Tag: Privacy Breach

Posted on

Limiting the Right to Privacy: The Puttaswamy Judgment-II

Limiting the Right to Privacy: The Puttaswamy Judgment-II
Image Source: DataPrivacyManager

No right is absolute, and every right comes with certain restrictions. So does the Right to Privacy, which is a fundamental right under Article 21 of the Constitution of India. Right to life includes Right to Privacy and, as it is argued somewhere else on this blog, ‘privacy, as a right, is important for an individual to exercise control over his or her personality.’ The authority of the State to restrict the Right to Life (and limiting the right to Privacy) derives from the second part of Article 21. It states that the rights cannot be violated ‘except according to procedure established by the law’. After the Maneka Gandhi v. Union of India, the procedure established by the law must also be just, fair and reasonable. Every such procedure must pass the scrutiny of Articles 14, 19 and 21 of the Constitution of India. This post highlights the conditions under which the Indian State can constitutionally intervene with the Right to Privacy. Herein, it is crucial to understand that the rights are the general norms that must triumph, and the restrictions are exceptions. No exception can override the general norms except in certain clearly defined conditions (also known as ‘tests’ or ‘doctrines’).

Continue reading “Limiting the Right to Privacy: The Puttaswamy Judgment-II”
Posted on

Understanding the Right to Privacy: The Puttaswamy Judgment-I

In 2017, the 9 judges of the Indian Supreme Court adjudicated a matter Puttaswamy v. Union of India (‘Puttaswamy’) and unanimously held that under the Indian Constitution, the Right to Privacy is a fundamental right. The Supreme Court declared that its previous judgments in MP Sharma (8 judges) and Kharak Singh (6 judges) are overruled as they did not recognise privacy as a fundamental right. Those judgments relied on the logic used in the A.K. Gopalan case which stated that every fundamental right to be read separately and individually. But that position got changed in R.C. Cooper v. Union of India, and subsequently in Maneka Gandhi v. Union of India, in which the Court held that fundamental rights cannot be read in water-tight compartments. In Cooper, the Court said that the fundamental rights ‘do not attempt to enunciate distinct rights’, rather they are interlinked. Hence, this article must be read in light of the principle enunciated in the Cooper case. In this article, I will try to highlight the reasoning behind Puttaswamy as to why the Court declared Right to Privacy as a fundamental right.

Understanding Right to Life and Dignity

Every human being by the virtue of her existence has a Right to Life which is a natural right guaranteed by the ‘Nature’. Further, this natural right to life is also guaranteed by the Indian Constitution under Article 21 which elucidates that the ‘state’ shall not violate any person’s right to life and personal liberty without the procedure established by law. The Right to life is not just the right of a person’s physical body, but also over her mental being. In Golaknath case, Justice Rao observed that ‘Fundamental Rights are the modern name for what has been traditionally known as Natural Rights’ [The usage of the word ‘natural’ here is opposed to the societal opinion/understanding of the rights ‘as they are since time immemorial’, rather it is based on the transformative nature of rights which are always evolving]. These rights, including the right to life, cannot be excluded or separated from human existence. Hence, the rights guaranteed under Part III of the Constitution are the natural rights of every human being, which it aims to preserve.

Dignity, as an expression, finds its place in the Preamble of the Constitution as it states that ‘ensuring the dignity of every individual’. An individual is the focal point of the Constitution and human dignity weaves through the provisions of the Constitution. [Article 14: Guarantee against arbitrariness; Article 19: Individual Freedoms; Article 21: Life and personal liberty] The Court in the Francis Mullin case strongly observed that the fundamental rights must be interpreted to enhance the human dignity and ‘worth of the human person’. The Right to Life is not just animal existence and it is much more than just mere survival. On human dignity, the five-judges bench in M. Nagraj exposits that, “no exact definition of human dignity exists. It refers to the intrinsic value of every human being, which is to be respected. It cannot be taken away. Every human being has dignity by virtue of his existence.” Further, observing about dignity, it has been observed in Selvi’s Case that forcible intrusion into a person’s mental processes is also a violation of Human Dignity.

Privacy and Human Dignity

Ancient philosophers such as Aristotle distinguishes private life from public life. He distinguishes the spheres where the government can intervene and where it cannot; certainly as he observes that government cannot intervene in an individual’s privacy.  Individual’s private life is mainly for “private reflection, familial relations and self-determination” (refer to the constitutional database to read the hyperlinked article). The individual is sovereign over her mind and body. As Justice Chandrachud posits (Puttaswamy ¶32),

“If the reason for protecting privacy is the dignity of the individual, the rationale for its existence does not cease merely because the individual has to interact with others in the public arena.”

An individual has all the freedom and liberty over his body and mind and she must be set free from any kind of intrusion. Privacy, as a right, is important for an individual to exercise control over his or her personality. ‘Privacy ensures that a human being can lead a life of dignity by securing the inner recesses of the human personality from unwanted intrusion.’ (Puttaswamy ¶113) Life without dignity, privacy and liberty is no life as they are inalienable to a human being. No state can violate these rights as they exist even before the advent of the Constitution. The constitution is ‘not the sole repository of the right to life.’ India has signed and ratified UDHR and its Article 12 recognises the Right to Privacy which cannot be taken away by anyone.

 Further, the argument that the right to privacy is not available under the text of the Constitution is based on a primitive understanding of it. The Constitution is a transformative text which evolves over time and it cannot be viewed as a document ‘written in ink to replace one legal regime with another’. It is a document which rests on the goals enshrined in the Preamble and the aim is to realise those goals. The Constitution does not tells us what is a right or do we have a right or not? It only puts the limitations on the power of the state. It is not the source of liberty of man as liberty exists by the mere virtue of existence in the world.

Therefore, the right to privacy is a part of the liberty of an individual and privacy protects the individual’s autonomy and dignity. The ‘pursuit of happiness’ which everyone seeks is founded upon liberty and dignity of an individual. ‘Both are essential attributes of privacy which makes no distinction between the birthmarks of an individual.’ The guarantee of the right to privacy liberates the individual and helps her in realising her potential and autonomy.

In conclusion, while embracing the Supreme Court’s judgment in Puttaswamy v. Union of India, a paragraph from Max Planck Encyclopaedia of Comparative Constitutional Law (2015) is something to look forward to:

“The right to privacy can be both negatively and positively defined. The negative right to privacy entails the individuals are protected from unwanted intrusion by both the state and private actors into their private life, especially features that define their personal identity such as sexuality, religion and political affiliation, i.e., the inner core of a person’s private life….. The positive right to privacy entails an obligation of states to remove obstacles for an autonomous shaping of individual identities.”

[Note: There are certain reservations about the Court’s judgment with regard to ‘declaring Privacy as a Natural Right and not merely a Fundamental Right’. This has been argued here and here]

Posted on

“Publishing of notice of Intended Marriage”: A Privacy loophole under Special Marriage Act

[This is a post by Shreya Singh, Contributing Member.]

Marriage is considered as a sacred institution in India which is governed by codified personal laws. The Supreme Court of India has recently accepted a petition challenging the constitutionality of Section 6 under the Special Marriage Act, 1954 contending that the provision violates the Right to privacy, equality and non-discrimination vested in the Constitution of India. The Special Marriage Act, 1954 is distinct from other personal laws as it provides rules and regulations regarding marriage for the people of India and all Indian nationals in foreign countries, irrespective of the religion or faith followed by either party.

The Apex court has agreed to examine the provisions which obligate the Marriage Officer to publish a notice of an intended marriage allowing people to come forward and object the intended marriage within 30 days of the date of publication of the notice. The details include their names, date of birth, age, occupation, parents’ names and details, address, pin code, identity information, phone number, etc. which is a particular requirement of the Act. It also mentions that anyone can raise an objection to the marriage, and gives significant power to the marriage officer to investigate them as well.

The provision invades privacy and violates fundamental rights 

The right to privacy was recognised by the Supreme Court in the nine-judge bench landmark judgement in the case of K.S. Puttaswamy v. Union of India (2017). The Supreme court declared that right to privacy is a fundamental right and is an intrinsic part of the right to life and liberty under Article 21 of the Constitution of India, contending that it is the responsibility of the sovereign State/Nation to protect the privacy of an individual. Therefore, the State must not intervene in the personal lives of the people and the choices made by them which includes a person’s decision of whom he/she should marry. On the contrary, the said provisions of the Special marriage act, 1954 obligates the marriage officer to put personal details of the couple in the public domain for other people to decide whether the potential solemnisation of marriage is acceptable or not. 

The notice of marriage not only invades the private lives and liberty of the individuals but also jeopardizes the marriage as it may endanger the life or limb of the couple due to parental interference. In the case of Lata Singh v State of UP (2006), a two-judge bench of the apex court, in the landmark judgement stated as follows:

“This is a free and democratic country, and once a person becomes a major he or she can marry whosoever he/she likes. If the parents of the boy or girl do not approve of such inter-caste or inter-religious marriage the maximum they can do is that they can cut off social relations with the son or the daughter, but they cannot give threats or commit or instigate acts of violence.”

In the case of Shakti Vahini v. Union of India(2018), the Supreme court held that the right to choose a life partner is a fundamental right under Article 21 and does not require the consent of anyone else other than the two legally competent persons (adults) for the solemnisation of marriage. The disclosure of marriage between inter-faith/inter-caste couples can invite religious conflicts amongst both the communities and may lead to physical violence and honour killings. A prominent example of such violence is the Khaap Panchayat in western Uttar Pradesh, Haryana and Delhi and the honour killings practised by them. The publishing of intended marriage mentioned in the Special Marriage Act may attract such communal conflicts and unfortunate blood-shed which will only create hatred amongst religious communities. 

It is observed that there is an inconsistency in the personal laws for the solemnisation of marriage under the Hindu Marriage Act,1955, does not demand a notice of intended marriage to be published which is contrary to the Special Marriage Act, 1954. This clearly proves the arbitrary nature of the laws and its failure in satisfying reasonable classification under Article 14 of the Constitution. The provision also violates Article 15 of the constitution of India as it promotes inequality in the society and discriminates people on grounds of religion, race, sex, caste and place of birth. 

Uniform Civil Code: Need of the hour 

The conflicting provisions in the personal laws have been a prominent issue in India. The conflicting requirements of multiple laws create unnecessary confusion in the judiciary and give rise to the arbitrary nature of judgements. The establishment of a Uniform Civil Code can bring relief to conflicts regarding the inconsistency of personal laws as it will apply equally to all the citizens of India regardless of their religion. It would help in bringing about a positive change in society by preventing communal violence and maintaining peace and harmony. 

Conclusion 

In India, marriage is hardly considered as a private affair between two consenting adults. It is believed in India that – “Marriage isn’t a union of two people; but the union of two communities/families”. Marriage is still a victim of patriarchy as it is driven by the notion that choosing a desired partner against the standards that have been set by society is unacceptable. The romanticisation of marriage being a topic of communal-union must not penetrate and affect the private lives and the choices made by individuals. 

There have been progressive decisions made by the state of Kerala regarding this issue as they have recently issued a circular to bring a halt to the publication of notice of marriage and this has been supported by high courts of Delhi and Rajasthan as well. The Supreme court must consider these progressive examples to make a rational decision and help in bringing about a significant change in Indian society. 

Posted on

Social Media and Right to Privacy

[This is a post by Raksha Tripathy, Columnist]

People like to express themselves, and are curious about other people.” -John Cassidy

Introduction

Justice Louis Brandeis of the United States Supreme Court gave one of the earliest meanings of privacy as an individual’s right to be left alone.” The Black Law Dictionary defines ‘Right to Privacy’ as, “The right to be left alone without intrusion or interference by the government into personal affairs.” 

Article 12 of the Universal Declaration of Human Rights (UDHR), 1948 enunciated privacy right as,

“No one shall be subjected to arbitrary interference with his privacy, family, home or correspondence, nor to attacks upon his honour and reputation. Everyone has the right to the protection of the law against such interference or attacks.”

India is a signatory to UDHR which mandates our country to take steps in enacting laws to grant this right to privacy and ensure the protection of its citizens.  

The social networking sites (SNS) have become an essential part of our lives which is evident by the number of users who are a part of it. It has provided a platform to enhance skills, knowledge and is creating tools for one’s interest. The freedom to post personal information without rational judgement has paved the way for online predators to access the information maliciously. Along with such freedom brings privacy concerns.

Right to Privacy as a Fundamental Right

The question of privacy as a right was presented before the Court in MP Sharma v Satish Chandra back in 1954 where the power of search and seizure was held not to be one’s privacy violation, and the bench held that Right to Privacy is not a fundamental right. In the case of Kharak Singh, the validity of Right to Privacy as a fundamental right was raised which was dismissed by the majority of judges saying, “Our Constitution does not in terms confer any like constitutional guarantee.” However, one of the judges, Justice Subba Rao in his dissenting opinion said that,

“…Further, the right to personal liberty takes in not only a right to be free from restrictions placed on his movements but also free from encroachments on his private life. It is true our Constitution does not expressly declare a right to privacy as a Fundamental Right, but the said right is an essential ingredient of personal liberty. Every democratic country sanctifies domestic life…”

The Right to Privacy was a debatable topic in India. However, it was in K.S Puttaswamy v Union of India where it was considered as a fundamental right under Article 21 of the Indian Constitution as an integral part of “personal liberty” enshrined under Part III of the Constitution. In 2017, the nine-judge bench of the Supreme Court gave this landmark judgment despite strong encountering arguments which stated that only a minuscule portion of the population is affected by the right to privacy; and it is an elitist construct. The opposition also contended that ‘Right to Privacy’ is a common law right but not a fundamental right and constitutional debates rejected privacy as a fundamental right.

Social Media and Privacy Breach

An SNS profile acts like an individual’s online personality or digital personality. It can create and bring content similar to a person’s interest and personal life. It also displays recommendation of events, contents, discussions based on the personal information which is quite vulnerable to a privacy breach. The Facebook data leak which affected 50 million users in which information like phone numbers, emails, and other details was compromised. These stolen data can be used as phishing mails to know an individual’s preferences, text messages or calls can be used maliciously along with other information. India was recorded as the second most affected country due to cyber-attacks which made Indian companies at a high risk of cyber-attacks to opt for cyber insurance policies. 

The data leak of February 2019, where Aadhar details of over 6.7 million users containing sensitive data like addresses, numbers, etc were leaked on Indane’s website. The JustDial data breach affected 100 million users, and the personal information of these users was uploaded on unprotected servers which included names, numbers and addresses. It did not only affect those using the JustDial app but even those who called the helpline of the company between 2015-2019. Another data leak of Facebook and Twitter users in November 2019 where emails ID, username and tweets were leaked by malicious apps and was confirmed by India’s cybersecurity watchdog, CERT-In. 

Indians are at a higher risk of a data breach as they comprise of more active users on social media platforms and tend to give away personal information easily as compared to other users in the markets. The careless approach, lax rules and regulations for app developers have added more to the violation of this right. “App permissions and the way app developers and owners seek permissions from users before the latter download apps vary with locations,” said Sivarama Krishnan, cybersecurity leader, India, at PwC. 

“Privacy regulations in Europe, Singapore and other markets compel app owners to seek explicit and more specific approvals from users who can be more discerning while in India they take a blanket approval. Because of this, the risks could be higher in India,” he said.
The Cambridge Analytica data breach controversy questions about how much data does Facebook and other social media platforms have because, unlike other countries where companies like Cambridge Analytica need a proper framework of collecting data. There is no such thing in India where over 90% of messages, photographs, and other updates are in the public domain making the users of India an easy target of data and privacy breach. The permission of expressly giving the contacts on the phone and other related information of the user is something we need to look into. 

In a Special Leave Petition 804/2017, where two students challenged WhatsApp’s new privacy policy famously known as, “Whatsapp Case. It happened post-WhatsApp was acquired by Facebook in February 2014. The students claimed Whatsapp divulges data of the users to Facebook, which violates Right to Privacy. Following the Cambridge Analytica fiasco, the CEO of Facebook Mark Zuckerberg back in April 2018 admitted that the company had not done enough to protect the privacy of 2.2 billion users’ data and is committed to safeguarding users’ data. However, data leaks continued in the following years, which was not just limited to Facebook, but other social media platforms such as Twitter. 

The huge controversy broke out when the Government introduced the Aadhar Scheme in which biometric and demographic data of the cardholders were collected and compiled for benefits like the Public Distribution System, Jan Dhan, etc. and later made Aadhaar cards mandatory for the public and private purposes. The Court dismissed this case on the grounds that minimal data was collected in the enrolment process. However, such data collection is at risk of leak and malicious use as the technological advancement in the country is not up to a certain mark where it can protect the data so compiled from hackers and others. This can be easily observed in the SBI data leak, the largest bank of India which had secured information of millions of its customers on an unprotected server without a password which compromised information like bank balances, recent transactions, etc. of the customers.

Conclusion

The Information Technology Act, 2000 has provisions such as Section 43, 66, 66F and 67, which protect user’s privacy. However, the absence of a data protection law to seek legal protection of such breach makes the matter worse in a country like India, which has the highest number of Android users in the global markets. If a data breach happens in India, it indeed amounts to the violation of Right to privacy enshrined in Article 21 of the Indian Constitution. The Indian users of such social media platforms do not have any legal recourse in case of data and privacy breach, whereas in other markets, such companies are susceptible to fines. Since it is an enormous liability of companies to afford fines which can go up to their annual turnover, and they take the security of such users in other markets more seriously than in India. The citizens themselves consider privacy as an elitist concept and pay the least attention to it.

We have a long way to go in terms of holding this right as a supreme right like other fundamental rights. The K.S Puttaswamy v Union of India has already left a footprint in other judgments such as the constitutionality of the Aadhar scheme and will be seen in future for the creation of data protection and prevention of data breach laws.