What do we mean by a “right of privacy” in India?

What do we mean by a “right of privacy” in India?

Justice Cooley in 1888 defined it simply as a right to be left alone. Alternatively, it may be defined as a right to be anonymous. The two definitions are quite different but both are important, and the right to be anonymous is a form of privacy that has particularly significant implications in cyberspace. In legal terms, our right of privacy amounts to a right to be free from government intrusion into certain areas of our lives and a right to be free from intrusion by other individuals into our “private” lives. The former is protected largely through Constitutional interpretation and a number of statutes; the latter is protected largely through the common law under tort principles.
Before 1890 no English or American court had ever granted relief based on such a claim as “invasion of privacy.” 
However, in 1890 a Harvard Law Review article by Samuel Warren and Louis Brandeis examined a number of cases ostensibly decided on other grounds, and concluded that these decisions were actually based on a broader principle, a right of privacy. Warren and Brandeis claimed such a principle was in fact necessary to deal with what was seen as the growing problem of excesses of the press. New York was the first state to confront this issue head on in the wake of the article. Several lower courts had held the existence of a right of privacy.
The New York State Court of Appeals (which is, oddly, the State’s highest court – the “Supreme Court” is the State’s entry level court) got to review the matter in the case of Roberson v. Rochester Folding Box Company in 1902. In this case, the defendant had used a picture of an attractive young woman to advertise its flour without her consent. In a 4–3 decision, the Court of Appeals held that there was no legal precedent for such “right of privacy.” Furthermore, the Court felt that recognizing a right of privacy was a poor idea because, first, the alleged harm was of a purely mental character and would thus be difficult to prove or disprove; second, recognizing a right of privacy would lead to a flood of litigation; third, there would be difficulty in distinguishing between “public” and “private” figures, whose protections under a right of privacy would differ; and finally because it might lead to undue restrictions on the freedom of the press.
A public outcry followed the decision and, in its next session, the New York State Legislature passed a law banning the use of a person’s name or picture “for advertising purposes or for the purposes of trade” without the person’s written consent. By the 1930s “virtually” all jurisdictions had recognized the Right of Privacy, either by statute or through the common law.

Man’s house is his castle.a well-known proverb is also getting legal recognition as Right to Privacy. Human beings have a natural need to autonomy or control over confidential part of their. This need is inherent in human behaviour  and now this has been recognized as fundamental right to privacy. It is not a right against physical restrains but it is a right against psychological restrain or encroachment of right . USA, UK, India, and at International level UDHR, ECHR, ICCPR has recognized this right as fundamental right.

Position in India

Right to Privacy is not explicit in the Constitution of India, so it is a subject of judicial interpretation. The judicial interpretations of fundamental right bring it within the purview of fundamental right. The journey of this project would start from the search of answer of issue that whether the right to privacy is a fundamental right, through analysis of cases and some pioneering work of scholars.

In India, after the case of R. Rajagopal alias R. R. Gopal v State of Tamil Nadu and People s Union for Civil Liberties (PUCL) v Union of India , the right to privacy is well recognized as Right to Life. In the case of People s Union for Civil Liberties (PUCL) v Union of India (Telephone Taping Case) Supreme of India also observed Article 17 of ICCPR and Article 12 of UDHN.

The apex court is hearing the Aadhaar card privacy issue.The Government is of a view and has argued before Supreme Court that “there is a fundamental right to privacy, but it is a wholly qualified right”.  The constitution bench of Supreme Court in the same case have said "Can this court define privacy? You can't make a catalogue of what constitutes privacy. Privacy is so amorphous and includes everything... if we make any attempt to catalogue privacy it will have disastrous consequences," 

What now evolves remains to be seen, but i agree that Privacy cannot be an absolute right. I also agree that Data Privacy is bigger than Right to Privacy in this cyber age. India definitely needs Data Privacy or Data Protection Act.

Why does India need Data Privacy or Protection Law ?

Why does India need a Data Protection Law?

Apart from appeasing European Union for sharing data with Indian companies, One of the reason is

presently all Data of ours -Search, Emails, Chats of Google, FB, Hotmail, Whatsapp are stored in Californian Servers, USA Jurisdiction.

US Foriegn Intelligence Survivelenace Court (FISA) with a single penstroke court gag order can take all Indian MPs, PMO, Home Minister,MEA's etc Email data and Analyse them for leverage in Intl' Affairs, Thats a severe Threat, #privacy intrusion. 

Not to mention even the Locations of each Citizen,Official in India can be monitored by US NSA analysts as of now with #Whatsapp, Android Phones relaying data back to USA servers. 

Hence a Data Protection Law in India is a need of the Hour.

"How to turn Android Phone or Tablet into a Server"

.You can check it out here - https://joyofandroid.com/use-old-android-phone-as-server/

What is Sensitive Personal Data or Information in India ?

What is Sensitive Personal Data or Information in India ? 

[ DATA PROTECTION LAWS IN INDIA ]

Sensitive Personal Data or Information though not directly defined in The Section 2 of The IT Act, 2000. But the definition which has force of law is  defined under the section 3  of  THE INFORMATION TECHNOLOGY (REASONABLE SECURITY PRACTICES AND PROCEDURES AND SENSITIVE PERSONAL DATA OR INFORMATION) RULES, 2011 made by Central Government In exercise of the powers conferred by clause (ob) of sub­section (2) of section 87 read with section 43A of the Information Technology Act, 2000 (21 of 2000). Section 3 reads as 

3.    Sensitive personal data or information.—

 Sensitive personal data or information of a person means such personal information which consists of 

 information relating to;―

(i)  password;

     (ii) financial information such as Bank account or credit card or debit card or other payment instrument details ;

       (iii) physical, physiological and mental health condition;

       (iv) sexual orientation;

       (v) medical records and history;

       (vi) Biometric information

      (vii) any detail relating to the above clauses as provided to body corporate for providing service; and

      (viii) any of the information received under above clauses by body corporate for processing, stored or processed under lawful contract or otherwise:

        provided that, any information that is freely available or accessible in public domain or furnished under  the Right to Information Act, 2005 or any other law for the time being in force shall not be regarded as  sensitive personal data or information for the purposes of these rules. 

        To enlarge this definition further 

Definition’s of

1.   Data

2.   Information

3.   Personal Information 

4.   Body corporate

Have to be added to the definition of “Sensitive Personal Data or Information” as legislature have defined them separately.

Section 2(1)(o) of The IT ACT,2000 Defines "Data" means a representation of information, knowledge, facts, concepts or instructions which are being prepared or have been prepared in a formalised manner, and is intended to be processed, is being processed or has been processed in a computer system or computer network, and may be in any form (including computer printouts magnetic or optical storage media, punched cards, punched tapes) or stored internally in the memory of the computer;

Section 2(1)(v) of The IT ACT,2000 Defines "Information" as

        "Information" includes data, message, text, images, sound, voice, codes, computer programs, software and databases or micro film or computer generated micro fiche; 

Section 2(1)(i) defines Personal Information as “Personal Information” means any information that  relates to a natural person, which, either directly or indirectly, in combination with other information  available or likely to be available with a body corporate, is capable of identifying such person.

        "Body Corporate" is defined under Explanation (i) of The Section 43-A of The IT Act, 2000 as "Body corporate" means any company and includes a firm, sole proprietorship or other  association of individuals engaged in commercial or professional activities; 

      

       So the full length definition of Sensitive Personal Data or Information would be 

       Sensitive personal data or information of a person means any information that  relates to a natural person, which, either directly or indirectly, in combination with other information available or likely to be available with any company and includes a firm, sole proprietorship or other association of individuals engaged in commercial or professional activities, is capable of identifying such person  which consists of  data, message, text, images, sound, voice, codes, computer programs, software and databases or micro film or computer generated micro fiche relating to;―

         (i)  password;

        (ii) financial information such as Bank account or credit card or debit card or   other payment instrument details ;

        (iii) physical, physiological and mental health condition;

        (iv) sexual orientation;

        (v) medical records and history;

        (vi) Biometric Information

        (vii) any detail relating to the above clauses as provided to body corporate for providing service; and

       (viii) any of the information received under above clauses by body corporate for processing, stored or  processed under lawful contract or otherwise:

        provided that, any information that is freely available or accessible in public domain or furnished under the Right to Information Act, 2005 or any other law for the time being in force shall not be regarded as 

       sensitive personal data or information for the purposes of these rules. 

       Also, reading carefully clause (viii) above the further intention of legislature could also be found out that Information any information that is NOT freely available or accessible in public domain or furnished under the Right to Information Act, 2005 or any other law for the time being in force shall  be regarded as sensitive personal data or information for the purposes of these rules. 

       even though presence of the word shall gives it a directive meaning.

       So the questions could be :

if someone lays hand on my mobile phone  CDR(Call Data Record) illegally and finds out  whether i am calling which Specialist Doctor or psychiatrist or Specialist Lab like Thyrocare e.t.c does it reveal my medical record or history or Mental health condition or it gives certain conclusion to the  person who has illegally procured  my CDR. 

 I feel Yes !!

        If i am calling my banker or my stock broker or private equity guy or any lender or investor isn't the CDR revealing it all my financial details.

 I feel Yes !!

       CDR (call data record) thus falls under definition of Sensitive Personal Data or Information under the IT Act, 2000

Other Examples of Sensitive Personal Data would be:

1.   Pathology Lab Reports.

2.   Sex determination test.

3.   Height or Weight of the person

4.   Bank Statement.

5.   Credit card /Debit card Statements.

6.   Cheque or Demand Draft or Pay order or echeque details

7.   PIN Number

8.   DIN Number

9.   Secret Question to reveal password

10. Electronic keys e.t.c

The Supreme Court of India has interpreted the right to life to mean right to dignified life in Kharak Singh case especially the minority judgment of Subba Rao, J. In Gobind v. State of M.P, Mathew J.,

delivering the majority judgment asserted that the right to privacy was itself a fundamental right, but subject to some restrictions on the basis of compelling public interest. Privacy as such interpreted by our Apex Court in its various judgments means different things to different people. Privacy is a desire to be left alone, the desire to be paid for

ones data and ability to act freely.

Right to privacy relating to a person’s correspondence has become a debating issue due to the technological developments. In R.M. Malkani v. State of Maharashtra, the Supreme Court observed that, the Court will not tolerate safeguards for the protection of the citizen to be imperilled by permitting the police to proceed by unlawful or irregular methods. Telephone tapping is an invasion of right to privacy and freedom of speech and expression and also Government cannot impose prior restraint on publication of defamatory materials against its officials and if it does so, it would be violative of Article 21 and Article 19(1)(a) of the Constitution. In Peoples Union for Civil Liberties v. Union of India the Supreme Court held that right to hold a telephonic conversation in the privacy of one’s home or office without interference can certainly be claimed as right to privacy. In this case the Supreme Court had laid down certain procedural guidelines to conduct legal interceptions, and also provided for a high-level review committee to investigate the relevance for such interceptions.

Conclusion :

So if Body Corporate Do not follow reasonable security practices to safe guard Sensitive Personal Data or Information of all the data they possess have to pay severe compensation to the entity/ person whose data so gets compromised.

Sensitive Personal Data or Information though defined in the IT Rules of 2011under The IT Act, cannot be construed strictly as it is said law lies in its interpretation and history has shown interpretation differs in different times .The definition cannot be strictly construed for two reasons. One because the definition encompasses various words which are defined separately and cognizance have to be taken to arrive at intentions of the legislature and society at large and Second because what can be sensitive to one person at one time cannot be sensitive to other person at different timings. As today if we get Call Data Records of Harshad Mehta or Nathuram Ghodse even though the data so obtained would remain personal but not sensitive coz of time has passed by and so is relevance.