Table of Contents
Introduction
The Right to Privacy is a fundamental right in India. It protects an individual’s right to their own personal and family life and communication and protects the rights of individuals from intrusions upon their privacy by government or private entities. It guarantees an individual’s freedom from public disclosure of facts about his life which are not open for public scrutiny, information, ideas or expression which might be contrary to such publicity or concern his private life, honour or reputation. This fundamental right is also said to include the freedom from exploitation that flows from use of personal information obtained without consent against them in any way.(Announcing this judgement on January 24th 2015 Supreme Court of India declared unanimously “Right to Privacy Is Fundamental Right”. In this very first judgement of the world’s largest democracy regarding this fundamental right, Court held that “Privacy Is Basic Human Right[1]” and “Privacy Is Inalienable Right of Every Individual”. It is a recognition of a need to preserve individual autonomy and sanctity of personal life. This recognition is based on a deepening realization that a citizen’s body, mind and intellect are his own and no State can take away from him without his consent. Privacy is thus the sphere of human activity protected from unjustified intrusion by the State or its watchdogs.
The Law Commission in its report on Data Protection in India in 2010[2], highlighted the urgent need for a comprehensive data protection Act. This has been done in the form of the Personal Data Protection Bill, 2019[3], which will provide a legal framework for protecting data subjects’ privacy and personal information from being misused or misappropriated without their consent.
The provisions of this Act will contain various provisions to safeguard individuals from misuse of data under any circumstances. The most important features of this proposed legislation are:
- Inclusion of a comprehensive prohibition against misuse, realisation and disclosure of personal data including by intermediaries.
- Setting up a national body for supervision for implementation and enforcement of rules and regulations framed pursuant to the Act
- Establishment of a grievance redress mechanism to address complaints related to data violation and misuse.
- Promotion of access and right to information by setting up a central body for processing information requests under the Act.
- Provisions for data breach and breach of privacy in the proposed legislation.
Indian data protection laws are inadequate with most criminal statutes, such as those with respect to defamation, not including provisions with respect to the gathering, holding and processing of personal information; most foreign countries include such provisions. Even in our Criminal Procedure Code, Section 91(1) provides for inspection of documents by the police officer before the final report under Section 173 is prepared. The Information Technology Act 2000 too does not provide any adequate protection for personal data.
The National Identification Authority of India Bill, 2010[4] which was introduced in the Lok Sabha was awaited with much hope as it has provisions corresponding to all above mentioned provisions. It provides for the right to refuse such identification and also contains a section outlining penal consequences if such rights are infringed upon. However, there is no clarity as yet on this bill and it is pending in parliament.
Recently the Supreme Court has passed a judgement for investigation of all citizens in UIDAI database. This is one more example that Indian laws and courts are not respecting fundamental right to privacy and data protection.
Why Right to Privacy should be considered as a fundamental Right?
Privacy is the constitutional right [5]of every citizen to be left alone in all matters of his private life, except when he volunteers to put at stake his personal privacy for public interest. Privacy rights are based upon the notion that an individual should have a zone of privacy which can only be invaded by the government pursuant to its powers under the law and never arbitrarily.
Is Right to Privacy a Human Right in India?
Right to Privacy is a human right in India. Article 12 of the Universal Declaration of Human Rights [6]states that “No one shall be subjected to arbitrary interference with his privacy, family, home or correspondence”.
Is Privacy a Fundamental Right in India?
Right to Privacy is a fundamental right under Article 21 of the Constitution of India. The Constitution bench of Supreme Court in 1954 in the case of Gobind vs State of Madhya Pradesh[7] recognised that right to privacy is implicit in the right to life and personal liberty under Article 21 of the constitution. In simple words, Privacy is a Fundamental Right without which other rights cannot be exercised.
Is Right to Privacy a Fundamental Directive in India?
Yes, in view of the famous Golaknath and Kharak Singh case in 1973 and the famous Soli Sorabjee vs Union of India[8]. The question whether it is a direct obligation has been answered in the affirmative.
Personal Information as an Asset
It’s value often amounts to many times more than what it is actually worth. The assets which can be tampered with are not limited to money and material possessions but include anything that affects one’s privacy, such as personal information about family, friends and relatives; credit card details; bank account details; telephone numbers and e-mail addresses.
Can the Government collect personal information?
Government has the right to collect personal information under many circumstances. It can collect personal information from any individual or institution that it has reason to believe has such information.
Can the Government collect personal information without having a legal right to do so?
No, such data may be collected only after obtaining a legal mandate. The Supreme Court in 1993’s Golaknathvs the State of M Pradesh[9] held that by virtue of Article 21 of the State or Central Act, a collection of information is available only if there is a State or Central Act empowering the collection and if it does not infringe upon any Fundamental Right guaranteed under Part III of the Constitution.
Types of Offences
The types of cybercrimes of data breach or breach of privacy in India are as follows: [10]
- Disclosure of Financial Information: Theft of financial information through hacking, an email scam, or key loggers is the most common type of cybercrime in India. Personal data such as credit card details are being stolen by criminals, which can lead to heavy losses for the victims
- Unauthorized Monitoring: This crime includes unauthorized access to emails and social media accounts leading to harassment and cyberstalking which can worsen into sensitive personally identifiable information being leaked
- Identity theft is when someone steals your identity and assumes your personal information—which includes name, address, social security number, driver’s license or other identification numbers (e.g., passport), date of birth and email address—and uses these against you to commit fraud or other crimes against you.
- Password hacking occurs when a hacker gains access to a user’s accounts and passwords via phishing or other identity theft methods.
- Email hacking is when a hacker targets an email account for phishing, to gather information from the victim.
- Phishing involves posing as a trustworthy source of technology advice, such as a colleague or security company, in order to steal passwords or other personal information from victims that follow the advice given. The victims are often fooled by the fake email and its phony link.
- Online banking hacking occurs when the attacker gains access to an online bank account and sends out fraudulent emails requesting money transfers before executing large-scale frauds and transfers of money abroad.
- Computer virus is malicious software that causes damage to computer hardware or software.
- Malware such as spyware and adware are a form of malicious software that can be used to gain access to personal information or for cybercrime purposes.
- Software vulnerability occurs when a piece of software has a flaw that can be exploited by a hacker, allowing unauthorized access to a computer’s data.
- Cyberstalking involves the perpetration of criminal acts through the use of electronic means, usually via computer, to harass, threaten or intimidate another individual.
- Webmail hacking is when hackers use email accounts to compromise user information, including passwords, credit/debit card numbers and other private information.
- Webmail hacking can be used for identity theft where the hacker tries to steal the password of your stored account information in order to get into your e-mail account.
- Data breach occurs when hackers break into a company’s computer network and may access all customer personal data (including addresses, birthdays, phone numbers and other data). Note that the data breach generally involves wilful violation of security protocols by the company involved.
Provisions regulating such kind of Offences (Data Protection Laws in India)
Recently, a proposed data protection Bill has been filed by the government of India which aims to protect the privacy of the Indian people with respect to their personal information. This bill was drafted after a series of scams and leaks involving personal information were reported from different sectors. The bill also intends to increase transparency as well as enhance accountability in terms of how companies use personal data. In this blog post, we will examine what the recent developments have been for digital privacy laws in India and what they mean for individuals going forward. The right to privacy is set out in the Indian constitution, although the Supreme Court has stated that this is not an absolute right. As a result, there are limitations put on its application in certain situations. It was also described by the Court as being a “wholly qualified right” this is because it can be overridden by the public interest. However, there may be situations where individuals can still claim protections under Article 21[11]of the Constitution of India
Major governance of data privacy is done under Information Technology (Reasonable security practices and procedures and sensitive personal data or information) Rules, 2011 (“Data Protection Rules”) notified under the Information Technology Act, 2000 (“IT Act”),The Personal Data Protection Bill,2019.
Right to privacy is a fundamental right in India(Justice K.S. Puttaswamy v. Union of India)
In the landmark case of KS Puttaswamy v. Union of India[12] (2014), the Supreme Court held that privacy is a fundamental right under Article 21 and should be protected by law. This decision has implications for many countries across the world, including Kansas, where it will require a rewrite of Privacy Protection Act by its legislature. According to Article 21, which is part of Part III of the Constitution of India, no person shall be deprived of life or personal liberty except according to procedure established by law. The most recent interpretation of the Article was in the case of Balakrishna Pavani & Ors v. State of Karnataka & Anr, decided by the Supreme Court of India on July 3, 2014. In this case, the court held that privacy is not a guaranteed right under Article 21. However, it went on to state that this would change if “either Parliament or State legislature enact a law declaring ‘right to privacy’ as a legal right”.
Privacy has been recognized as having both physical and intellectual dimensions. In the physical sense, privacy is the “right to be free from unwarranted intrusion into one’s personal affairs [and] intimate secrets.” In this context, it can be argued that privacy is a right to control over one’s own body and life and includes the right to decide whom one associates with. However, it has also been argued that we have an ‘intellectual concept of privacy’, which attaches an importance to the information we possess and control over its dissemination. This intellectual concept of privacy is what used in India in the case of KS Puttaswamy v. Union of India (2014). In this case, Justice P Sathasivam held that Article 21 protects both physical and intellectual dimensions of privacy. Privacy is a “fundamental right” because it encompasses both physical and intellectual dimensions, and therefore cannot be limited by the legislature. The court determined that, “Physical privacy is a necessary corollary of intellectual privacy.” This idea can be understood as a metaphor for a closed society. In a closed society, the individual has control over his or her body and life. However, within an open society, the individual does not have complete control over his or her life. The open society allows scrutiny on some aspects of one’s life but does not require total disclosure of one’s information. It is this aspect of intellectual privacy that entitles someone to control their own body, whether to harm themselves or others (or oneself). The court also stated that the “right to privacy is implicit in the entire Part III of the Constitution.” [13]The court held that privacy is an element of liberty, which underlies freedom of speech, association and thought. Therefore, it can be argued that privacy is a fundamental right and not just a common law right under Article 21. While this decision was based on the intellectual concept of privacy, it is likely that it will eventually be translated into a common law right so that it can be protected under an express constitutional guarantee.
The court also stated that:
“No person has a fundamental right to take the life of another human being; no person has an inherent right to commit suicide; and nobody has an absolute right to destroy, damage or mutilate another’s body in such a way as to cause death or disablement.”
The court also held that acknowledgment of the public’s interest in protecting individuals from theft and harm must not indicate any limitation on the right to privacy. This is because:
“...it is not open to the State to infringe the fundamental rights of its citizens by way of legislation which intrudes into the privacy of home, soul, family or personal preferences. We may mention that apart from ‘the right to life’ as it is recognised by Section 32 of the Indian Penal Code, there are several other statutory provisions in India which make specific provisions for protecting the security of life and liberty of persons. The protection available under our law to an individual at home is also manifestly greater than that available in countries which are firmly wedded to ‘the right to life’. In the United States of America, which is a ‘right to live’ country as opposed to a ‘right to live and die’ country, there are no specific provisions for the protection of personal security.”
The court held that Parliament can amend or repeal any existing law regarding privacy by passing a new law. It stated, “Parliament could not become a legislature which simply denies certain fundamental rights without first providing any other safeguard. It may be that there is no need for an express constitutional guarantee in our Constitution since other facets of liberty may suffice to allow Indians freedom from invasions into their private lives.
Conclusion
In the absence of a specific law which is in consonance with the Constitution with respect to privacy, right to privacy may be viewed as a common law right. It is a limited right and not an absolute one. The courts have been entrusted with the task of balancing this limited right against public interest and have been vested with sufficient powers for this purpose. Privacy is undoubtedly a key constitutional value which is enshrined in Part III of the Constitution, but India does not yet have any legislation that can recognise it as an independent fundamental right nor has any court laid down its contours in unmistakable terms. The right to privacy cannot be absolute. It has to be balanced with the interests of the country. The Constitution does not infringe on an individual’s right to privacy, but instead, it upholds certain conditions for upholding this right. The unrestricted liberty of an individual should only be done so provided that there are no other hindrances or interference from other people or authorities. Privacy is still considered a fundamental human right, especially because it is necessary for the realization of every person’s inherent dignity and individuality. Privacy is a basic, natural right which is an essential element of personal autonomy.
Since privacy is an important aspect of personal autonomy, it can also be used as a legal ground to safeguard other classical human rights such as the right to life and prohibition of torture and illegal detention. The most significant protection afforded by the right to privacy is that it protects information about one’s own personal affairs and self-identity from arbitrary state intrusion, especially in the area of security and national defence. Therefore, when searching for a balance between individual rights and public needs, the law should always be sensitive to public concerns with regard to national security, such as in the case of an individual’s communication with foreign countries.
This article is authored by Hitesh Malik, student at Amity Law School, Noida
What is the right to privacy?
Right to privacy means that the personal information of an individual which is not available publicly cannot be used or provided by anyone without the consent of the individual.
Is the Right to Privacy a fundamental right?
Yes, it is a fundamental right. It does not find express mention in the Constitution, but the Supreme Court has extended the Right to Life under Article 21 to include the Right to Privacy.
Is breach of privacy a crime?
Yes, it is an infringement of fundamental right if the state is involved and if a private individual is involved in such an act, then there are various offences under cybercrimes for data breach and other liabilities under the IT Act, 2000. The government is also enacting the Personal Data Protection Bill, 2019.
Is privacy a moral right?
Privacy has moral value because it shields us by providing freedom from scrutiny, prejudice, pressure to conform, exploitation, and the judgment of others.
[1] https://www.mondaq.com/india/privacy-protection/625192/supreme-court-declares-right-to-privacy-a-fundamental-right
[2] https://www.legal500.com/developments/thought-leadership/personal-data-protection-law-in-india/
[3] https://prsindia.org/billtrack/the-personal-data-protection-bill-2019
[4] https://prsindia.org/billtrack/the-national-identification-authority-of-india-bill-2010
[5] https://www.drishtiias.com/daily-updates/daily-news-analysis/right-to-privacy-right-to-be-forgotten
[6] https://www.un.org/en/about-us/universal-declaration-of-human-rights
[7] 1954 SCR 1029 : AIR 1954 SC 260
[8] 1992 (6) SCC 64
[9] 1993 (3) SCC 496
[10] https://www.pandasecurity.com/en/mediacenter/panda-security/types-of-cybercrime/
[11] https://www.careerlauncher.com/upsc/article-21/
[12] https://indiankanoon.org/doc/127517806/
[13] https://knowindia.india.gov.in/profile/fundamental-rights.php