In the landmark case of Roe vs Wade (1973), in the US Supreme Court, on the issue of abortion, Justice Blackmun beautifully spelt out the roots of privacy: “In varying contexts, the court or individual justices have, indeed, found at least the roots of that right in the First Amendment; in the penumbras of the Bill of Rights; in the Ninth Amendment; or in the concept of liberty guaranteed by the first section of the Fourteenth Amendment.”
This theory of “penumbra of rights”, that is, rights that are not necessarily enumerated in the written Constitution but flow from guaranteed rights, has been accepted by the Supreme Court of India. It is under this theory that the right to livelihood was recognised as a fundamental right in Olga Tellis vs Bombay Municipal Corporation (1985). Several other such rights have been recognised — the right to clean air, to clean drinking water, all under the right to protection of life and personal liberty as guaranteed by Article 21. This law is binding on the lawmakers and the country as a whole.
It was, perhaps, in recognition of this that the attorney-general said before the Supreme Court, when dealing with the issue of ban on porn, that the government has no intention of getting into people’s bedrooms! The issue, therefore, seemed to be Aadhar and not the right to privacy as such with the government.
In R. Rajagopal alias R.R. Gopal and Another vs State of Tamil Nadu and Others (1994), international law and decisions were respected and it was enun-ciated that “right to privacy has acquired a constitutional status.” The Supreme Court in NALSA vs Union of India (2014), held that the “value of privacy is a fundamental right under Article 19(1)(a) of the Constitution of India and the state is bound to protect and recognise that right.”
In fact, the right to privacy is so fundamental that Section 8(1)(j) in the Right to Information Act, 2005, states that there is no obligation to give any citizen “information which relates to personal information, the disclosure of which has not relationship to any public activity or interest, or which would cause unwarranted invasion of the privacy of the individual unless the central public information officer or the state public information officer or the appellate authority, as the case may be, is satisfied that the larger public interest justifies the disclosure of such information.”
That being said, there are still many reasons as to why we need a law in privacy. The petitioners in the challenge to the Aadhar scheme argue that the compulsion associated with getting an Aadhar card violates the right to privacy, as there is no guarantee that the data collected will not be used for any other purpose. Moreover, there is no law authorising the collection of the biometric data. The disclosures made by Edward Snowden now indicate that data held by private authorities in confidence often finds its way into government hands and vice versa. The 21st century, through its miracles of technology, has turned our states into Big Brother States. Nothing can remain unknown or unknowable.
The more we link social welfare and other benefits, such as the digital locker to the Aadhar card, the more we make ourselves sus-ceptible to invasion of our privacy. In a country where we see racial and ethnic profiling on almost every issue, this is a dangerous development. It is significant to note that in 2012, a committee under Delhi high court judge A.P. Shah was constituted by the UPA government to suggest a framework for the right to privacy law and a data protection law in view of DNA Profiling Bill of 2007 and introduction of biometric based Aadhar number for each resident. The committee proposed a strong “right to privacy law” to protect citizen rights before such a legislation came into force.
DNA Profiling Bill, 2015, has been severely criticised on the grounds of violation of privacy, liberty and autonomy. This bill covers not just convicts but also suspects and undertrials. It provides for collecting samples from intimate body parts and taking photographs or videos of these parts. Moreover, DNA Bank and DNA Board will be empowered to authorise use of DNA data for non-forensic purposes, like creation of “population statistics databank” for “identification research”. It has no option of right to refuse, thus rendering everyone in its domain devoid of their right to make an informed choice.
Many countries have secured their citizens from violation of their right to privacy. European Parlia-ment and Council’s direc-tive of October 24, 1995, on the protection of individuals with regard to the processing of personal data and on the free movement of such data within EU sets strict limits on the collection and use of personal data and demands that each member state set up an independent national body responsible for the supervision of any activity linked to the processing of personal data. Moreover, data processing is only lawful if the data subject has unambiguously given his/her consent; or it’s acquired under authority of law, under defined circumstances.
In the UK, the Human Rights Act, 1998, incorporated the European Convention on Human Rights into law. Article 8(1) of the convention provides that “everyone has the right to respect for his private and family life, his home and his correspondence.” Data Protection Act, 1998, was also enacted and implemented to meet the requirements of the EU’s directive.
In the US, the Privacy Act of 1974 provides safeguards against invasion of personal privacy through the misuse of records by federal agencies. The act guarantees the right to see records about oneself, subject to Privacy Act exemptions; the right to request the amendment of records that are not accurate, relevant, timely or complete; and the right of individuals to be protected against unwarranted invasion of their privacy resulting from the collection, maintenance, use, and disclosure of personal information.
The stark contrast between India and other nations could not be clearer. All data collection must halt until a law on the protection of data and on privacy generally is passed by Parliament. As Mr Snowden’s disclosures have shown, the existence of a law is no guarantee that privacy will not be violated, or that data will be protected by those who hold it, whether it’s the government or Internet service providers. Ultima-tely the conscious citizen and the whistleblower are the only guarantees of privacy.
The writer is founder of the Lawyers’ Collective and former Additional Solicitor General of India