Harchand Choudhary

“RIGHT TO PRIVACY IN THE DAWN OF INFORMATION AND COMMUNICATION TECHNOLOGY- A Critical Review ”

By- HarchandChoudhary^@

Abstract-

Right to privacy is basic right of a human kind and it is recognised universally. In Indian perspective even though it is came in existence through case by case because of Indian vigilant judiciary and made it sine qua non for human being and provided power against any encroachment. But revolution in Information and Communication Technology (ICT) diluted this right to privacy. ICT affected man badly and his right to be alone. Crime of hacking are continuously increasing because laws existed in present scenario is not adequate to handle the breach of data privacy. Even sometimes government agencies also encroaches other people’s right to their own benefit on the name of national security. On the other hand ICT also became part and partial in modern time and it cannot be banned. The only solutions are evolved a framework and enact effective rules and regulations against unwanted interference in right to privacy.

1. Introduction-

Every civilized nation ensures privacy of its citizen. The concept of privacy differs from society to society. The Universal Declaration of Human Right provides for the right of privacy similarly other International Instruments also endow for right of privacy.

Article 12, No one shall be subjected to arbitrary interference with his privacy, family, home or correspondence,nor to attacks upon his honor and reputation. Everyone has the right to the protection of the law against such interference or attacks.

The constitution of India does not expressly provide the right to privacy,however, the Supreme Court of India had interpreted it under the right to life. The Right of privacy has not been defined statutorily in India. The analysis of the Supreme Court’s decision on various cases brings forward certain areas that cover protection of information as a part of right of privacy. The concept of privacy in modern times is not restricted to mere physical movement or domiciliary surveillance, but also encompasses protection of a wide range of information, whether its medical, financial, bio metric or personal etc. The Supreme Court has explained the facet of privacy meritoriously as,

“The most serious advocate of privacy must confess that there are serious problems

of defining the essence and scope of the right. The privacy interest in autonomy must also be

placed in the context of other rights and values. Any right to privacy must encompass and protect the personal intimacies of the home, the family, marriage, motherhood, procreation and childbearing.”¹

2. Evolution of right to privacy-

Though it is true that the Indian Constitution does not explicitly guarantee this right as a fundamental right certainly the right to privacy or, the right to be left alone, should be accepted as an individual right. The courts' treatment of this right is a matter of paramount importance because of growing invasions of this right in areas that remained away from the purview of courts. It also assumes importance because of frequent violation of this right by the State on grounds which are not bona fide.

The Supreme Court of India (hereinafter referred to as the "Supreme Court") had the opportunity to first decide and lay down the contours of the right to privacy in India in the case of Kharak Singh v. State of Uttar Pradesh[1]. This case did not witness the recognition of the right to privacy as a fundamental right under the ‘personal liberty’ clause of Article 21 of the Constitution. Majority of the judges in this case refused to interpret Article 21 in a manner to include within its ambit the right to privacy, however two of the seven judges asserted that the right to privacy does form an essential ingredient of personal liberty. Subsequently, the Supreme Court while deciding the case of Govind v. State of Madhya Pradesh³ laid down that a number of fundamental rights of citizens can be described as contributing to the right to privacy. Although the Supreme Court also stated that the right to privacy will have to go through a process of case by case development.The Supreme Court in the case of R. Rajagopa v. State of Tamil Nadu^4, for the first time directly linked the right to privacy to Article 21 of the Constitution and laid down:

"The right to privacy is implicit in the right to life and liberty guaranteed to the citizens of this country by Article 21. It is a "right to be let alone". A citizen has aright to safeguard the privacy of his own, his family, marriage, procreation, motherhood, child bearing and education among other matters. None can publish anything concerning the above matters without his consent whether truthful or otherwise and whether laudatory or critical. If he does so,he would be violating the right to privacy of the person concerned and would be liable in an action for damages."

Further, while deciding on the issue of telephone-tapping in the case of PUCL v. Union of India⁵, the Supreme Court observed that telephone-tapping would be a serious invasion of an individual’sprivacy.Thus, telephone-tapping would infract Article 21 of the Constitution, unless it is permitted under the procedure established by law.

Therefore, the concept of privacy of an individual has evolved over the years and has been held to be a fundamental right by the Supreme Court. In the case of Selvi v. State of Karnataka⁶the Supreme Court held that an involuntary subjection of a person to narcoanalysis, polygraph examination and BEAP tests violates the right to privacy.
[2]

The Supreme Court has articulated an implicit right to privacy derived from the language set out in Article 21 of the Constitution. However, India does not have a separate and specific legislation that explicitly recognizes therightto privacyand sets out the contours of its applicability

Indian government proposed a bill for separate Right to Privacy Bill 2011 but it did not clear by parliament yet.

3. Effect of ICT on privacy-

Although Information and Communications Technologies (ICTs) have greatly enhanced

ours capacities to collect, store, process and communicate information, it is ironically

thesecapacities of technology which make us vulnerable to intrusions of our privacy

on a previously impossible scale. Firstly, Data on our own personal computers can

compromise us in unpleasant ways – with consequences ranging from personal

embarrassment to financial loss. Secondly, transmission of data over the internet and

mobile networks is equally fraught with the risk of interception – both lawful and

unlawful – which could compromise our privacy. Thirdly, in this age of cloud computing

when much of “our” data – our emails, chat logs, personal profiles, bank statements etc.

resides on the distant servers of the companies whose services we use, our privacy

become only as strong as these companies’ internal electronic security systems.

Fourthly, the privacy of children, women and sexuality minorities tend to be especially

fragile in this digital age and they have become frequent targets of exploitation. Fifthly,

the internet has spawned new kinds of annoyances from electronic voyeurism to spam or

offensive email to ‘phishing’ – impersonating someone else’s identity for financial gain -

which each have the effect of impinging on one’s privacy.

In India right to privacy was breached many times by government agencies through phone tappings. in this there was famous case was Nira Radia Case.The Radia tapes controversy relates to the telephonic conversations between NiraRadia, a lobbyist and an acquaintance of the (then) Indian telecom minister A. Raja, and with senior journalists, politicians, and corporate houses,^[1] taped by the Indian Income Tax Department in 2008–09. The tapes led to accusations of misconduct by many of these people.

Latter on Tata has challenged the unauthorized publication of the recordings. His argument is that the authorities have failed in their duty to protect his privacy by allowing the tapes to be leaked and then proving unable to prevent dissemination of the information. He has thus asked for directives by the court for a probe into the leak, for the authorities to attempt to retrieve all leaked recordings, and for the media to be prohibited from publishing the tapes in any form. It is the second and third requests that have become points of controversy

Another most famous incident of phone tapping in India was during the Ramakrishna Hegde regime in Karnataka in the year 1988. The opposition had alleged that Hegde had ordered the tapping of phones of opposition leaders and was invading their privacy.

In 2014 Edward Snowden revealed thousands of documents of spying program run by USA intelligence agencies CIA and FBI. These document shows that thousands of people, politicians, celebrities, businessmen and departments were spied by US agencies and breached right to privacy of many people. like

Ø “US 'hacks China networks'

Ø Merkel phone calls 'intercepted'

Ø A total of 38 embassies and missions have been the "targets" of US spying operations, accordingto a secret file leaked to the Guardian.

Ø Latin America 'monitored'

Ø SMS messages 'collected and stored' In January 2014, the Guardian newspaper and Channel Four News reported that the US had collected and stored almost 200 million text messages per day across the globe.

A National Security Agency (NSA) programme is said to have extracted and stored data from the SMS messages to gather location information, contacts and financial data.

The documents also revealed that GCHQ had used the NSA database to search for information on people in the UK.”

· “In July 2015, adult website Ashley Madison suffered a data breach when a hacker group stole information on its 37 million users. The hackers threatened to reveal user names and specifics if Ashley Madison and a fellow site, EstablishedMen.com, did not shut down permanently.

· In November 2014 and for weeks after, Sony Pictures Entertainment suffered a data breach involving personal information about Sony Pictures employees and their families, e-mails between employees, information about executive salaries at the company, copies of (previously) unreleased Sony films, and other information. The hackers involved claim to have taken over 100 terabytes of data from Sony.

· In August 2014, nearly 200 photographs of celebrities were posted to the image board website 4chan. An investigation by Apple found that the images were obtained "by a targeted attack on user names, passwords and security questions".

These are the purely side effects of ICT on right to privacy if ICT would not have existed then privacy had breached at vast level.

4. Laws for protection of privacy-

Although there are a number of technological measures through which these risks can be reduced, it is equally important to have a robust legal regime in place which lays emphasis on the maintenance of privacy. We have some laws as under mention -

(A) Under Section 43A of the (Indian) Information Technology Act, 2000, a body corporate who is possessing, dealing or handling any sensitive personal data or information, and is negligent in implementing and maintaining reasonable security practices resulting in wrongful loss or wrongful gain to any person, then such body corporate may be held liable to pay damages to the person so affected. It is important to note that there is no upper limit specified for the compensation that can be claimed by the affected party in such circumstances.

(B) Under Section 72A of the (Indian) Information Technology Act, 2000, disclosure of information, knowingly and intentionally, without the consent of the person concerned and in breach of the lawful contract has been also made punishable with imprisonment for a term extending to three years and fine extending to INR 5,00,000 (Approx. US$ 10750).

The current lot of legislations that try to address privacy concerns are piecemeal in nature. Bulk of these provisions is found in the Information Technology Act 2000 and its subsequent amendments. Section 72 of the Information Technology Act 2000 in its original form penalized the breaches of confidentiality and privacy of data. Essentially, the scope of the provision covered those empowered by the Act to gain “access to any electronic record, book, register, correspondence, information document or other material” seized for investigation. It was aimed at preventing accidental leaks of such information during the course of investigation. It was later amendedto include Section 72A to penalize “any person” (including an intermediary) who has obtained personal information while providing services under a lawful contract and discloses the personal information without consent of the person, with the intent to cause, or knowing it is likely to cause wrongful gain or wrongful loss.

When this clause is read together with Section 69B of the Act, it squarely puts the responsibility of securing personal data on the intermediary, which in this case could be a wide spectrum of actors from cyber cafes to telecom companies and ISPs. This also makes Government agencies like the Unique Identification Authority of India (UIDAI) which is tasked with collection of biometric data, accountable for maintaining privacy of such data collected by it.

Another set of amendments came into force by the addition of Section 43A which obliges corporate bodies which possess, deal or handle any sensitive personal data to implement and maintain “reasonable security practices,” failing which they would be liable to pay damages. The Act defines “corporate bodies” as those involved in “commercial or professional activities” only. The definitions of “sensitive personal data” and “reasonable security practices” are narrow and hence prevent courts from interpreting a contextual definition. Most importantly, government agencies and non-profit organizations are entirely excluded from the ambit of this section.

(C) Resolution adopted by the General Assembly for Right to Privacy -

Reaffirming the human right to privacy, according to which no one shall be subjected to arbitrary or unlawful interference with his or her privacy, family, home or correspondence, and the right to the protection of the law against such interference, and recognizing that the exercise of the right to privacy is important for the realization of the right to freedom of expression and to hold opinions without interference, and is one of the foundations of a democratic society, Stressing the importance of the full respect for the freedom

(D)Article 12 of The United Nations Declaration of Human Rights,which states that:

“No one shall be subjected to arbitrary interference with his privacy, family, home or correspondence, nor to attacks upon his honor and reputation. Everyone has the right to the protection of the law against such interference or attacks.”

@ The court also specified in this judgment delivered in the PUCL vs Union of India⁷ case in 1997 that a telephonic conversation in private without interference would come under the purview of right to privacy as mandated in the Constitution.
The court further observed that unlawful means of phone tapping are invasions in privacy and are uncivilized and undemocratic in nature.

The Supreme Court, in the same judgment, also went on to lay down various guidelines regarding phone tapping which are as follows:

Ø If a telephone needs to be tapped, then the home secretary of the Union government or the respective state government can issue an order to this effect.

Ø Strong reasons have to be specified in order to issue such a directive.

Ø Such an order shall be in force only for two months unless there is another order, which will give the home secretary the right to extend it by another six months only.

The Supreme Court, however, does not give the home secretary the ultimate power and states clearly in the same judgment that such an order shall be subject to review by the Cabinet, law and telecommunication secretary who will need to review the same in 2 months time of the date the order has been passed

[3]

5. Possible Remedies-

Recommendations of the Shah Committee

In general, the Shah Committee recommended that the legislation on right to privacy must harmonize all statutory provisions that relate to privacy. As perthe Committee Report submitted in October 2012, the major recommendations of the Shah Committee were as follows:-

1. The regulatory framework will consist of privacycommissioners at the Central and Regional levels;

2. A system of co-regulation granting the selfregulating organizations at industry level the choice to develop privacy standards. These standards should be approved by a privacycommissioner;

3. Individuals would be given the choice (opt-in/opt-out) with regard to providing their personal information and the data controller would take individual consent only after providing inputs of its information practices;

4. The data controller shall only collect that personal information from data subjects as is necessary for the purposes identified for such collection as well as process the data relevant to the purpose for which they are collected;

[4]

5. The data collected would be put to use for the purpose for which it has been collected. Any change in the usage would be done only with consent of the person concerned;

6. Data collected and processed would be relevant for the purpose and no additional data elements would be collected from the individual;[5]

7. Interception orders must be specific and all interceptions would only be in force for a period of 60 days and may be renewed for a period of up to 180 days. Records of interception must be destroyed by security agencies after 6 months or 9 months and service providers must destroy after 2 months or 6 months; and

8. Infringement of any provision under the Act would constitute an offence forwhich individuals may seek compensation.

6. Conclusion-

Right to Privacy is fundamental right and sine qua non for a human being to live a dignify life. No one can compromise with his privacy. But on other hand Information and Communication Technology is also become a part and partial of modern world. ICT made whole world a village and connected to one another and without ICT life will be very difficult at present time. So both privacy and ICT are important for a person in these days, the only possible solution is to enact effective laws, rules and regulation to prevent data breach and create such a framework which can punish those people who breach the privacy of others.Government should motivate the IT companies to build a robust internet security and privacy protections in their network.