Chapter I

Introduction

1.1. Introduction

The rapid growth of digital technology and proliferation of the internet have
made it easier for anyone to collect, process, transmit and store information from
anywhere in the world. The rapid development of technology over the last few
decades has witnessed the emergence of several new legal and ethical issues.
Unfortunately, the law has not kept up with the pace of technological development,
leaving significant gaps in addressing many issues that arise from the use of these
technologies1.

It has always been said that technology is a doubled-edged sword. It brings

enormous benefits in term of its efficiency and productivity; however, it also gives
rise to concerns that the widespread use of technology may result in loss of privacy-
specially data privacy. Technology such as surveillance cameras, mobile phone,
satellite-based user location computation technology such as Global Position System
(GPS) smart tags, bio-matric or radio-frequency identification (RFID) were not
originally invented for invasion of privacy, but they have been used to achieve that
purpose. Valuable information such as the personal data of individuals can now be
collected, processed, and stored on a large scale at minimal costs. Individual are
increasingly concerned about the harmful consequences that may arise from the
misuse of their personal data.2

Personal data can easily be accessed from a verity of sources. The government
is also actively engaged in processing our personal data. Large volume of personal
data is collected, stored, and processed by different governmental departments for a
multitude of reasons and purposes from the moment we are born until we are dead.

1
Noriswadi Ismail and Edwin Lee Yong Cieh, et. at (eds.), Beyond Data Protection 6 (Springer,
London, 2013)
2
Ibid.

1|Page
The processing of personal data has therefore become a key activity within the private
and public sector.3

1.2. The concept of Privacy

The right to privacy was originally described as the 'right to be left alone' by
the US Judge Thomas M. Cooley in 1888.4 Shortly afterward, the concept of
privacy was further articulated and made famous by two Harvard scholars, Warren
and Brandeis, in their most celebrated and widely cited article, The Right to
Privacy.5

The learned authors at that time had already recognized that, with the
emergence of new technologies in printing press and photographs, the right to
privacy had become a form of valuable social interest, which ought to be explicitly
protected by the law.

The concept of privacy differs from one country to another. Due to the
distinct concept of privacy, it has no universal definition. Privacy has been described
as 'the interest that individuals have in sustaining a personal space, free from
interference by other people and organization.6 Professor Alan Westin argues that
privacy is 'the claim of individuals to determine for themselves, when, how and to
what extent information about themselves is communicated to others.7 Privacy can
therefore be said to involve the right to control one's personal information and the
ability to determine when and how that information should be processed and used.

The concept of privacy law can further be divided into four main facets,
namely data privacy (which concerns an individual's right and interest to control the
processing of his personal data being held by another); physical privacy (which
involves the protection of an individual from physical interference against his will);
communications and surveillance privacy (which concerns an individual's right to
have privacy protection from being monitored, be it in the form of surveillance or
interception in communications), and territorial privacy (which involves the

3
Supra note 1 at 1
4
Cooley (1888), p. 29.
5
Warren and Brandeis (1890).
6
Clark (1997).
7
Westin (1970), p. 7.

2|Page
protection of an individual from having unlawful intrusion into his or her private
space or workplace). This book is mainly concerned with the first facet i.e. data
privacy, which is also referred to as data protection/information privacy.

Different jurisdictions may view data protection differently. Data protection is

seen as a fundamental human right for individuals in Europe, while the US treats data
protection as a private and consumer protection matter. Due to the differences in their
perception towards data protection, it has been treated differently both in Europe and
the US. In Europe, comprehensive data protection laws have been drawn up to protect
their citizens' personal data. On the other hand, the US prefers a sectoral, self-
regulatory approach to data protection, where a range of statutes have been enacted to
regulate specific forms of data protection.

As the importance of data privacy has garnered national and global attention
over the past two decades, nations around the world have struggled to determine how
to best regulate the protection of sensitive personal information.

1.3. Instrument for the protections of Data Privacy

1.3.1. International Level

At the International level, there are many important legal instruments dealing
with data protection and Privacy Law were formulated, namely, the Council of
Europe‟s Convention8, and OECD Guidelines9 EU Data Protection Directive10, APEC
Privacy Framework11, European Convention on Human Rights (ECHR), European
Union Charter, Personal Data Protection Act (in various Countries). India has
globally, as a party to the Universal Declaration of Human Rights (UDHR), and the
International Covenant for Civil and Political Rights (ICCPR), acknowledged the
right to privacy as a universal human right under Article 12 of the UDHR and Article
17 of the ICCPR.

8
Council of Europe‟s Convention for the Protection of Individuals with Regard to Automatic
Processing of Personal Data 1981
9
Organisation for Economic Corporation and Development Guideline Governing the Protection of
Privacy and Tran-Border Flows of Personal Data 1980
10
European Community Directive on the Protection on the Individuals with Regards to the Processing
of Personal Data and Free Movement of Such Data
11
Asia Pacific Economic Corporation Privacy framework 2004

3|Page
1.3.2. National Level

At the National level there is no any proper law related to the Privacy and
Data Protection. In India, issue of Data Protection is dealt in the “Information
Technology Act, 2000. While Privacy issue deals with Article 21 Constitution of
India.

In the Constitution of India, Law of privacy is recognition of the individual's

right to be let alone and to have his personal space inviolate. The need for privacy and
its recognition as a right is a modern phenomenon. It is the product of an increasingly
individualistic society in which the focus has shifted from society to the individual. In
early times, the law afforded protection only against physical interference with a
person or his property. As civilization progressed, the personal, intellectual and
spiritual facets of the human personality gained recognition and the scope of the law
expanded to give protection to these needs.

Before the case of K. S. Puttaswamy and Others Vs. Union of India12 Right
to privacy is not enumerated as a fundamental right in the Constitution. Under the
constitutional law, the right to privacy is implicit in the fundamental right to life and
liberty guaranteed by Article 21 of the Constitution. This has been interpreted to
include the right to be let alone. The 'right to privacy' has been canvassed by litigants
before the higher judiciary in India by including it within the fold of two fundamental
rights: the right to freedom under Article 19 and the right to life and personal liberty
under Article 21.

Article 19(1) (a) stipulates that “all citizens shall have the right to freedom of
speech and expression”. However, this is qualified by Article 19(2) which states that
this will not “affect the operation of any existing law, or prevent the State from
making any law, in so far as such law imposes reasonable restrictions on the exercise
of the right … in the interests of the sovereignty and integrity of India, the security of
the State, friendly relations with foreign States, public order, decency or morality, or
in relation to contempt of court, defamation or incitement to an offence”. Thus, the
freedom of expression guaranteed by Article 19(1) (a) is not absolute, but a qualified

12
2017(10) SCALE 1

4|Page
right that is susceptible, under the Constitutional scheme, to being curtailed under
specified conditions.

Article 21 reads “No person shall be deprived of his life or personal liberty
except according to procedure established by law.” Article 21 only requires a
“procedure established by law” as a pre-condition for the deprivation of life and
liberty.

Recently in case of Justice K. S. Puttaswamy (Ret.) and Others Vs. Union of

India and Others13 a nine Judges bench decide that the “The Right of Privacy is a
fundamental right. It is a right which protects the inner sphere of the individual from
interference from both State, and non-State actors and allows the individuals to make
autonomous life choices”. Before the case of Justice K.S. Puttaswamy (Ret.) and
Others Vs Union of India and Others supreme court of India in case of M P Sharma
v Satish Chandra, District Magistrate, Delhi and Kharak Singh v State of Uttar
Pradesh, said that the right to privacy is not protected under the Indian constitution.

The movement towards the recognition of right to privacy in India started with
Kharak Singh vs The State of U.P.14 The question for consideration before this court
was whether 'surveillance' under Chapter XX of the U.P. Police Regulations
constituted an infringement of any of the fundamental rights guaranteed by Part III of
the Constitution. Regulation 236(b) which permitted surveillance by 'domiciliary
visits at night' was held to be violative of Article 21.

Supreme Court held that “An unauthorized intrusion into a person's home and
the disturbance caused to him thereby, is as it were the violation of a common law
right of a man an ultimate essential of ordered liberty, if not of the very concept of
civilization. In a minority judgment in this case, Justice Subba Rao held that “the right
to personal liberty takes is not only a right to be free from restrictions placed on his
movements, but also free from encroachments on his private life. It is true our
Constitution does not expressly declare a right to privacy as a fundamental right but
the said right is an essential ingredient of personal liberty.

13
2017(10) SCALE 1
14
AIR 1963 SC 1295

5|Page
 In 1972, the Supreme Court decided a case one of the first of its kind on
wiretapping. In R. M. Malkani vs State of Maharashtra15 the petitioner‟s voice had
been recorded in the course of a telephonic conversation where he was attempting
blackmail. He asserted in his Defence that his right to privacy under Article 21 had
been violated. The Supreme Court declined his plea holding that “the telephonic
conversation of an innocent citizen will be protected by courts against wrongful or
high-handed interference by tapping the conversation. The protection is not for the
guilty citizen against the efforts of the police to vindicate the law and prevent
corruption of public servants.”

Further in Govind vs. State of Madhya Pradesh16 the decision by a three-

judge bench of the Supreme Court is regarded as being a setback to the right to
privacy jurisprudence. Here, the court was evaluating the constitutional validity of
Regulations 855 and 856 of the Madhya Pradesh Police Regulation which provided
for police surveillance of habitual offenders including domiciliary visits and
picketing. The Supreme Court desisted from striking down these invasive provisions
holding that “It cannot be said that surveillance by domiciliary visit, would always be
an unreasonable restriction upon the right of privacy. It is only persons who are
suspected to be habitual criminals and those who are determined to lead criminal lives
that are subjected to surveillance.”

In the case of R. Rajagopal vs. State of Tamil Nadu17. In the case involved a
balancing of the right of privacy of citizens against the right of the press to criticize
and comment on acts and conduct of public officials. The case related to the alleged
autobiography of Auto Shankar who was convicted and sentenced to death for
committing six murders. In the autobiography, he had commented on his contact and
relations with various police officials.

Supreme Court held that “The right to privacy is implicit in the right to life
and liberty guaranteed to the citizens of this country by Article 21. It is a „right to be
let alone‟. A citizen has a right to safeguard the privacy of his own, his family,
marriage, motherhood, education among other matters. No one can publish anything

15
AIR 1973 SC 157
16
(1975)2 SCC 148
17
(1994)6 SCC 632

6|Page
concerning the above matters without his consent- whether truthful or otherwise and
whether laudatory or critical

In the case of PUCL vs. Union of India18 the court was called upon to
consider whether wiretapping was an unconstitutional infringement of a citizen‟s right
to privacy. The Supreme court held: The matter of telephone tapping reiterated that
right to privacy was part of the right to life and personal liberty enshrined in Article
21 of the constitution and included the „telephone conversation in the privacy of one‟s
home or in office as right to privacy‟. Telephone tapping would thus infract Article 21
of the Constitution unless it was permitted under the procedure stablished by law.

Finally, Supreme Court of India in case of Justice K. S. Puttaswamy (Ret.)

and Others Vs. Union of India and Others19 decided that the decision of M P
Sharma v Satish Chandra, District Magistrate, Delhi and Kharak Singh v State of
Uttar Pradesh, is over-ruled and decided that the “The right to privacy is protected as
an intrinsic part of the right to life and personal liberty under Article 21 and as a part
of the freedoms guaranteed by Part III of the Constitution”.

The Right of Privacy is a fundamental right. It is a right which protects the

inner sphere of the individual from interference from both State, and non-State actors
and allows the individuals to make autonomous life choices.

Right to privacy granted under Article 21 of the Constitution of India, our

jurisprudence, judicial pronouncements and case laws have extended it to encompass
inter alia, a life of dignity. However, there is no express statutory grant of right to
privacy and data protection.

1.4. New Approach for Data Protection in India

With the increased proliferation of technology in daily lives, it is becoming

increasingly important for us to recognize and implement a meaningful right to
privacy as also recognized by the Special Rapporteur on the Right to Privacy.

On one hand, there is significant success of Aadhaar, which is the largest

biometric database in the world, as a means to implement social welfare schemes and

18
AIR 1997 SC 568
19
2017(10) SCALE 1

7|Page
serves as a tool for financial inclusion. On the other hand, there is reasonable
apprehension as to the security of the information contained in the database and
during any information transmission as a part thereof.

The Data (Privacy and Protection) Bill, 2017 is an effort to protect the Data
Privacy of an individual person.

This Bill provides for a framework to address the issue on data protection and
protect the privacy of all persons. This Bill is Introduced in Lok Sabha in September
2017 by the SHRI BAIJAYANT PANDA. The Objective of this Bill “to codify and
safeguard the right to privacy in the digital age and constitute a Data Privacy
Authority to protect personal data and for matters connected therewith”. It intends to
provide rights of persons vis-a-vis their own information, as well as procedures for
data collection, data processing, reasonable and targeted surveillance, and means of
redress in case of breaches and violations.

In light of this Bill, while the collection and processing of data is important,
there is an overwhelming need to secure personal data and ensure better security by
creating a statutory obligation to safeguard data and individuals.

The Bill seeks to codify and safeguard the right to privacy for all juristic
persons in the digital age, balanced with the need for data protection in the interests of
national security.

The issue of data protection is important both intrinsically and instrumentally.

Intrinsically, a regime for data protection is synonymous with protection of
informational privacy. Instrumentally, a firm legal framework for data protection is
the foundation on which data driven innovation and entrepreneurship can flourish in
India. Fostering such innovation and entrepreneurship is essential if India is to lead its
citizens and the world into a digital future committed to empowerment, experiment
and equal access.

In the case of Justice K. S. Puttaswamy (Ret.) and Others Vs. Union of India
and Others20 supreme court observed that,

20
2017(10) SCALE 1

8|Page
Informational privacy is a facet of the right to privacy. The dangers to privacy in an
age of information can originate not only from the state but from non-state actors as
well. We commend to the Union Government the need to examine and put into place a
robust regime for data protection. The creation of such a regime requires a careful
and sensitive balance between individual interests and legitimate concerns of the
state.”

The Government of India has set up Committee of Experts to study various

issues relating to data protection in India, make specific suggestions on principles
underlying a data protection bill and draft such a bill. The objective is to “ensure
growth of the digital economy while keeping personal data of citizens secure and
protected.” Justice B. N. Krishna (Bellur Narayanaswamy Krishna), former judge
of the Supreme Court of India is the head of Expert Committee. The government led
Nine-member committee to identify key data protection issue in India and
recommended methods of addressing them.

Justice B.N. Krishna Committee has put out a White Paper on Data Protection
Framework for India. This White Paper has been drafted to solicit public comments
on what shape a data protection law must take. etc. In white paper seven key
principles on Data Protection proposed by the expert committee, these are,
Technology Agnostic, Holistic Application, Informed Consent, Data Minimisation,
Controller Accountability, Structured Enforcement, Deterrent Penalties.

Data protection is a big problem in India. So, it needs a specific Data Protection
Law in India for present and future generations.

1.5. Statement of the Problem

Present time, personal data is being collected and processed at a much larger
scale that is not limited to AADHAAR, every application and website we use collects
and processes our personal data. Our personal data is vulnerable to any non-State
actor, private entity around the globe with the technological know-how to access and
process this data unlawfully. Our personal data may be utilized by Non-State Actors
to target Indian citizens through cyberattacks for financial gains as well as to profile
the interests of any person.

9|Page
 Our personal data which is collect and process by the state and non-state
sector, these state and non-state sector are falsely claim that it is voluntary, requiring
to share personal data like biometric information and other information even if you do
not wish to share anyone, which creates privacy issues of the individuals in relation to
which people are unaware it is a great problem.

On the other hand, there is a big problem before judiciary to dispose off
privacy matter‟s which is related to data protection. Because there is no specific
legislation related to data protection. Judiciary dispose of the data privacy matters
through the Constitution of India, 1949, Information Technology Act, 2000, SPDI
Rule, Aadhaar Act 2016, Credit Information Companies (Regulations) Act 2005,
Indian Telegraph Act, 1885, Telecom Regulatory Authority of India act, 1997, etc.
These Acts are not sufficient for the judiciary to dispose of the data privacy matters.
So, it requires to frame a specific legislation related to the data protection for present
and future generation. So, it becomes necessary to work on these issues elaborately.

1.6. Review of Literature

I have gone through the “The personal Data Protection Bill, 2014, The Right
To Privacy Of Personal Data Bill, 2016, The Privacy (Protection) Bill, 2013, Aadhaar
(Targeted Delivery of Financial and other Subsidies, Benefits and Services) Act-2016,
The Data (Privacy And Protection) Bill, 2017, Information Technology Act, 2000 and
also studied H.M. Seervai‟s “Constitutional Law of India”, M.P. Jain‟s “Indian
Constitutional Law”, V.N. Shukla‟s “Constitution of India” Normann Witzleb and
David Lindsay “Emerging Challenge in Privacy Law”, Noriswadi Islami and Edwin
Lee Yong Cieh “Beyond Data Protection”. I also studied Articles “The Right to
Privacy in the age of Information and Communications” by Madhavi Divan, “Aadhar
Card- is it an intrusion into privacy? by Mrinal Sharma, “The Substantive Right to
Privacy: Tracing the Doctrinal Shadows of the Indian Constitution” by Abhinav
Chandrachud, “Right to Privacy in India””by Arjun Uppal and “Data Protection Laws
in India” by Vijay Pal Dalmia “Data Protection in India: The Legislation of Self-
Regulation” by Adrienne D‟Luna Directo.

10 | P a g e
1.7. Hypotheses

For the purpose of this study, the following hypotheses are formed:

1. Prospective of Data of Individual’s Privacy.

2. Disclosure of Personal Data to Intelligence / Law Enforcement Agencies

3. Authenticity and Security of Personal Information and Issues with Sharing
Information Collected by the Government and Private Agencies
4. Time Period for Maintaining Authentication Records.

5. Data of Individual and others Entities Protected by Judiciary.

1.8. Research Methodology

The research work in the present study will be doctrinal and analytical
research. For this literature from primary and secondary sources like various Acts &
Statutes, Law Commission/Committee Reports, Judgements of Supreme Court and
different High Courts, Lok Sabha & Rajya Sabha Debates, books written by various
authors and articles found in journals, Legal Periodicals, Magazines will be collected.
Further comparative, analytical, descriptive and evaluative methods to study and
analysis the provisions of Data Protection Laws with under developed and developed
countries relating to Data Privacy will be studied in a non-doctrinal method.

1.9. Objective of the study

In view of the above, the researcher, during his research work, through the
extensive study, desires to achieve the following objectives.

 To make a comparative study of Indian legal and institutional framework

available for Privacy and Data Protection and in developed countries.

 To study and resolve the issue of privacy with Special reference to Data
protection
 To analyse the legal issues and challenges which is hurdle in Privacy vis-a-vis

Data Protection

11 | P a g e
  To assess the future strategies and to suggest measures and mechanism for
implementation of privacy laws based on the findings of the study

1.10. Tentative Plan of the Study

The study will be divided into seven chapters under the following headings:

Chapter I- Introduction

Chapter II- Right to Privacy and Data Protection

(a) International Perspectives

(b) National Perspectives

Chapter III- Impact of Social Media on Data Privacy

Chapter IV- Comparative Analysis of “The Data (Privacy and Protection) Bill, 2017”
and “The Personal Data Protection Bill, 2018”

Chapter V- Judicial Travelling on the Issue of Privacy and Data Protection

Chapter VI- Reporting Research Findings

Chapter VII- Concluding Remarks

Conclusion

Suggestions

12 | P a g e