Centre for Internet & Society

CCTVs in India are increasingly being employed by private organizations and the government in India as a way to increase security and prevent/ deter crime from taking place. When the government mandates the use of CCTV’s for this purpose, it often does so by means of a blunt policy mandate, requiring the installation of CCTV systems, but without any further clarification as to who should oversee the use of the cameras, what bodies should have access to the records, how access should be granted or obtained, and how long the recordings should be retained.

The lack of clarity and specificity in these requirements, the fact that these technologies are used in public spaces to collect undefined categories and amounts of information, and the fact that the technology can cut through space – and does not distinguish between private and public and primarily captures information where it is directed to, give rise to privacy concerns and raises fundamental questions about the ways in which technologies can be used to effectively increase security while still protecting the rights of individuals and the promotion of business.

An example of a blanket CCTV installation requirement from the government is seen in the 2012-2013 Goa Beach Shack Policy.[1] This blog will examine the shack policy from a privacy perspective, and how identification requirements are evolving. The blog will explore different principles by which surveillance technologies like CCTVs can be employed in order to promote effectiveness and protect the rights of individuals.

To help understand the current status of the Shack Policy and the extent of CCTV use in Goa, I spoke with a number of shack owners, cyber café owners, the Ministry of Tourism, and the Police of Goa. In this blog I do not use any direct quotes and write only from the perspective of my personal observations.

Current Status of the Shack Policy

This year, for the 2012-2013 tourist season, the Department of Tourism of Goa is implementing the Beach Shack Policy for regulating the establishment and running of temporary shacks at beaches in Goa. The policy applies only to the licensing, construction, maintenance, and demolition of temporary shacks on beaches owned by the government. The policy lays out requirements that must be submitted by applicants for obtaining a license and requirements relating to the operation of the shacks including size, security, health and safety, and noise control. Shacks, huts, hotels, etc. built on private land do not come under the scope of the policy. The shacks can only be bars and restaurants that can run from November 1st through May 31st, after which they must be taken down until the next season. The licensing of these shacks is to enable local employment opportunities in Goa. This can be seen by the requirement in the policy that Shacks are to be granted to only one member of the family who is unemployed.[2] Currently, the Ministry of Tourism has almost completed the allotment of shack spaces on all beaches in Goa. The police will assist in the enforcement of the policy, but their exact role is in the process of being clarified. Before the 2012-2013 policy, shacks were regulated by annual beach shack policies, which are not available online, but can be accessed through an RTI request to the Department of Tourism. Resistance to the policy has been seen by some because of concerns that the shacks will take away business from local private owners, will block fishing boats, will cause trash and sewage problems, and create issues for free movement of people on the beach.

Inside the policy:

Application Requirements

To apply for a license for a temporary shack, every application must be turned in by hand and must be accompanied by a residence certificate in original issued by Village Panchayat Municipality, attested copy of ration card, four copies of a recent colored passport photos with name written on the back, attested copy of birth certificate/passport copy/Pan Card and any other information that the applicant desires to furnish, and affidavit. In addition individuals must provide their name, address, telephone number, name of the shack, name of the beach stretch, nationality, experience, and any other information they wishes to provide.[3] These requirements are not excessive and have been kept to what seems minimally necessary for providing a license, though the option for individuals to provide any additional information they wish – could be used to convey meaningful information or extraneous information to the government.

Operational Requirements

The policy has a number of operational requirements for shack owners as well. For example owners must clearly display a self identifying photograph on the shack[4] and they must agree to assist the Tourism Department and Police department in stopping any crime and violation of any law along the Beach.[5]

The policy also requires that any person handling food must take a course conducted by IHMCT, GTDC, or Porvorim,[6] shacks must also be made out of eco friendly material as much as possible and the use of cement is banned,[7] and the proper disposal of trash and waste water will be the responsibility of the shack owner.[8] Furthermore, foreigners working in the shacks must have a work visa,[9] and loud music is not allowed to be played after 10:30 p.m.[10]

As noted in the introduction, each shack must install a CCTV surveillance system that provides real-time footage with an internal looping system in a non-invasive form. [11] But I got to understand that the CCTV requirement will be slowly introduced and will not be implemented this year due to resistance from shack owners. When the requirement is implemented, hopefully different aspects around the use of CCTVs will be clarified including: the retention period for the recordings, access control to the recordings, the responsibilities of the shack owner, where the camera will be set up and where it needs to be directed to, etc.

Currently in Goa there are official requirements for CCTVs to be installed in Cyber Cafes under section 144 of the CrPc. This requirement only came into effect on October 1st 2012.[12]Some private hotels, huts, and restaurants run CCTV cameras for their own security purposes. When asked if CCTVs will also become mandatory for private areas, some said this will happen, while others said it would be difficult to implement.


The policy uses a number of measures to ensure enforcement. For examples, successful applicants must place a security deposit of 10,000 with Director of Tourism. If any term of the policy is violated, the deposited amount will be given to the Government Treasury and the individual is required to  pay another Rs. 10,000 to continue operating.[13]The placement of deck beds on the beach without authorization will also be treated as an offense under the Goa Tourist Places (protection and maintenance) Act 2001 and will be punished with a term of imprisonment minimum three months, which may extend to 3 years, and a fine which may extend to Rs. 5,000 or both. All offenses under the Act are cognizable and non-refundable. [14] If the shack is not dismantled at the end of the season, the individual will have their application rejected for the next three years.[15] Shack owners will also be penalized of they are caught discriminating against who can and cannot enter into the shack.[16]

Interestingly, though CCTV cameras can be used to ‘catch’ a number of offenses, the offenses that are penalized under the Act do not seem to require the presence of a CCTV camera. Additionally, the policy is missing penalties for the tampering and misuse of these cameras and unauthorized access to recordings.

Other practices around security and identification in Goa

In 2011 Goa also issued a new ‘C’ form that must be filled out by foreigners entering hotels.[17]

The form requires twenty six categories of information to be filled out including: permanent address, next destination to be proceeded to, contact number in hotel, purpose of visit, whether employed in India, and where the foreigner arrived from. According to hotel owners, three copies of these records are made. Two are submitted to the police and one is kept with the hotel. The records kept with the hotel are often kept for an undefined time period.  In 2011 the police also enforced a new practice where every shack, hut, hotel etc. must have an all night security guard to ensure security on the beach. It was noted that registration of migrant workers is now mandatory, and that non-registered or undocumented vendors are removed from working on the beaches.

Will the 2012 – 2013 Beach Shack Policy have new implications?

In its current form, especially taking into consideration that the CCTV requirement will not be implemented immediately, the 2012 – 2013 shack policy does not seem alarming from a privacy perspective. On the general policy, though the penalties, such as the possibility of three months in prison for having too many beach chairs, seems to be  over-reaching, there are a number of  positive requirements in the policy such as the use of eco-friendly material, noise control,  and strict procedures for disposing of trash and sewage.

The privacy perspective could change when CCTVs are implemented. The amount of data that would be generated and the ambiguity around the employment of the cameras could raise a number of privacy concerns. Yet the fact that this part of the policy will only be implemented later down the road seems indicative of both the shack owners discomfort in using the technology, and perhaps the government’s recognition that a certain level of  ground work needs to be done before CCTVs are made mandatory for every shack in the state.  Hopefully before the requirement is implemented, the ground work will be set up either at a national level – in the form of a national privacy legislation, or at the state level – in the form of appropriate safeguards and procedures built into the policy.

At the macro level, and when examined in the context of  the growing use of CCTVs by private owners, the implementation of the UID and NPR requirements in Goa, and the introduction of the new ‘C’ form for foreigners, the CCTV requirement found in the Shack Policy seems to  part of a growing trend across the country where the government seems to seek to identify all individuals and their movements/actions for unclear and undefined purposes, and looks towards identification through the collection of personal information and use of technology as a means to solve security issues.

For example, Goa is not the only city to consider mandatory installation of CCTV’s.  In Delhi, the Department of Tourism issued a similar requirement in a 2012 amendment to the “existing Guidelines for Classification/Reclassification of Hotels”. According to the amendment hotels applying for approval are required to provide documentation that security features including CCTV systems are in place.[18] Similarly, in 2011 the Delhi State Industrial and Infrastructure Development Corporation began implementing a plan to install CCTVs outside of government and private liquor shops, amounting to 550 shops in total. The goal was to use the CCTV cameras to catch individuals breaking the Excise Act on camera and use the recordings during trials. According to news coverage, the cameras are required to be capable of recording images 50 meters away and all data must be stored for a period of 30 days.[19]

The ambiguity that exists around the legal use of many of these security systems and technologies, including CCTV’s was recently highlighted in Report of the Group of Experts on Privacy headed by Justice A.P Shah.[20] The report noted that the use of CCTV cameras and more broadly the use of electronic recording devices in India is an area that needs regulation and privacy safeguards. The report describes how the nine proposed national privacy principles of notice, choice and consent, collection limitation, purpose limitation, access and correction, disclosure of information, security, and openness, could be applied and will be affected by the use of these technologies.[21]


In India and elsewhere, the police are faced on a daily basis with the challenge of preventing and responding to all types of crime, and from this perspective – any information, clue, or lead is helpful and necessary, and the potential usefulness of CCTVs in identifying criminals and to some extent deterring  crime is clear. On the other hand when CCTVs are employed without safeguards and regulations it could result in infractions of privacy and rights or could simply move the crime away from the surveilled area to an unsurveilled area.

Finding a way to ensure that police have access to the information that they need and that crime is prevented, while at the same time ensuring that the rights of individuals are not compromised, and the private sectors ability to easily do business is not limited by unrealistic security requirements, is an important discussion that governments, policy makers, and the public should be having. The answer hopefully is not found in a binary game of all or nothing, surveillance or no surveillance – but instead is found through mechanisms and principles that apply to both security and privacy such as transparency, oversight, proportionality, and necessity. For example, practices around what access the police legally have via surveillance systems, retention practices, cost of implementing surveillance, and amount of surveillance undertaken each year could be made transparent to the public to ensure that the public is informed and aware of the basic information around these systems. Furthermore, clear oversight over surveillance systems including distinction between the responsibilities and liabilities can ensure that unreasonable requirements are not placed. Lastly any surveillance that is undertaken should be necessary and proportional to the crime or threat that it is being used to prevent or detect. These principles along with the defined National Privacy Principles could help measure what amount and what type of surveillance could be the most effective, and ensure that when surveillance is employed it is done in a way that also protects the rights of individuals and the private sector.

[1].Ministry of Tourism. Goa Government. 2012-2013 Beach Shack Policy. Available at: http://bit.ly/Xk18NH. Last accessed: October 24th 2012.
[2]. Id. Section 2.
[3]. Id. Application Requirements 1-8. Pg 1&2.
[4]. Section 33.
[5].A part of the affidavit
[6].Id. Section 4.
[7]. Id. Section 17.
[8].Id. Section 28.
[9]. Id. Section 35.
[10].Id. Section 37.
[11]. Id. Section 38.
[12]. Order No. 38/10/2006. Under Section 144 of the Code of Criminal Procedure, 1973. Available at: http:// www.goaprintingpress.gov.in/downloads/1213/1213-28-SIII-OG.pdf
[13]. Beach Shack Policy 2012 - 2013, Section 16.
[14]. Id. Section 18.
[15]. Id. Section 22.
[16]. Id. Section 32.
[17]. Arrival Report of Foreigner in Hotel.”Form C” . Available at: http://bit.ly/TbUO4S
[18]. Government of India. Ministry of Tourism. Amendment in the existing Guidelines for Classification / Reclassification of Hotels. June 28th 2012. Available at: http://bit.ly/RXtgBg. Last Accessed: October 24th 2012.
[19]. Bajpaj, Ravi. CCTV shots to check drinking outside city liquor vends. The Indian Express reproduced on the website of dsidc. December 20th 2011. Available at: http://bit.ly/VHwCzd. Last accessed: October 24th 2012.
[20]. GOI. Report of the Group of Experts on Privacy. October 2012. Available at: http://bit.ly/VqzKtr. Last accessed: October 24th 2012.
[21]. Id. pg. 61-62.

The views and opinions expressed on this page are those of their individual authors. Unless the opposite is explicitly stated, or unless the opposite may be reasonably inferred, CIS does not subscribe to these views and opinions which belong to their individual authors. CIS does not accept any responsibility, legal or otherwise, for the views and opinions of these individual authors. For an official statement from CIS on a particular issue, please contact us directly.