New Bill to decide on individual’s right to privacy

American jurist William J Brennan once famously remarked, “If the right to privacy means anything, it is the right of the individual to be free from unwarranted governmental intrusion.” Now the Government of India is on the verge of formulating, for the first time, a Privacy Bill that will lay down a specific framework to adjudicate an individual’s right to privacy.

The Planning Commission has constituted a small group of experts under the chairmanship of Justice A P Shah, former Chief Justice of the Delhi High Court, to identify issues relating to privacy and prepare a paper to facilitate authoring the Privacy Bill. The group will be studying the privacy laws and related bills promulgated by other countries and will also be analysing the impact of various programmes being implemented by the government, from the perspective of their impact on privacy. A detailed report with suggestions and remarks will then be handed to the Planning Commission by 31 March.

In the run-up to the formulation of a new Privacy Bill in India, an All India Privacy Symposium was held on 4 February to discuss aspects of privacy in the context of transparency, national security and internet banking. One of the most vociferous oppositions to the idea of privacy becoming an enshrined right for individuals, has come from those who believe that national security is of paramount importance. “The notion that one has to choose between privacy and national security is a false dichotomy of choice… When the judiciary adjudicates between privacy and surveillance, privacy in almost all cases loses. Especially when the word terrorism is invoked,” said Oxblood Ruffin, a member of the Cult of the Dead Cow, an information security and publishing collective. Speaking at the conference Ruffin stressed on the idea that the State shouldn’t act as a “peeping Tom” but instead respect the “sovereignty of its people.”

One of the more stark examples, in recent years, of the State clamping down on individual rights, such as the right to privacy, on the pretext of national security, is the Patriot Act in America. The Patriot Act was passed in the United States of America in the immediate aftermath of the September 2001 attacks on the twin towers, and allowed the government to scrutinise everything from “suspicious” bank accounts to wire-tapping lines of communication. Menaka Guruswamy, a lawyer at the Supreme Court of India, believes that unlike America, India does not yet have a codified view on privacy. “Pri­vacy is a vast, fragile, and an open space in the Indian justice system,” she told Tehelka.

Though India doesn’t have clearly defined laws dealing with the issue of privacy, it does have certain directives under which surveillance methods such as wire-tapping can be done. Wire-tapping, which is regulated under the Telegraph Act of 1885, saw a major overhaul in a 1996 Supreme Court judgment, which ruled that wire-taps are a "serious invasion of an individual's privacy." The Supreme Court (SC) recognised the fact that the right to privacy is an integral part of the fundamental right to life enshrined under Article 21 of the Constitution, and therefore laid down guidelines defining who can tap phones and under what circumstances. Only the Union Home Secretary, or his counterpart in the states, can issue an order for a tap, and the government is also required to show that the information sought cannot to be obtained through any other means. The SC mandated the development of a high-level committee to review the legality of each wire-tap.

“Interceptions and intrusions by the state have often gone on to help exonerate people who have been falsely accused, so I think it would be unfair to demonise wire-tapping in general. One does have to ensure though, that those who intercept exchanges do not exceed limits,” said a former chief of the Research and Analysis Wing (RAW).

Besides the dimension of privacy versus surveillance, another important aspect which comes under the scanner when privacy laws are discussed is Internet banking. Details of personal bank accounts and other highly sensitive information of individuals have been whizzing around the cyber space with the advent of E-banking. Everything from booking tickets for movies and flights, to transferring money between accounts is happening via computers, and is happening fast. This growing trend has sparked a major debate on how safe is our information on the web, and what can the government do to secure it? In May 2000, the government passed the Information Technology Act, which laid down a set of laws intended to provide a comprehensive regulatory environment for electronic commerce.

The Act also addressed computer crimes such as hacking, damage to computer source code, breach of confidentiality and viewing of pornography and created a Cyber Appellate Tribunal to oversee and adjudicate cyber crimes. However, at the same time, the legislation gave broad discretion to law enforcement authorities through several provisions, such as Section 69, allowing the interception of any information transmitted through a computer resource and mandates that users disclose encryption keys or face a jail sentence up to seven years. Section 80 of the Act allows deputy superintendents of police to conduct searches and seize suspects in public spaces without a warrant.

“Confidentiality between banker and customer is the golden rule of traditional banking, but with the coming of E-banking, banks are using confidentiality as an excuse for not putting out data that shows how vulnerable they are to cyber crimes like hacking,” said N Vijayashankar, an E-business consultant, and a front runner in raising awareness about cyber laws in India. He said, “When framing privacy laws one has to ensure that banks are mandated to disclose data on breach of Internet security. That is the only way to ensure that banks take the necessary steps to secure customer information.” Malavika Jairam, a lawyer who focuses on technology and intellectual property, believes that allowing private participation in what should essentially be a sovereign State function is a dangerous path to tread on. “Tesco, a major retail chain in England, is now into E-banking… There are numerous examples of such private banking entities sharing customer information with insurance policy firms. These details are often used as markers for the kind of premium that will be set for a person,” Jairam said.

With the current pace of technological advancements fast thinning the line between individual privacy and public content, it remains to be seen what kind of privacy laws India will frame to keep up.

The original was published by Tehelka, Malavika Jayaram, a Fellow at CIS is quoted in it.