In India, banter between strangers such as exchanging names, occupations, family details, incomes and even marital status, is not unusual but has relatively low risk of misuse as their paths are not as likely to cross as often as Bollywood would like us to believe. However, the risk is significantly higher if you share the PIN (Personal Identification Number) of a debit or credit card, whether out of blind faith or due to ignorance or, for that matter, by clicking on a fake link purported to you from your bank.
With the initiation of national programs like Unique Identification number, DNA profiling, Reproductive Rights of Women, Privileged communications, brain mapping and increased collection of citizen information by the government, concerns have emerged on their impact on the privacy of persons. This information ranges from data related to: health, travel, taxes, religion, education, financial status, employment, disability, living situation, welfare status, citizenship status, marriage status, crime record etc. At the moment there is no overarching policy speaking to the collection of information by the government. This has led to ambiguity over who is allowed to collect data, what data can be collected, what are the rights of the individual, and how the right to privacy will be protected.
Since the 1960s, the Indian judiciary, and the Supreme Court in particular, have dealt with the issue of privacy, both as a fundamental right under the Constitution and as a common law right. The common thread through all these judgments of the Indian judiciary has been to recognize a right to privacy, either as a fundamental right or a common law right, but to refrain from defining it in iron-clad terms. Instead the Courts have preferred to have it evolve on a case by case basis.
As Justice Mathew in the case of Govind v. State of Madhya Pradesh has stated that, “The right to privacy will, therefore, necessarily, have to go through a process of case by case development.”
The very first case to lay down the contours of the right to privacy in India, was the case of Kharak Singh v. State of Uttar Pradesh (1964), where a Supreme Court bench of seven judges was required to decide the constitutionality of certain police regulations which allowed the police to conduct search visits and surveillance of persons with a criminal record. In this case a majority of the judges refused to interpret Article 21 to include within its ambit the right to privacy and stated that “The right of privacy is not a guaranteed right under our Constitution.” In 2015, Attorney General Mukul Rohatgi asked the Supreme Court to constitute a nine-judge bench to decide the solidified position of Right to privacy, what he said is a “disputed question of law and constitutional provisions”. Therefore, fundamentals of privacy is majorly judge-made and evolved through case by case, and will continue developing until a codified act is passed by the legislature.
Different geographies across the globe have defined their privacy requirements, articulating the requirements for the protection of the personal data and prevent harm to an individual whose data is at stake. With regard to the principles in force the world over, there is a high degree of agreement among various approaches, most specifically, the principles followed by the US, OECD, EU and APEC, where transparency, enforcement and accountability are considered the cornerstone for privacy protection. But in India there is no hardcore principle or policy defining the privacy or private rights of a person, even our constitution doesn’t explicitly mention any right to privacy.The individuals are putting out their data on the web in return for useful services at almost no cost. However, in this changed paradigm, private sector and the civil society have to build legal regimes and practices which are transparent and which inspire trust among individuals, and enhance their ability to control access to their data. .
For instance, Interception or access to communication data is frequently practiced by governments across the globe, but when carried out without comprehensive privacy safeguards in place, can violate individual privacy.In India interception/access is addressed by two legislation, the Indian Telegraph Act (TA) 1885 and the Information Technology Act (ITA) 2008. Each Act prescribes varying standards and procedures for interception through Rules, thus creating interception regimes that have both similar and varying standards and procedures.
Also, In India, private and public organizations use audio & video recording devices, namely CCTVs, to monitor premises and detect unlawful activities in public spaces, yet there are no clear regulations as to the circumstance and manner in which devices such as CCTVs can be employed. In some cases individuals are notified that a device is being used to monitor the premise, and in other cases, no notice is given, and the individual is left unaware of the recording. After the recording takes place it is not clear what happens to it. It can be assumed that in some cases organizations simply store the information, while news items show that in other cases private establishments make CCTV camera feeds available to police in real-time.
The data controllers like Facebook, google etc. are using personal identifiers to converge databases, track individuals, and create comprehensive profiles about consumers and citizens. When carried out without comprehensive privacy safeguards, this practice can violate individual privacy. Personal identifiers are a type of personal information, but unlike personal information like ‘sexual orientation’, personal identifiers can uniquely identify an individual, and can reveal any additional information about an individual that was attached to the identifier or generated by the use of the identifier. Personal identifiers, like UID number, Personal Account Number, and Passport number, ubiquitously serve as personal identifiers for individuals in India, as public and private organizations now mandate them to complete transactions and provide services.
Further, there are several others field and ways, in which private and public sector hinder our privacy in the lieu of public interest and no cost facilities, above examples only constitute a part of a widespread circle. India and its government, with its more than a million population, is accountable for each and every individual.
Therefore, as recommended by the expert committee report (2012), under the chairmanship of justice A.P Shah, what we need is to come up with is a legislation or an act which is technologically neutral and parallel to the international standards. A multi-dimensional act which must apply to both private and public sector and to hold the data controller accountable for the collection, processing and use of the data, thereby ensuring that the guaranteed privacy of the subject.
What the committee want and what is needed for the public, will remain a recommendation only until ‘we the people of India’ open up our minds and process our thoughts as to give ourselves a safe and secure environment because our privacy begins with us and it should not end up in the hands of other.