Is Right To Privacy A Fundamental Right Under The Indian Constitutional Scheme? and Is Uidai Violative of Individuals Right To Privacy?
From the beginning of time, the mankind’s view of privacy has been changing and it has not stopped since then, for what was privacy in 1800 B.C. has definitely changed in 19thcentury and now in the present time. Ask
your mom or your grandma as to what she considered private, and you will find a huge difference between them. Does it mean that there’s no common standard as to what people consider to be private? The answer is both a YES and a NO. The reason being, no two persons think alike on every matter. This is the essence of humankind and can never change at any point of time. The term “Privacy” is used frequently in ordinary as well as in philosophical, political and legal discussions, yet there is no single definition or analysis or meaning of the term.This by itself goes to show that the term is a dynamic term, and needs dynamic interpretation in Law.
Right to Privacy is an essential right, as many countries have recognized it as a constitutional right; it is vital for protecting human solemnity and forms the root of any egalitarian society. however it is still a question whether right to privacy needs a strict implementation of law? However, if the invasion of Privacy constitutes a legal injury, the elements for demanding redress should also exist. Some of these are already taken care of by some laws. For example, Law of Property, Intellectual Property Law, Indian Penal Code, etc. All laws deal with Privacy circuitously, though none of them are explicit or exclusive. So, can legislation on privacy, firm the above laws? Or will it cause a burden to the society and Courts? The above questions need to be addressed before legislating on Privacy.
Consider an example raised by Richard Posner and others to demonstrate that no privacy harm occurs unless and until a human sees the information at issue. Google’s e-mail service, Gmail, automatically scans users’ e-mails and displays advertising on the basis of keywords it picks out. Google assures users that no human ever sees the e-mail, and we have no reason to disbelieve the claim. Gmail users and the people who write to them are consequently unlikely to be judged, embarrassed, or otherwise harmed by Google employees on the basis of email content. But imagine that a user of another e-mail client is trying to sell something, say, a bicycle, to a Gmail user. Google automatically scans the sender’s incoming e-mail, and, alongside the offer of sale, Google might display links to bicycles sold by its paid advertisers. In other words, Google in some cases may scan the content of an incoming e-mail and use it, without notice or consent, to compete directly with its author. The harm here may be negligible, but there is no basis to rule out even the theoretical possibility that this unwanted use of private information against its subject could implicate privacy.
The growing literature on Privacy had brought about two main categories, reductionism and coherentism. Reductionists are those who believe that there is nothing constructive in considering privacy as a distinctive concept. They consider that there is nothing coherent, unique or illuminating about privacy interests. On the other hand, coherentists think that there is something fundamental and distinctive and coherent about the various claims that have been called privacy interests. And the views of the various Supreme Courts have also changed with the concept of Privacy. In the case of Roe v. Wade Lord Douglas hazily called it a “penumbral” right “emanating” from the Constitution, and the Court has been unable to clearly define the right, it has generally been viewed as a right protecting one’s individual interest of independence in making certain important and personal decisions about one’s family, life and lifestyle.
The scope of Privacy is limited. The question is whether or not the constitutional right to privacy cases described involving personal decisions about lifestyle and family including birth control, interracial marriage, viewing pornography at home, abortion, and so on, delineate a genuine category of privacy issues, or merely raise questions about liberty of some sort. The U.S. Supreme Court claims that there are two different dimensions to privacy: both control over information about oneself and control over one’s ability to make certain important type of decisions. In light of the rapid growth of privacy-destroying technologies, it is increasingly unclear whether informational privacy can be protected at a bearable cost, or whether we are approaching an era of zero informational privacy, a world of what Roger Clarke calls “data-Veillance.” The scope of privacy is ever changing and can never be brought under a curtain at any point of time as the human concepts differ even within our own homes, and this is the challenge faced by the legislation and the courts.
The subjective and objective categories of privacy harm are distinct but related. Just as assault is the apprehension of battery, so is the perception of unwanted observation largely an apprehension of information-driven injury. The categories represent, respectively, the anticipation and consequence of a loss of control over personal information. This approach offers several advantages. It uncouples privacy harm from privacy violations, demonstrating that no person need commit a privacy violation for privacy harm to occur (and vice versa). It creates a “limiting principle” capable of revealing when another value-autonomy or equality, for instance-is more directly at stake. It also creates a “rule of recognition” that permits the identification of privacy harm when no other harm is apparent. Finally, this approach permits the measurement and redress of privacy harm in novel ways.
The need for stand-alone privacy legislation was felt in the wake of leak of the Nira Radia tapes in the year 2010, raising serious threats and concerns over the privacy of individuals and its protection. In order to effectively address the privacy issues, the Planning Commission of India had directed the constitution of a ‘Group of Experts’ on December 26, 2011, to identify the privacy issues and prepare a report on the same to facilitate authoring of privacy bill for India. The Group was constituted under the Chairmanship of Justice A.P. Shah, Former Chief Justice, High Court of Delhi with 11 other members (hereinafter referred to as the "Shah Committee").
The Supreme Court of India had the opportunity to first decide and lay down the contours of the right to privacy in India in the case of Kharak Singh v. State of Uttar Pradesh. This case did not witness the recognition of the right to privacy as a fundamental right under the ‘personal liberty’ clause of Article 21 of the Constitution. Majority of the judges in this case refused to interpret Article 21 in a manner to include within its ambit the right to privacy, however two of the seven judges asserted that the right to privacy does form an essential ingredient of personal liberty. Kharak Singh, the petitioner in this case, was caught by the police in a dacoity case and was released in the absence of any evidence. The police put him under surveillance as per regulation 236 of the UP Police Regulations. While quashing the regulations as unconstitutional, the court held that the “right to privacy is not a guaranteed right under our Constitution”, however held that, “the said right is an essential ingredient of personal liberty.”
Subsequently, the Supreme Court while deciding the case of Govind v. State of Madhya Pradesh laid down that a number of fundamental rights of citizens can be described as contributing to the right to privacy. The Supreme Court also stated that the right to privacy will have to go through a process of case by case development.
The Supreme Court in the case of R. Rajagopal v. State of Tamil Nadu, for the first time directly linked the right to privacy to Article 21 of the Constitution. In this case the right of privacy of a condemned prisoner was in issue. One Auto Shankar, a condemned prisoner, wrote his autobiography while confined in jail and handed it over to his wife for being delivered to an advocate to ensure its publication in a certain magazine edited, printed and published by the petitioner. This autobiography allegedly set out close nexus between the prisoner and several officers including those belonging to IAS and IPS some of whom were indeed his partners in several crimes. The publication of this autobiography was restrained in more than one manner. It was on these facts that the petitioner challenged the restrictions imposed on the publication before the Supreme Court.
Justice B.P. Jeevan Reddy, on an interpretation of the relevant articles of the Constitution, in the context of an analysis of case law from other common law countries like UK and USA, held that though the right to privacy is not enumerated as a fundamental right it can certainly be inferred from Article 21 of the Constitution.
The Court in conclusion held thus:
(1) The right to privacy is implicit in the right to life and liberty guaranteed to the citizens of this country by Article 21. It is a "right to be left alone". A citizen has a right to safeguard the privacy of his own, his family, marriage, procreation, motherhood, childbearing and education among other matters. None can publish anything concerning the above matters without his consent whether truthful or otherwise and whether laudatory or critical. If he does so, he would be violating the right to privacy of the person concerned and would be liable in an action for damages. Position may, however, be different, if a person voluntarily thrusts himself into controversy or voluntarily invites or raises a controversy.
(2) The rule aforesaid is subject to the exception, that any publication concerning the aforesaid aspects becomes unobjectionable if such publication is based upon public records including court records. This is for the reason that once a matter becomes a matter of public record, the right to privacy no longer subsists and it becomes a legitimate subject for comment by press and media among others. We are, however, of the opinion that in the interests of decency Article 19(2) an exception must be carved out to this rule, viz., a female who is the victim of a sexual assault, kidnapping, abduction or a like offence should not further be subjected to the indignity of hername and the incident being publicised in the press/media.
(3) There is yet another exception to the rule in (1) above indeed, this is not an exception but an independent rule. In the case of public officials, it is obvious, right to privacy, or for that matter, the remedy of action for damages is simply not available with respect to their acts and conduct relevant to the discharge of their official duties. This is so even where the publication is based upon facts and statements which are not true, unless the official establishes that the publication was made (by the defendant) with reckless disregard for truth. In such a case, it would be enough for the defendant (member of the press or media) to prove that he acted after a reasonable verification of the facts; it is not necessary for him to prove that what he has written is true. Of course, where the publication is proved to be falseandactuated by malice or personal animosity, the defendant would have no defence and would be liable for damages. It is equally obvious that in matters not relevant to the discharge of his duties, the public official enjoys the same protection as any other citizen, as explained in (1) and (2) above. It needs no reiteration that judiciary, which is protected by the power to punish for contempt of court and the Parliament and legislatures protected as their privileges are by Articles 105 and 104 respectively of the Constitution of India, represent exceptions to this rule.
(4) So far as the Government, local authority and other organs and institutions exercising governmental power are concerned, they cannot maintain a suit for damages for defaming them.
(5) Rules 3 and 4 do not, however, mean that Official Secrets Act, 1923, or any similar enactment or provision having the force of law does not bind the press or media.
(6) There is no law empowering the State or its officials to prohibit, or to impose a prior restraint upon the press/media.
It may be noted that the Court has cautioned that the above principles are not exhaustive. It has also not examined the impact of Article 19(1)(d) read with Sections 499(2) and 500 IPC. Here again the court preferred to leave the contours of this right to develop through a case-by-case method.
Further, while deciding on the issue of telephone-tapping in the case of PUCL v. Union of India, the Supreme Court observed that telephone-tapping would be a serious invasion of an individual’s privacy. Thus, telephone-tapping would infract Article 21 of the Constitution, unless it is permitted under the procedure established by law.
The concept of privacy of an individual has evolved over the years and has been held to be a fundamental right by the Supreme Court. In the case of Selvi v. State of Karnataka the Supreme Court held that an involuntary subjection of a person to narco analysis, polygraph examination and BEAP tests violates the right to privacy. The Supreme Court has articulated an implicit right to privacy derived from the language set out inArticle 21 of the Constitution. However, India does not have a separate and specific legislation that explicitly recognizes the right to privacy and sets out the contours of its applicability.
In order to effectively address the privacy issues, the Planning Commission of India had directed the constitution of a ‘Group of Experts’ on December 26, 2011, to identify the privacy issues and prepare a report on the same to facilitateauthoring of privacy bill for India. The Group was constituted under the Chairmanship of Justice A.P. Shah, Former Chief Justice, High Court of Delhi with 11 other members (hereinafter referred to as the "Shah Committee"). In general, the Shah Committee recommended that the legislation on right to privacy must harmonize all statutory provisions that relate to privacy.
As per the Committee Report submitted in October 2012, the major recommendations of the Shah Committee were as follows:-
1.The regulatory framework will consist of privacy commissioners at the Central and Regional levels;
2.A system of co-regulation granting the self regulating organizations at industry level the choice to develop privacy standards. These standards should be approved by a privacy commissioner;
3.Individuals would be given the choice (opt-in/opt-out) with regard to providing their personal information and the data controller would take individual consent only after providing inputs of its information practices;
4.The data controller shall only collect that personal information from data subjects as is necessary for the purposes identified for such collection as well as process the data relevant to the purpose for which they are collected;
5.The data collected would be put to use for the purpose for which it has been collected. Any change in the usage would be done only with consent of the person concerned;
6.Data collected and processed would be relevant for the purpose and no additional data elements would be collected from the individual;
7.Interception orders must be specific and all interceptions would only be in force for a period of 60 days and may be renewed for a period of up to 180 days. Records of interception must be destroyed by security agencies after 6 months or 9 months and service providers must destroy after 2 months or 6 months; and
8.Infringement of any provision under the Act would constitute an offence for which individuals may seek compensation.
The Shah Committee also provided for certain ‘National privacy Principles’ for dealing with personal information. Such National privacy Principles are the extension and improvisation of the similar principles laid down by the Draft Bill 2011. The principles lay down the requirement and compliances for collection, processing, storage, retention and disclosure of the personal data. These principles prescribe specific conditions, such as notice, prior consent of the provider of information and purposes for each of such acts concerning the personal data, including the sharing and security of data.
The Draft Bill 2011 provides for the establishment of the National Data Controller Registry (hereinafter referred to as the "NDCR"), an online database to facilitate the effective entry of particulars by data controllers. In order to be able to process any personal data, the data controller shall have to register itself with the NDCR. The data controllers would also be able to make amendments to such particular, as per the procedure prescribed. In terms of the Draft Bill 2011, any person who suffers damage by reason of any contravention of any of its obligations by the data controller shall be entitled to compensation from the data controller to the full extent of the damage suffered.
The call for a comprehensive legislation for protection of an individual’s right of privacy is a need of the hour, especially with the rampantly increasing number internet users in India year on year. As an inevitable consequence, there have also been an increase in the number of registration of cases and arrests in cases of breach of confidentiality and privacy under provisions of Section 72A of the IT Act. The Supreme Court in the case of Ram Jethmalani v. Union of India categorically held that the right to privacy also requires the state not to make public and private information about an individual, which would violate his or her privacy.
In 2001, another close 5-4 decision, the Court decided that thermal imaging devices that reveal information previously unknowable without a warrant does constitute a violation of privacy rights. The implementation of various National Programmes like Unique Identification Number, National Intelligence Grid, DNA profiling, privileged communications, Crime and Criminal Tracking Network and System, brain mapping over the last few years etc. and the rampant use of technology by the masses for day-to-day affairs have been concerns expressed on the possible invasion of a citizen’s right to privacy guaranteed under Article 21 of the Constitution of India. The call for a comprehensive legislation for protection of an individual’s right of privacy is a need of the hour, especially with the rampantly increasing number internet users in India year on year.
Right to Privacy is implicit to Article 21. According to J Subba Rao ‘liberty’ in Article 21 is comprehensive enough to include privacy. His Lordship said that although it is true that he does not explicitly declare the Right to Privacy as a Fundamental Right but the right is an essential ingredient of personal liberty. It is regarded as a Fundamental Right but cannot be called absolute. It can be restricted on the basis of compelling public interest. The court, however, has limited it to personal intimacies of the family, marriage, motherhood, procreation and child bearing. Right to Privacy flows from Right to Life and Personal Liberty guaranteed in article 21 of the Constitution of India.
If privacy is not a fundamental right, the scope for misuse of Aadhaar data by government or private interests, can be immense. If government is not going to be held accountable for the data it collects from citizens, it has no right to make this card all but compulsory through executive fiat.As rightly said byMarlon Brando “Privacy is not something that I'm merely entitled to, it's an absolute prerequisite.”\
To be sure, Aadhaar has progressed too quickly and too deeply to be fully junked. Wasting the effort would be a pity, given that it is now a primary proof of identity and more authentic than ration cards, property documents, or Pan cards. Government must make a law for the collection of biometrics, and the law must specify the purposes for which Aadhaar data can be used and where it can never be used. It must also guarantee the privacy of the data and prescribe strong punishments for those responsible for leaking it. Compensation must be mandated for those who are compromised by this leakage. Regardless of whether privacy is a fundamental right or something lesser, it cannot be compromised by mere executive fiat. The Supreme Court has the option of bolting the door before all the Aadhaar horses have bolted.
Section 28(5) of the Aadhaar bill now prohibits the UIDAI or any of its employees or officers as well as those associated with maintaining the Central Identities Data Repository from revealing any information stored in the Repository or authentication record to anyone. Even the number holders cannot have access to their core biometric information (iris scans, fingerprints, etc). This core biometric information can be used only for the purpose of“ generation of Aadhaar numbers and authentication under this Act. ”Moreover, no identity information, which includes the Aadhaar number, biometric information, and demographic information“can be disclosed further, except with the prior consent of the individual to whom such information relates ”according to section 29(3).
There is a catch nonetheless. When it comes to national security, none of these provisions protecting identity information hold. The only respite here is that orders of disclosure even in such cases will require“the direction of an officer not below the rank of Joint Secretary to the Government of India”and every direction will“be reviewed by an Oversight Committee consisting of the Cabinet Secretary and the Secretaries to the Government of India in the Department of Legal Affairs and the Department of Electronics and Information Technology, before it takes effect. ”Moreover, even if a probe agency were to use this data, they can do so only for a period of three months and take an extension from the Oversight Committee for another three.
The other major apprehension about the bill was whether it would make possession of an Aadhaar card mandatory for availing social benefit schemesbecause that would necessarily require one to submit aforementioned identity information to the UIDAI. Given that 98 crore individuals already have submitted this data, this is, however, a lost battle because the possible infringement of absolute privacy is now, ridiculous as it may seem, codified. Whether or not we avail a social benefit scheme, most of us have already submitted this privacy.For the common citizen, privacy was already put at stake when they submitted their identity information to the UIDAI. However, it may be granted that the bill does attempt to address some of the concerns that had arisen about privacy.
The UIDAI had employed private agencies to collect data, without proper procedures to safeguard it. These private agencies may sell data to spammers or marketers for a pittance, without violating any provision of law under which they may be held responsible. Considering the amount of money spent by the government on implementation of the scheme and the importance of Aadhaar for implementation of various welfare schemes, it shall not be prudent to scrap it. The court ought to direct the government to enact a law authorising collection of biometric data, specifying the purposes for which it can be used, laying down procedures for its safety and providing penal provisions to punish those who are found guilty of misusing or leaking it.
Based on an idea mooted by the Vajpayee government for a national identification card, Aadhaar is a large database of biometric and other details of millions of people, but it lacks any legislative or legal basis. This is an important issue because holders of data need to be legally responsible for the data that they collect and hold on behalf of the data givers. The lack of legislative scrutiny and therefore legislative sanction for this project is troubling. There are no legal obligations on the Unique Identification Authority of India on the use of this data, either in terms of its integrity or for protecting the citizen parting with sensitive data.
Aadhaar has been controversial since its very inception. When mooted, the scheme was resisted by the home ministry because authentication data by UIDAI does not satisfy security criteria. The home ministry even refused to use this data for the National Population Register because statutory processes had not been followed in collecting demographic and biometric data The methods and processes of data collection and storage for the project may have received severe criticism but they have not received enough scrutiny.
A holistic reading of the current state of our constitutional jurisprudence would demonstrate that the right to privacy is firmly embedded in our constitutional scheme as a non-negotiable imperative that owes no apology to a myopic view of our republican charter. Indeed, considering the fundamental principles of the nation as “not rules for the passing hour, but principles for an expanding future”, the apex court, as the ultimate arbiter of constitutional conscience, has given fundamental rights their meaning in new settings consistent with the aspirations of our people. This is so that we may have a ‘living constitution’ which can protect, preserve and defend sacrosanct libertarian values that remain the bedrock of the Republic and constitute the core of the Constitution. Rather than deny us our constitutional right, the Union Government ought to enact a privacy legislation to clearly define the rights of citizens consistent with the promise of the Constitution.
As India inches towards Digital India, it is imperative that we too create a robust privacy and data protection architecture. In a post-Snowden world, it would be unwise for us to ignore this. I conclude by suggesting that all is not yet lost. While there may be no single tactic that suffices to preserve the status quo, much less regain lost privacy, a smorgasbord of creative technical and legal approaches could make a meaningful stand against what otherwise seems inevitable. A middle ground between UIDAI and Right to Privacy is unintelligible. Wake up people!!!
# Stanford Encyclopedia of Philosophy, Privacy, Published on May 14, 2002; revised on August 9, 2013; Page 1
# The Right to Privacy in Singapore, Stakeholder Report, 24thSession, Singapore, June 2015
# The Right to Privacy, Warren and Brandeis, Harvard Law review, Vol. IV, Dec 15, 1890 No. 5
# Posner,Privacy, Surveillance, and Law,supranote 3, at 249 (discussing Gmail’s automated ad delivery feature); Matthew Tokson,Automation and the Fourth Amendment, 96 IOWA L. REV. 581, 627 (2011)
# Supra note 4.
# Stanford Encyclopedia of Philosophy, Privacy, Published on May 14, 2002; revised on August 9, 2013;
# Roe v. Wade, (410 U.S. 113, 1973)
# Whalen v. Roe, (429 U.S. 589, 1977)
# Roger Clarke,Information Technology and Dataveillance, 31 COMM. ACM 498 (May 1988) (defining dataveillance as “the systematic use of personal data systems in the investigation or monitoring of the actions or communications of one or more persons”).
# The boundaries of Privacy Harm - M.Ryan Calo
# Kharak Singh v. State of Uttar Pradesh, (1964) SCR (1) 332.
# Govind v.State of Madhya Pradesh, AIR 1975 SC 1378.
# R. Rajagopal v. State of Tamil Nadu, 1994 SCC (6) 632.
# R. Rajagopal v. State of Tamil Nadu, 1994 SCC (6) 632.
# PUCL v. Union of India, (1997) 1 SCC 30
# Selvi v. State of Karnataka, AIR 2010 SC 1974
# Ram Jethmalani v. Union of India, (2011) 8 SCC 1
# Kyllo v. U.S. (533 U.S. 27, 2001)