All human beings have their own thoughts, feelings, body, property, relationships, etc. Naturally, this implies that they deserve some degree of freedom regarding the same. This is the core of the right to privacy. It is a concept that has been theorized and analyzed by scholars for centuries with origination in Greek philosophy by thinkers like Aristotle, Locke, etc. The first modern notion of the right to privacy appeared in a renowned study in the year 1890. It defined privacy as “Now the right to life has come to mean the right to enjoy life, — the right to be let alone.” Another significant source of law supplemented the same and elucidated that privacy is the “right to be let alone; the right of a person to be free from any unwarranted publicity; the right to live without any unwarranted interference by the public in matters with which the public is not necessarily concerned”.
Thus, in ancient times, the key focus of the right to privacy was limited to individual freedom and prevention of interference.
Current Application of Right to Privacy – A Complex Issue
We presently live in the information era of globalization, technological evolution, powerful location and data surveillance systems, etc. This makes it vital to consider the effect of the same on the application of the right to privacy. One school of thought is that privacy is a part of basic human dignity under our fundamental rights. Thus, it should exist absolutely for every individual no matter the circumstances. The defense of Article 12 of the Universal Declaration of Human Rights (UDHR) is frequently used here which states: “No one shall be subjected to arbitrary interference with his privacy, family, home or correspondence, or to attacks upon his honor and reputation. Everyone has the right to the protection of the law against such interference or attacks.”
However, other scholars believe that privacy must come with certain restrictions to prevent unscrupulous usage. This contrasting argument further elucidates that situations of emergency may arise where personal privacy must be sacrificed for the public good, national security, prevention of crime, protection of lives, etc. This is even more relevant today considering how multiple countries such as Israel, China, Austria, and India used smartphone applications to track user health and data in an attempt to curb the spread of coronavirus. Thus, we can reasonably say that privacy is a multifaceted and complex issue.
Two recent judgments are worthy of mention regarding this subject matter. On 20th December 2021, Justice Subramaniam of Madras High Court ordered law enforcement authorities to install CCTV cameras in spas, massage, and therapy centers to prevent illegal activities and encourage transparency in the conduct of business. However, on 4th January 2022, Justice G.R. Swaminathan, also a judge in Madras High Court, declared that this order violates the right to privacy which includes the right to bodily autonomy and the right to relax. These differing orders further imply immense confusion and ambiguity regarding the right to privacy.
Facets of Right to Privacy
Roger Clarke was the pioneer of category creation for the right to privacy. He was the first privacy scholar who used a human-centric approach to do the same in a logical and astute manner. It included the privacy of a person, the privacy of personal data, the privacy of personal behavior, and the privacy of personal communication. With the progress of time, this classification has become outdated. Therefore, there are now seven types of rights to privacy. These include:
- Privacy of the person: This is the right of privacy of the body which includes its functions, features, biological data, etc.
- Privacy of behavior and action: This refers to the freedom of conduct in a private, semi-private and public space without fear of humiliation or criticism so long as it does not infringe the legal rights of others in the form of nuisance, trespass, public indecency, etc.
- Privacy of communication: This implies that no one is allowed to intercept communication as well as record and store a person’s data without their consent and due process of law.
- Privacy of data and images: This allows people to have personal control over their data and images and makes it difficult for hackers to steal the same.
- Privacy of thoughts and feelings: Essentially, this is the privacy of the mind. It gives people the creative freedom to have their own thoughts and feelings. They are not obligated to disclose the same if they have no desire to do so.
- Privacy of location and space: This gives people the right to travel in public or semi-public spaces without fear of being tracked and harassed. It also includes the right to seclusion.
- Privacy of association: This refers to a person’s right to associate or not associate with any other individual or group.
Right to Privacy as a Fundamental Right
India has a plethora of cases regarding the right to privacy. However, the earlier cases considered fundamental rights at their face value itself and did not acknowledge that right to privacy must be included in the same. Many years later, a landmark case came into the picture. Here, a writ petition was filed by Justice K.S. Puttaswamy regarding the legal and constitutional validity of the Aadhar Card scheme initiated by the Unique Identification Authority of India (UIDAI). It contested that this scheme aimed to collect vast demographic biometric data which will indirectly create a surveillance state and contradict the fundamental rights of every citizen. The Supreme Court in its judgment declared as follows –
“The right to privacy is inextricably bound up with all exercises of human liberty – both as it is specifically enumerated across Part III, and as it is guaranteed in the residue under Article 21 of the Constitution of India. It is distributed across the various articles in Part III and, mutatis mutandis, takes the form of whichever of their enjoyment its violation curtails.”
Thus, the nine-judge bench overruled the earlier cases of M.P. Sharma and Kharak Singh to the extent that those decisions held the absence of the fundamental right to privacy. They also over-ruled the ADM Jabalpur case which had allowed suspension of fundamental rights during a State-declared emergency and seriously questioned the judicial reasoning in the Naz Foundation case that suggested that the LGBTQ+ community cannot get the right to privacy simply because their population numbers are too insignificant. Moreover, they said that this right includes liberty over personal decisions (e.g. consumption of beef), bodily integrity (e.g. reproductive rights), protection of personal information (e.g. privacy of health records), etc.
Exceptions to Right to Privacy
The Constitution of India provides reasonable restrictions to the right to privacy in the “interest of the sovereignty and integrity of India, the security of the State, friendly relations with foreign States, public order, decency or morality, or in relation to contempt of court, defamation or incitement to an offense”. Furthermore, other fundamental rights may be more authoritative than the right to privacy in certain situations which creates a limitation on the same. Recently, the Delhi High Court said that “Since no fundamental right under our Constitution is absolute, in the event of a conflict between two fundamental rights, as in this case, a contest between the right to privacy and the right to a fair trial, both of which arise under the expansive Article 21, the right to privacy may have to yield to the right to a fair trial.”
In reference to the aforementioned landmark case, another restriction to the right of privacy is the three-pronged test provided by Justice D.Y. Chandrachud which must be satisfied for judging the acceptable limits for invasion of privacy:
- A valid law established by due procedure must exist that justifies an infringement on privacy.
- A genuine need for the invasion of privacy must be present. A legitimate state aim must be there that falls within the ambit of reasonableness. This is crucial for the prevention of arbitrary State action.
- The method, nature, and quality of encroachment adopted by the Legislature must be proportional to the objects, needs and purposes sought to be fulfilled by the law.
Protecting Privacy
The Justice B.N. Srikrishna Committee submitted a report to the Ministry of Electronics and Information Technology in 2018. It was established in 2017 to investigate the problems related to data protection in great detail and propose ideas to effectively deal with them. Some recommendations made are as follows:
- Obligations for processing Personal Data: Processing of personal data should be done only for “clear, specific and lawful” purposes. Only that data which is indispensable for such processing and is necessary for the functioning of the Parliament may be collected. Data regarding children must be specifically and more stringently protected.
- Right to be Forgotten: Data principals must have the ability to limit, de-link, delete, or correct the disclosure of personal data by a data processor.
- Data Localisation: A copy of personal data should be stored on Indian servers and cross-border transfers should be limited by model contract clauses. Critical personal data, however, must only be processed in India for reasons of safety.
- Consent: Sensitive personal data should not be processed unless direct consent is provided.
- Regulatory Body: A Data Protection Authority (DPA) must be set up to oversee and enforce data protection rights. They shall have the power to make inquiries, take required action against data processors, etc.
- Appellate Tribunal: The Central Government shall establish an appellate tribunal or grant powers to an existing appellate tribunal to hear and dispose of any appeal against an order of the DPA.
- Penalties: A penalty of Rs. 15 crores or 4% of the total worldwide turnover of any data collection/processing entity must be established when provisions of data protection law are violated to encourage deterrence.
- Amendments: The Aadhaar Act, 2016 must be amended in the form of offline verification, novel civil and criminal penalties, etc to ensure the independence of the UIDAI and improve data protection. Other acts such as Information Technology Act, 2000, the Census Act, 1948, etc must also include minimum data protection standards.
A draft “Personal Data Protection Bill” was simultaneously submitted with the report by the same committee. The Indian cabinet ministry altered a few provisions and then approved the bill on 4 December 2019 and named it the “Personal Data Protection Bill, 2019”. This bill was listed in the Lok Sabha on 11 December 2019. This revised bill was heavily criticized by Justice B.N. Srikrishna for providing the government with excess power and liberty. Thus, it is vital that both bills are analyzed in detail and an ideal data protection act is created that provides individual freedom as well as government accountability.
Furthermore, the active participation of a nation in international treaties is an ingenious technique to protect the privacy of its citizens. India has skilfully understood the same by ratifying the International Covenant on Civil and Political Rights (ICCPR). Article 17 of the same provides that “no one shall be subjected to arbitrary or unlawful interference with his privacy, family, home or correspondence or to unlawful attacks on his honor and reputation”. India is also a party to the international instrument of UDHR.
Conclusion
On a moral basis, every individual deserves the right to privacy. The Indian Judiciary partly agrees with the same. While it has declared privacy as a part of the constitutional right to life, it has also created some reasonable limitations in its enforcement. This creates a balance between the conflicting ideals of personal autonomy and national security. However, this has also unintentionally made the application of the right to privacy a grey area that requires certain guidelines. The B.N. committee recommendations, the PDP Bill, the ICCPR, etc. are all examples of attempting the same. Thus, these solutions must be stringently followed.