BY RIYA BERIWAL FROM J.D. BIRLA INSTITUTE, KOLKATA
Privacy is a major contemporary concern of the constitutional law as well as every persons in the world. Inspite of rigorous yes and no of the courts after 60 years on 24th of August 2017, Indians were finally gifted the Right to Privacy, after the Supreme court agreed to the argument of Justice K.S. Puttaswamy (retd.) vs. Union of India. The one page order was signed by all the nine judges.
Before 2017, judges were in dilemma as to consider if right to privacy was a fundamental right or not. Every 79 seconds, an identity is being stolen in India which makes it one of the wildest increasing Information Technology crimes. Hacking of social media accounts of celebrities as well as national citizen these days is a quite common deal.
The concern of “Privacy” was recently brought into the picture when the Central Government announced the issuing of Aadhaar Card to every citizens of the country compulsorily. Aadhaar is the largest database of the citizens of India consisting each of theirs biometric identities held with the Central Government which they set up to ensure if the services provided are being reached to the appropriate recipient. During the hearing of Aadhaar challenge, the Attorney-General (AG) representing the Union of India questioned the Right to Privacy. AG argued that Constitution framers never intended to incorporate Right to Privacy as an intrinsic to right to life and personal liberty under Article 21 and therefore to include it in the same would amount to rewriting the constitution. The government stated that the concept of privacy was “too amorphous”.
THE TWO CASES THAT RAISED DOUBTS ON RIGHT TO PRIVACY
- MP Sharma vs Satish Chandra in 1954
In this case, the argument was that the drafters of the Constitution did not intend to subject the power of search and seizure of a fundamental right to privacy. They argued that Indian Constitution did not include any language similar to the Fourth Amendment of the US constitution which states to protect the people from unreasonable searches and seizures by the government.
- Kharak Singh vs State of Uttar Pradesh in 1962
This case held against a Police Regulation that provided for nightly domiciliary visits, calling them “unauthorised intrusion into a person’s home and ordered liberty.” It also said that the right to privacy is protected as an intrinsic part of the right to life and personal liberty under Article 21 and as a part of the freedoms guaranteed by Part III of the Constitution. It also gave rise to other clauses which implied that right to privacy was not guaranteed and Article 21 had no application. Justice Subbarao’s opinion clarified that although the right to privacy was not recognised as a fundamental right but it was an essential part of personal liberty under Article 21.
THE PERSONAL DATA PROTECTION BILL, 2019
GENERAL DATA PROTECTION REGULATION is the legal framework governing the use of personal data. It lays down rules relating to the protection of natural person with regard to the processing and free movement of personal data. GDPR does not apply to processing of individual data which is done by an individual as a purely personal or household activity or by competent authorities for preventing, investigating, detecting and prosecuting criminal offences or executing criminal penalties. The GDPR is a legal framework of European Union.
A committee in India was required to be formed similar to the GDPR of EU to look after the transmission of personal data of personnel and corporates to overcome the upcoming rising crimes and ill use of data by criminals. However, the Ministry of Electronics and Information Technology in 2017 formed B.N. Srikrishna Committee for making recommendations for a draft bill on data protection law. The committee submitted their report along with a draft of the Personal Data Protection Bill in July 2018, with a jurisdiction over processing of personal data. If that data is used, shared, collected, disclosed or otherwise processed in India and aims at data localisation, a copy of stored data is mandatorily being stored in India.
Later on in December, 2019, the minister of Electronic and IT, Ravi Shankar Prasad presented“The Personal Data Protection Bill” in the lower house. The Bill aims to ensure the protection of individual’s privacy in relation to personal data, the transparency of the organisations and institutions processing personal data and to establish Data Protection Authority (DPA) for various purposes that the Bill seeks to fulfil. The bill is the response of the government of India on the long standing need of a “data protection and privacy regime” to protect citizen’s personal data that they knowingly or unknowingly provide to certain internet websites and applications.
Some major features of “The Personal Data Protection Bill” are:
- The TPDP Bill regulates the processing of personal data by States, companies incorporated in India as well as international companies which deals with the personal data of individuals in India which they share. Bill provides legal framework for the collection and use of personal information.
- The Data Protection Authority is created to control and implement the legal structure. An important aspect of the Bill is its broad scope of its applicability. It would apply to all the companies accepted across India and to and organisations which collects data under automated means.
- The Bill makes consent an important factor to the proposed data framework. The bill also proposes that the data of any personnel should be accessed only by means of free, informed and detailed consent, with provision that allows the withdrawal of any such personal data at any point of time. Any processing of data without such approval would be considered as breaching of the Bill, which would result in penalties. The Bill holds a separate category for “sensitive data” which can only be accessed by explicit consent.
- The Bill provides an exception to consent for accessing the personal data under the following categories, legal proceedings, response to medical emergencies and maintenance of law and order. It also states the age limit and those who fall under the age criteria, there would be a requirement of parental control. The Bill gives certain rights like to obtain confirmation whether the data has been accessed or not, right to correct the erroneous personal data and the right to be forgotten.
Negative aspects of TPDP Bill:
- The Bill imposes severe restrictions on the privacy of the business activities because many businesses have to discriminate under different grounds for smooth functioning of the business. As per the Indian Constitution, only certain types of discriminations are problematic according to which the kind of protection is required.
In order to safeguard the personal data, certain verifications are levied which are carried out deliberately by an individual to ensure that the data is not being accessed by any third party. To carry out this safely certain social media companies have been designated this task to ensure no breach of data takes place.
- The Bill also implies a compulsion on companies to share one’s personal data with the government in order to keep a track. However, few companies or personnel do not disclose their data to avoid hacking, counterfeiting or breach due to which they might suffer setbacks.
Today, in the times of COVID-19, the use of underrated internet has been understood clearly. Without internet, passing a day is impossible. Almost everything we do every day requires internet and sharing of our data. With India, most of its population being youth and young adults, they are overwhelmed with usage of internet. And as we all know “Privacy is a myth in the world of internet” we need to guard ourselves irrespective a law or a bill.
India has received an official Bill protecting its citizens from hackers and ill use of data quite late then it should but better late than never, finally Indians can dive in the pool of internet without the worry of their data being at stake. But even if we have got a Bill, self-awareness is always a necessity.
The Indian Personal Data Protection Bill states to protect every citizen’s privacy relating to personal data and avoiding misuse of information. The Bill places great emphasis on one’s consent for usage of their data for any purpose. A long awaited provision the Indian Data Protection Authority is formed for ensuring proper functioning of the Bill. It was highly required for the unarmed citizen in the world, vulnerable to cybercrimes.
Being advantageous in almost every point of view, the Bill still raises questions and earned flak from many lawyers, academics and politicians in the clause that grants every organisations to follow the Bill with an exception to government agencies, which can circumvent the proposed law which translates their intentions as vague. Also, business organisations are required to share data which is not personal to their users with the government which might do serious harm to the organisations.
1. “Jyoti Panday”,” India’s Supreme Court Upholds Right to Privacy as a Fundamental Right—and It’s About Time”, “ Published on August 28, 2017”, “Available at https://www.eff.org/deeplinks/2017/08/indias-supreme-court-upholds-right- privacy-fundamental-right-and-its-about- time#:~:text=The%20right%20to%20privacy%20is,Part%20III%20of%20the% 20Constitution.&text=The%20judgment%20also%20concludes%20that,exerci se%20of%20other%20guaranteed%20freedoms.
2. “Aadrika Parashar”,” Contemporary Issues In India Under Constitutional Law”,”Published on June 2020”,”Available at http://www.legalserviceindia.com/legal/article-2591-contemporary-issues-in- india-under-constitutional-law.html
3. “Obhan&Associates”,”India:DataProtectionAndPrivacyInIndia”,”Published on April 30, 2019”,”Available at https://www.mondaq.com/india/privacy-protection/801302/data-protection- and-privacy-in-india
4. “Lexlife India”,”Data Protection Bill and Right to Privacy- An Analysis”,”Published on August 25,2020”,”Available at https://lexlife.in/2020/08/25/data-protection-bill-and-right-to-privacy-an- analysis