When Data Means Privacy, What Traces Are You Leaving Behind?
How do you know yourself to be different from others? What defines the daily life that you live and the knowledge you produce in the span of this life? Is all that information yours or are you a mere stakeholder on behalf of the State whose subject you are? What does privacy really mean? In a society that is increasingly relying on information to identify people, collecting and archiving ‘personal’ details of your lives, your name, age, passport details, ration card number, call records etc, how private is your tweet, status update, text message or simply, your restaurant bill?
The CIC (central information commission) that arbitrates decisions on RTI appeals in case of conflict of interest provides interesting notions of what the State thinks is privacy. Ironically, the cornerstones of RTI that is privacy and its invasion are yet to be defined in the context of the judiciary. Then, how does the CIC decide what is private enough and what can be revealed to anyone? Of course, it relies on the discretion of its judges who attempt to draw from a range of sources that include the principles of natural justice drawn from western jurisprudence to quotes by Gandhi and Aristotle to the UK Data Protection Act, 1998 and US Torts that define invasion of privacy. To begin with, let us examine who constitutes the private sphere. As ruled in case of Mr. Ajeet Kumar Khanna vs Punjab & Sind Bank on 29 July, 2008 and Mr. G. Atchaiah vs State Bank of India on 22 August, 2008, the appellant can seek information only for himself/herself. Anyone outside the self, commonly believed as the personal connection, sons, daughters, parents or even spouse is not allowed information of a relative. One needs a distinct power of attorney for right to information. The contradiction is that one does not need to state the purpose for asking information, thereby making unnecessary any connection with the person you want information about.
CIC has been increasingly relying on the UK Data Protection Act, 1998 to make a correlation between data and privacy. Hence, to map privacy and its invasion, the RTI act depends on the UK Data Protection Act that classifies the following as sensitive personal data:
We have no equivalent of UK's Data Protection Act, 1998, Sec 2 of which, titled Sensitive Personal Data, reads as follows: In this Act "sensitive personal data" means personal data consisting of information as to:
- The racial or ethnic origin of the data subject
- His political opinions
- His religious beliefs or other beliefs of a similar nature
- Whether he is a member of a Trade Union
- His physical or mental health or condition
- His sexual life
- The commission or alleged commission by him of any offence
- Any proceedings for any offence committed or alleged to have been committed by him, the disposal of such proceedings or the sentence of any court in such proceedings.
The US Restatement of the Law, Second, Torts, defines the Intrusion to Privacy more generally in the following manner: “One, who intentionally intrudes, physically or otherwise, upon the solitude or seclusion of another or his private affairs or concerns, is subject to liability to the other for invasion of his privacy, if the intrusion would be highly offensive to a reasonable person.” Of course, we don’t know whether a father paying for bills and wanting access to his daughter’s cell phone records can be seen as highly offensive to a reasonable person in the Indian context. In the context of the recent Padmanabhswamy Templetreasure trove found in Kerala, since under the Ancient Monuments and Archaeological Sites and Remains Act 1958, such sites qualify as sites of ‘national importance’ and imply a certain larger public interest, would one be able to access such 'nationally personal data' pertaining to a temple (public space) owned by a family trust registered with the government (publicly private), containing a national treasure lying locked on geographical territory (public) that is rightly shared by all citizens?
It must be personal information
In that case, does data at several layers demand for us to relook privacy from the subject positions we acquire at different levels and hence, the larger private collectives that we partake of?