Sun. Dec 8th, 2024

New Delhi [India], November 26: This article is a tribute to Justice K S Puttaswamy, former Karnataka High Court judge and the lead petitioner in the seminal ‘right to privacy case’,  who is responsible for recognising privacy as a fundamental right in India passed away on 28-10-2024 at the age of 98. Being a professor of law, I am teaching cyber laws, which is also known as information technology law, responsible for the regulation of activities in the cyber world.

Constitutional

With the advent of various types of technology and the availability of such technology at a lesser cost, every human being around the world has fallen into the trap of using technology in day-to-day life. From ordering food online to shopping for clothes, books and other necessary items, booking tickets, appointments with doctors, etc., to digital payments, every aspect of one’s life has become dependent on technology. To put it simply, life has become dependent on two essential things: a smartphone and internet access. However, it is important to note that the success of such technology is inter-alia dependent on the availability of data/information that it collects and collects for it. Thereby, data has definitely become the ‘new oil’ since the availability of data, processing it and utilising it in formulating a perfect algorithm for technology has become very expensive for companies providing digital services. It has opened a Pandora’s Box of issues to discuss and worry about misuse. A few very important aspects for us to understand are our rights over our data, how the law protects our rights, and what companies should do to safeguard our rights.

The debates about privacy almost always revolve around new technology, ranging from genetics and the extensive study of bio-markers, brain imaging, drones, wearable sensors and sensor networks, social media, smartphones, and closed-circuit television to government cybersecurity programs, direct marketing, RFID tags, Big Data, head-mounted displays and search engines. There are basically two reactions to the flood of new technology and its impact on personal information and privacy: the first reaction, held by many people in the IT industry and in R&D, is that we have zero privacy in the digital age and that there is no way we can protect it, so we should get used to the new world and get over it. The other reaction is that our privacy is more important than ever and that we can and we must attempt to protect it.

According to me Privacy as a positive obligation, for the performative, denudes the very idea of individual autonomy, which the right to privacy seeks to secure and nurture. Privacy is also envisaged as a positive condition if the State is in a position to determine and differentiate between good and bad privacy. Good privacy would relate to cases in which the State can suitably establish that there is the absence of public harm, and bad privacy would be determined when it results in public harm. However, arguably, the trouble with anointing the State with authority to make this determination is that it may result in, first, the rapid expansion of the category of activities which result in public harm (including gauging the potential impact of activities) and second, it would also provide the State with a justification for authoritatively determining for what purpose good privacy should be used. This indeed would, in effect, turn the citizenry into subjects.

India has one of the fastest-growing markets in terms of internet access and connectivity in the world. This expansion has been primarily led by the growth in mobile telephony. The mobile telephony market has been fiercely competitive, with new players like Jio Telecom entering the market, thereby further driving down prices in an already highly price-sensitive market. Nevertheless, internet penetration still continues to be limited to not more than 35% of the Indian population. This is an important figure to keep in mind while discussing the issue of privacy on the internet in the context of India. Often, discussions of privacy in India and the lack of protection thereof are assailed by charges of elitism and privilege, but as our discussion will show, this is a fig leaf because privacy is not just a public policy issue for those Indians who have access to the internet but should be of concern for everybody else as well. This is because the use of the Internet to access public and private services has expanded rapidly through the Digital India project and the perverse incentives created by the official use of private services to address all forms of public outreach, including grievance redressal.

In January 2017, the Government of Puducherry, a Union Territory, issued an administrative order mandating as follows: “Hon’ble Chief Minister, Puducherry has noted that many Officers are using digital mode and social media such as Facebook, WhatsApp, Twitter, etc., for official communication. The servers of these multinational companies are based outside the country. Therefore, any foreign country can get these official communications and documents uploaded therein. This is a violation of the Official Secrets Act and also against the guidelines issued by the Ministry of Information Technology, Government of India, New Delhi. Hon’ble Chief Minister has directed that all Government Officers/officials and employees of Societies/Organisations run by the Government shall desist from the use of such social media for official works. No group shall be formed for official communication, and they should not be members of any official group run on such social media nor interact with seniors bypassing the administrative hierarchy and routine official channels. Strict compliance should be ensured by all concerned, and violation, if any, of these instructions brought to notice shall invite disciplinary action and further penal action as per rules in force.” This order was thereafter cancelled by the Lieutenant Governor of Puducherry, Kiran Bedi, as it was in contravention of relevant guidelines, rules and policies.

Given its constitutional primacy, this would entail the right to privacy being given the status of a non-derogable and non-alienable fundamental right. This would imply that under no circumstances can this right be taken away by the State or other non-state actors, even in case of extreme circumstances like a national emergency. Further, certain core aspects of the right to privacy cannot be shared even if the individual so wishes. This is akin to the way the fundamental right to life and personal liberty under Article 21 of the Constitution is conceptualised as disallowing the right to commit suicide. The doctrine of non-waiver of fundamental rights is an established constitutional norm that would support such a conceptualisation.

If privacy takings are of the nature that causes not only extreme individual deprivation but also cumulatively leads to constitutional harm, it is imperative to enlarge the referential canvas to better appreciate their constitutional impact. Constitutional morality as a conceptual idea may provide us with a more enriched canvas to review current developments. Simply put, the idea of constitutional morality refers to certain fundamental values embedded in the Constitution that require protection vis-à-vis state action and inaction. Further, Constitutional morality also requires that every public official, as well as private citizens, uphold these constitutional values through their actions.

What are these fundamental values? These values are both which are expressly enumerated, for instance, the fundamental right guaranteeing life and personal liberty or democracy (provided in the Preamble to the Constitution) and unremunerated but which can be interpreted from the Constitution, such as federalism which has been identified as part of the basic structure doctrine. Securing the dignity of the individual is one of fundamental values expressly enumerated in the Preamble to the Constitution of India. The right to privacy received explicit recognition by the Supreme Court as a fundamental right under the Constitution of India in K.S. Puttaswamy v. Union of India.  It is important to note the constitutional implications of this recognition.

This was first applied to review a claim that the Aadhaar project was violative of the newly recognised right to privacy. The Court upheld the Aadhaar project, which was subject to specific conditions, including the establishment of an effective data protection regime. In its decision, it was held that the ‘legitimate state interest’ standard rather than a ‘compelling state interest’ standard. The Court found that the measure, namely Aadhaar, passed the legitimate State interest test because the measure was proportional.

Interestingly, at the necessity stage, the Court found that there was a lack of an alternative measure that would be equally effective but with a lesser degree of restrictiveness. This begs the question of whom should bear the burden of justifying the search for alternative measures and defending the lack of alternatives. Clearly, the state is proposing the measure. What is confounding is that the Court faulted the petitioner’s failure to suggest alternative measures. On the question of balancing two competing rights, the Court acknowledged that social entitlements are constitutionally protected and ensure a right to live life with dignity. The right to privacy also protects individual dignity.

It finds that the measure is reasonable as it balances these two aspects of dignity since information collected at the time of authentication is minimal. This is a specious and circular argument. The challenge is not against the provisioning of social welfare benefits. The mechanism of delivering those benefits, i.e. Aadhaar, is privacy-intrusive, to say the least. Moreover, the Court is completely aware of its framing this as a facile trade-off since it states that “we are by no means, accepting that when dignity in the form of economic welfare is given, the State is entitled to rob the person of liberty. That can never be allowed. We are concerned with the balancing of the two facets of dignity.” This requirement of balancing would not have arisen in the first place if the measure in question was not Aadhaar, which requires the sacrifice of privacy by citizens in order to access their constitutionally protected social entitlements. In effect, coercing citizens to choose between binaries fundamentally reduces social entitlements to privileges and citizens themselves to subjecthood.

Here, it would also be appropriate to discuss Justice Chandrachud’s dissent on the application of the proportionality principle. He found that the cases cited to justify Aadhaar were inapplicable since those cases related to national security and prevention of crime. He held that the collection of demographic and biometric information in the Aadhaar project effectively justified the treatment of all citizens as criminals without making a distinction for those indulging in identity fraud and, therefore, infringed upon the justifiable expectations of privacy of ordinary citizens. Thus, he held Aadhaar to be disproportionate to the objective sought to be achieved by the State.

The Aadhaar judgement of the Court reflects its failure to appreciate the current reality of how information is collected, stored and shared and also the inability of individuals to assess and negotiate singular actions of information sharing and differentiating them from the cascading effects of information merging and the potential harms which may result from the abuse of such data convergence. This failure is also more problematically reflected in the continued emphasis on individual consent as the fundamental principle for allowing for privacy intrusions, when, in fact, individuals have little knowledge, information or agency in negotiating such acts of sharing of privacy.

The right to privacy is an emanation of an individual’s right to self-determination. The role of the State in delaying the provisioning of a robust data protection framework for ensuring this right in the digital space should be suspect, especially given that it is an “interested party” in increasingly using the internet and, specifically, private intermediaries for a range of public functions. The Right to Privacy judgement located the philosophical basis of the right to privacy as an inalienable natural right that seeks to protect the dignity and autonomy of the individual.

This is one of the fundamental values on which India, as a constitutional republic, was founded. Privacy takings and privacy intrusions both significantly undermine the autonomy of the individual and the right to self-determination. In the internet era, privacy takings and intrusions are manifestly more insidious and multiple. It is imperative, therefore, to develop an understanding of these infractions and to examine them in light of constitutional morality. Perhaps the idea of not only personal harm but also potential constitutional harm to the republic should be developed to better appreciate the cumulative implications of these developments. In the final analysis, we need to look at the internet as allowing for a collective range of relationships that mutually reinforce each other.

In such a context, a pursuance of narrow legalistic analysis of constitutional provisions and assessment of actions which may potentially violate such provisions are of limited utility. Constitutional theory and jurisprudence are also a rich source of fundamental political values, which I refer to as constitutional morality. Contemporary developments like the rapid intrusion of the internet into the public and the private life of the Indian citizen can undermine constitutional morality in terms of fundamentally altering the relationships between the citizen and the state and between citizens inter se. It may lead to a greatly unequal public sphere and fundamentally compromise the individual right to self-determination and autonomy of choice, which privacy seeks to protect and nurture.

The idea of constitutional morality refers to the fundamental values that are explicitly mentioned in the preamble to the Constitution. It is also necessary to examine the Constituent Assembly debates to provide us with an insight into the context in which such fundamental values were sought to be protected through the guarantee of fundamental rights and the administrative structures that govern the institutional functioning of the constitutional authorities which were tasked with the safeguarding of those values.

An imagination of constitutional morality should permeate the actions of all constitutional functionaries, including the executive. This will also allow for self-evaluation by the executive in undertaking legislative measures such as Aadhaar, which are essentially in the nature of a privacy taking, or to aggressively intervene in safeguarding privacy takings and intrusions by non-state actors. The idea of constitutional morality provides us with the imaginative and legal space to examine current practices on the internet in reclaiming the debate in terms of fundamental values.

Our inability or unwillingness to respond to the challenges posed by the rapid penetration of the internet and that of big data would reduce citizens to nothing more than the crocodiles in Alipore Zoo, whose privacy is a privilege granted only when it is deemed to be productive by others (be it the executive or by commercial enterprises in search of good quality ‘data’ to design models for artificial intelligence).

With approximately 500 million active internet users in India, the points discussed are crucial to understand and deliberate upon. Companies have to take into account the prospective law being legislated in India and be future ready to protect the interests of data protection. It is important to balance between the need for technology and the fundamental concept of privacy. As the technology grows leaps and bounds, the privacy law also has to be dynamic and meet the need of the hour.

About the author:

Prof. P. Sree Sudha is the Dean of the SRM School of Law at SRM Institute of Science and Technology. Visit SRM School of Law at https://www.srmist.edu.in/college/college-of-law/