The protection of individual rights and personal liberties is a cornerstone of any democratic nation. In India, Article 19 and Article 21 of the Indian Constitution stand as a sentinel to protect a number of fundamental rights. The right to privacy is one such fundamental right that, though not explicitly mentioned in the Constitution, has been recognized under these Articles by the Supreme Court. The concept of privacy as a fundamental right was solidified in India in 2017, in the landmark case of “K.S. Puttaswamy vs. Union of India”[1], when the Supreme Court declared that privacy is inherent to the right to life and personal liberty guaranteed under the Constitution.
Privacy, as is understood today, is not a static or one-dimensional concept, rather it is a dynamic one with various nuances and is transforming with the changing times. According to James Moor, the concept of privacy is significantly influenced by “political and technological features of the society’s environment[2]”. The contemporary world has, no doubt, morphed into an ever-expanding digital landscape, undergoing a rapid growth of powerful technological advancements. In recent decades we have been witnessing the expansion and transcendence of the internet which has facilitated the State to conduct targeted and mass-level surveillance with much more efficiency than ever before.
In June 2013, a story published by the Guardian revealed how the National Security Agency (NSA) is accumulating the phone records of millions of Verizon customers on a day-to-day basis . The information came after a document was leaked by Edward Snowden, one of the NSA contract employees. This resulted in significant concerns regarding the personal privacy.
Privacy As a Recognized Right
The recognition of privacy as an individual’s right is not a recent event. Privacy has been explicitly or impliedly conferred with the status of a fundamental human right by most national constitutions of the world. Initially, in 1890, Samuel Warren and Louis Brandeis demanded the recognition of a right to privacy when the new camera technology came into existence arguing that it would eventually lead to the invasion of one’s privacy and ambiguously referred to privacy as the ‘right to be let alone’[3]. During those times, the act of publishing photographs of, and statements by, individuals without their consent was considered as a “hazard to privacy”[4].
The right of privacy has been eventually incorporated into international legal frameworks, including the Universal Declaration of Human Rights [5]and the International Covenant on Civil and Political Rights.[6] Ratified in the year 1948 by the UN General Assembly, the UDHR gives acknowledgement to the right to privacy as an innate right that all humans possess. Article 12 of the UDHR provides “No one shall be subjected to arbitrary interference with his privacy, family, home or correspondence, nor to attack upon his honour and reputation”.
It encompasses the idea that individuals have the autonomy to control their personal information, choices, and communications without any arbitrary interference. This right serves as a safeguard against unwarranted intrusion and abuse of power.
Right to Privacy in the Indian legal landscape
The first case in which the question of privacy as a right was raised was the case of M.P. Sharma v. Satish Chandra [7]in which the provision of search and seizure as provided under the Criminal Procedural Code, 1973 was challenged on the ground that it infringed the fundamental rights of the petitioner guarded under article 19(1) (f) and Article 20 (3) of the Constitution. The court held that search and seizure does not violate constitutional rights and observed that, “if the Constituent Assembly thought it fit not to recognise the fundamental right to Privacy, analogous to 4th Amendment of US Constitution, then we have no justification to import it[8]”.
In Kharak Singh v. State of Uttar Pradesh[9], the court held that knocking on the door of the petitioner at midnight violated his right to Personal Liberty under Article 21 of the Constitution of India. Thus, in this case, the right to privacy concerning the residence comes within the scope of Article 21 but concerning a public place, there was no such right.
Finally, 24 August 2017 marked a landmark day in the history of privacy rights in India as the Apex Court of India in K.S. Puttaswamy v Union of India[10] proclaimed the right to privacy as a fundamental right within the confines of Article 21. The Puttaswamy vverdicthas so much significance attached to it because of the fact that a large bench of 9 judges affirmed the status of privacy without any contention.
It is not like prior to this, the Supreme Court of India had not recognized privacy as a fundamental in any other cases, however, those cases had smaller benches (X v. Hospital Z[11], Selvi v. State of Karnataka[12], National Legal Services Authority v. Union of India[13], etc.) and hence could not overturn the effect of M.P Sharma v. Union of India[14]in which an eight-judge bench of the Supreme Court held that there is no right to privacy enshrined within the Constitution of India. The same view was reiterated by a constitutional bench of six judges in the Kharak Singh case. Puttaswamy judgment marked a departure from this notion.
The trajectory of the right to privacy, which hitherto had a vacillating position in India and was often disdained by labelling it as a purely Western concept, completely changed after the Supreme Court gave six opinions in the Puttaswamy judgement. After much deliberation, Supreme Court dissected the multiple aspects of Privacy and reconized that the right to privacy is fundamental right which safeguards the inner sphere of the individual from arbitrary encroachments from the State as well as non-State actors.
Informational Privacy in the Digital Era
Today, privacy as a concept has evolved immensely which is heavily impacted by “political and technological features” of the Milieu[15]. In the contemporary age, the emergence of powerful information technological developments has given birth to crucial philosophical theories and arguments on privacy.
IITF Principle of the United States refers to Information privacy as “an individual’s claim to control the terms under which personal information i.e., information identifiable to the individual is acquired, disclosed, and used”[16]. Informational privacy or data privacy can be defined as the relationship between the accumulation and dissemination of data, technology, and legal and political issues surrounding them[17]. It covers information that links individuals specifically with particular events, background facts, or other information.
The Apex Court in the Puttaswamy Judgement also emphasised on the emerging concept of “informational privacy,” which refers to an individual’s right to control the dissemination of personal information. It reaffirmed that technology and digitization have magnified the importance of safeguarding personal data. The court acknowledged the transformative impact of technology on privacy rights highlighted the need for adapting legal frameworks to address emerging challenges in the digital age recommended the establishment of a robust data protection regime in India and suggested that a committee be formed to draft a data protection legislation.
Surveillance in India and the Legal Provisions Relating to it
India has two existing laws to govern the mechanism of State Surveillance, the Indian Telegraph Act, of 1885 to deal with the interception of calls, and the Information Technology (IT) Act, of 2000, to deal with an interception of data. It is important to note that non-state actors are not permitted to perform surveillance within the purview of these laws. These Acts only give relief to State actors to conduct surveillance under certain circumstances.
The Supreme Court in the K.S. Puttaswamy v. Union of India stated that any violation of the right to informational privacy could only take place within the scope of proportionality, legality, and necessity. This leaves no room for doubt that even state-led surveillance is strictly required to abide by these caveats.
Areas of concern
Certain provisions under the two Acts are tricky and extend total opacity to the State concerning its surveillance activities. Section 5(2) of the Indian Telegraph Act, 1885 and Section 69 of the IT Act, 2008, provide the State with the power to “intercept, monitor, and decrypt any information for protecting sovereignty, national security, friendly relations with international governments, integrating public order etc.” the provision looks convincing in the first glance, however, it is lacking as the terminologies used in the provision have proved to be complicated to understand because of their ambiguity, which exacerbates the possibility of misuse and could imperil or undermine the democratic fabric of the nation. The lack of appropriate checks and balances measures is another loophole of these Acts which guarantees even weaker protections to those being surveilled.
The government argues that surveillance measures are necessary to combat terrorism, maintain law and order, and safeguard national interests. However, the line between legitimate security concerns and unwarranted intrusion into private lives is often blurred. The telephone tapping case[18] revealed that the government doesn’t always follow the directed mechanism with intercepted files to protect the right to privacy of the ones being surveilled. In the case, it was disclosed that the personal conversations were also being kept in possession even though they did not concern national security in any manner.
Digital Personal Data Protection Act, 2023[19]
Today’s technological evolution has offered undeniable benefits, from improved service delivery to enhanced connectivity. However, as the world has embraced this transformation, it has introduced a plethora of privacy concerns, particularly as data collection and surveillance become easier to carry out in secrecy. India has taken steps to address privacy and surveillance concerns through legislative measures. The most significant of these is the recently passed Personal Data Protection Act, which aims to establish a comprehensive framework for data protection and regulation. The Act sets forward the idea of the creation of a Data Protection Authority to oversee data-related matters and emphasizes user consent, data localization, and transparency.[20]
While the concept of Data Protection Authority will definitely provide safeguards to citizens against foreign surveillance, concerns still persist regarding protection against unwarranted State-led surveillance. The Act has been criticised on the ground that it extends protection to government bodies from scrutiny instead of the citizens. The Act has also been alleged to provide legal cover for surveillance when such activities are related to “interests of sovereignty and integrity of India, security of the State, friendly relations with foreign States, maintenance of public order or preventing incitement to any cognisable offence relating to any of these”[21]. Critics and activists stated concerns regarding these phrases being vague in nature leaving room for broad interpretation. This leaves behind the doubt that such wide and loose phrases have been incorporated so that the government can be exempted from taking necessary steps to ensure the protection of the privacy of individuals and can make arbitrary decisions.
The new Act is hence being widely criticised on the fact that it fails to put up with the proportionality test directed in the 2017 Puttaswamy verdict where the Apex Court held that privacy-limiting actions taken by the State must comply with the standards of legality, necessity, and proportionality, along with taking procedural safeguards.
Conclusion
Achieving the delicate balance between individual privacy and state surveillance has become a critical area of concern in today’s IT-configured era. While exemptions to government authorities under data legislation is necessary, such shall not undermine the individuals rights by being excessive in nature. Ambiguous terms like “security of the state” and “public order” must be clearly defined to prevent misuse, and an independent regulatory body should oversee government surveillance with provisions for judicial review. Surveillance activities must adhere to the principles of necessity, proportionality, and reasonableness as directed in the Puttaswamy verdict. complementary legislation/regulations that enforces storage limitation and specifies strict conditions would strengthen India’s data governance and ensure the protection of personal information against misuse.
[1] K.S. Puttaswamy vs. Union of India, AIR 2017 SC 4161.
[2] James Moor, Just consequentialism and computing, 1 Ethics Inf. Technol. 61 (1999).
[3] Warren & Brandeis, The right to privacy, 4 Harv Law Rev. (1890).
[4] Id.
[5] Universal Declaration on Human Rights (Adopted 10 December 1948) 217A(III) (UNGA).
[6] the International Covenant on Civil and Political Rights (Adopted December 1966) 2200A (XXI).
[7] M.P. Sharma v. Satish Chandra AIR 1954 SC 300.
[8]M.P. Sharma v. Satish Chandra AIR 1954 SC 300.
[9]Kharak Singh vs The State Of U. P. AIR 1963 SC 1295.
[10] K.S. Puttaswamy vs. Union of India, AIR 2017 SC 4161
[11] X vs. Hospital Z, (2003) 1 SCC 500.
[12]Selvi v. State of Karnataka, (2010) 7 SCC 263
[13] National Legal Services Authority v. Union of India, AIR 2014 SC 1863.
[14] M.P Sharma v. Union of India, AIR 1954 SC 300.
[15] Adam D Moor, Defining Privacy, 39 J. Soc. Philos. (2008) https://doi.org/10.1111/j.1467-9833.2008.00433.x
[16] Principles for Providing and Using Personal Information (“IITF Principles”) issued by the Clinton administration’s Information Infrastructure Task
[17] Wikipedia, available at: https://en.wikipedia.org/wiki/Information_privacy#cite_note- (last visited Sep 23, 2023).
[18] PUCL vs. Union of India, (1997) 1 SCC 301.
[19] Digital Personal Data Protection Act, 2023, No.22, Acts of Parliament, 2023 (India).
[20] Id.
[21] Digital Personal Data Protection Act, 2023, §17, No.22, Acts of Parliament, 2023 (India).
Author: Ayesha Amir is a 4th year B.A.LL.B student at Jamia Millia Islamia.