Privacy as a Right: Hurdles and Opportunities (Part I)

PRIVACY AS A RIGHT: HURDLES AND OPPORTUNITIES (PART I)

Tamish Kumar, 1^st Year, BBA.LLB (Hons.), Symbiosis Law School, Pune

Editorial Note: The recently recognised right to privacy has been the subject of much celebration. Yet, its recognition in the current legal system brings with it some hurdles as well as opportunities, as discussed by the author in this blog.

“There are cases where a decision one way or the other will count for the future, will advance or retard sometimes much, sometimes little, the development of the law in a proper direction. It is in these types of cases where the judge is to leap into the heart of legal darkness, where the lamps of precedent and common law principles flicker and fade, that the judge gets an opportunity to mould the law and to give it its shape and direction. This is what we have been trying to do in India.”

- Prafullachandra Natwarlal Bhagwati, 17^th Chief Justice of India

Former CJI P.N. Bhagwati’s words took shape inthe form of a judgement pronounced in August 2017 incorporating the Hon’ble Supreme Court’s activist stance in rescue of the citizens’ right to privacy. Debatable as the right may appear in practice, the apex court of the nation, in essence, sees privacy as a right implied within the definition of Article 21 andprovisions of Part III of the Constitution.Humans have the psychological build to conceal, seek autonomy and keep specific matters to themselves, away from all form of external intrusion to such matters. Black’s Law Dictionary defines right of privacy as ‘right to be left alone, the right of a person to be free from unwarranted publicity’. It defines one’s right to privacy as being directly concerned with one's own peace of mind. It is imperative to request oneself, today more so, if the right to freedom from unnecessary intrusion, despite the Supreme Court’s ruling, is a right in actuality; and if not, what challenges are to be tackled to safeguard it.

History of Privacy as a Right

Before the recent hubbub around data breach perils surrounding Aadhar, the concept of privacy was acknowledged in ancient Indian texts. One such mention is within the ancient Indian text ‘Hitopadesha’:

आयुवित्तां गृहच्छिद्र मन्त्तमौषध मैथुने।

दानंमानापमानौ च नंव गोप्यानि कारयेत।[1]

Apropos of the Constitution of India, the right per se finds no explicit mention of itself within its 395 articles, hence courts often found the decision of settling of privacy as a fundamental right in toto to be a distressing subject.However, such a right has been culled by the Supreme

Court from Art. 21 and several other provisions of the Constitution read with the Directive Principles of State Policy.[2]

A question concerning right to privacy was raised for the first time in Kharak Singh.[3] Much along the lines of the arguments framed today, the question to be decided before the court was whether right to privacy could have been implied from the Fundamental Rights enshrined in Part III of the Constitution, viz. Art(s). 19(1)(d), 19(1)(e) and 21. The majority decided to look at the articles in their literal sense and said that our Constitution did not confer ‘any like constitutional guarantee’, while Subba Rao, J., was of the opinion that right to privacy would be implied under Art. 21.

In T. Sareetha v. T Venkata Subbaiah,[4]a straight question regarding the validity of privacy as a fundamental right was posed before the Hon’ble High Court of Andhra Pradesh. The Court’s decision was in the affirmative. Several other judgements that followed also protected right to privacy including PUCL v. UOI(1996),[5] where the Supreme Court of India affirmed that telephone-tapping encroached upon the fundamental right to privacy. In the landmark judgement of K.S. Puttaswamy,[6] a nine-judge Constitution bench headed by former CJI JS Khehar declared right to privacy as a fundamental right in India. This judgement was also used in Navtej Singh Johar,[7] where the constitutionality of Article 377 was questioned and the Court unanimously declared the law unconstitutional ‘in so far as it criminalises consensual sexual conduct between adults of the same sex.’

Considerations regarding the Right to Privacy

Regardless of all the judgements and support, right to privacy still fails to see itself prosper to its fullest as a result of multifarious impediments in its route. It is persistently in tussle with provisions, laws, and in the present digital age, a constant concern of security breach. The scope of right to privacy must be defined; while it remains true that the scope and extent of privacy rights could differ from one case to another, a yardstick for protection of such rights would help courts interpret and apply laws concerning them better.

I. Reproductive Autonomy

Autonomy makes reference to an individual’s ability to make decisions or choices regarding his/her life as per his/her beliefs and without any interference. Reproductive autonomy, parallelly, refers to the ability of an individual to make decisions regarding reproduction as per one’s beliefs, values and desires. An encroachment upon this right through statute or otherwise would guillotine the individual’s reproductive autonomy and subsequently his/her right to privacy. In R. Rajagopal,[8] the Supreme Court said, ‘A citizen has a right to safeguard the privacy of his own, his family, marriage, procreation, child-rearing and education among other matters.’

Attempts to curb reproductive autonomy in India have been observed in the past few years, especially through the passing of Surrogacy (Regulation) Bill, 2016, by the Lok Sabha in 2018,which seeks impose a blanket ban on commercial surrogacy. The Bill, which sprouted from previous cases like Baby Manji[9] and Jan Balaz[10], leaves space only for altruistic surrogacy where the surrogate mother must be a close relative of the heterosexual couple, must be married and between the age of 25-35 having at least one child of her own, and such a woman shall not assist in any way for surrogacy more than once in her lifetime.[11] Furthermore, surrogacies would no longer attract money transactions under the Bill.

On the one hand, the Bill was introduced purposefully to provide relief to poor women who were being exploited at the hands of foreign nationals. On the other hand, a strong question is raised as to whether the superimposition of the government’s views has any legal backing whatsoever. Several legal experts have expressed that the Bill would not stand the test of constitutional rights and that it clashes with and infringes upon an individual’s right to privacy. Soli Sorabjee, former Attorney-General of India, tabled his reservations about the Bill, calling it to be in ‘violation of basic rights of privacy and fundamental rights of reproductive autonomy.’[12]

The Bill attacks a woman’s right to privacy in a way that it impedes her right to exercise her reproductive right with dignity. Merely because exploitation attracts opprobrium, does not necessarily make surrogacy in its commercial form opprobrious in every respect. The Parliament must mediate upon the fact that there is a distinction between reasonably restricting an exploitative phenomenon, the summum bonum in the present scenario, and absolutely restricting a rightwhich not only has implicit constitutional sanction, but has also gained national and international sanction through precedents and conventions.

II. Data Breach and Questionable Level of Cybersecurity

India has loose cybersecurity laws which make sensitive data of millions of people susceptible to data breach. Lack of judicial development, dormant state of authorities intended to regulate, enforce, and enhance cybersecurity calls for urgent attention to bring about change in this respect.[13] A development, however, was made back in 2013 in the form of National Cybersecurity Policy. The policy framework aimed to monitor and protect information and strengthen defences from cyber-attacks.[14] Albeit an enthusiastic venture, there seem to be a number of issues with the government’s Draft Data Protection Bill as well. One of the requirements under the Bill is for companieswho receive user data to store at least one serving copy of the same personal data in India.[15] Taking into account the challenges India faces when it comes to data protection, there would be a towering threat to people’s privacy if this ever happens. It appears that much more effort and attention to detail is to be given before making a Bill for data protection in India.

In the present digital age, more and more people have online presence; and the more online presence people have, the more data they place in the hands of self-confessed safe social media platforms. Several reports claim that India reports more data breach incidents that the global average, with one report claiming that about 52 per cent Indians reported data breach in 2017 compared to the global average of 36 per cent.[16] High percentage of data breach coupled with lack of codified laws to protect the same calls for a dire need for the lawmakers to address this issue in a much more systematic manner. Despite the fact that the government has made an appreciable move towards data protection in such a short period of time, stringent laws thatencompass all forms of data breach need to be formed first for secure storage ofdata with the State as well as private entities.

A. The Aadhar row

With the apparent increase in control of State over individuals’ data, it has become more important than ever to have better data protection policies and laws.The Supreme Court, sadly enough, changed its stance regarding Aadhar-PAN linking a year after the privacy judgement was promulgated. While the data collected for Aadhar viz. fingerprints, iris scans, residential address, phone numbers, etc. is used for providing subsidy and schemes, a constant threat of data breach lingering over the same has resulted in questions being asked about the level of protection given to the data that is collected. In addition, the mandatory linking of PAN with Aadhar for filing income tax return, and where Aadhar has already been linked with mobile numbers and bank accounts, calls for even stricter laws.

Several such cases and reports of breach have surfaced where security of personal data was compromised, for e.g., where reports surfaced that certain websites hosted and openly revealed Aadhar information on Google.[17]Another incident that happened in the past included slip-ups in the Aadhar enrolment procedure where Aadhar cards were issued with wrong photographs.[18] Such incidents, inter alia, cast doubt as to how safe one’s data is in the custody of the government and if the government should continue to procure such data amidst the present absence of enough remedies and protections available to the public in case of a data breach.

Read Part II here.

---

[1]Hitopadesha 1:123: ‘Worship, sex and family matters, etc. were to be protected from disclosure.’ Also see, Justice Palok Basu, Law Relating to Protection of Human Rights under the Indian Constitution and Allied Laws, Ed. 1 (2002), p. 503.

[2]Vol. 1, M.P. Jain, Indian Constitutional Law, Ed. 5 (2003), p. 1325.

[3]Kharak Singh v. State of Uttar Pradesh, AIR 1963 SC 1295.

[4]AIR 1983 AP 356.

[5]People’s Union for Civil Liberties (PUCL) v. Union of India, (1997) 1 SCC 301.

[6]Justice K.S. Puttaswamy and Ors. vs. Union of India (UOI) and Ors., AIR 2017 SC 4161

[8]R. Rajagopal v. State of Tamil Nadu, 1995 AIR 264.

[9]Baby Manji Yamada v. Union of India (UOI) and Anr.,AIR 2009 SC 84.

[10]Jan Balaz v. Anand Municipality and 6 Ors., AIR 2010 Guj 21.

[11] Dr.Bins Sebastian, Is Banning Commercial Surrogacythe Right Thing to Do,https://www.livelaw.in/columns/is-banning-commercial-surrogacy-the-right-thing-to-do-141862

[12]‘Surrogacy Bill violative of privacy rights’,https://www.thehindu.com/news/national/%E2%80%98Surrogacy-Bill-violative-of-privacy-rights%E2%80%99/article16437493.ece

[13] Aditi Subramaniam & Sanuj Das, The Privacy, Data Protection and Cybersecurity Law Review - Edition 4, The Law Reviews, <https://thelawreviews.co.uk/edition/the-privacy-data-protection-and-cybersecurity-law-review-edition-4/1151286/india>

[14] Sanjiv Tomar, National Cyber Security Policy 2013: An Assessment, Institute for Defence Studies and Analyses, <https://idsa.in/idsacomments/NationalCyberSecurityPolicy2013_stomar_260813>

[15]Chinmayi Arun, Three Problems with India’s Draft Data Protection Bill, Council on Foreign Relations, https://www.cfr.org/blog/three-problems-indias-draft-data-protection-bill

[16]Data breach incidents in India higher than global average, The Economic Times, //economictimes.indiatimes.com/articleshow/65107118.cms?utm_source=contentofinterest&utm_medium=text&utm_campaign=cppst

[17]Aadhaar data a Google search away, https://www.businesstoday.in/current/economy-politics/aadhaar-data-breach-details-leak-google-search-uidai-mera-aadhaar-meri-pehchan/story/272936.html

[18]Pranesh Prakash, Aadhaar: still too many problems, Livemint, https://www.livemint.com/Opinion/VSqpBps7Y5YrUhvS5mGgSO/Aadhaar-still-too-many-problems.html