• Associate Sponsor

SC judgment on right to privacy: What does it mean for data privacy, Aadhaar?

Supreme Court judgment have by and large held the view that the right to privacy is also part of the “freedom rights” under Article 19 (right to speech, movement, etc) or under all of the fundamental rights enumerated in Part III of the Constitution.

Published: August 25, 2017 4:38 pm
Supreme Court ruling, Supreme Court, Right to Privacy, Supreme Court Judgement, SC Right to Privacy, Aadhaar, Aadhaar legal or not, WhatsApp privacy, Digital Privacy India, Privacy in India In a judgment delivered today, a 9 judge constitutional bench of the Supreme Court of India held that the right to privacy is a fundamental right under the Constitution of India. (File Photo)

By Stephen Mathias

A nine judge constitutional bench of the Supreme Court of India has held the right to privacy is a fundamental right under the Constitution of India. Most notably, the decision was unanimous with 9 judges coming to the same conclusion through six separate judgments. Justice DY Chandrachud wrote the main judgment for himself and three other judges.

The court has held the right to privacy is part of the right to life and is on similar terms with the right to human dignity. The judgments have by and large held the view the right to privacy is also part of the “freedom rights” under Article 19 (right to speech, movement, etc) or under all of the fundamental rights enumerated in Part III of the Constitution. In arriving at this conclusion, the court examined past case law in India dealing with the right to privacy, as well as court decisions and jurisprudence in numerous other countries, including the US, EU, Canada and South Africa.

What does this decision portend for India? For a start, it will result in a paradigm shift in the way the government deals with personal information. Up till recently, not only has there been little protection of personal information but the government has largely practiced a “no privacy” policy. Large amounts of citizen data are freely available on government databases on the internet. In this digital age, this is becoming increasingly dangerous as it makes it easy for individuals to become victims of identity theft.

The judgment probably paves the way for the enactment of a comprehensive privacy legislation. Indeed, India will be one of the last remaining democracies in the world to enact a privacy law; most of North America, Europe, Japan, and the ASEAN region already have comprehensive privacy regulation in place. The government recently appointed a committee to recommend a framework for data protection and to prepare a draft enactment. So perhaps we are going down the right path already.

For supporters and opponents of Aadhaar, their euphoria and disappointment over the judgment is somewhat misplaced. Those who support Aadhaar have argued the social and economic benefits of Aadhaar far outweigh privacy concerns. It is more important to feed a poor man than worry about his privacy, so goes the argument. Opponents of Aadhaar believe its implementation is now in doubt and may collapse under constitutional challenge before the Supreme Court.

Also read:Right to Privacy: What the judgment means for Aadhaar, its constitutionality

There is however a middle path, one I have been advocating for some time. The problem with Aadhaar is not so much with the biometric and other basic information that the UIDAI collects. That is undoubtedly important and needs to be protected, but some protection is already available under the Aadhaar Act.

The key concern with Aadhaar relates to information about individuals which is touched by the Aadhaar number. As Aadhaar is used for more and more government and quazi-government services, more and more databases will have your Aadhaar number in them. Once these databases are connected, a government official can, with a click of a mouse and some reasonably simple data analytics tools, engage in very extensive profiling. Indeed, such a profiling has never before been done in the history of the world and the consequences are nothing short of frightening.

With this ruling, the Government will be forced to frame rules that guide when an individual’s personal information can be accessed and in what manner it can be used. Thereafter, Aadhaar can continue to be implemented and indeed, made mandatory for more services. As for those who wish to live without Aadhaar, this ruling is unlikely to help them. The right to privacy cannot result in an unfettered right to be left alone. Indeed, the judgments reiterate that government actions can limit the right to privacy provided it is done in a manner that meets the standards already laid down by the court to test infractions of fundamental rights.

A privacy law will have many other benefits, such as promoting greater reliability for India as a destination for offshoring or for the Government to deal with real privacy threats resulting from the increasingly digital world that we live in. The argument has been made that Aadhaar is no different from individuals divulging their personal information on social media sites. While there are significant differences between Aadhaar and such conduct and that should be debated separately, a privacy law will give the Government the framework to deal with these kinds of issues as well.

In enacting a privacy law, we need to be circumspect, drawing on the experiences of other countries. Privacy law is a fairly complex field; this is because personal information exists in so many different sectors – education, healthcare, banking, telecom, to mention just a few. Regulations need to take into account all sorts of different scenarios.

Indeed, one of the key requirements of a privacy law is a technology savvy and nimble Information Commissioner who can move quickly to adjust regulations to deal with real life scenarios which will play out regularly during the initial years. Further, the privacy authority needs to co-ordinate efforts with other sector based authorities, such as for example, the RBI in the banking space, so that multiple regulations can be implemented harmoniously.

We have every reason to celebrate, to be proud of our Supreme Court. This moves the country forward. But we have miles to go before we have a developed privacy ecosystem in place, with a statute, regulations and a sophisticated regulatory authority.

Stephen Mathias is a technology lawyer with law firm Kochhar & Co. with a specialisation in privacy law.

For all the latest Technology News, download Indian Express App

  1. R
    Reader
    Oct 14, 2017 at 6:45 pm
    A centralized and inter-linked biometric database like Aadhaar will lead to profiling and self-censorship, endangering freedom. Personal data gathered under the Aadhaar program is prone to misuse and surveillance. Aadhaar project has created a vulnerability to identi-ty fraud, even identi-ty theft. Easy harvesting of biometrics traits and publicly-available Aadhaar numbers increase the risk of impersonation, especially online and banking fraud. Centralized databases can be hacked. Biometrics can be cloned, copied and reused. Thus, BIOMETRICS CAN BE FAKED. High-resolution cameras can capture your fingerprints and iris information from a distance. Every eye hospital will have iris images of its patients. So another person can clone your fingerprints and iris images without your knowledge, and the same can be used for authentication. If the Aadhaar scheme is NOT STOPPED by the Supreme Court, the biometric features of Indians will soon be cloned, misused, and even traded.
    (0)(0)
    Reply
    1. R
      Reader
      Aug 25, 2017 at 6:56 pm
      Why the United Kingdom's biometrics-linked National Ident-ity Card project to create a centralized register of sensitive information about residents similar to Aadhaar was scrapped in 2010??? The reasons were the massive threat posed to the privacy of people, the possibility of a surveillance state, the dangers of maintaining such a huge centralized repository of sensitive information, and the purposes it could be used for, and the dangers of such a centralized database being hacked. The other reasons were the unreliability of such a large-scale biometric verification processes, and the ethics of using biometric identification.
      (0)(0)
      Reply
      1. R
        Reader
        Aug 25, 2017 at 6:55 pm
        The US Social Security Number has no biometric details, no photograph, no physical description and no birth date. All it does is confirm that a particular number has been issued to a particular name. Instead, a driver's license or state ID card is used as an identification for adults. The US government does not collect the biometric details of its own citizens.
        (0)(0)
        Reply
        1. R
          Reader
          Oct 14, 2017 at 6:46 pm
          The US government DOES NOT collect the biometric details of its own citizens for the purpose of issuing Social Security Number. The US collects the fingerprints of only those citizens who are involved in any criminal activity (it has nothing to do with SSN), and the citizens of other countries who come to the US.
          (0)(0)
          Reply
        2. R
          Reader
          Aug 25, 2017 at 6:55 pm
          The privacy laws of the United States deal with several different legal concepts. One is the invasion of privacy, a tort based in common law allowing an aggrieved party to bring a lawsuit against an individual who unlawfully intrudes into his or her private affairs, discloses his or her private information, publicizes him or her in a false light, or appropriates his or her name for personal gain. The essence of the law derives from a right to privacy, defined broadly as "the right to be let alone."
          (0)(0)
          Reply