The conception of privacy as intrinsic to the individual and society has evolved over the years. Various international organisations and scholars have defined it in different ways – some emphasizing upon its social value and others on its imperativeness to the development of individual personality. In general, at the macro level, it necessitates non-interference by the State into certain aspects of the lives of its citizens. At the micro level, it protects the individual’s right to be left alone in certain aspects of life and secures against interference from other individuals. The Universal Declaration of Human Rights (UDHR) adopted by the United Nations General Assembly on December 10, 1948, and the International Covenant on Civil and Political Rights (ICCPR) adopted in 1966 – bastions securing the individual rights of all individuals everywhere – do not specifically mention the right to privacy. However, developing jurisprudence has interpreted Article 12 of the UDHR and Article 17 of the ICCPR– providing individuals legal protections against “arbitrary interference with their privacy, family, home or correspondence” and attacks upon their “honour and reputation” – as granting this right. India signed and ratified the ICCPR on April 10, 1979, without reservation.
The concept has always been contentious. As human communities settled and proliferated, as the spaces occupied collectively occupied by groups – public – evolved, so did those spheres where individuals sought to be left alone – private. Across the international communities, where ideas of collectivity and personhood grew entwined with law, morality, and social perceptions, notions of privacy were complicated. These controversies have become more acute in contemporary times as privacy has had to be reconciled with the imperatives of national security. Governments have begun to engage in mass (even global) surveillance gathering to protect against and prevent threats like terrorism, which has generated serious concerns about whether the right to privacy may coexist with the increasing technological capabilities of private and national intelligence-gathering organisations, or whether it must be forfeited as components of the social contract to augment defences against increasingly transnational threats. These contentions about individuals being compelled to forsake their rights to privacy to remain functional in an increasingly interconnected world also become relevant in conversations about the internet and mega-companies like Amazon, Apple, Meta, Google, Microsoft, and Yahoo that utilise and accumulate personal data. On the one hand, there is the argument of convenience, that as these companies gather more information about users, they can increasingly tailor their online experience. On the other, however, the lacunae in regulation infrastructure and transparency obligations have fomented issues like the Facebook–Cambridge Analytica data scandal, which has brought into focus the psychographic capacity of such companies to use personal data to influence politics, economies, and social interactions without obvious repercussions. Individuals have adapted to stomach multifarious invasions into their privacy – for national security or convenience– but have found the willingness of private companies to exploit their personal data for profit while also insidiously influencing their worldviews leading to real social change, as deeply intolerable to their personal autonomy. Therefore, concerns about the infringement of privacy have become entangled with those about the uncontrollable mechanisation of all social interactions. There have been efforts to transform the right to privacy from an individual entitlement to a fundamental human right, whose social value is essential to the functioning of all democratic societies. These efforts attempt to frame the right to privacy as aiding the stability and perpetuation of the democratic State because it allows freedom of conscience and diversity of thought – as individuals feel free to express their views protected from intrusion – and guarantees democratic participation, thereby allowing the formulation of better and more effective policies.
The purpose of this article is to understand privacy as an emerging issue in contemporary Indian society through an analysis of its evolution. It is divided into two parts. In Part I, it will first summarise the legislative and judicial precedents set by the courts after Independence. Second, it will examine the Aadhar controversy leading to the confirmation of the right to privacy as a Fundamental Right under the Constitution. In Part II, it will explore the related developments of the Srikrishna Committee Report and the Personal Data Protection Bill. Finally, it will explore the recent controversies related to the Pegasus project revelations.
Legislative and Judicial Precedents
Though the right to privacy was not specifically included amongst the Fundamental Rights guaranteed by the Constitution, an analysis of the Constituent Assembly debates displays how members like KM Munshi, Harman Singh, and BR Ambedkar strongly promoted the inclusion of the right to privacy as a Fundamental Right. Indeed, when this perspective was opposed by BN Rau, AK Ayyar, MK Panikkar, and Alladi Krishnaswami Ayyar on the grounds that it would equate private or civil communications to national papers, harassing civil litigation (and the use of documents as essential evidence) and police investigation, BR Ambedkar’s draft of the State and Minority Report famously advocated that “the right of the people to be secure in their persons, house, papers and effects against unreasonable searches and seizures shall not be violated and no warrants shall issue but upon probable cause, supported by oath of affirmation and particularly describing the place to be searched and the persons or things to be seized.” Eventually, however, the proposed amendments could not gather adequate support, and the right to privacy was excluded from the specified Fundamental Rights. Nevertheless, the debates surrounding the issue and Ambedkar’s passionate support of it ingrained the importance of this right into judicial consciousness, and eventually, the Supreme Court broadly interpreted Article 21 – the Fundamental Right to life and personal liberty – to secure the right to privacy to all citizens.
For many years, the primary attempt was to establish a framework to protect individual privacy from government surveillance. The first important case in this regard is Kharak Singh vs State of Uttar Pradesh (1962), where a seven-judge bench of the Supreme Court analysed whether Regulation 236 of the Uttar Pradesh Police Regulations – allowing the police to conduct domiciliary visits and surveillance of individuals with criminal records – was violative of the ‘personal liberty’ guaranteed under Article 21. Though the Court held that the right to privacy was not guaranteed as a Fundamental Right and thus surveillance of an individual’s movements would not be unconstitutional, there was also an early recognition of privacy as an “essential ingredient of personal liberty” by Justice Subba Rao. In the case of Govind vs State of Madhya Pradesh (1975), the petitioner challenged the constitutional validity of the Madhya Pradesh Police Regulations Act, 1961. Though the complaint was like that of Kharak Singh’s, the Supreme Court assumed a wider approach to the right to privacy, with Justice Mathew confirming that the freedoms and rights provided to the individual through the Constitution secure them and their personality from “official interference except where a reasonable basis for intrusion exists.” The Court did specify, however, that in the absence of legislative enactment and the doctrine of casus omissus, the right to privacy would have to evolve through case-by-case judgements to comprehend its scope and exceptions. The verdict of Maneka Gandhi vs Union of India (1978) attempted the widest interpretation of Article 21, setting the groundwork for the right to privacy to be incorporated under it and therefore be granted the protections accompanying Fundamental Rights. It also established the concept of the ‘due process of law’ accompanying the procedure established by law – requiring that legislations intruding upon personal liberty must satisfy the “triple test” of prescribing a procedure, which must withstand the Fundamental Rights guaranteed under Article 19 and Article 14. The Supreme Court, in of R Rajagopal vs State of Tamil Nadu (1994), enunciated the right to privacy against private actions and delineated its scope and limitations. It referenced British and American jurisprudence to determine that the right to privacy – of the person and information about their family, marriage, procreation, motherhood, childbearing, and education – was “implicit in the right to life and liberty” guaranteed to all citizens and that this right must be balanced against the freedom of press or publication. It also established the right as actionable or justiciable, thus strengthening its scope. The case of People’s Union for Civil Liberties vs Union of India (1996) had perhaps the widest implications on the development of the right to privacy. The Supreme Court deliberated whether the State’s interception of telephone calls was violative of Article 21, eventually determining that though the right to privacy may be “too broad or moralistic” to define judicially, the privacy of telephonic conversations were certainly components of it. It necessitated that telephone-tapping could only occur through the procedure established by law and only through orders issued by Home Secretaries – which would be reviewed every two months by a committee established for the purpose. In District Registrar and Collector, Hyderabad vs Canara Bank and another (2004), the Supreme Court established that any intrusions into the personal liberty of a citizen (here, the privacy of financial records) would have to withstand the tests of reasonableness enshrined under Articles 14, 19, and 21 of the Constitution and that privacy was embedded within the individual citizen and their autonomy. Consequently, in 2007, the central government instituted Rule 419A of the Indian Telegraph Rules, 1951, amending it to strengthen protections against phone-tapping or interception of any message or class of messages by the government and ensuring that personal citizen data is not made easily available across government departments. It mandated that such surveillance may only be allowed by an order made by the Secretary to the Government of India in the Ministry of Home Affairs in the case of Government of India, and by the Secretary to the State Government in-charge of the Home Department in the case of a State Government, except in emergent cases where the obtaining of prior directions for interception is operationally unfeasible. In this event, the order may be issued by an officer, not below the rank of Joint Secretary to the Government of India – duly authorized by the Union Home Secretary or the State Home Secretary – with prior approval from the Head or second-in-command officer of the designated law-enforcement agencies and must be confirmed by the concerned competent authority within seven working days, failing which, interception would be halted. It also mandated the maintenance of written records about the details of interception, requisitioning security agencies, nodal officers, and service providers in “extreme secrecy”, which must be destroyed every six months unless required for functional imperatives.
The Aadhar controversy and related developments
The Aadhaar (Targeted Delivery of Financial and Other Subsidies, Benefits and Services) Act was passed in 2016, introducing a scheme that allowed the government to collect personal details and biometrics aimed at identifying beneficiaries for State welfare programmes. It garnered considerable controversy, however, because the government began to mandate the linking of a wide variety of personal data – PAN, tax returns, bank accounts, and mobile numbers – with the Aadhar card, leading to several petitions to the Supreme Court, challenging mandatory Aadhar enrolment as the means to a “totalitarian State” easing personal data leakage. The government reasoned that the right to privacy of an “elite few” was less important than the right of “the masses to lead a dignified life in a developing country.” It also declared that informational privacy was submissive to State interests and that the Aadhar scheme would help reduce corruption in public distribution, money-laundering, and terror funding. Wrought by controversies regarding whether the right to privacy is a Fundamental Right, a five-judge bench of the Supreme Court referred the question to a nine-judge bench, led by Chief Justice of India JS Khehar – discussing for the first time, the constitutional guarantees (if any) to the privacy of citizens.
However, controversies regarding the Aadhar scheme preceded the passing of the Act. After the central government established the Unique Identification Authority of India (UIDAI) in 2009 as a framework for the eventual issuance of Aadhar cards to citizens, retired Justice KS Puttaswamy filed a writ petition in the Supreme Court challenging the constitutionality of the Aadhar scheme, potentially violating Article 21 – and the contained right to privacy, and Article 14. After the Aadhar scheme was introduced, he also raised the alarm over the government’s ability to utilise biometric data collected for any purposes. In Justice KS Puttaswamy (Retd) vs Union of India (2017), the Supreme Court upheld the validity of the Aadhar Act, mandating registration to avail government welfare schemes and file income tax returns, but also declared that Aadhar details could not be sought by schools or private companies – striking down Section 57 as unconstitutional – or be required to appear for UGC, NEET, or CBSE examinations. Though various sections of the Aadhar Act were upheld, the very fact that governmental action was constitutionally challenged as infringing specifically upon the right to privacy ensured that it had secured clear judicial acknowledgement. The Puttaswamy verdict explicitly overruled the preceding judgements of the Supreme Court in the cases of Kharak Singh vs State of Uttar Pradesh and MP Sharma vs Union of India (1954). It is recognised as the Right to Privacy verdict because the Supreme Court, for the first time, held that this right was guaranteed under Part III of the Constitution as a Fundamental Right, protected under Articles 14, 19, and 21. The Court determined that similar to other Fundamental Rights, laws infringing upon the right to privacy must satisfy the three-pronged test of due process – it should be based on an existing law, be necessary for a legitimate State objective, and be proportional, or possess a rational nexus between the object of infringement and the means adopted to achieve that object. It also emphatically recognised recognized various data protection principles – data minimization (restricting collection of data to data necessary for stated objects or purpose), purpose limitation (limiting the scope of purpose and using the data only for such purpose), data retention (retaining the data only for a limited period necessary for the purpose) and data security – is essential to determine whether the provisions of particular legislation (including the Aadhaar Act) was in conformance with an individual’s right to privacy. This recognition of the right to privacy also paved the path for the eventual decriminalisation of homosexuality in India on September 6, 2018, through the case of Navjet Singh Johar vs Union of India. In a progressive development that earned India international commendation, the Court unanimously struck down Section 377 of the IPC as unconstitutional, reasoning that discrimination based on sexual orientation was violative of the right to equality, criminalisation of consensual sex between adults in private was violative of the right to privacy, and sexual orientation was inherent to self-identity, and its denial would be violative of the right to life. The Puttaswamy judgement was also referred to in Vinit Kumar vs Central Bureau of Investigation (2019), where the Bombay High Court struck down the Union Home Ministry’s orders intercepting Kumar’s communications, stating that there was no lawful justification for them and that they did not follow the legislative requirements and procedure under Section 5(2) and Rule 419A of the Telegraph Act.
- Bergman, R., & Mazzetti, M. (2022, January 28). The Battle for the World’s Most Powerful Cyberweapon. The New York Times.
- BL Mumbai Bureau . (2022, February 24). Data protection bill: Parliamentary panel’s proposals could hit India’s tech leadership aspirations, says Internet body. Business Line.
- Dhavate, N., & Mohapatra, R. (2022). A look at proposed changes to India’s (Personal) Data Protection Bill. Portsmouth: The International Association of Privacy Professionals. Retrieved from The International Association of Privacy Professionals.
- Haidar, S., & Singh, V. (2022, February 2). ‘Indian intelligence service’ bought Pegasus from Israel, coordinated with Mossad: NYT reporter. The Hindu.
- Pegg, D., & Cutler, S. (2021, July 18). What is Pegasus spyware and how does it hack phones? The Guardian.
- Press Trust of India. (2021, October 27). Pegasus spyware case: SC appoints 3-member committee to inquire into alleged snooping controversy. The Times of India.
- Rajagopal, K. (2017, July 29). The lowdown on the right to privacy. The Hindu.
- Rajagopal, K. (2021, October 27). Pegasus case | No absolute power for state to snoop into ‘sacred private space’ of individuals, says Supreme Court. The Hindu.
- Sircar, S., & Sachdev, V. (2018, July 27). Key Highlights From Srikrishna Committee Report on Data Protection. The Quint.
- Srivas, A., & Agarwal, K. (2021, July 18). Snoop List Has 40 Indian Journalists, Forensic Tests Confirm Presence of Pegasus Spyware on Some. The Wire.
- Tarafder, A., & Basu, A. (2017, August 25). For the Many and the Few: What a Fundamental Right to Privacy Means for India. The Wire.
- Thapa, S. (2021). The Evolution of Right to Privacy in India. International Journal of Humanities and Social Science Invention, 53-58.