India’s Supreme Court has constituted a nine-member bench to decide on whether the Right to Privacy is a fundamental right. This decision will be an important landmark in the advocacy of privacy rights in our country. The hearing has commenced and a judgement is expected in the near future. The character of Privacy rights was considered by the Supreme Court even earlier and prior benches of the same court arrived at divergent conclusions. In some of the judgements it was ruled that the Right to Privacy is Fundamental Right, while others concluded that Privacy is not a Fundamental Right.
In one of the earliest cases in M. P. Sharma decided by Supreme Court in 1954 which related to intrusion into privacy caused by search and seizure, the Court held that Right to Privacy is not a fundamental right and that “…A power of search and seizure is in any system of jurisprudence an overriding power of the State for the protection of social security and that power is necessarily regulated by law. When the Constitution makers have thought fit not to subject such regulation to constitutional limitations by recognition of a fundamental right to privacy, analogous to the American Fourth Amendment, we have no justification to import it, into a totally different fundamental right, by some process of strained construction…”. A similar conclusion was reached in Kharak Singh’s case, in 1963. This case related to whether surveillance against an accused is constitutional, the court held that “…Right to privacy is not a guaranteed right under our Constitution and therefore the attempt to ascertain the movements of an individual which is merely a manner in which privacy is invaded is not an infringement of a fundamental right guaranteed by Part III…”
You may also like to watch:
The above judgments were delivered by benches with eight and six judges respectively. However, in subsequent years, smaller benches of the Supreme Court took the view that Privacy is indeed a fundamental right. In 1975 Govind’s case, the underlying question related to the police making domiciliary visits to the accused. The court held that “…there can be no doubt that privacy-dignity claims deserve to be examined with care and to be denied only when an important countervailing interest is shown to be superior. If the Court does find that a claimed right is entitled to protection as a fundamental privacy right, a law infringing it must satisfy the compelling state interest test…” and that “…The right to privacy in any event will necessarily have to go through a process of case-by-case development. Therefore, even assuming that the right to personal liberty, the right to move freely throughout the territory of India and the freedom of speech create an independent right of privacy as an emanation from them which one can characterize as a fundamental right, we do not think that the right is absolute…”
In R. Rajagopal vs State of Tamil Nadu, decided in 1995, which pertained to the freedom of press, the court held that “…The right to privacy is implicit in the right to life and liberty guaranteed to the citizens of this country by Article 21. It is a “right to be let alone”. A citizen has a right to safeguard the privacy of his own, his family, marriage, procreation, motherhood, child bearing and education among other matters. None can publish anything concerning the above matters without his consent – whether truthful or otherwise and whether laudatory or critical. If he does so, he would be violating the right to privacy of the person concerned and would be liable in an action for damages…”.
All the above judgments relate predominantly to the territorial privacy of individuals. Territorial privacy rights are concerned with placing limitations on the ability of one to intrude into another individual’s environment. In seeking to deliver justice on cases of this kind, courts always attempt to find a balance between the larger interests of the State and individual rights. Hence, it quite natural that the conclusions vary, depending on the kind of alleged breaches discussed in the particular case.
All bodily privacy violation cases dealt by our courts, interpreted it with full vigour and seriousness always. For example, while addressing whether compulsory narcoanalysis can be conducted on individuals, the court, in Smt. Selvi & Ors vs State of Karnataka, held that “…subjecting a person to the impugned techniques in an involuntary manner violates the prescribed boundaries of privacy. Forcible interference with a person’s mental processes is not provided for under any statute and it most certainly comes into conflict with the `right against self-incrimination’…”. Similarly, in Neera Mathur v LIC, challenging LIC’s declaration form to be filled by the insured and the columns therein relating to last menstruation dates etc. the court held that the particulars required to be filled are embarrassing if not humiliating and that LIC would do well to delete such columns in the declaration. In a majority of cases concerning bodily privacy, courts have consistently upheld the near absolute Right to Privacy. The Indian parliament has enacted many legislations recognizing such strict bodily privacy. These include The Indian Medical Council (Professional Conduct, Etiquette and Ethics) Regulations, 2002, Pre-Conception and Pre-Natal Diagnostic Techniques (PCPNDT) Act, 1994, etc.
However, the notion of privacy as a right has expanded over a period of time world over. Apart from territorial and bodily Privacy rights, separate privacy rights are identified viz. health privacy, financial privacy, information/data privacy and online communication privacy, digital use privacy etc. These different kinds of privacy rights have been given different treatments in various jurisdictions, with rules and regulations appropriate to the requirement.
You may also like to watch:
All over the world, for the purpose enforcing privacy rights personal information/ data is classified into different buckets such as personal information, sensitive personal information, personally identifiable information, etc. What constitutes violation is established on the basis of the character of such information. Financial information, biometric information, health information, etc. are considered as sensitive personal information and given higher levels of protection. With respect to financial information privacy, India has good number of legislations. For example, Section 29 of Credit Information Companies Act 2005, Section 44 of SBI Act, Section 22 of Payment and Settlement Systems Act 2007, RBI’s Master Circular on Credit Card Operations of Banks, RBI’s Master Circular on Customer Service in Banks, etc., are examples.
In addition to above, in order to comply with European Union regulations on data privacy, some halfhearted efforts were made in India too by enacting Section 43A of IT Act and rules named as Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011. As per these rules, consent of data subject and data security requirements were mandated for collection and use of sensitive personal information, that includes financial, physical, physiological and mental health condition, sexual orientation, biometric information etc. This is merely a replication of the consent based privacy regime prevalent in the European Union.
What constitutes Privacy must be clearly determined before recognizing it as a fundamental right (or not). “Everyone has the right to respect for his private and family life, his home and his correspondence“ is the basic premise of privacy rights as enshrined in European Convention on Human Rights. If the right against intrusion in private life is the Right to Privacy, and that is treated as a single and whole right, then any kind of intrusion in an individual’s private life will constitute a violation. But it is highly impractical to treat every kind of intrusion to personal life at a similar level and take steps to prevent such intrusions absolutely and uniformly.
All rights, including the fundamental rights, are not absolute. All rights are subject to reasonable restrictions. The only question is the boundary of reasonableness of those restrictions. The challenges on the grounds of privacy, to the right of the state to collect citizens demographic and biometric information for creating unique identity for every citizen are thus clearly different and distinct from the territorial and bodily privacy concerns addressed in the above referred judgements.
In order to create a unique database and identity number, the UIDAI is required to collect citizens’ personal demographic and biometric data. It has already proved the multiple utilities of creating such unique identity numbers. The regulations made under the Aadhaar (Targeted Delivery of Financial and Other Subsidies, Benefits and Services) Act 2016, viz. Aadhaar (Enrolment and Update) Regulation 2016, Aadhaar (Authentication) Regulations 2016, Aadhaar (Data Security) Regulations 2016, Aadhaar (Sharing of Information) Regulation 2016 clearly attempting to follow the internationally accepted privacy principles in relation to collection, storage, use and sharing of personal data. The provisions in the regulations relating to security of the data especially biometric data collected under this scheme re-emphasizes the Government’s resolve on privacy.
In the instant case that led to the question of determination of Privacy as a fundamental right, the argument against Aadhar is that the very collection of biometric data is violative of the right to privacy that emanates from Article 21 of the constitution. As such, nobody can be compelled to share their demographic and biometric information for any purpose. To me, such arguments against Aadhar based on an extended concept of privacy are highly untenable. Demographic data of most citizens are already published in public internet. It will therefore be futile to declare that demographic data is private. From time immemorial, all over the world, thumb impressions (a biometric identifier) have been affixed for denoting consent on deeds and covenants and shared freely, kept in public record. Aadhar is doing the same thing in digital form and using the biometric information for identification purposes with strict controls on collection use and verification. Should we give an enhanced privacy rights now for biometric data and prevent Governments from collecting such biometric data based on an increased privacy consciousness? My answer is no. I would in fact go so far as to say that if the attempt is to prevent compulsory collection of biometric and demographic data as a violation of fundamental right to privacy and as such, bring a ban on collection and usage of biometric data for verification, then the intent is dubious and merely targeted to subvert the Aadhar scheme. Such a conclusion will only facilitate to continue the illegal transactions, benami activities, tax evasion and other undesirable practices prevalent in our society.
A declaration of the Right to Privacy as a fundamental right will not make the life of privacy-conscious citizens better, as fundamental rights are also subject to reasonable restrictions. Instead of arriving at a conclusion on “Privacy” taken as whole as a fundamental right (or not), it is most desirable if elaborate discussion and debate takes place on the different types of privacy rights and classification of such privacy rights, and giving protection appropriate to each such class, taking into consideration the larger interest of the state and public utility as well.
In short, an omnibus legislation on different types of privacy and their associated rights is more desirable than simply determining whether the right to Privacy as a whole, is a fundamental right.
Rajesh Vellakkat, Advocate and Partner of Fox Mandal & Associates, heading its Technology Law Practice Group, writes regularly on the intersection of law and technology. The views expressed in this column are the author’s own.