Open Access Research Article

JUDICIAL INTERPRETATION OF DATA PROTECTION AND PRIVACY IN INDIA (By-Aayushi Aman)

Author(s):
Aayushi Aman
Journal IJLRA
ISSN 2582-6433
Published 2022/07/30
Access Open Access
Volume 2
Issue 7
Download PDF Open PDF Citation Search Scholar

Published Paper

PDF Preview
Download Open

Article Details

JUDICIAL  INTERPRETATION  OF  DATA  PROTECTION  AND  PRIVACY  IN INDIA
 
Authored By-Aayushi Aman
        Ba Ll.B Third Year
        Xavier Law School, St. Xavier’s University Kolkata
                                                                    
 
Abstract
 
This article aims to explore the elucidation and verdicts of Indian Courts on Data privacy and Protection, which is of utmost relevancy in this era of technology, where the growth of the digital economy is meant to be the use of data as critical means of communication between two or more persons. In this digital world, people knowingly or unknowingly share sensitive personal data on various digital platforms such as e-commerce sites, mobile apps, net banking, etc. Even though there was no comprehensive legislation on Data Privacy until the Personal Data Protection Bill of 2018, the jurisprudence of Right to Privacy has evolved and developed through a series of judgments of M.P Sharma, Kharak Singh, Maneka Gandhi, etc.  The landmark Supreme Court judgment of Justice K.S Puttaswamy v. Union of India, also known as the Aadhar judgment, for the first time held that the Right to Privacy is a Fundamental Right. This judgment initiated the drafting of Personal Data Protection Bill, 2019 under a Joint Parliamentary Committee headed by a retired Judge of the Supreme Court of India, Justice B.N Srikrishna, wherein India is going to have the first comprehensive legislation on Data Protection and Privacy . It is to examine the judgments passed by the Courts on such cases and analyze the aspect of privacy which is guaranteed under article 21 and article 19 of the Indian Constitution . For the comprehensive analysis of Right to Privacy with regard to Data Protection in the digital era, that this research project has been taken up.
 
Keywords – Right to Privacy , Data Protection , Judicial Interpretation  , K S Puttaswamy Judgement
 
  
 
?.  Introduction
 
The Concept Of Privacy
 
The etymology of Privacy is suggestive . The basic Latin form is the adjective privus , the original archaic meaning being “single” [1] The Right to Privacy was defined more than a century ago by Judge M. Cooley as the Right “to be alone” [2] . This concept, probably has its origin in an essay published in 1890 which is an oft-cited law review article written by Samuel D.Warren & Loius D.Brandeis[3] where they concluded that the Right to Privacy was based on a broader principle and claimed that the growing excesses of the press justified a remedy based on infliction of mental distress upon private individuals . They defined protection of the private realm as the foundation of the individual freedom in the modern age and argued that the law should recognise such a right and impose liability regarding any intrusions on it. Moreover, Judiciary has first recognized privacy as early as in Semayne case[4] in 1604 wherein it was recognized that “the house of everyone is to him as his castle and fortess”.
 
The right to privacy , no less important than any other right carefully and particularly reserved to the people , would stand in market contrast to all other rights declared as ‘basic to a free society’[5] . The Core sense of privacy , the central interest which is proper to be defended by the law , is the field of “ personal information ” [6]. Maintaining the confidentiality of personal information is important because there are some things about us which , put simply, are nobody else’s business unless we choose to make them such[7]. Some scholars recognise that privacy cannot be consolidated into a single concept rather it is an amalgamation of certain conceptions . According to Jerry Kang , Privacy is a union of three over- lapping cluster of ideas : 1) physical space – “ the extent to which an individual’s terrotrorial solitude is shielded from invasion by unwanted objects or signals” 2) choice – “ an individual’s ability to make certain significant decisions without interruptions 3) flow of personal information – “ an individuals’s control over the acquisition , disclosure and use of his/her personal information
 
Data Privacy And Present Data Protection Laws
In today’s time when data is the new oil and we completely rely on modern technology , smartphones and laptops .
 are placing more and more of their personal data on devices and online – both purposefully , by storing photos and documents, for example , and unwittingly, by communicating personal preferences to advertisers . Increasingly , nations have embraced concepts of privacy and implemented laws regulating the abuse of personal information
Increasingly , nations have embraced concepts of privacy and implement laws regulating the use and abuse of personal information .
 
 Information privacy is the right to have some control over how your personal information is collected and used. With speed-of-light technological innovation, information privacy is becoming more complex by the minute as more data is being collected and exchanged. As the technology gets more sophisticated so do the uses of data. And that leaves organizations facing an incredibly complex risk matrix for ensuring that personal information is protected. There are thus very genuine concerns of privacy involved in Internet.
 
Privacy was statutorily recognised globally for the very first time by the UDHR[8] in 1948 through its Article 12 . With the advent of such protection in UDHR, many countries became vigilant about the nuances of privacy and started inculcating such provisions in their domestic laws.  During the 1980s, with more globalisation and emerging possibility of data traversing international borders necessitated regulations for transborder data flows. This resulted in the OECD (Organisation for Economic Cooperation and Development) to formulate the 1980 Guidelines on the Protection of Privacy and Transborder Flows of Personal Data. The OECD which houses many countries in its association aims at bringing synergy and to harmonise diversified connotations of privacy principles as being followed in multiple jurisdictions.
 
Major transition in the privacy laws came about in 1995 when for the very first time the European Union (EU) passed the Directive 95/46/EC. This directive laid down an organised framework for EU member nations for inter-country personal data transfer/flow, protection against unlawful processing of personal data, regulation providing for processing of data, classification of sensitive data and its protection, but recently it has been supplanted by the all new EU Act — General Data Protection Regulation (GDPR) which came into effect on 25- 5-2018 with many new features such as the role of Data Protection Officer, Etc.
 
Data Protection And Privacy Laws In India
 
 India is a signatory to the Universal Declaration on Human Rights and the International Convention on Civil and Political Rights and both of them recognize privacy as fundamental right[9] When it comes to any Data protection and privacy law in India , there is no explicit or separate law statute . In the absence of a specific legislation , the Supreme Court of India has in a number of decisions contemplated the issue of Data Protection and Privacy in India pertaining to the tremendous exchange of data every second . In the sphere of technology and communications , privacy has been secured through the Information Technology Act , 2000 which provides few sections ( like section 43-A , Section 72-A etc )for Data Protection and Privacy but it fails to secure privacy in the cyberspace in a strict manner  as it was primarly  brought in to cater to needs of the outsourcing industry in India and to contain data thefts and misuse of it[10] . Also , it was not comprehensive enough to cater to all privacy dimensions in the present digital era . Thus , the analysis of the interpretations of  the Judiciary becomes utmost important when we talk about the concept and functionality of  Data Protection and Privacy in India .
 
The Supreme court , for the very first time in a 637 pages long judgement , expressly stated , through the majority opinion of the corum that Right to Privacy is a Fundamental Right under Article 21 and other Freedoms enshrined under Article 19 [11] .  In this case , the Supreme Court of
 
India , regarded The individual as core of constitutional focus and explained the Nature and facets of Dignity in connection with Privacy .
                                      
? . Judicial Interpretation Of Data Protection And Privacy , Pre - Puttaswamy Judgement
 
 
M.P Sharma v. Satish Chandra , Distt Magistrate , Delhi [12]
 
Held : A power of search and seizure is in any system of jurisprudence an overriding power of the State for the protection of social security and that power is necessarily regulated by law . When the constitution maklers have thought fit bnot to  subject such regulatiom to constitutional limitations by recognition of a analogous to Fourth Amendment , we have no justification to import it , into a totally different fundamental right , by some process of strained construction . Nor is it legitimate to assume that the constitutional protection under Article 20(3) would be defeated by the statutory provisions for searches.
The drafters of the Constitution did not intent to subject the power of search and seizure to a fundamental right of privacy
 
 
Kharak Singh v. State of Uttar Pradesh[13]
 
Held :  Court analysed the relationship between the ‘liberties’ in Articles 19(1) and 21, and found that while Article 19(1) dealt with particular species or attributes of freedom, “the term ‘personal liberty’ is used in Art. 21 as a compendious term”, which took in and comprised the residue. It observed that the term ‘personal liberty’ intends to promote the constitutional objective mentioned in the Preamble to the Constitution of assuring the dignity of the individual. On the basis of the above discussion, the Court found that clause (b) fell afoul of Article 21, and struck down Regulation 236(b), which authorised domiciliary visits. However, it upheld the rest of the Chapter 20 of the U.P. Police Regulations, as attempts to surveil the movements of an individual only invaded his privacy, and that “the right of privacy is not a guaranteed right under our Constitution
 
Govind v. State of Madhya Pradesh[14]
 
Held :Privacy-dignity claims deserve to be examined with care and to be denied only when an important countervailing interest is shown to be superior. If the Court does find that a claimed right is entitled to protection as a fundamental privacy right, a law infringing it must satisfy the compelling State interest test. Then the question would be whether a State interest is of such paramount importance as would justify an infringement of the right. Obviously, if the enforcement of morality were held to be a compelling as well as a permissible State interest, the characterisation of a claimed right as a fundamental privacy right would be of far less significance. The question whether enforcement of morality is a State interest sufficient to justify the infringement of a fundamental privacy right need not be considered for the purpose of the present case.
 
Saroj Rani v . Sudarshan[15]
 
Held : The learned Judge was of the view that a wife who was keeping away from her husband because of permanent or even temporary estrangement cannot be forced, without violating her right to privacy to bear a child by her husband. During a time when she was probably contemplating an action for divorce, the use and enforcement of Section 9 of the said Act against the estranged wife could irretrievably alter her position by bringing about forcible conception permanently ruining her mind, body and life and everything connected with it. The learned Judge was therefore clearly of the view that Section 9 of the said Act violated Article 21 of the Constitution. He referred to the Scarman Commission's report in England recommending its abolition. The learned Judge was also of the view that Section 9 of the said Act, promoted no legitimate public purpose based on any conception of the general good. It did not therefore subserve any social good. Section 9 of the said Act was, therefore, held to be arbitrary and void as offending Article 14 of the Constitution
 
 
  PUCL V. Union of India [16]
 
      Held :  By calling upon the contesting candidate to disclose the assets and liabilities of his/her spouse, the fundamental right to information of a voter/citizen is thereby promoted. When there is a competition between the right to privacy of an individual and the right to information of the citizens, the former right has to be subordinated to the latter right as it serves the larger public interest. 
 
 
 
?. Judicial Interpretation Of Data Protection And Privacy -  Justice K.S Puttaswamy Judgement
 
The Court in its judgement stressed upon the following points:
·         It was held that privacy concerns in this day and age of technology can arise from both the state as well as non-state entities and as such, a claim of violation of privacy lies against both of them.
·         The Court also held that informational privacy in the age of the internet is not an absolute right and when an individual exercises his right to control over his data, it may lead to the violation of his privacy to a considerable extent.
·         It was also laid down that the ambit of Article 21 is ever-expanding due to the agreement over the years among the Supreme Court judges as a result of which a plethora of rights has been included within Article 21 
The judgement in this landmark case was finally pronounced by a 9-judge bench of the Supreme Court on 24th August 2017 upholding the fundamental right to privacy emanating from Article 21. The court stated that Right to Privacy is an inherent and integral part of Part III of the Constitution that guarantees fundamental rights .
 
The conflict in this area mainly arises between an individual’s right to privacy and the legitimate aim of the government to implement its policies and a balance needs to be maintained while doing the same.
The SC also declared that the right to privacy is not an absolute right and any incursion of privacy by state or non-state actors must satisfy the following triple test:
1.      Legitimate Aim
2.      Proportionality
3.      Legality
The decision of all the nine judges also held the following:
·         The decision given in M.P. Sharma v Satish Chandra, which held that the Right to Privacy is not protected by the Constitution of India, stands over-ruled.
·         The decision in Kharak Singh, to the degree it holds that Right to Privacy is not guaranteed by Part III, also stands over-ruled.
·         The right to privacy of an individual is not only protected by the Constitution under Article 21 but is also an intrinsic part of the scheme of Part III which guarantees fundamental rights.
Justice Chandrachud[17]
                       “To live is to live with dignity.  The draftsmen of the constitution defined their vision of the society in which constitutional values would be attained by emphasising, among other freedoms, liberty and dignity… Dignity is the core which unites the fundamental rights because the fundamental rights seek to achieve for each individual the dignity of existence. Privacy with its attendant values assures dignity to the individual and it is only when life can be enjoyed with dignity can liberty be of true substance… The draftsmen of the constitution had a sense of history? both global and domestic– as they attempted to translate their vision of freedom into guarantees against authoritarian behaviour… The backdrop of human suffering furnished a reason to preserve a regime of governance based on the rule of law which would be subject to democratic accountability against a violation of fundamental freedoms… Hence, it would be an injustice both to the draftsmen of the constitution as well as to the document which they sanctified by constricting its interpretation to an originalist interpretation.”
 
? . The Way forward – The Personal Data Protection Bill , 2018
 
The Justice BN Srikrishna committee has submitted its report on data protection to IT Minister Ravi Shankar Prasad. Titled, “A Free and Fair Digital Economy – Protecting Privacy, Empowering Indians”, the report was submitted during a press event at the IT Ministry, along with a draft Data Protection Bill. This report is based on the fundamental belief shared by the entire Committee that if India is to shape the global digital landscape in the 21st century, it must formulate a legal framework relating to personal data that can work as a template for the developing world. Implicit in such a belief is the recognition that the protection of personal data holds the key to empowerment, progress, and innovation. Equally implicit is the need to devise a legal framework relating to personal data not only for India, but for Indians.
 
 
 Such a framework must understand from the ground up the particular concerns and aspirations pertaining to personal data shared by Indians, their fears and hopes. It is a platitude that such viewpoints may not necessarily be the same in developed countries, which already have established legal frameworks. The report thus ploughs its own furrow, responding to the challenges that India faces as a developing nation in the Global South. The Bill seeks to provide for the protection of personal data of individual . The Bill governs the processing of personal data by:
o   Government
o   Companies incorporated in India
o   Foreign companies dealing with personal data of individuals in India
·          The proposed PDP Bill is said to have been modeled along the lines of General Data Protection Regulation (GDPR), which is one of the most complicated and far-reaching pieces of legislation to have emerged from EU Parliament. Presently, the Information Technology (Reasonable security practices and procedures and sensitive personal data or information) Rules, 2011 ("IT Rules 2011 ("IT Rules"), govern protection of personal data in India and are applicable to all body corporates.
·         Once the PDP Bill becomes law, it will have far-reaching consequences and corporates will have to have proper security systems and safeguards in place systems and safeguards in place to comply with the provisions of the PDP Bill.
 
It is the Committee‘s view that the data protection law must contain adequate safeguards to adhere strictly to the judgment of the Supreme Court in Puttaswamy. The data protection law will enable an exemption to the processing of personal or sensitive personal data if it is proportionate and necessary in the interest of the security of the state and is pursuant to a law that meets the test of constitutionality. Further, any restriction on privacy must be proportionate and narrowly tailored to the stated purpose. Finally, obligations on maintaining security safeguards in processing personal data will remain on the agency collecting such data and no exemption to the same will be provided. Following the precedents in other jurisdictions, we also recommend that the Central Government carefully scrutinise the question of oversight of intelligence gathering and expeditiously bring in a law to this effect. Such a law should provide for both parliamentary oversight as well as judicial approval of all requests for non-consensual access to personal data.
 
 
Conclusion
 
Considering that certain provisions of the PDP Bill will only take effect after a period of time, it will allow data fiduciaries to prepare their system and processes to ensure compliance. The PDP Bill is the most prominent step towards a comprehensive law on personal data protection in India. However, some elements in the PDP Bill should ideally be further clarified and discussed with various stakeholders for effective implementation.

Article Information

JUDICIAL INTERPRETATION OF DATA PROTECTION AND PRIVACY IN INDIA (By-Aayushi Aman)

Authors: Aayushi Aman

  • Journal IJLRA
  • ISSN 2582-6433
  • Published 2022/07/30
  • Volume 2
  • Issue 7
Citation Download Paper Full Details Search on Google Search on Google Scholar

About Journal

International Journal for Legal Research and Analysis

  • Abbreviation IJLRA
  • ISSN 2582-6433
  • Access Open Access
  • License CC 4.0

All research articles published in International Journal for Legal Research and Analysis are open access and available to read, download and share, subject to proper citation of the original work.

Creative Commons

Disclaimer: The opinions expressed in this publication are those of the authors and do not necessarily reflect the views of International Journal for Legal Research and Analysis.

Current Issue

Ethics and Policy

For Authors