary powers, So proportional representation should be there here.

Brief analysis on how national security agencies pierces the right to privacy of the citizens under the excuse of national security 

Leaving digital footprints

In the digital age that we have stepped in, the most valuable commodity is data. Data today decides who will have money, power and influence. Majority of the multibillion dollar companies like Facebook and Google are data based. They not only process and displace data, they also store and monitor data.

“It was recently exposed that the social media giants and search engines Facebook and Google sell data for revenue to private players”

While this is very alarming, there is still relief for those who have nothing to do with the internet, the people in the villages who are not tech savvy. However, the real threat to the privacy of the individuals comes from the most unexpected source: The Government. The last decade stands witness to the various incidents of not only agencies snooping data under the government’s  nose but incidents of government ordered breach of data privacy.

The governments of the world have always been active when it comes to snooping data, the digital age just made it a lot easier. In the times of landline phones, there was phone tapping, which still exists in many countries. There are now more sophisticated ways to communicate and therefore better ways for the government to snoop.

Today the reality is far grimmer than we can imagine. It is not just our emails and messages that the government sees, it reaches far beyond our wildest imaginations. The data which we might think of as useless apparently is very useful to the government. “Our complete life including the TV programs we watch, the restaurants we visit and even the sidewalks we prefer is being watched by the governments of the world”.

The entire list is way too lengthy to describe but certain moves that are monitored by the governments of the world are –

1.     License plates via reader traffic cameras.

2.     Sidewalk and public space movement by cameras.

3.     Movement via public transportation.

4.     Use of Credit and Loyalty cards.

5.     All data and use activity on phone.

6.     TV history.

7.     Computer activity.

8.     Emails.

Earlier in this decade, the news of the US Government spying on its citizens and beyond took the internet by storm. It was revealed by a former Central Intelligence Agency employee Edward Snowden. The revelations told the world that after 9/11, the government has snooped on each and every activity of not only its citizens but also people from different countries. From snooping into emails to even hacking the webcams of the computers. “The agencies were not only monitoring this data but also storing it. This was a clear and gross violation of the right to privacy of the citizens of the world and especially American citizens.

The snooping had deeper roots than we can comprehend and it was covered by The Guardian”.

It seemed scary at that time but we Indians kept calm, however, that did not last for long when we came across the snooping that our government has been doing on all of us.

“It may come as a surprise to most people but as of December 2018, a few government agencies have been empowered, via a notification in the official gazette, to snoop on any computer in the country. This order which came from the Government of India left everyone in shock”.

The following agencies are named in the notification:

·   “Intelligence Bureau”

·   “Narcotics Control Bureau”

·   “Enforcement Directorate”

·   “Central board of Direct Taxes”

·   “Directorate of Revenue Intelligence”

·   “Central Bureau of Investigation”

·   “National Investigation Agency”

·   “Cabinet Secretariat (RAW )”

·   “Directorate of Signal Intelligence”

·   “Commissioner of Police, Delhi”

These have been named and authorized to snoop on anybody and everybody in the country. The government says that this has been done to ensure safety for the citizens and weed out the dangerous elements of society, foreign infiltrators, spies and other threats to national security. There is a belief that there can be no prevention without intelligence and no intelligence without snooping. The goal to protect the people needs to have some powers which may infringe some rights of the citizens. Almost all the countries in the world which have a functioning intelligence system run surveillance over everyone in their vicinity and beyond. There can be no peace without apprehending dangers before they materialize and it will require snooping.

However, this snooping often leaves the boundaries of security and becomes the tool at the hands of the government to use it for political gains. A complete check on the movement and activity of every citizen, every opponent and every officer in the country completely nullifies the right to privacy enshrined in the Constitution itself.

The most recent blow to the government on snooping came from the Bombay high court this month where the two judge bench nixes the government on phone tapping and clearly stated that,  “unless they meet the three criteria set by the nine judge bench in Puttaswamy case, the government cannot do phone tapping. The records were ordered to be destroyed”.

Recent judgments

As we have already established that the right to privacy is a fundamental right and infringing the right may be a gross violation of the same which is concluded in a recent judgment. The division bench of justice Ranjit More and justice N.J. Jamadar : Bombay High Court, granted relief to a 54 years old businessman based in Mumbai and quashed three separate orders by ministry of home affairs which allowed the central bureau of investigation to intercept phone calls of the petitioner in the case of bribery which involved a public sector official working in a public bank.

According to CBI the petitioner gave a bribe of Rs. 10 lakh to the said bank official for credit related favors.

In three separate orders dated October 29,2009, December 18, 2009 and February 24,2010,  phone tapping or interception of telephone calls of the petitioner was allowed, soon after  CBI registered an FIR against the petitioner on April 11, 2011.

The contention of the petitioner was that this was a gross violation of his fundamental rights guaranteed under part III of the constitution, and the action taken was ultra vires of section 5(2) of the Indian telegraph act, 1885.

Senior advocates of eminence, Vikram Nankani along with Dr. Sujay Kantawalla appeared for the petitioner in the case. They referred to the landmark judgment given by the Supreme Court in 2017 through a nine-judge constitution bench’s decision in K.S. Puttaswamy v. Union of India and the decision given in People’s Union for Civil Liberties (PUCL) v. Union of India.

Arguments: that the alleged illegally intercepted the telephonic conversation. 

That the recordings contained in the charge sheet and any material that was acquired on the basis of such illegally intercepted telephonic recordings should not be admissible.

That it would be in violation of the provision given under the Indian telegraph Act, under Section 5(2) which states that such interceptions can take place only on the occurrence of any of the two events, first in the case of some public emergency, or in the interest of public safety.

The PUCL case was affirmed by the Supreme Court’s constitution bench in the landmark judgment of KS Puttaswamy. In the same case, another decision of the Supreme Court was referred to, which was “R.M. Malkani v. State of Maharashtra”. The bench also scrutinized tests to ensure that the right to privacy of an individual is not infringed upon principles of legitimacy and proportionality.

The test suggests that it is necessary and how to limit the discretion of the state because of the various concerns which were raised and expressed on the behalf of the petitioner arising from the mere possibility that the state is infringing the right to privacy. The following are the key test elements –

·   The action must be backed by the law, which means that there should be a sanction by law.

·   The action which is proposed must hold some importance and must be of absolute necessity in the democratic society and must be for a legitimate reason or aim.

·   The extent of such interference must be proportionate to the extent of need for such interference.

·   In case of such interferences, there must be procedural guarantees.

Justice More who authored the judgment noted- “We are of the view that as per Section 5(2) of the Act, an order for interception can be issued on either the occurrence of any public emergency or in the interest of the public safety. The impugned three interception orders were issued allegedly for the reason of public safety. As held in PUCL , unless a public emergency has occurred or the interest of public safety demands, the authorities have no jurisdiction to exercise the powers under the said section.” “The expression Public Safety as held in PUCL means the state or condition of freedom from danger or risk for the people at large. When either of two conditions are not in existence, it was impermissible to take resort to telephone tapping”.

While giving the judgment, it was clearly stated that if the direction given by the supreme court in the PUCL case which was then approved and re-enforced in the K.T. Puttaswamy case regarding illegally intercepted messages pursuant to an order having no sanction of law are openly disregarded then they will amount to nothing else but a serious case of contempt for law, that too in the matters involving breach of fundamental right of privacy under Article 21 the constitution of India. Fundamental rights if put outside the scope of protection, in the administration of criminal law, the concept that the ends would justify the means would amount to openly stating that the Government authorities may violate any directions Apex Court or mandatory statutory rules in order to procure evidence against the citizens. If the situation is observed closely, it is a gross violation of life and liberty of the citizens, it would do nothing but would lead to manifest arbitrariness and would promote the minimal regard to the procedure and fundamental rights of the citizens, and the laws laid down by the supreme court of India.

“The Supreme Court deliberated on the contours of “Right to Privacy”. A critique of the development of law pithily puts it thus: All nine judges unanimously held that the right to privacy was an essential element of dignity and liberty; and despite holding that the right was not absolute, couched the same in expensive terms as is beautifully encapsulated in the following passage from the opinion of Justice DY Chandrachud (speaking for four out of the nine Judges): “Privacy lies across the spectrum of protected freedoms. The guarantee of equality is a guarantee against arbitrary state action. It prevents the state from discriminating between individuals”.

Conclusion

It is quite evident that various governments of the world have been misusing technological means to invade our privacy in the name of security. Surprisingly, the states which are the champions of peace at the United Nations and members of the Security Council have been the forerunners in the abuse against right to privacy. 

Our own country India has followed the steps of its allies and have been vehemently bypassing the right to privacy of the citizens in the name of national security. The last two decades have seen a rise in incidents since technological advancements have not only made governments more proficient at doing this, but also the citizens more prone to snooping. The whole world of the citizens revolves around their smartphones, laptops and other digital devices which make remote snooping not only possible but very easy.

The government’s control over telecom and software companies also makes it easier for them to snoop data. Telecom operators share data about our activities on the phone with the government and practically no calls or texts we send are private anymore. 

Companies like Facebook, Google and whatsapp snoop on our data and sell it to the government as well as the highest bidder which makes it more dangerous. Our complete digital profile is up for the government to have, all in the name of national security.

The most dangerous part of data snooping is mass-compulsory data collection programs like the Aadhar. More than a billion people are required to enter into a database, their details as well as their fingerprints. “Basically a collection of more than a billion lives at the mercy of the government to be used as they deem fit. More importantly, guarded by primitive digital security which can be ripped apart by a second grade hacker” .

The reality as of today is that the government has authorized its agencies to snoop on its citizens in the name of national security as they feel when it is in clear violation of the Puttaswamy Judgement  wherein steps were mentioned which have to be met in order to snoop on a citizen. 

The data snooping can very well be used by the government to eliminate political competitions by breaching their right to privacy.

Data snooping is something which has always been looked down upon since time immemorial. Upon looking at incidents around the globe, one would easily identify one of the biggest incidents of data snooping which was Edward Snowden blowing the whistle on the NSA. The United States came under heavy criticism globally  after the world came to understand the extent to which the NSA was surveilling. not only the citizens of the US, but also citizens of other countries, including India.  Therefore, for India to be walking on the exact same steps as a nation who has been continuously accused for gross violations of human rights is a sign of authoritarianism. Being snooped on in democracy, which would further change the status quo of how things are handled within the nation. Hence, something as deplorable as what the US did shouldn’t be done by India yet again.

The speed at which a person’s privacy can be abused and his rights usurped is dangerously high and therefore the judiciary has to be far more active than just judicial review. 

Looking at the mammoth amounts of evidence present in front of us when it comes to violation of right to privacy, and the outburst to when it is violated, it is clearly not in the favour of our government, or the nation, to make a mockery out of the nation by going in for an unplanned idea which is responsible for keeping the personal data of millions of Indians, including biometrics. Further, what’s worse is the fact that when the government is actually criticized on how they are handling the data of millions of their citizens, instead of appreciating the gesture and making the necessary changes to make the system a more secured one, the government went on to harass and prosecute those who actually revealed the said information.  Punishing the person who reveals your mistake is not only a coward’s move, it shows the extent to which the government will go to silence a person who speaks against the plans of the government. This shows that democracy is slowly moving towards autocracy and dictatorship, and when a government starts committing such acts while in power, it is always the duty of the judiciary to put things in check. The Supreme Court of India might’ve held mandating the aadhar in certain things as a violation of fundamental rights , but it is just a tip of the iceberg and there is a pretty long way to go before all the wrongs of the government could be rectified.

It has to do judicial activism to nip the threats in the bud. 

In the ever-increasing invasion of the state into the right to privacy, it has become necessary for the entire community to update itself on the concept and law relating to Right to Privacy. Certain measures and guidelines must be formulated, within the prescribed limits of which only the state can interfere with the privacy of the individual. In this regard a visit to the judgment and the view held in KS Puttaswamy  would be appropriate and it must be followed in the letter as well as in the spirit. There is a need to strike a fine balance between privacy and ensuring that policing is taken to a level where technology is a facilitator and not a hindrance for the integrity of India.

References

[1] Article 12 of Universal declaration of Human Rights, 1948 to which India is a signatory.

[2] Kharak Singh vs. State of U.P. AIR 1963 SC 1295.

[3] (1997) 1 SCC 301.

[4] AIR 2017 SC 4161.

[5] AIR ​1954 ​SC ​30.

[6] AIR ​1963 ​SC ​1295.

[7] Section 139 AA, Income Tax Act, 1961.

[8] Kiran Rathee, “Govt plans to link driving licence with Aadhaar,” Business Standard, Sep 26,2018. http://www.business-standard.com/article/economy-policy/govt-plans-to-link-driving-licence-with-aadhaar-117091600042_1.html.(visited on March 3, 2018).

[9]Editorial, “Supreme Court counters push for Aadhaar,” The Hindu, Mar 27, 2017. http://www.thehindu.com/news/national/aadhaar-cannot-be-mandatory-for-welfare-schemes-supreme-court/article17671381.ece

[10] IANS, “Rajya Sabha returns Aadhaar bill to Lok Sabha with amendments,” Hindustan Times, Mar 16,2016. http://www.hindustantimes.com/india/rajya-sabha-returns-aadhaar-bill-to-lok-sabha-with-amendments/story-uCVCaTLOVVyOVwrHqEuOSI.html 

[11] Editorial, “Aadhaar bill is through after Opposition scores a few brownie points,” Indian Express, Mar 17, 2019.http://indianexpress.com/article/india/india-news-india/rajya-sabha-returns-Aadhaar-bill-to-lok-sabha-with-oppn-amendments.

[12]  VS. Shivshankar, “Supreme Court Upholds Law to Link Aadhaar with PAN, Grants partial stay on Penal consequences,” The Wire, July 1, 2017.

Available at: https://thewire.in/145800/sc-upholds-law-link-aadhaar-pan-grants-partial-stay/.  (visited on March 10, 2018).

[13] Importance of data protection,  http://www.bgr.in/features/privacy-why-it-is-important-for-users-to-protect-their-own-data/ (visited on March 22, 2018)

[14] Right to privacy: fundamental right,

https://www.indiatoday.in/india/story/right-to-privacy-fundamental-right-parliament-1031136-2017-08-24 (visited on April 17, 2018)

[15] Data protection laws and regulations 2020

http://www.iclg.co.uk/practice-areas/data-protection/data-protection2016/india (

[16] Privacy Bill. Sec. 9, Sec. 10

[17] Privacy Bill. Sec. 15

[18] The Data (Privacy And Protection) Bill, 2017 http://www.thedialogue.co/analysis-draft-data-privacy-protection-bill-2017/

[19] Google CEO On Privacy: ‘If You Have Something You Don’t Want Anyone To Know, Maybe You Shouldn’t Be Doing It, huffpost, Mar. 18, 2010.https://www.huffpost.com/entry/google-ceo-on-privacy-if_n_383105

[20] Emma Barnette, Facebook’s Mark Zuckerberg says privacy is no longer a ‘social norm , the telegraph , Jan.11 , 2010, https://www.telegraph.co.uk/technology/facebook/6966628/Facebooks-Mark-Zuckerberg-says-privacy-is-no-longer-a-social-norm.html

[21] Robert Draper, They Are Watching You—and Everything Else on the Planet, National Geographic Magzine, Feb 2018.

[22] George Orwell, 1984, (Sevker & Warburg) (1948)

[23] Potatoes hurled outside UP CM Yogi Adityanath’s residence, other prominent places in Lucknow; here’s why, financial express, Jun. 6, 2018. https://www.financialexpress.com/india-news/potatoes-hurled-outside-up-cm-yogi-adityanaths-residence-other-prominent-places-in-lucknow-heres-why/1004545/

[24] Facebook’s data-sharing deals exposed, BBC (Nov 05, 2019 7:20) https://www.bbc.com/news/technology-46618582

[25] Sara Schwartz, 9 Ways You’re Being Spied On Every Day, HUFFPOST (Nov 5, 2019,  7:21) https://www.huffpost.com/entry/government-surveillance_n_5084623

[26] NSA Files decoded, The Guardian, (Nov 5, 2019) https://www.theguardian.com/world/interactive/2013/nov/01/snowden-nsa-files-surveillance-revelations-decoded#section/2

[27] 10 central agencies can now snoop on “any” computer they want, ET Times, (Dec 21, 2018, 01.30 PM)  https://economictimes.indiatimes.com/news/politics-and-nation/10-central-agencies-can-now-snoop-on-any-computer-they-want/articleshow/67188875

[28] Swati Deshpande, Bombay high court nixes government’s phone-tap orders as they ‘violate right to privacy TIMES OF INDIA (Oct 23, 2019, 9:13 )https://timesofindia.indiatimes.com/india/bombay-high-court-nixes-governments-phone-tap-orders-as-they-violate-right-to-privacy/articleshow/71713403.cms

[29]  R.M. Malkani v. State of Maharashtra, 1973 AIR 157

[30] Vinit Kumar  and  ors v. Central Bureau of Investigation 

[31] Jayant Das, Increasing intrusion of state into right to privacy THE PIONEER, Jul 04, 2018, https://www.dailypioneer.com/2018/state-editions/increasing-intrusion-of-state-into-right-to-privacy.html

[32] 2019(2) KHC 220

[33] WRIT PETITION (CIVIL) NO. 1031 OF 2019. 

[34] Article XIV of the GATS sets out the general exceptions from obligations under that. Agreement in the same manner as does Article XX of the GATT 1994.


Students of Lawsikho courses regularly produce writing assignments and work on practical exercises as a part of their coursework and develop themselves in real-life practical skills.

LawSikho has created a telegram group for exchanging legal knowledge, referrals, and various opportunities. You can click on this link and join:

https://t.me/joinchat/J_0YrBa4IBSHdpuTfQO_sA

Follow us on Instagram and subscribe to our YouTube channel for more amazing legal content.

LEAVE A REPLY

Please enter your comment!
Please enter your name here