The right to privacy was famously described by Warren and Brandis, citing Judge Cooley, as the “right to be set alone” in 1890. With advent of new technologies such as Facebook, Artificial Intelligence and networking websites etc. have challenged our conception of personal privacy in ways they could not have imagined.Organizations have the ability not only to collect, store and use personal information but to track the physical location of individuals, keep their activities under surveillance, use information they post on social media, intercept emails and text messages, and to aggregate data from a wide variety of sources that ultimately paints a complete picture of one’s life.
However our understandings of privacy and the legitimacy of these practices, varybased on our values and cultural backgrounds. India is the party to the Universal Declaration of Human Rights, and the ICCPR, which recognise that no-one should be subjected to arbitrary interferences with their privacy, and that everyone has the right to protection of the law against such interferences.The Supreme Court of Indiastated in the recent judgment that privacy is fundamental to “human dignity”, and is a necessary component of freedom of association, movement and expression.
Indeed, our ability to control information about ourselves and “maintain a zone that that is free from scrutiny by others” enhances freedom by allowing individuals to protect themselves from retribution for their personal behavior and beliefs. The protection of privacy “operates against abuse of power in an era where information is integral to the effective exercise of power”. In terms of its relationship with freedom of expression, Professor Eric Barendt has observed that privacy is essential to freedom of speech – giving individuals the space within which to develop their identity, Inanother words we can see that privacy is a necessary aspect of maintaining freedom of speech, and by extension, democracies.
The Supreme Court of India, which I understand is currently dealing with a case concerning the Aadhar card scheme, is faced with a similar issue of balancing the right to privacy with other legitimate government goals. From my limited understanding, the goal of the Aadharprogramme includes streamlining social welfare programs and reducing the incidence of these funds being lost to corruption.
As Justice Chandrachud noted in the judgment, the constitutional right it is not absolute, and may have to accommodate such legitimate state aims- but those aims must be achieved in a manner which is lawful and proportionate.
While modern technology can significantly improve efficiencies in the conduct of government and business, it also represents one of modern society’s “weakest links” in privacy protection. Data breaches such as the infamous “Ashley Madison” website hack, can make public the intimate details of individual’s lives, with potentially devastating consequences. These are challenges that also face government – an Australian government department has recently faced scrutiny by the Information Commissioner for an accidental breach of the private details of over 9000 asylum seekers. No doubt these concerns face Indian government departments also- although the sheer volume of citizens, and therefore data, makes it even more challenging in this country.
There is also the competing public interest in national security, which has been of particular government concern over the last decade due to the threat of terrorism. In Australia, legislation came into effect earlier this year, amidst some public concern, giving effect to a national metadata retention scheme. The scheme requires carriage service providers to retain information, commonly known as metadata, about all the communications carried by them though not the actual content of those communications.
This data is obviously extremely important for law enforcement in the digital age- French law enforcement, for example, utilized metadata to locate the apartment occupied by perpetrators of the 2015 Paris attacks. Australian research has shown a general public willingness to forgo personal privacy for the sake of national security.
Nevertheless, it is clear at least from the European jurisprudence on data retention laws in the Digital Rights Ireland and Tele-2 decisions, that a legitimate state aim of combatting of serious crime does not necessarily validate “general and indiscriminate retention”. The difficult balance between the competiting interests is the task that faces courts in jurisdictions where privacy is constitutionally protected, when even defining privacy is no easy feat.But the question is how to legally protect- constitutionally, legislatively, by the common law, or by some mixture of them all?
The Australian law contains 13 Australian Privacy Principles- known as the APP’s – which regulate the collection, use, disclosure and handling of personal information. The third APP, for example, provides that an agency should not collect personal information unless it is reasonably necessary for, or directly related to, one of its functions or activities.
The purpose is to shift the regulatory focus from the processes or actions that must be taken, to the outcomes that are sought allowing management the freedom to find the most efficient way of achieving the required outcome. It also addresses the nebulous nature of regulating privacy, by providing greater flexibility, and “future-proofs” legislation to meet the challenges of new technology.
In my opinion, the Indian Government may appoint the Privacy Commissioner who can receive the complaints from Individuals and has the power to make a declaration about the conduct, including that they take steps to ensure the conduct is not continued or provide comprehensive damage suffered by the individual. There can be rules establishing a Notifiable Data breaches scheme, which requires APP entities to notify individuals likely to be at a risk of serious harm by a data breach- this might occur, for example, when a device containing customer’spersonal information is lost or stolen or a database containing personal information is hacked. The laws may restrict surveillance through the use of listening, optical, data and tracking surveillance devices.
Indian Criminal Code also has the provisions to protect privacy such as offences relating to photography being used for indecent purposes, or indecent filming without consent and the issue of unauthorised sharing of images, which provides for imprisonment for offence of distributing an intimate image of a person without consent.
As you may now be gathering, the legislative regime should constantly adapt to meet present public concerns about privacy.
The law in New Zealand has also developed in the context of a human rights framework, and has seen the creation of privacy tort, with protection extending extending to breaches of privacy that involve publishing private and personal information, and for intrusion upon seclusion.
Indian tort law is also developing a common law cause of action, with the Supreme Court in the case of Rajagopal articulating that privacy law has a founding in tort law and may give rise to an action for damages against private persons. It will be interesting to see the manner in which this cause of action might develop in the future in India.