This article has been written by Samyuktha Banusekar, student of School of Law, SASTRA Deemed to be University. The article elaborates on the Information Technology Act, PUCL decisions, data protection, unauthorised surveillance and Big Brother State.

Abstract

This article provides a comprehensive understanding of a Section 69 of the Information Technology Act, 2000 (the Act) and treads on the current scenario existent in India with regard to the right to privacy. In a contrasting platform, the author attempts to highlight the past amendments and the effects they have had on the Nation. The author begins with an elaborate explanation in Darwinism in the evolution of right to privacy. The author then moves onto discussing Section 69 of Act in detail alongside the trail of judgements that paved a way to the PUCL decision which established the guidelines and held the earlier telephone tapping methodologies arbitrary in nature.

The intersection between right to privacy and data protection is unravelled. This is followed by throwing light on the rapid wave toward a Big Brother State in India and the concern on information being obtained by unscrupulous means through unauthorized surveillance in India which creates a sense of fear and betrayal in the people’s minds. The means that can be taken to restore a sense of security of a person’s privacy in India is further discussed with the intention of making persons aware of rectifying all the fallacies to protect one’s data. The author concludes with how the world is changing with respect to the digital communication and establishes that the guidelines that were followed earlier could not possibly be adapted in the current situation.

Introduction: Darwinism in Right to Privacy

The beginning to the emergence of the right to privacy was highlighted in the significant decision of the Hon’ble Supreme Court of India in the PUCL decision (People’s Union for Civil Liberties v. Union of India and Anr.), as the Court has inter alia debated on the meaning and scope of right to privacy. According to the observations of the Court, even though the right to privacy was not mentioned in the Constitution of India explicitly, the right to have a telephone conversation in the privacy of one’s home or office without any interference whatsoever can be regarded to come within the ambit of right to privacy. A telephone conversation, concerning two or more parties, is essentially within a man’s private life and the tapping of it would contravene with the rights ensured under Article 21 of the Constitution of India, “except according to procedure established by law”. Furthermore, a telephone conversation is inclusive of the exercise of right to freedom of speech and expression and as telephone tapping does not come within the restrictions under Article 19(2) of the Constitution of India, it further contravenes Article 19(1)(a) of the Constitution of India. 

This case further concentrates on International Conventions such as Article 17 of the ICCPR (International Covenant on Civil and Political Rights, 1966) and Article 12 of the UDHR (Universal Declaration of Human Rights, 1948) on the same lines. The Court observed that Article17 of the ICCPR does not infract any part of the Indian municipal law and that Article 21 of the Constitution of India must be read along with these International Conventions to establish a sense of clarity with respect to the scope of the provision. 

The now well-established right to privacy has connoted a myriad of definitions (Refer to Bibliography) and this further leads to a different set of interpretations such as right to privacy of beliefs, thoughts, home, property and personal information of persons. The International Conventions and resources which reflect on this view in a wider frame that have been considered by Indian Jurists such as Article 8 of the ECHR (European Convention on Human Rights) (Refer to Bibliography) and Article 17 of the ICCPR which highlights the right to respect a person’s private and familial life, home and correspondence cannot be used in the interpretation of the Indian Constitution. 

The author would like to assert that the problems on the interpretation of what privacy constitutes begins on a paradigm that neglects that the constitution of the term privacy in India is vastly different from privacy in Western countries. This term is subjective and thoroughly dependent on a group of people’s traditional, environmental and economic aspects. Furthermore, even the Western conception has not established a sense of clarity on the subject; only a set of blurred lines exist between what is protected, what is conceived as protected and what is not protected under the right to privacy. Thus, the same interpretation cannot be observed in India.

Further, the terms “public emergency” and “public safety” under Section 5(2) of the (Indian) Telegraph Act, 1885 has been interpreted in such a manner that when neither of these situations are in play, the Government or an officer on behalf of the Government cannot resort to tapping of telephones even if it is in the interests of the sovereignty and integrity of the Nation. Several guidelines were established in this case in the interest of protection of right to privacy (see here). However, this is a temporary solution and there needs to be remedial action taken against the misuse of surveillance powers by the Government as the guidelines have merely shadowed the Indian Surveillance Law. 

In recent times, many scandals with respect to the right to privacy have featured in the news such as the Cambridge Analytica scandal, the Apple-FBI dispute and the doubts related to provisions of the Aadhar Act. With the blatant soar in data analytics and the easy way to procure personal information of a person on the Internet has led to a conundrum between the benefits of technology and the disregard for right to privacy. 

In K.S. Puttaswamy v. Union of India, the Court observed and recognized the right to privacy to be protected under right to life and personal liberty under Article 21 of the Constitution and hinted at by the Constitutional makers in other rights guaranteed under Part III of the Constitution. As the right to privacy has evolved over a period of time, so has surveillance. All monarchs and democrats have kept an eye on people and their activities to avoid a total state of chaos. But the question is whether this is a blatant disregard to the well-recognized right to privacy. The PUCL decision has been an important attempt to interpret the right to privacy but the many risks posed by surveillance in recent times needs a more comprehensive restructuring of Indian surveillance law as they can no longer suffice to check on arbitrariness of the Indian surveillance law. 

The PUCL Decision: Tracing the Footsteps

The PUCL decision is a landmark judgement when it comes to the right to privacy. This is because, when the question of whether the right to privacy is a recognized right under the Constitution arose, the Court treaded through the lines of this judgement carefully and identified it to be, atleast to an extent. The outcome of the discussions favoured the petitioner, and this led to specifying guidelines temporarily for the proper use of executive surveillance powers which later influenced many judgements. 

A Trail of Landmark Judgements

As various aspects of life such as human life and technology have evolved, so have the laws of the land. In M.P. Sharma v. Satish Chandra, the Court interpreted Article 21 of the Constitution and decided that the right to privacy did not come within its ambit as the Constitutional makers have not explicitly mentioned. It has also stated that when the Constitutional makers have not deemed fit for it to be stated explicitly, it cannot be included by a process of strained construction. However, this judgement was followed by a series of judgements which tried to interpret the right and whether or not it can be considered as within the Constitutional framework. 

The existence of the right to privacy first arose in Kharak Singh v. State of U.P. where the Court identified the right to privacy to come within the Indian Law albeit not guaranteed by the Constitutional rights explicitly. “The right of an individual to be free from restrictions or encroachments on this person” is recognized to come within the ambit of rights under Article 21 of the Constitution by Subba Rao, J.’s minority opinion in the decision which was later utilized in the PUCL decision. This was also enumerated in Gobind v. State of M.P. 

In R. Rajagopal v. State of T.N., the case made was that the right to privacy possessed constitutional status as it was implicit if not explicit in Article 21 of the Constitution. The scope of the right was vastly discussed in this decision where it was observed that the right to be left alone and to protect the right to privacy of an individual is crucial to his right to life.

After considering these judgements, the Court in the PUCL decision observed that “the right to hold a telephone conversation in the privacy of one’s home or office without interference can certainly be claimed as ‘right to privacy’”. This has shown how the right to privacy has evolved on contemplation after consideration of a multitude of judgements revolving around the right to privacy. 

The Guidelines: Ad Interim

The PUCL decision laid down thorough guidelines which were designed to check if the issuance of telephone tapping orders were arbitrary in nature and they highlighted, mainly on the following measures:

1. Only the Home Secretary of the State Government or the Central Government may issue the orders for telephone tapping. However, in the case of an emergency, this may be delegated to an officer working for the Home Department of the Central or State government. A copy of that order must be sent to the associated Review committee within a week. 
2. The authority giving the order must consider whether there are other means to acquire such information that is deemed necessary to be acquired. 
3. The validity of the issue of such order under the Indian Telegraph Act, 1885 is only two months from the date of issue. 
4. The Review Committees shall be instituted involving Secretary-level officers at both the State and the Central level, who shall evaluate whether the order has been made in acquiescence with the laws of the land. If it has not, they shall set it aside and direct the responsible persons to destroy any copies of the already-obtained intercepted communications. 
5. Such authority issuing the interception order must keep records of the intercepted communications, the number of persons who have access to such material, the extent of such disclosure, the extent to which the materials are copied and the number of copies that were made, which must necessarily be destroyed as soon as such withholding of information is no longer essential. 

After scrutiny of such guidelines, a conclusion can be reached that the PUCL guidelines are not for the purpose of a mandate and viewed with a permanent eye. They are ad interim and the guidelines were merely an essential step to be taken at that point of time to protect an individual’s right to privacy, without a Constitutional protection. 

It can be clearly observed that the impact that the PUCL guidelines on various cases extends far beyond the focus on telecommunications as it has influenced Section 69 of the Act. The grounds on which the powers can be exercised by the government to order the interception, monitoring or decryption of “any information generated, transmitted, received or stored in any computed resource”, is wider than the powers that were contained under the Indian Telegraph Act, 1885 as most forms of digital communications come within the ambit of the stated grounds. This is where the Act infringes into the space provided to the right to privacy. 

Section 69 of the Act 

Section 69 of the Act is essentially a loose piece of legislation which authorises the government in procuring data not only in transmission but also the data which is stored. Further, it enables the authorities possessing the power to intercept such data the power to reach the subscribers directly if not by intermediaries. This is a direct violation of the right to privacy as it provides the power to obtain any information in an arbitrary manner. 

Additionally, it has given the right to intercept data for ‘investigation of crime’ which gives room for further implications. Due to this addition, the scope of this provision increases as the eventualities contained under this condition further widens the eventualities due to the five conditions under Section 5(2) of the Indian Telegraph Act, 1885. There are several cases in investigation which require interception of data to investigate and prove with evidence the innocence or guilt of a person. 

By inclusion of stored data within the meaning of this provision, the authorities increase the dimensions of scope and time. The dimension of time is increased even though the time limit for the procurement of data has been prescribed as 180 days, information and data stored in a system can be accessed irrespective of the storage time. This can also be established as arbitrary as it clearly creates a loophole for contravention of law without facing legal repercussions. 

Section 69 of the Act further covers within its ambit the subscribers and intermediaries as well whereas the Indian Telegraph Act only involved service providers as a location for the process of interception. This kind of surveillance is intrusive and arbitrary in nature. This proves that Section 69 of the Act is a highly dangerous tool which can be used against the citizens of the nation by intruding into the privacy of the individuals. 

Right to Privacy and Data Protection: At a Crossroad

In the case of Justice K.S. Puttaswamy v. Union of India, the Hon’ble Supreme Court held that the right to privacy is a constitutionally recognized right under Article 21 of the Constitution and that the Constitutional framers had in mind and that it can also be observed under aspects of freedom and dignity as well. This was adjudged in the decision as follows: 

“Privacy includes at its core the preservation of personal intimacies, the sanctity of family life, marriage, procreation, the home and sexual orientation. Privacy also connotes a right to be left alone. Privacy safeguards individual autonomy and recognises the ability of the individual to control vital aspects of his or her life. Personal choices governing a way of life are intrinsic to privacy. Privacy protects heterogeneity and recognises the plurality and diversity of our culture. While the legitimate expectation of privacy may vary from the intimate zone to the private zone and from the private to the public arenas, it is important to underscore that privacy is not lost or surrendered merely because the individual is in a public place. Privacy attaches to the person since it is an essential facet of the dignity of the human being.”

Followed by this view, a 9 Judge bench of the Supreme Court highlighted with clarity that the right to privacy is contingent to life, liberty, freedom and dignity and therefore held to be an inalienable natural right. It was observed that the Constitution of India must evolve alongside time to meet the requirements in a democracy which is governed by the Rule of Law and that the interpretation of the Constitution cannot freeze on the perception during the time of its adoption. The right is deemed to have arisen from the right to be let alone.

This judgement has contravened all the earlier judgments made against the right to privacy. This judgement is not fundamental in establishing the right to privacy but what expressly stated that the right to privacy was constitutionally guaranteed and what the Constitutional Makers had intended. Even though precedents favour the non-inclusion of right to privacy under Article 21 of the Constitution and the Constitution is presumed to be properly interpreted under the doctrine of ‘Presumption of Constitutionality’, changing times have given rise for the need of a constitutionally recognized right to privacy and not one that is merely implied in certain judgements and not in the others. This judgement has not only evolved from arguments of the past but has also made the future of liberty and freedom luminescent.

In Naz Foundation v. State of NCT of Delhi, Section 377 of the Indian Penal Code was declared unconstitutional on the grounds that it violated Article 14 and Article 21 of the Constitution, which was later overruled in Suresh Kumar Koushal v. Naz Foundation. It was only recently that the Court overturned that decision, declaring Section 377 as partially unconstitutional in Navtej Singh Johar v. Union of India. The dictum in Navtej Singh Johar is a landmark judgement which needs to be celebrated not only for protecting the right to privacy and personal autonomy rights with respect to sexual intercourse among transgender persons but also expanded the meaning so much that even transgender persons are included in such definition. 

As the meaning of right to privacy transgressed and was considered inclusive in Article 21 of the Constitution, the need for data protection has also significantly risen. The 21st Century, being the “information age” due to the extensive usage of the internet, is facing a major digital revolution due to specialised programmes such as the Digital India initiative. This is because of the excessive growth in the usage of technology through mobile phones and the popularity that social media has established amongst the individuals of the nation. Not only in India, but various countries have succumbed to technology and it would be absolute chaos if technology was unavailable even for a short period of time due to the increased dependency on it. 

Over the years, various countries have been trying to control the cons of such digital aggregation. The European Union has adopted a unique approach to this problem where the right to privacy vested in an individual is of more importance in the protection regime and personal information of persons can be gathered only through a legal means, under strict rules and with a legitimate reason. Furthermore, individuals or groups of persons collecting such information must protect it and ensure that it is not misused, respecting the rights of persons protected by the European Union law. The United States, which follows a laissez-faire culture believes that the right to be left alone of an individual by the State is a very significant consideration to the formation of legislations, but the absence of a generic privacy legislation portrays the proper level of protection unlikely to exist. The continuation of a piecemeal approach to the concept of right to privacy in the US makes it less promising. Even though enough efforts are being taken by certain countries, it has been in vain as the growing dependence on the digital world outweighs its cons. Every individual is too concentrated on the advantages of the digital world that he neglects that it makes it easier for the government or any authorized source to obtain the information of data that he has or transmits. 

The rights of every individual in India needs to be attained naturally and this brings about the question of whether data protection is also a constitutionally guaranteed right. The right to privacy and data protection cast a shadow onto each other as both have potential interrelated areas of the same regime.

Data protection and right to privacy have a lot in common as data protection cannot be attained without preventing encroachment of privacy and there has always been a congruence between technological development and privacy laws. One cannot exist without the other and that is where the nation hits a crossroad in choosing between either. However, what the government neglects is that both need to read alongside each other as one cannot be ignored while the other is given more importance. This intertwining of concepts has taken place because of the massive evolution of the digital era. This evolution has brought about an almost synonymous approach to both the concepts and hence it cannot be scrutinized separately.

The standpoint of ‘data protection’ in India would help identify the right based approach that is adopted. Data protection in India scrutinizes how extensively information of individuals is collected and whether it is protected under the Constitution of India. The Constitution, being the basic and ultimate source of law is emphasised upon to highlight that data protection is within the ambit of the Constitution, implied through right to privacy. 

A Big Brother State

The CMS (Central Monitoring System), developed by the C-DoT (Centre for Development of Telematics) allows direct access to data to authorised security agencies. These security agencies will be able to overpower service providers and get direct access to such data through the CMS. The publicly available information about CMS is extremely minimal and the current operational status is unidentified. The citizens of the country are not made aware of such a system of procuring their data and this is proof of the existence of arbitrariness. 

Similarly, the NATGRID (National Intelligence Grid) was a proposal of the Union Home Ministry to amass data of a multitude of intelligence and law enforcement agencies to identify their patterns and the types of data collected include bank account details, tax-related details, travel itineraries of various transports and the transactions of individuals. This proposal, if known to the people, will cause alarm as it is a major threat to security in the nation (see here). 

NETRA (Network Traffic Analysis) is a means developed by the CAIR (Centre for Artificial Intelligence and Robotics) under the DRDO (Defence Research and Development Organisation) collects data pertaining to emails and other personal information from social media platforms. These agencies of the Indian Government are kept secretive and the legal safeguards employed to protect the individuals’ rights are left to one’s imagination. The string of ambiguity that clings on the legal protection provided to the people is a point of crucial importance that needs to be stressed on. As digital communication develops, it is a matter of inevitability that the necessary protection needs to be given to the digital realm. It is chaotic that the government commences these agencies or policies in utter ignorance of the pressing issues the growth of the digital era provides. 

The repetitive revelations to the public through the media about obtaining personal data by means of unauthorised surveillance is another cause for concern. These significant lapses in establishment of a proper statutory authorisation for surveillance programmes undermine the government in the minds of the people of the nation as well. 

Furthermore, the widened scope of surveillance to cover within its ambit most of the Indian population overlooks the government’s support in its future endeavours. The illegal surveillance prevalent in India is brought to the knowledge of the public only when the target sources are politically influential figures. Unlike these influential persons, the unauthorised surveillance of ordinary persons do not make the headlines and they are not able to protest and put forth their opinions strongly either, whether by publicity or legal action. 

Reinstating A Sense of Security

The fragility of the existing safeguards for citizens’ privacy brings forth a need for rebuilding an entirely new Indian surveillance law which provides the citizens with the feeling of their personal privacy being protected under law. The guidelines pronounced by the PUCL Court were merely ad interim and cannot be interpreted to be permanent in nature purely for convenience. 

The fallacy on the part of the government is that no specific statute enables the mass surveillance projects to access the data of the citizens. An existing law cannot contemplate the mass surveillance of the government, as the legal vacuum existent due to the absence of safeguards of privacy rights is a clear overreach on the part of the government. This fallacy leads to a conflict of interest between the executive and the other branches of the government as too much power is focused on its hands. Such exceeding of power must not be tolerated as the Constitutional Makers envisaged the concept of separation of powers to be one of the most fundamental concepts of the three bodies- the Legislature, the Executive and the Judiciary. 

Even if these surveillance policies are to exist, it is safer for the sake of the privacy rights of citizens that they be authorised by specific Acts of the Parliament. The government must aim at providing more robust safeguards that have no scope for ambiguity. Aspects such as the time limit for data retention, liability for access of information without official authorisation or disclosure of personal information of citizens must be clearly covered by such statute so that the citizens are guaranteed of their data being protected since the misuse of data being declared as against the law. These safeguards must not be standalone as they are merely a strengthened version of the already existing safeguards which provide for when an interception order can be issued by the government, who has the power to issue such an order and the information that such order must legally contain. 

Furthermore, the PUCL guidelines are not very sturdy as they are prone to being neglected without punishing the violator with a subsequent consequence. This highlights that the judiciary must employ its expertise in testing the interception requests separately as also protecting the right to privacy, thereby protecting the right efficiently. The concept of “probable cause” from the American criminal jurisprudence which determines whether or not a warrant must be granted in the instant case, can be employed in the Act of the Parliament with respect to mass surveillance programmes which ensures that strict records of warrant proceedings are properly maintained creating a supervisory role for the appellate courts. 

Conclusion: Manoeuvring the Evolution of a Digital Era

Even though the PUCL judgement is what marked the commencement of the right of privacy, it is imperative that the law is in sync with the changing times. It has undoubtedly been a proper means to decide whether an interception order can be passed or not. But the times have transgressed since the establishment of the guideless and with changing times, it may not be the smartest route to be taken. 

As times have changed, the development of the digital world has grown significantly and has a major impact on the personal intercommunications through social media and mobile phones. This has led the government to indulge in illegal mass surveillance means to procure the date either in the security of the nation or otherwise. Either way, this is proven to be the major problem faced by the evolution of a digital era. 

The surveillance by the government in recent times is pervasive and intrudes into the lives of the citizens of the nation in an extremely arbitrary manner which they have no power to stand up against. The surveillance today is way more capable of destruction of the collective privacy of the citizens entirely than it was in earlier times. 

The PUCL judgement, though intended to have a great impact in the aspect of right to privacy, has not had the desired impact that it was intended to have. Further, the guidelines are necessarily to be considered as temporary in nature as it must have been followed by an Act or statute of the Parliament supporting the same, giving it legal validity. 

The consequence of the deployment of various mass surveillance programmes in the past is to reconstruct the Indian surveillance laws if the nation wants to protect the right to privacy from being inconsequential and powerless. As right to privacy has been identified and interpreted to be a constitutionally guaranteed right in recent times, it must not be neglected as it would then result in a state of absolute arbitrariness and unconstitutionality. 

Furthermore, the Social Contract Theory postulated by Jean Jacques Rosseau can be applied in the instant situation. It is a concept wherein the moral and political obligations connoted to people are dependent upon a contract among themselves to create a society that is, through the collective will of individuals. The people who are a part of this society have certain obligations to the society and they have submitted themselves. However, their corresponding rights have not been accorded to them. The right to privacy which is constitutionally guaranteed is slowly being infringed upon by the executive without the persons realizing it. This amounts to deceiving the persons into believing that they are being protected by the government and their rights which are constitutionally protected are not being infringed upon. However, the contrary is what is happening where the government is procuring the data of the citizens through arbitrary means even if it has been declared for valid reasons. Hence, the protection which they are entitled to according to this theory is not given to them; the protection that they receive is irrational, unjust and authoritarian in nature.

Bibliography

1. https://www.echr.coe.int/Documents/Convention_ENG.pdf. 
2. https://poseidon01.ssrn.com/delivery.php?ID=015017002073025117115004083085071018005089018032067023088097071093020105119005089024029042031023054007048071095029064077120088031021028008031092102125082066105064033028022083114114112124124021100101015022028094119120017014007100011120113104029022022&EXT=pdf. 
3. https://www.cs.cornell.edu/~shmat/courses/cs5436/warren-brandeis.pdf.
4. http://people.brandeis.edu/~teuber/Scanlon_on%20Privacy.pdf.
5. http://people.brandeis.edu/~teuber/Parent_on_Privacy.pdf. 
6. https://main.sci.gov.in/supremecourt/2012/35071/35071_2012_Judgement_24-Aug-2017.pdf. 

---

LawSikho has created a telegram group for exchanging legal knowledge, referrals and various opportunities. You can click on this link and join: