** Image taken from http://www.harriers.co.uk/privacy-policy/.
By- Shraddha Upadhyay, student at Rajiv Gandhi National University Law, Punjab
Right to Privacy: Meaning and Scope
Privacy is one of the most cherished civil liberties instrumental to the dignity and freedom of an individual. While it is difficult to define what is exactly meant by privacy as it is a term of wide import, but it is important to limit the scope of study by some legal ideation. As per Black’s Law Dictionary, privacy refers to the “right to be let alone; the right of a person to be free from unwarranted publicity; and the right to live without unwarranted interference by the public in matters with which the public is not necessarily concerned”.1
Thus privacy entails taking decision in private matters, protection from unauthorized search, no intervention through illegal means or shadowing by installing any electronic devices, freedom from unwanted bodily intrusions and data protection. The list is only inclusive and not exhaustive as in a technologically dynamic world, one can never be too sure of the ways in which privacy can be infringed.
Due to its pivotal position in the life of an individual, the discourse around right to privacy assumes great significance. It has been one of the most rigorously debated legal topics over the decades. While globally it is considered as one of the inalienable rights2, India has a very nebulous stance on it. It is due to the confusing court rulings, dynamic nature of the concept of privacy and wide gaps in the domestic law on privacy.
It recently became a hot topic for television debates and drawing room discussions in the light of State surveillance regimes like NETRA and CMS (Central Monitoring System) and Aadhar Case. In this article, an attempt is made to understand the components of the right to privacy in India and accordingly highlight the gaps in the privacy law.
Right to privacy has been a part of international jurisprudence for a long time. Article 12 of the Universal Declaration of Human Rights, 19483 provides protection against arbitrary interference with privacy. Further the impugned right is also contained in Article 17 of the International Covenant of Civil and Political Rights4. Regional instruments like European Convention on Human Rights also mention the right to privacy and protection against unwarranted interference5.
As the Indian Constitution, the United States Constitution does not expressly mention the right to privacy but it has been read through by way of judicial interpretations into first, fourth & fourteenth amendments of Bill of Rights. In Britain, the Human Rights Act 1998 incorporated European Convention on Human Rights into the domestic law and Data protection Act, 1998 regulates receiving, processing, retention etc., of personal data.
Right to Privacy and Indian Law
The Constitution of India does not provide for a separate right to privacy but it has been read into the Constitution in a restricted sense over the period of time. It is contained in the compendium of rights in the phrase “life and personal liberty” under Article 21. Though there is no separate statute concerning right to privacy, the privacy law is contained in a number of legislations.
The most comprehensive legal provisions regarding privacy are provided in the Information Technology Act, 2000. It aims at securing online user privacy. These provisions provide for penalizing hacking and fraud6, penalizing child pornography7, compensation for failure to protect data 8, punishment for violation of privacy9, punishment for disclosure of information in breach of lawful contract10 and defining data protection standards for body corporate11. However some provisions of the impugned Act like collection and monitoring of internet traffic data12 and real time monitoring and decryption of online communications13 also weaken the cause of privacy.
Other enactments like Indian Penal Code, 1860, Code of Criminal Procedure, 1973 and Income Tax Act also provide for certain privacy safeguards. Despite the amendments in the law, privacy jurisprudence is piecemeal in India. Even the Information Technology Act, which is the most comprehensive online privacy law, has various gaps which makes it susceptible to misuse. Altogether the current legal position has led to a confusing state of affairs.
Here it is important to mention that the Privacy Bill was brought up twice during the UPA regime in 2011 and 2014. However the legislation could not see the light of the day.
Facets of Right to Privacy in India
M.P. Sharma v. Satish Chandra14 was the first case to address the issue of right to privacy. In this case, the Apex Court upheld search and seizure while negating the right to privacy. It specifically said that: “When the Constitution makers have thought fit not to subject such regulation to Constitutional limitations by recognition of a fundamental right to privacy, analogous to the American Fourth Amendment, we have no justification to import it, into a totally different fundamental right by some process of strained construction.”
However it has to be noted that the case was concerned with the right to property and not the right to privacy. The Supreme Court did not altogether defy the existence of the right to privacy; it merely rejected it in the context of search and seizure for documents.15
The next case in line was Kharak Singh v. State of Uttar Pradesh16. In this case, the Uttar Pradesh Regulations regarding domiciliary visits were struck down. Though the right to privacy was again negated by the majority, the minority judgment upheld the right by reading it into Article 21. Here it should be mentioned that the two aforesaid cases were decided in 1954 and 1963 respectively. While the development of constitutional law till 1970 was on the lines of A.K. Gopalan17, there was a massive shift in approach after Maneka Gandhi18. There was a change from State centric position to citizen-centric position. After Maneka Gandhi and R.C. Cooper19 cases, it was well-established that freedom or liberty is empty without guaranteeing privacy.
Gobind v. State of Madhya Pradesh20, decided in 1975, is the most important case in privacy jurisprudence in India. The facts of the case were similar to that of Kharak Singh. It involved domiciliary visits to the house of a history-sheeter. However the regulations in this case had no legislative backing. The Court relied on a number of American cases21 which held privacy as interstitial right. Furthermore, the Court relied on American tests of compelling public interest and narrow tailoring22 for justifying infringement of privacy. The verdict in Gobind Singh was followed in the case of Malak Singh v. State of Punjab and Haryana23
Around the same time, a case regarding disclosure of health information came up in Neera Mathur v. LIC24. Here the petitioner contested wrongful termination post maternity leave. LIC required the women applicants to furnish personal details like their menstrual cycles, conceptions, pregnancies, etc. at the time of appointment. This was held to be a breach of privacy and LIC directed to delete such questions
The next important case in privacy jurisprudence is PUCL v. Union of India25. In this case, public interest litigation was filed by an NGO bringing in light the frequent instances of tapping of phones of politicians by the CBI. In this case again the above-mentioned American tests were upheld. Further the right to privacy was held to be an integral aspect of Article 21 and detailed guidelines were laid down for exercising the rights of interception under Section 5 of the Telegraphs Act, 1885.
Another facet of privacy concerns disclosure of sensitive data on health. The first case to deal with this was Mr. ‘X’ v. Hospital ‘Z’26. Here the respondent hospital disclosed to the appellant’s fiancée that he was HIV (+) and resultantly his marriage was called off and he was socially ostracized. The Court held the disclosure to be permissible as it concerned the interest of the fiancée of X and thus it did not amount to infringement of privacy.
In the case of P. Rajagopal v. State of Tamil Nadu27, the right to privacy of a prisoner was recognized. Then in 1999, an interesting case came before the Apex Court where there was an apparent conflict between right to freedom of press and right to privacy. In this case, India Today requested for interviewing an undertrial prisoner. Here the court held that the freedom of press is subject to the personal rights of the prisoner28.
In 2010, another sensationalized question regarding the conflict between right to privacy and involuntary administration of scientific techniques for investigation in criminal cases came up before the Court in Selvi v. State of Karnataka29. The Court said that no individual should be forcibly subjected to techniques like narco analysis, polygraph and BEAP test as everyone has the privacy of his own mind.
Recently the issue of food sovereignty and right to privacy has been the centre of controversy, especially in respect to the beef ban. The Bombay High Court, in the case of Shaikh Zahid Mukhtar v. State of Maharashtra and others30, ruled that as far as the choice of eating food of the citizens is concerned, the citizens are required to be let alone. They further held it to be a part of right to privacy under Article 21 of the Constitution and thus sections 5D and 9B of the Maharashtra Animal Preservation Act, 1976 were struck down.
These were some of the important aspects of right to privacy. However these are not exhaustive. As the concept of privacy itself is dynamic and inclusive, it is impossible to ascertain the future challenges. The issues of mass surveillance and leak of private data online are the current challenges before the Supreme Court in the Aadhar Case and WhatsApp Case respectively. The outlook of Court in dealing with these issues will go a long way in defining the privacy regime.
Right of Privacy and Digital India
The question of privacy gets even more entangled when internet comes into picture. The privacy rights on internet can be understood with respect to data protection. The peculiar feature of information on internet is that it is not limited by borders both physically and legally. This leads to a number of complications like varied standards of protection in different territories and confusion of jurisdiction.
Another problem is that it is unclear as to which information posted on the internet or more specifically on the social media is free for public use and which is private. These issues have been contested in the United States31 while Indian Courts are yet to deal with them.
While the privacy jurisprudence is still juggling with the opacity of the law, the world is changing at a much faster pace. India has vowed to digitalize itself with little progress on the legal side of it. The Information Technology Act, 2000 has serious gaps which necessitates a separate privacy legislation.
The strongest form of data protection standards are found in the Information Technology (Reasonable security practices and procedures and sensitive personal data or information) Rules, 2011. However these rules have not been recognized by the European Union as qualifying the EU standards of data secure32. These gaps leave a number of bodies unregulated and certain types of information unprotected.
In 2011, the Guidelines for Cyber Café Rules were framed under the Information Technology Act. The efficacy of Rules can otherwise be debated but the disclosure provisions in these rules adversely impact privacy. The Information Technology Act, 2000 allows for interference of user privacy online by laying down rather broad standards of access to law enforcement and security agencies and providing the government with unfettered powers in determination of the tools for protection of privacy. The implementation of the surveillance systems like NETRA and Central Monitoring System by the Indian Government is yet another instance of privacy violation by the Government by seeking greater access to communications.33
Thus there is a need for an independent legislation on privacy in India. In 2012, Justice A.P. Shah Committee placed a number of recommendations regarding privacy legislation in India. However those have been given a cold shoulder by the government. The Privacy legislation has a long way to go.
Therefore, it can be concluded that right to privacy is an integral component of right to life and personal liberty under Article 21. While this was considered as a settled legal position, there was an attempt to dissuade from it recently in the Aadhar case where the Attorney General argued that there is no right to privacy. He cited M.P. Sharma and Kharak Singh to buttress his argument. The authorities cited were not only redundant but also out of context. While on one hand the position with respect to privacy is considered as fait accompli, the other side argues that there is a serious hiatus in law.
However this is definitely the incorrect position as after these cases, the Supreme Court has held privacy to be a fundamental right in more than thirty cases. Law has to be read dynamically in accordance with the need of the time.
Right to privacy has many challenges ahead. In the digital era, with information technology ruling the roost, it is important to deliberate upon how privacy is to be controlled. Further, recent cases like WhatsApp case bring about another issue of enforcement of right to privacy in case of private contracts. The mass surveillance regime has also ignited a debate on privacy. Thus it is important to lay down a concrete privacy law to cover the hiatus in law and thus establish systematic privacy jurisprudence.
- Namit Oberoi, The Right To Privacy: Tracing The Judicial Approach Following the Kharak Singh Case, (Jun. 20, 2017, 10:04 AM) http://www.commonlii.org/in/journals/INJlConLaw/2007/11.pdf.
- Universal Declaration of Human Rights, 1948 art. 12; International Covenant on Civil and Political Rights, 1966, Art. 17.
- Universal Declaration of Human Rights, 1948, art. 12.
- International Covenant on Civil and Political Rights, 1966, art. 17.
- Convention for the Protection of Human Rights and Fundamental Freedoms, 1950, art. 8.
- Information Technology Act, 2000, § 43, 66, and 66F.
- Information Technology Act, 2000, § 67.
- Information Technology Act, 2000, § 43A.
- Information Technology Act, 2000, § 66E.
- Information Technology Act, 2000, § 72 A.
- Information Technology (Reasonable security practices and procedures and Sensitive personal data or information) Rules, 2011
- Information Technology (Procedure and Safeguards for monitoring and collection of Traffic Data or other information) Rules 2009.
- Information Technology (Procedure and Safeguards for intercepting, monitoring, and decryption) Rules 2009.
- M.P. Sharma v. Satish Chandra, 1954 SCR 1077.
- Gautam Bhatia, State Surveillance and The Right To Privacy In India: A Constitutional Biography, 26 NLSI Rev. (2014), 128.
- Kharak Singh v. State of Uttar Pradesh, 1964 SCR (1) 332.
- A.K. Gopalan v. State of Madras, 1950 SCR 88.
- Maneka Gandhi v. Union of India, 1978 SCR (2) 621.
- R.C. Cooper v. Union of India, 1970 SCR (3) 530.
- Gobind v. State of Madhya Pradesh, AIR 1975 SC 1378.
- Griswold v. Connecticut, 381 U.S. 479 (1965) and Roe v. Wade, 410 U.S. 113 (1973).
- Grutter v. Bollinger, 539 U.S. 306 (2003).
- Malak Singh v. State of Punjab and Haryana, 1981 SCR (2) 311.
- Neera Mathur v. LIC, 1991 SCR Supl.(2)146.
- PUCL v. Union of India, (1997) 1 SCC 301.
- Mr. X v. Hospital Z, (1998) 8 SCC 296.
- P. Rajagopal v. State of Tamil Nadu, 1994 SCC (6) 632.
- State through SUPTD, Central Jail (ND) v. Charulata Joshi, AIR 1999 SC 1379.
- Selvi v. State of Karnataka, AIR 2010 SC 1974.
- Shaikh Zahid Mukhtar v. State of Maharashtra and others, Writ Petition No.5731 of 2015.
- Business Standard. Data secure status for India is vital: Sharma on the FTA with EU. September 3rd 2013. Available at: http://www.business-standard.com/article/economy-policy/data-secure-status-for-india-is-vital-sharma-on-fta-with-eu-113090300889_1.html.
- Internet Privacy in India, (Jun. 17, 2017, 10:30 PM), https://cis-india.org/telecom/knowledge-repository-on-internet- access/internet-privacy-in-india.