Privacy Rights and Data Protection: Law, Technology and Politics By: Jeba Boktiar Mondal and Pallavi Singh

The Author, Jeba Boktiar Mondal and Pallavi Singh are 2nd year students of BA LLB( Hons) ,Presidency University, Bangalore.

ABSTRACT: This paper deals with the privacy issue in Indian perspective with respect to challenges in three different dimensions like Legal, Technical and Political domain. We have proposed framework to deal with these challenges. Advancement in technology such as Mobility (Geographic Knowledge Discovery), Data Mining, Cloud computing etc. brings unforeseen challenges and one of the major challenges is threat to “privacy”. Today we can access any information related to anyone from anywhere at any time but this arise a new threat to private and confidential information. Globalization has given acceptance of technology in the whole world, as per growing requirement different countries has introduced different legal framework like DPA (Data Protection Act)1998 UK, ECPA(Electronic Communications Privacy Act of 1986) USA etc. from time to time ,but in India there is no such comprehensive legal framework that deals with privacy issue. To handle major cyber challenges we refer ITA Act 2008 that was built with the motivation to facilitate e-commerce and hence the privacy was not prior concern in IT act. This suggestive framework provides comprehensive solution as per present and future requirements of privacy in Indian scenario. As rightly said “true power of any law lies on its ability and ease of enforcement”.

Keywords: legal, private, data.

INTRODUCTION

The word privacy may have different meanings in different perspective in different scenario. Probably this was our culture and living style or the unanticipation about upcoming and fast growing technology that has not compel the lawmakers to include the issue of privacy while framing the legal structure for nation. Before discussing the e-privacy and data protection in Indian perspective we need to define privacy term.  

The word privacy has been derived from the Latin word   “Privates which mean separate from rest”. It can be define as capability of an individual or group secludes themselves or information about themselves and thereby reveal themselves selectively. Privacy can be understood as a right of an individual to decide who can access the information, when they can access the information, what information they can access.

Indian constitution defines the privacy as personal liberty in Article 21. “Protection of Life and Personal Liberty” No person shall be deprived of his life or personal liberty except according to procedure established by law. The privacy is considered as one of the fundamental rights provided by constitution in list I.

PRIVACY OF DATA

Over last couple of years there has been a substantial increase in the amount of data that is generated through the usage of various electronic devices and applications. Today’s businesses derive a substantial value by analyzing the ‘big data’ and often determine their business strategies based on such analysis. While there is no denying the business efficiency involved, the burning question is ‘do individuals have a control over the manner in which information pertaining to them is accessed and processed by others’.

Privacy is the right to be left alone or to be free from misuse or abuse of one’s personality. [1]The right of privacy is the right to be free from unwarranted publicity, to live a life of seclusion, and to live without unwarranted interference by the public in matters with which the public is not necessarily concerned.

The right to privacy is not new. It has been a common law concept, and an invasion of privacy gives a right to the individual to claim tort based damages. One of first cases on the said topic was Semayne’s Case (1604[2]). The case related to the entry into a property by the Sheriff of London in order to execute a valid writ. Sir Edward Coke, while recognising a man’s right to privacy famously said that “the house of everyone is to him as his castle and fortress, as well for his defence against injury and violence, as for his repose”. The concept of privacy further developed in England in the 19th century and has been well established in today’s world. In case of Campbell v. MGN, [3]the court held that if “there is an intrusion in a situation where a person can reasonably expect his privacy to be respected, that intrusion will be capable of giving rise to liability unless the intrusion can be justified”.

INDIAN JURISPRUDENCE ON RIGHT TO PRIVACY

i. Article 21: Article 21 of the Constitution of India provides that “No person shall be deprived of his life or personal liberty except according to procedure established by law”. However, the Constitution of India does not specifically recognize ‘right to privacy’ as a fundamental right.

ii. Whether the ‘right to privacy’ is a fundamental right was first considered by the Hon’ble Supreme Court in the case of M. P. Sharma and Ors. v Satish Chandra, District Magistrate, Delhi and Ors[4]., wherein the warrant issued for search and seizure under Sections 94 and 96 (1) of the Code of Criminal Procedure was challenged. The Hon’ble Supreme Court had held that the power of search and seizure was not in contravention of any constitutional provision. Further, the Hon’ble Supreme Court refrained from giving recognition to right to privacy as a fundamental right guaranteed by the Constitution of India.

iii. Thereafter, in the case of Kharak Singh v State of Uttar Pradesh and Ors[5]., the matter considered by the Hon’ble Supreme Court was, whether the surveillance by domiciliary visits at night against an accused would be an abuse of the right guaranteed under Article 21 of the Constitution of India, thus raising the question as to whether Article 21 was inclusive of right to privacy. The Hon’ble Supreme Court held that such surveillance was, in fact, in contravention of Article 21.

CURRENT ISSUES SURROUNDING DATA PRIVACY

i. The Hon’ble Supreme Court has laid down a threefold requirement for State’s interference with the fundamental rights. While the State may intervene to protect legitimate state interests, (a) there must be a law in existence to justify an encroachment on privacy, which is an express requirement of Article 21 of the Constitution, (b) the nature and content of the law which imposes the restriction must fall within the zone of reasonableness mandated by Article 14, and (c) the means which are adopted by the legislature must be proportional to the object and needs sought to be fulfilled by the law19. Therefore, going forward any laws which seek to encroach upon the right of privacy of an individual would need to meet the test of proportionality and reasonableness. It will take a few years before jurisprudence around what constitutes reasonable and proportionate State interference settles temporarily. The validity of Adhar Scheme will now be tested on the basis of this judgment.

ii. It is often argued that India should adopt ‘rights based’ data protection model as opposed to today’s ‘consent based’ model. Under the consent based model, the data controller is free to use, process and share the data with any third parties, once the consent of the user is obtained. However, not many are aware of the actual consequences of the indiscreet data sharing at the time of providing consent. On the other hand the ‘rights based’ model allows the users to have greater rights over his/her data while requiring the data controller to ensure than such rights of the users are not breached. This leads to a greater autonomy of the users over their personal data.

iii. The decision of the Hon’ble Supreme Court empowers the citizens of India to seek judicial relief in case of breach of its data privacy rights. This could have an impact on the privacy and protection policies implemented by tech companies in India. The users can not only raise torts based claims but can also invoke their fundamental right to privacy.

 LEGAL CHALLENGES

In Indian context there is a lack of proper privacy legislation model so it is extremely difficult to ensure

protection of privacy rights. But in absence of specific laws there are some few proxy laws or incident safeguard that the government is using for privacy purpose. 

Certain legislative framework that provides indirect support to privacy concerns in India, like Article 21,

Indian Constitution, IT Act 2000,Indian Contract Act 1872,Indian Penal Code, Indian Copyright Act, Consumer Protection Act 1986 ,Specific Relief Act 1963,Indian Telegraph Act.[6]

There is following lacuna in present Indian legal frame work for privacy:

1. No comprehensive law and still privacy issue is dealt with some proxy.
2. No legal framework that talks about ownership of private.
3. No certain procedure of creating, processing and transmitting the information.

· No comprehensive law and still the privacy issue is dealt with some proxy has no convergence on the

· No classification of Information as public information, private information sensitive information.

· No legal frame work that talks about ownership of private and sensitive information and data 

· No certain procedure of creating, processing transmitting and     storing the information.

·  Lack of any guideline that defines about Data Quality, Proportionality and Data Transparency.

· No framework that deals with the issue of cross-country flow of information.

In this era of information technology such loophole in legal framework cannot be ignore and can lead to some severe impairment for individual as well as Nation.

DATA PROTECTION: ESSENTIAL FOR EXERCISE OF RIGHT TO PRIVACY

Privacy is an internationally recognised human right. Article 12 of the Universal

Declaration of Human Rights (UDHR) proclaims that:“No one shall be subjected to arbitrary interference with his privacy, family, home or correspondence; everyone has the right to the protection of the law against such interference or attacks”.

The UDHR has formed the basis for the major international human rights treaties, which similarly enshrine the right to privacy, including the International Covenant on Civil and Political Rights (ICCPR) in Article 17. In 2011, the then-UN Special Reporter on the Promotion and Protection of the

Right to Freedom of Opinion and Expression issued a report similarly noting that “the protection of personal data represents a special form of respect for the right to privacy.”

DATA PROTECTION SHOULD ENSURE THE FOLLOWING:

• There should be limits on the collection of personal data, and it should be obtained by lawful and fair means, as well as being done in a transparent manner.

• The purposes for which the data and information is to be used should be specified (at the latest) at the time of collection, and should only be used for those agreed purposes. Personal data can only be disclosed, used, or retained for the original purposes (i.e. the purpose at the time of collection), except with the consent of the individual or under law: accordingly, it must b deleted when no longer necessary for that purpose.

• Personal data, as generated and processed, should be adequate, relevant, and limited to necessity of the purposes for which it is to be used.

• The data should be accurate and complete, and measures should be taken to ensure it is up to date

• Reasonable security safeguards should be used to protect personal data from loss, unauthorised access, destruction, use, modification, or disclosure.

• There should be no secret processors of data, sources, or processing. Individuals must be made aware of the collection and processing of their data, as well as the purpose of its use, who is controlling it, and who is processing it.

DATA PROTECTION IN PRACTICE TODAY

As of January 2018, over 100 countries around the world have enacted comprehensive data protection legislation, and around 40 countries are in the process of enacting such laws. Other countries may have privacy laws applying to certain areas, for example for children or financial records, but do not have a comprehensive law on data protection.

In countries where there is no comprehensive data protection framework, data protection is regulated through sectorial laws where it is regulated at all. For instance, though an early leader in the field of data protection, the US Privacy Act 1974 applies only to the Federal Government, and subsequent laws apply

to specific sectors or groups of individuals (e.g. the Children’s Online Privacy Protection Act (COPPA)), but there is no comprehensive data protection law to date. This sectorial approach is still in place in many countries, including India.

A significant development in data protection law occurred with the adoption of the EU General Data Protection Regulation (GDPR), which will take effect on 25 May2018. The GDPR is comprehensive, covering almost all personal data processing. It is also significant, as its implementation will affect not only data controllers based within the EU, but also those that offer goods or services to, or monitor the

behaviour of, individuals based in the EU.

CONCLUSION

Protection of personal data is inextricably linked with privacy i.e. right of every person to enjoy his life and liberty without arbitrary interference with his private life, his family, his home or his correspondence etc. The word ‘private’ must be understood in contradistinction to ‘public’. Therefore, the right to be let alone and its protection is extremely important in the present obtrusive information technology age. Since there is no one enactment which comprehensively governs data protection in India, the legal provisions governing the same need to be derived from various legislative enactments. In this part which has examined in detail the relevant legislative provisions which have an impact on the manner which is personal data is collected and handled in India. Further, the European data protection regulations have an extra-territorial applicability and have an impact on data ‘controllers’ and ‘processors’ outside of European Union (“EU”), but dealing with data subjects within the EU.

References:

[1]https://searchdatabackup.techtarget.com/definition/data-protection

[2] Semayne’s Case (1604) All ER Rep 62; 5 Co Rep 91 a; Cro Eliz 908; Moore KB 668; Yelv 29; 77 ER 194

[3] Campbell v. MGN, [2004] 2 AC 457

[4] M. P. Sharma and Ors. v Satish Chandra, District Magistrate, Delhi and Ors 1954 AIR 300, 1954 SCR 1077

[5] Kharak Singh v State of Uttar Pradesh and Ors 1963 AIR 1295, 1964 SCR (1) 332

[6] www.nibusinessinfo.co.uk

Picture Source :