Centre for Internet & Society


Background

On 24 August 2017, in a nine-judge bench decision, the Indian Supreme Court located a fundamental right to privacy within the Indian Constitutional jurisprudence. Previously, the right to privacy has had a dubious existence in India’s judicial history, and it has been suggested that privacy is inherently a Western concept. However, essays by Ashna Ashesh, Vidushi Marda, and Bhairav Acharya — cited in the Puttaswamy judgment — dispelled this notion, by attempting to locate the constructs of privacy in Classical Hindu [link], and Islamic Laws [link]; and Acharya’s article in the Economic and Political Weekly, which highlighted the need for privacy jurisprudence to reflect theoretical clarity, and be sensitive to unique Indian contexts [link].

Through the six opinions in the Puttaswamy judgment, the Supreme Court discussed various aspects of the right to privacy, reading into it the constitutional values of dignity and liberty. In Amber Sinha’s three-part essay, he dissected these components of the right, discussing the sources, structure and scope of the right in detail. [link] Further, a visual guide prepared by Amber Sinha, and Pooja Saxena provides a rich story of privacy in independent India, as well as a visualisation of the various types of privacy the court located within the broader constitutional right. [link]

Privacy, Public Places and Surveillance 

“Privacy attaches to the person and not to the place where it is associated.” - Justice Chandrachud, Puttaswamy

The right to privacy initially focused on protecting “private” spaces. These included spaces such as the home, from state interference. This drew from the belief that “a person’s home is their castle”. However, this idea of privacy is not limited simply to a person’s home. Privacy rests in ‘person’ and not in ‘places’. Therefore, even outside one’s home, other spaces could also acquire the character of private spaces, and even public spaces can afford a degree of privacy.

In a paper for the Centre for Development Informatics, Aayush Rathi and Ambika Tandon discussed the wholesale implementation of CCTVs in New Delhi. They deconstructed the narrative that equates greater surveillance with greater safety, more so in the case of women’s safety. Borrowing from feminist approaches to surveillance and privacy, they focussed on lived experiencess of surveillance with a focus on women living in informal settlements in New Delhi to argue that the ‘gaze of CCTV’ is intersectionally mediated and cast upon those already marginalized. [link]

Similarly, in a three part blog series for AI Policy Exchange, Arindrajit Basu and Siddharth Sonkar explain Automated Facial Recognition Systems (AFRS) while defining key privacy related legal and policy questions underpinning the adoption of AFRS. They go on to answer these questions by interrogating the existing data privacy laws in light of the mosaic theory of privacy, noting the dangers of ‘data-veillance’ and the need to recognize necessary safeguards. [link]

Biometrics 

“The integrity of the body and the sanctity of the mind can exist on the foundation that each individual possesses an inalienable ability and right to preserve a private space in which the human personality can develop.” - Justice Chandrachud, Puttaswamy

Biometrics was central to the Puttaswamy judgment, as it was the collection of biometric data by the government to build the Aadhaar system that triggered this case, and the urgent need to commit the State to guarding residents’ fundamental right to privacy.

Following the Puttaswamy  judgement, the Supreme Court tested the Aadhaar program against the proportionality principle it had previously established, which required every privacy-infringing measure introduced by the State to be justified by the tests of  legitimate state aim, suitability, necessity, and proportional result. Shruti Trikanad explores how the test was interpreted, in comparison to similar applications for biometric identity systems in Kenya, Jamaica, and Mauritius. [link]
 
Using the principles established by the Puttaswamy judgment, Vrinda Bhandari, Shruti Trikand, and Amber Sinha created a framework to evaluate the governance and legitimacy of biometric digital identity systems. Through three kinds of checks — Rule of Law tests, Rights based tests, and Risks based tests — this scheme is a ready guide for evaluation of Digital ID. [link]

Privacy of information

“Informational privacy is a facet of the right to privacy.” - Justice Chandrachud, Puttaswamy

In the age of Big Data, the collection and analysis of personal data has tremendous economic value. However, these economic interests should not be pursued at the expense of personal privacy. Similarly, modern technology provides excessive opportunities for governments to monitor and survey the lives of citizens. Informed consent and meaningful choice while sharing information is central to the idea of informational privacy. 

Based on publicly available submissions, press statements, and other media reports, Arindrajit Basu and Amber Sinha track the political evolution of the data protection ecosystem in India, in EPW Engage. They discuss how this has, and will continue to impact legislative and policy developments. [link]

The Personal Data Protection (PDP) Bill forms an important part of the conversation about India’s informational privacy regime, and once notified, will have significant impact on the way data protection is regulated. Explore the Bill, through a privacy-by-design lens, with focus on its notice and consent communication, its visual interface design and interaction with users, and the role and accountability of design in its interpretation. This was created by Saumyaa Naidu, Akash Sheshadri, Shweta Mohandas, and Pranav MB.  [link]
 
Further, in anticipation of the PDP Bill, Shweta Reddy wrote about the minimum compliance measures that Indian organizations should take, to reduce probability of a crisis during the implementation phase, as was seen in the case of European organizations and the GDPR. [link]

Pandemic and privacy

Given the outbreak of the Covid-19 pandemic, and the eager techno-solutionism displayed by the government in adopting invasive and potentially unconstitutional technologies during these times, the principles elucidated in Puttaswamy are now more important than ever in upholding our rights. As Lord Atkin had stated in his famous dissent in the case of Liversidge v Anderson: “amid the clash of arms, the laws are not silent,” it is important to ensure that any potential solutions to the problems created by the pandemic are circumscribed by the constitution. 

In an essay for the Economic & Political Weekly (EPW), Amber Sinha, Pallavi Bedi and Aman Nair interrogate the techno-solutionist response underpinning the shifts towards the digital in the governance agenda of the Indian State in the last two decades. They focus on the government's vaccination efforts during the pandemic to ground their arguments highlighting the issues of accessibility and privacy. [link]

Writing for the Deccan Herald, Aman Nair and Pallavi Bedi note how pandemic technology infringes upon data privacy, resulting in surveillance and exclusion. They suggest that the trade-off between privacy and pandemic technologies is unjustified given India’s digital divide that makes digital-driven approaches inefficient. [link]

The practical implications of such techno-solutionism can be troubling. In this blog-post, for instance, Pallavi Bedi writes about the privacy concerns haunting the Co-Win platform noting the lack of privacy policies governing the app, lack of clarity vis-a-vis data sharing between different apps such as Co-Win and Aarogya Setu and how it would violate user consent if it is used to develop digital health IDS. [link] In another blog post, Divyank Katira compares the benefits of Digital Vaccine Certificates with regular paper-based ones while focussing on the privacy implications of their use with recommendations on how to make the technology more privacy-respecting. [link]

Moving beyond the concerns raised by the adoption of digital measures by the government, Vipul Kharbanda examines other measures, such as releasing the names of COVID positive patients, putting up notices/posters or barricades around the houses of patients. He analyzes these measures against the existing privacy jurisprudence, including that laid down by the Puttaswamy judgment [link], [link].

Finally, during this pandemic, governments across the world have employed aggressive technological measures to trace individuals and enforce quarantine, costing individuals their privacy in exchange for potential benefit to the collective public health. Mira Swaminathan and Shubhika Saluja document the lateral surveillance this had encouraged, with people keeping a close watch on their neighbours’ behaviours.  [link]
Filed under:
The views and opinions expressed on this page are those of their individual authors. Unless the opposite is explicitly stated, or unless the opposite may be reasonably inferred, CIS does not subscribe to these views and opinions which belong to their individual authors. CIS does not accept any responsibility, legal or otherwise, for the views and opinions of these individual authors. For an official statement from CIS on a particular issue, please contact us directly.