Centre for Internet & Society

An expert group to draw the framework of a law to protect privacy of individuals has suggested that issues of personal privacy must not be used to dilute the provisions of or block information under the Right to Information Act, and used a language that almost directly contradicts the sentiments expressed by the Prime Minister in this regard just a few days ago.


This article by Amitabh Sinha was published in the Indian Express on October 19, 2012.


The group headed by Justice (retd) A P Shah has argued that the RTI Act already has provisions that protect the privacy, and such types of information are exempt from public disclosure. “When applied, the (proposed) Privacy Act should not circumscribe the Right to Information Act,” the report of the expert group, which was made public on Thursday, said.

“Section 8 of the (RTI) Act lists specific types of information that are exempted from public disclosure in order to protect privacy. In this way, privacy is the narrow exception to the Right to Information,” the report said.

Interestingly, just earlier this week, while inaugurating an annual convention of information commissioners, Prime Minister Manmohan Singh had made the opposite argument. “There is a fine balance required to be maintained between the Right to Information and the right to privacy, which stems out of the Fundamental Right to Life and Liberty,” he had said.

“The citizens’ right to know should definitely be circumscribed if disclosure of information encroaches upon someone’s personal privacy. But where to draw the line is a complicated question,” he had said.

Sibngh’s remarks had come at a time when questions were being asked about whether government money had been spent on foreign trips and medical treatment of UPA chairperson Sonia Gandhi. The government had clarified that no public money had been spent on either of the two.

The expert group under Justice Shah was constituted at the initiative of Minister of State for Planning Ashwani Kumar after an attempt by the Department of Personnel and Training (DoPT) last year to draft a privacy bill ended in a disaster. The expert group was only asked to draw up the broad contours of what a privacy law must comprise of. It has drawn from international experiences and presented nine ‘principles’ that must be accommodated in any future privacy law.

The group also recognises that the constitutional basis of privacy as “a fundamental right deriving from Article 21 of the Constitution of India”.

The report deals mainly with how the extensive collection of personal data — through government institutions like Census, NATGRID, UID, or through private agencies like banks, credit card companies or phone operators — must be stored, managed and eventually destroyed, if possible, without infringing on the privacy rights of an individual.

The report would now be referred to the DoPT which will then begin further consultation processes to make a fresh start at drafting a privacy law.

Suggestions on Tapping

The expert group has said that the system of telephone and other communication interception for security reasons has an “unclear regulatory regime that is inconsistent, non-transparent, prone to misuse, and that does not provide remedy or compensation to aggrieved individuals”. It has suggested the following:

  • All orders of interceptions must be reported to a court within 15 days, disclosing the reason for interception.
  • All interceptions must only be in force for 60 days, renewable up to a period of 180 days.
  • Reasons for interception order must be specified and recorded in writing by competent authority.
  • Records of interception must be destroyed by security agencies after six months, or nine months, and service providers must destroy records after two months, or six months.
  • All interception orders must be sent for review by a designated committee.
  • Officers to whom information relating to interception can be disclosed must be specified.
  • Intermediaries (like telephone operators) must ensure security, confidentiality and privacy of intercepted material, and must be held legally responsible for any unauthorized access or disclosure of intercepted material.

Note: The Centre for Internet & Society was part of the expert committee even though it is not explicitly mentioned here.