All Blogs

This submission is a response by the researchers at CIS to the report “Designing the Future of Dispute Resolution: The ODR Policy Plan for India” prepared by the NITI Aayog Expert Committee on ODR. 

We have put forward the following comments based on our analysis of the draft report.

1. Structural considerations with ODR itself

• The report classifies ODR as a singular entity rather than a group of technologies that require different approaches.

• Currently ODR still has a number of functional limitations such as difficulty to account for nuance, limitation of algorithms and vulnerability of the systems.

• The report also fails to address how the psychological limitations involved with ODR, such as involving communication, perception and preferences of parties will be solved for when implemented at the national level. 
  
  

2. Socio-Economic considerations when transitioning to nation wide ODR 

• There is a lack of current access to digital infrastructure that limits ODR’s effectiveness.

• The projections made in the report disproportionately rely on market forces while suggesting a lack of mandated standards
  
  

3. Privacy and Security concerns with moving to ODR

• Need for greater clarity on oversight and regulation of ODR platforms

• An independent sectoral regulator is a necessity
  
  

4. Other comments 

• The opt out model proposed must be changed to allow for the option of ADR as well. 

 Link to full report:  https://cis-india.org/internet-governance/legal-and-policy-implications-of-autonomous-weapons-systems

Wars have been a part of human existence from the very beginning. However, the evolution of civilization has led to the evolution of wars. As a society, our discourse is now centred around on how this new generation of wars is best fought rather than whether at all to fight them. This inevitability of war has further led countries to develop means and methods of warfare, for inevitability of war is only acceptable when it is accompanied by the inevitability of victory. Autonomous Weapon Systems (AWS) or Lethal Autonomous Weapons Systems (LAWS) have, in recent times, sparked a global debate regarding what is being called the future of technology: artificial intelligence. In the backdrop of revolutionizing wars, AWS are being developed by certain countries to gain an edge over the others, forcing others to participate in the arms race of the 21st century in order to prevent asymmetric development of warfare. The international community must now contemplate the legal, moral and ethical implications of further developing existing automated weapons and giving them more autonomy than ever before. 

 It is to ally such concerns that a Group of Governmental Experts (GGE) was convened by the United Nations Convention on Certain Conventional Weapons (UN CCW) in December 2016, clearly demonstrating the global interest in the issue at hand. The Convention on Prohibitions or Restrictions on the Use of Certain Conventional Weapons Which May Be Deemed to Be Excessively Injurious or to Have Indiscriminate Effects or the UN CCW was established with the aim of restricting weapons considered to cause unnecessary suffering and impact civilians disproportionately and indiscriminately. 

 
This paper is divided into 4 Chapters. 

Chapter I authored by Anoushka Soni defines and differentiates between certain key terms imperative for a better understanding of autonomous weapon systems in all its technicalities. Further, the Chapter also provides a broad overview of the difference in existing state practice by reviewing the lack of universality of a definition for autonomous weapons. 

Chapter II also authored by Anoushka Soni analyses autonomous weapons from the perspective of international humanitarian law. It first contemplates the prima facie illegality of autonomous weapons, and subsequently focuses on their lawful use with regard to the principles of distinction, proportionality and military necessity and the conclusion provides a normative look at the way forward. 

Chapter III authored by Elizabeth Dominic goes into the question of accountability and redress and evaluates models of criminal and civil liability in case autonomous weapons systems go wrong.

Chapter IV authored by Elizabeth Dominic  evaluates the role of the private sector in the development, trade and policy framework on autonomous weapons systems around the world.

For over a year, researchers at the Centre for Internet and Society have been studying website blocking by internet service providers (ISPs) in India. We have learned that major ISPs don’t always block the same websites, and also use different blocking techniques. To take this study further, and map net neutrality violations by ISPs, we need your help. We have developed CensorWatch, a research tool to collect empirical evidence about what websites are blocked by Indian ISPs, and which blocking methods are being used to do so. Read more about this project (link), download CensorWatch (link), and help determine if ISPs are complying with India’s net neutrality regulations.

Introduction

The ongoing COVID-19 pandemic is one of the biggest health emergencies to hit the world in a long time. The health measures recommended by experts for the prevention and containment of the spread of COVID-19 include regular washing of hands, wearing masks, maintaining physical distance, isolation of suspected cases, etc. At the community level case isolation and contact tracing have emerged as key elements of the comprehensive strategy to control the spread and transmission of COVID-19. To this end the government of India, launched a contact tracing app known as Aarogya Setu and encouraged (in certain cases with a tinge of intimidation) the people to install and use the same in order to bolster its contact tracing measures. 

Although a lot of attention has been given to the privacy issues related to the Aarogya Setu app, there has been comparatively less focus on the other measures taken by the Central and State governments for containment of COVID-19. Some of these measures include – stamping suspected cases with “Home Quarantine” using indelible ink (Maharashtra, Delhi, Karnataka), pasting notices outside the houses of individuals advised home quarantine (Delhi, Mumbai), establishing containment zones around the residences of COVID-19 positive patients, releasing the names and addresses of COVID-19 positive patients, etc. It is obvious that all these measures involve some measure of violation of the right to privacy of the individual concerned. However (as mentioned above) there has been little public discussion around the privacy rights violated by these measures, especially when one compares it to the media attention garnered by the privacy issues related to the Aarogya Setu app. It is not easy to find the reasons behind most of the measures mentioned above in official government guidelines as  the guidelines themselves are often not publicly present or readily available online.Wherever such guidelines are available, such as the Central Government guidelines regarding containment zones, they do not contain any background as to why the government feels that such measures are needed. 

Although it is obvious enough to everyone that there are privacy issues involved in the government measures listed above however that does not necessarily mean that these measures necessarily violate the right to privacy of an individual. This is because like any other legal right, the right to privacy is also not absolute and in certain cases the right to privacy has to give way to other considerations. We shall therefore discuss the privacy implications of the different government actions in this series of posts, each of which shall analyze one specific type of government response to determine whether it complies with the principle of protection of the right to privacy. In this particular piece we shall examine whether releasing the names of COVID positive patients violates their right to privacy.

The Law on Privacy

The right to privacy was not always recognized under Indian law, in fact early Supreme Court decisions such as M.P. Sharma v. Satish Chandra, [AIR 1954 SC 30] and Kharak Singh v. State of U.P., [AIR 1963 SC 1295] specifically denied the existence of a right to privacy. The first semblance of judicial recognition for the right to privacy was the minority opinion in Kharak Singh which was later adopted as the majority view in Gobind v. State of M.P., [(1975) 2 SCC 148] to uphold the existence of a right to privacy in India. However due to the fact that Gobind and other decisions recognizing the right to privacy such as R. Rajagopal v. State of Tamil Nadu, [(1994) 6 SCC 632] and People’s Union for Civil Liberties v. Union of India, [(1997) 1 SCC 301] were delivered by smaller Benches of the Supreme Court, a Nine Judge Bench was constituted in K.S. Puttaswamy v. Union of India, [(2017) 10 SCC 1] to authoritatively decide the existence and scope of the right to privacy. The Supreme Court in Puttaswamy not only categorically recognized the right to privacy, but also discussed in detail its origins and scope as well as the circumstances under which the right may be limited. 

While a detailed analysis of the judgment and the law of privacy itself is beyond the scope of this paper, it might be useful to recount here the brief essence of the Puttaswamy judgment. Since there were six different orders delivered in this case, for the sake of avoiding any confusion, we will discuss only the judgment delivered by Justice D.Y. Chandrachud since that was the judgment delivered on behalf of four Judges (while the other five judgments were delivered on behalf of individual Judges), and therefore would have the most weight as a precedent. In this judgment it was held that privacy is a constitutionally protected right emerging not only from the right to privacy guaranteed under Article 21 of the Constitution but its elements also arise in varying contexts from other facets of freedom and dignity recognized and guaranteed under other fundamental rights. It was further held that not only does privacy include at its core the preservation of human intimacies, it also connotes a right to be left alone. While the legitimate expectation of privacy may vary from the private to the public arenas, it is not lost or surrendered merely because the individual is in a public place since it is an essential facet of the dignity of the human being. Informational privacy has also been specifically recognized as a facet of the right to privacy. 

Most importantly the Court held that like other fundamental rights the right to privacy is also not an absolute right. However an invasion of privacy has to be justified on the basis of a law which stipulates a procedure which is just, fair and reasonable. The Court specified a three-fold test for any action that violates the right to privacy: (i) legality, which postulates the existence of law; (ii) need, defined in terms of a legitimate state aim; and (iii) proportionality which ensures a rational nexus between the objects and the means adopted to achieve them. We will examine the various State actions in light of the principles above and analyse whether each of these actions satisfy the three-fold test laid down in Puttaswamy.

Analysis of Government Action 

In a number of states such as Uttar Pradesh, Orissa, etc. a daily list of the names, age, address, etc. of the individuals who have been reported to be COVID positive is released and widely circulated. Although this practice may now have ceased in some places, previously such lists were released either through the conscious actions or the negligence of the state health authorities. The release of such information in the public domain clearly has privacy repercussions for the individuals concerned. Besides, these actions also seem to be at odds with the Guidelines issued by the Central Government titled “Addressing Social Stigma Associated with COVID-19” which categorically ask the public not to spread names or identity of those affected or under quarantine or their locality on social media. The Madras High Court in a recent decision (K. Narayanan v. Chief Secretary, Government of Tamil Nadu) relied on the above Guidelines to reject a petition requiring the state government to publish the names of all COVID positive patients on a website. The reason for such a prayer was to warn the public to stay away from such COVID positive patients in order to prevent the spread of the disease. However this argument was categorically rejected by the Court on the ground that publishing the names may lead to law and order problems as well as social stigma for the patients and their families. 

The Indian Medical Council (Professional Conduct, Etiquette and Ethics) Regulations, 2002 also require physicians to keep patient information confidential except in situations where such information needs to be used to prevent a healthy person from being exposed to a communicable disease (Indian Medical Council (Professional conduct, Etiquette and Ethics) Regulations, 2002, Chapter II, section 2.2). Even the World Health Organization’s Guidance on contact tracing requires that “ethics of public health information, data protection, and data privacy must be considered at all levels of contact tracing activities” and that safeguards must be put in place to guarantee privacy and data protection in accordance with the legal frameworks of the countries. The Supreme Court in the case of Mr. “X” vs. Hospital “Z”, [AIR 1999 SC 495] has also upheld the right to privacy of a patient regarding his medical records, except insofar as it may be necessary to disclose such information in order to protect third parties from harm.

As far as the legal framework of the right to privacy is concerned, the Supreme Court in Puttaswamy clearly states that the sphere of privacy stretches to those matters where there is a reasonable expectation of privacy and then specifically recognizes medical information as a category of data where such an expectation of privacy would exist. The specific example of medical records is used by the Supreme Court to illustrate the point on balancing a legitimate state interest in the private information of its citizens vis-à-vis the individual’s right to privacy. It was recognized that although medical records are generally protected by the right to privacy, the state may assert a legitimate interest in analyzing medical records to understand and deal with a public health epidemic to prevent a serious impact on the population. However the Court put a very important caveat saying that such information may be used by the state if it preserves the anonymity of the individual. Thus the state may assert a legitimate interest in acquiring and using health records of individuals to deal with an epidemic provided it preserves the anonymity of the individual. 

The above illustration from the judgement seems to suggest that the State only has the power to retain the health records of individuals if their anonymity is preserved and does not have the power to make such records public at all. However this interpretation was implicitly rejected by the Orissa High Court in Ananga Kumar Otta v. Union of India and others, (Writ Petition (PIL) No.12430 of 2020, Order dated 16-07-2020). A PIL (Public Interest Litigation) was filed by an advocate asking the Court to issue directions to the state authorities to take action against those persons whose actions or negligence led to the disclosure of the names of COVID positive patients and also to ensure that such events do not happen in the future. The State of Odisha claimed that it had passed the Odisha COVID-19 Regulations, 2020 which provided that the name, exact address and phone number of persons under treatment should not be disclosed, except in special circumstances affecting public health and safety and with the approval of the State Government. Discussing (and implicitly upholding) the Regulations the Court refused to pass a blanket order preventing the disclosure of the names of COVID patients as the Regulations provided that there would be no indiscriminate disclosure, rather any disclosure of identity would only be in exceptional circumstances. The Court however clarified that any action of disclosure under these exceptional circumstances as per the Regulations would also have to satisfy the triple test laid down in Puttaswamy.  

Conclusion

The legal position that emerges from the above analysis is that the names and addresses of COVID positive patients cannot be released by the state authorities under normal circumstances as this would be violative of the right to privacy. However since the right to privacy is not absolute and is subject to exceptions, therefore there can be no absolute ban on releasing the names of COVID positive patients and such an act may be allowed under exceptional circumstances, although no such circumstance has been considered or illustrated by any Court till date. The only scenario in which such disclosures were allowed was when the Odisha government wanted to release the names of deceased COVID warriors (government employees engaged in COVID containment activities) so as to bestow them with appropriate state honors during their funeral. However even this act was done only with the previous consent of the family members of the deceased. 

Thus while the law leaves scope for situations where the names of COVID positive patients may be released by the state authorities, no specific examples of such situations have been listed out by the Courts. The only guidance given by Courts in this regard is that any such disclosure would have to satisfy the established exceptions to the right to privacy, more specifically the three-fold test laid down by the Supreme Court in Puttaswamy of legality, proportionality and legitimate state interest.

Today marks three years since the Supreme Court of India recognised the fundamental right to privacy, but the ideals laid down in the Puttaswamy Judgment are far from being completely realized. Through our research, we invite you to better understand the judgment and its implications, and take stock of recent issues pertaining to privacy.  

1. Amber Sinha dissects the Puttaswamy Judgment through an analysis of the sources, scope and structure of the right, and its possible limitations. [link]

2. Through a visual guide to the fundamental right to privacy, Amber Sinha and Pooja Saxena trace how courts in India have viewed the right to privacy since Independence, explain how key legal questions were resolved in the Puttaswamy Judgement, and provide an account of the four dimensions of privacy — space, body, information and choice — recognized by the Supreme Court. [link]

3. Based on publicly available submissions, press statements, and other media reports, Arindrajit Basu and Amber Sinha track the political evolution of the data protection ecosystem in India, on EPW Engage. They discuss how this has, and will continue to impact legislative and policy developments. [link] 

4. For the AI Policy Exchange, Arindrajit Basu and Siddharth Sonkar examine the  Automated Facial Recognition Systems (AFRS), and define the key legal and policy questions related to privacy concerns around the adoption of AFRS by governments around the world. [link]

5. Over the past decade, reproductive health programmes in India have been digitising extensive data about pregnant women. In partnership with Privacy International, we studied the Mother and Child Tracking system (MCTS), and Ambika Tandon presents the impact on the privacy of mothers and children in the country. [link] 

6. While the right to privacy can be used to protect oneself from state surveillance, Mira Swaminathan and Shubhika Saluja write about the equally crucial problem of lateral surveillance — surveillance that happens between individuals, and within neighbourhoods, and communities — with a focus on this issue during the COVID-19 crisis. [link]

7. Finally, take a dive into the archives of the Centre for Internet and Society to read our work, which was cited in the Puttaswamy judgment — essays by Ashna Ashesh, Vidushi Marda and Bhairav Acharya that displaced the notion that privacy is inherently a Western concept, by attempting to locate the constructs of privacy in Classical Hindu [link], and Islamic Laws [link]; and Acharya’s article in the Economic and Political Weekly, which highlighted the need for privacy jurisprudence to reflect theoretical clarity, and be sensitive to unique Indian contexts [link].