RIGHT TO PRIVACY IN INDIA

WHY IN NEWS:

• Amid demands for rollback of WhatsApp’s new privacy policy, a PIL was filed in the Supreme Court on 16^th January 2020 seeking protection of citizens’ right to privacy from WhatsApp and Facebook

NEED FOR RIGHT TO PRIVACY:

• To uphold constitutional principles:

• • Assuring the dignity of the individual as mentioned in our preamble
  • Protecting fundamental rights of right to life, right to freedom of speech etc.
  • To check state’s arbitrary actions >> hence ensure rule of law
• To tackle ‘surveillance raj’ by the executive:
  • Without privacy, there would be nothing to stop a paternalistic behaviour of state controlling every aspect of life
• To conform with international conventions/treaties:
  • Art.12 of Universal Declaration on Human Rights and Art.17 of the International Covenant on Civil and Political Rights provide for the right of privacy.
• To ensure overall social development:
  • Right to privacy promotes individuals rights overall societal control >> helps to free oneself from social biases and social evils such as casteism, patriarchy etc.
• To prevent exploitation:
  • Right to privacy is needed to prevent public/private parties from encroaching into citizens’ rights
• Increasing digitalization:
  • India is rapidly becoming a digital economy and many of the public service deliveries are shifting to online.
  • Problems of ID theft, fraud and misrepresentation are few concerns that may arise.

ARGUMENTS AGAINST SUCH RIGHT:

• Hinder welfare projects:
  • It can hinder the implementation and performance of welfare schemes -like Aadhar and Direct Benefits Transfer-which requires personal data of citizens.
• Reduce efficiency of criminal justice system:
  • Right to privacy will also restrict police and intelligence agencies to collect private information about accused, dead persons etc.
• Hinders efforts against terrorism, cyber-crime etc.
  • Right to privacy may aid criminals from state surveillance. Scope for spreading hate, extremism increases with privacy protection.

RECENT DEVELOPMENTS:

• Judiciary:
  • In August 2017, the Supreme Court  held that privacy is a fundamental right, flowing from the right to life and personal liberty under Article 21 of the Constitution (Puttuswamy v/s Union of India case)
• Legislation:
  • Personal Data Protection Bill, 2019:
    • The bill regulates personal data related to individuals, and the processing, collection and storage of such data.
    • The Bill provides the data principal with certain rights with respect to their personal data such as seeking confirmation on processed etc.>> which will ensure an individual’s right to privacy
  • Information Technology (IT) Rules, 2011, under the IT Act, 2000.
    • The IT Rules prescribed minimum standards on the privacy and disclosure of information, collection of information, transfer of information and reasonable security practices and procedures.

ISSUES WITH EXISTING PRIVACY PROTECTION REGIME IN INDIA:

• No law has been passed and the term “privacy” has also remained not mentioned in Constitution.
  • Personal Data Protection Bill, 2019 is still pending
• Lack of awareness:
  • Privacy consciousness is rather low in India compared to western countries >> hence more susceptible to cyber crimes
• Social institutions:
  • Indian social institutions like joint family, temple festivals, marriage celebrations and community life do not encourage privacy.
• Infrastructure:
  • India’s cyber infrastructure is highly susceptible to attacks.  
  • In India cyber-attacks have been occurring with increasing frequency. For example leak of personal information of 3.2 million debit cards in 2016 and the Data Theft at Zomato (2017), Wannacry Ransomware (2017)
• Archaic laws:
  • Currently, the usage and transfer of personal data of citizens is regulated by the Information Technology (IT) Rules, 2011, under the IT Act, 2000. It needs to be revised
• Managing disasters/crisis:
  • The state’s most significant responses to the COVID pandemic have been predicated on an invasive use of technology, that seeks to utilise people’s personal health data.
    • First, in creating a list of persons suspected to be infected with COVID-19
    • Second, in deploying geo-fencing and drone imagery to monitor compliance by quarantined individuals;
    • Third, through the use of contact-tracing smartphone applications, such as AarogyaSetu.

BEST PRACTICES:

• General Data Protection Regulation
  • The GDPR is the new EU legal framework governing the use of personal data across the EU
• APEC Privacy Framework
  • Asia-Pacific Economic Cooperation (APEC) created a voluntary Privacy Framework that was adopted by all 21 member economies in 2004 in an attempt to improve general information privacy and the cross-border transfer of information.
  • The Framework consists of nine Privacy Principles that act as minimum standards for privacy protection
• New Zealand’s Privacy Act is a replicable model:
  • It sets out principles in relation to the collection, use, disclosure, security and access to personal information.

WAY FORWARD:

• Constitutional Amendment
  • We need a constitutional definition and guarantee of the right to individuality, personal autonomy and privacy in this digital age.
• Balanced approach:
  • Balance must be maintained to protect privacy and to promote national interest.
• Wider application:
  • The Right to Privacy shall not be limited against the State, but also a right against the private corporations which collects citizen data such as Facebook, Twitter etc.

CONCLUSION:

• The right to privacy is not absolute. There exist circumstances in which the right can be legitimately curtailed.
• However, any such restriction, as the Court held in Puttaswamy, must be tested against the requirements of legality, necessity and the doctrine of proportionality

PRACTICE QUESTION:

Q. ‘State is obliged to put a robust personal data protection mechanism in place in this digital age’. In the light of this statements critically analyse the provisions of Personal Data Protection Bill 2019?