THE IMPERATIVE OF DATA PRIVACY: ADDRESSING  CHALLENGES IN THE DIGITAL ERA

The value of connection through smartphones, computers, and tablets now is growing daily.  Personal data is being collected, stored, and used more as a result of the rising use of these  products. This has raised several issues related to data privacy, privacy rights, and data  protection. 

People unintentionally give their personal information to businesses, governments, and other  organisations, leading to privacy invasion. Each company or organisation, regardless of size,  should place a high priority on data protection and privacy. This objective ought to be  accomplished, but it isn’t since data collection from consumers is the core and most important  part of every corporate activity. Data are a crucial organisational asset given the importance  and ongoing growth of the digital economy but it cannot be used as an excuse to collect data  from users without their permission and without them knowing anything about it. Article 21 of the Indian Constitution states: “No person shall be deprived of his life or  personal liberty except according to procedure established by law”. The primary goal of this  fundamental right is to prohibit interference with personal freedom and the deprivation of life  unless done so in accordance with legal procedure. ‘Protection of the right to privacy,  property, and data’ is not specifically mentioned in the article but is incorporated and  construed by the Supreme Court under ‘personal liberty’. The right to privacy is a complex  idea that is not clear-cut and easy. It covers a range of aspects of a person’s private life as  well as the security of their information. 

ASSESSING THE CONCEPT OF PRIVACY IN INDIA AND THE  MANNERS IN WHICH IT IS VIOLATED 

It might be challenging to understand privacy and the right to privacy since they can be used  in many different ways. Although privacy has been acknowledged by the law and by  common understanding, different legal systems nevertheless place varying amounts of  emphasis on different areas, resulting in privacy practices that may differ from one another.  The definition of privacy is a neutral interaction between people or groups, or between people  and groups. It may also be a value, a cultural state, or a condition that is aimed at an individual on the path to collective self-realization, depending on the culture. The term  “privacy” refers to the right to regulate the gathering, utilisation, and disclosure of one’s  personal information. Many organisations, including the government, breach this right in  various ways. 

❖ Tapping of Telephones and Privacy 

Technologies are having a harmful impact on people’s privacy. The Indian Post Office  Act’s Section 5(2) and the Indian Telegraph Act’s Section 26(1) both grant the  national government and state governments the authority to intercept postal and  telegraphic communications in the event of a public emergency for the sake of public  safety. 

The fundamental question in R.M. Malkani v. State of Maharashtra was whether the  taped discussion may be used as evidence despite being in violation of the Telegraph  Act. According to the ruling, the court will not stand by while measures for a citizen’s  safety are jeopardised by allowing the police to act in an illegal or irregular manner. In the case of the State of Maharashtra v. Bharat Shanti Lai Shah, the Supreme Court  ruled that while conversation interception violates a person’s right to privacy, it may  be limited in line with legally acceptable procedures. The court must understand that  the process must be fair, just, and reasonable, rather than capricious, fantastical, or  oppressive. 

❖ E-Media, Press and Privacy 

The Supreme Court ruled in R. Rajagopal v. State of Tamil Nadu that the petitioners,  even without Auto Shankar’s approval or authorization, had the right to publish what  they describe as their life narrative or autobiography as long as it can be inferred from the public records. However, they could be violating his right to privacy if they go  further and disclose his life narrative. It is necessary to disclose information on the  most recent crimes and the way justice is being administered, but when do we  recognise that the line between releasing information and breaching someone’s privacy is being blurred? Theoretically, for anything to constitute an invasion of  privacy, it must be private information that is not in the public interest and that would  be “highly offensive to a reasonable person” if it were disclosed. By taking into  account elements including the societal worth of the given information, the level of  intrusion into personal affairs, and the extent to which the subject is already in the  public eye, electronic media and the press occasionally violate the idea of privacy.

In the Deconstruction of Public & Private Properties v. State of A.P. case, the  Supreme Court further ruled that media outlets should base their reporting on the  principles of objectivity and impartiality, ensuring neutrality, responsible reporting of  sensitive issues, particularly crime, violence, agitations, and protests, sensitivity in  reporting women and children, and matters relating to national security. It also ruled  that privacy should be respected. 

❖ Health and Privacy 

Modern technology has made it possible to record information about a person’s health  through the use of smartphone applications, health monitoring apps, smartwatches,  and many more devices. Many people believe that health-related information is  extremely sensitive. Doctors are forbidden from sharing any patient information  without getting permission, as is the case in hospitals and private practices because  doing so might endanger or negatively influence other people’s lives. Electronic  health record (EHR) data are typically sold to other businesses so that they can utilise  it for their own purposes.¹

These are some of the situations when technical breakthroughs have violated people’s  privacy. The majority of human labour has been digitised, with the majority of information  being exchanged online, potential of States and commercial actors for bulk data collecting,  decryption, and surveillance has also expanded due to the quick development of technology, which again directly impacts people’s right to privacy. 

How this data is really gathered is one topic that comes up. This is carried out both actively— through the exchange of information—and passively—through each internet click.  Applications like Uber, Ola, Zomato, Swiggy, Google Maps, and Apple Maps are aware of  our locations and the locations we frequently visit. Instagram, Facebook, and Snapchat are  aware of our friends. Email and messaging services are aware of our daily conversations and  financial transactions. Health tracking apps are aware of our sleep patterns, daily step totals,  heart rates, blood pressure, oxygen levels, and calories burned. These information are very  private to majority of the individuals.

All of this boils down to the necessity to secure information that users are unwilling to  provide, which could only be done by acting appropriately and with the occurrence of  governmental intervention to ensure that users’ privacy is preserved.²

PRIVACY AND INDIA 

In Justice K.S. Puttaswamy v. Union of India, the Supreme Court of India held in 2017 that  the right to privacy is a basic right guaranteed by Article 21 of the Indian Constitution.  Nevertheless, despite this important ruling, India has not yet passed appropriate data  protection laws. 

The Information Technology Act of 2000 and the Information Technology (Reasonable  Security Practises and Procedures and Sensitive Personal Information) Rules of 2011 (IT  Rules) are the main rules governing data protection in India. With relation to the gathering  and disclosure of sensitive personal data or information, these regulations impose duties on  commercial and corporate companies. 

In accordance with Rule 5 of the IT Rules, personal information or data should only be  gathered for a legitimate reason connected to the operation of the body corporate, and the  individual giving the information must be made aware of different facts surrounding the  acquisition and use of their information. With the exception of government organisations  obliged by law to use the information for verification, prevention, detection, investigation,  prosecution, and punishment of crimes, sharing information with third parties requires  consent. 

However, these laws primarily pertain to business entities that gather and disseminate data,  and there is no comprehensive legislation governing the processing of personal data that is  not deemed “sensitive personal data or information.” 

The Personal Data Protection Bill, 2019 was tabled in the Lok Sabha in December 2019 to fix  these shortcomings. The law seeks to create an Indian Data Protection Authority and  safeguard people’s privacy. It is intended to apply to the handling of personal data of Indian  citizens and residents that is done by Indian firms, Indian citizens, Indian-incorporated  people, and international businesses. 

A Joint Parliamentary Committee is now reviewing the measure; its report is anticipated to be  presented during the forthcoming monsoon session.

The popular messaging programme WhatsApp was criticised in India for privacy issues. By  sharing user account information with its parent business, Facebook, WhatsApp announced  revisions to its privacy policy in 2016. Due to this, a petition was submitted to the Supreme  Court with the claim that the new policy violated users’ right to privacy. Until September 25, 2016, WhatsApp was ordered by the court to destroy the data of users who choose to remove  the programme or keep it on their mobile devices. 

WhatsApp released a new privacy policy in January 2021, igniting discussions. Users no  longer have the option to refuse to share their data with Facebook according to the new  policy. In response, a lawsuit against the new policy was launched, claiming that since  privacy protection regulations in India were less stringent than those in European nations,  Indian customers were being unfairly treated. The parties concerned received notifications  from the Supreme Court, and a three-judge court is hearing the case. The policy change  deadline has been extended by WhatsApp until May 15, 2021.³ In conclusion, there have been some significant changes in how people spend their lives as a  result of technological innovation. Without the subject’s knowledge or permission, everything  they do is tracked and recorded. In the digital era, ensuring data security and privacy is a  challenging process, but it is not impossible. Just the proper amount of regulation, individual  freedom, and technical innovation must be struck. Although India has taken measures to  recognise and uphold the right to privacy, adequate data protection laws are still required to  fully secure people’s personal information. For a digital ecosystem to be viable and  responsible, it is essential to strike the correct balance between innovation, convenience, and  privacy.⁴

1. Singh, Shiv Shankar. “PRIVACY AND DATA PROTECTION IN INDIA: A CRITICAL  ASSESSMENT.” Journal of the Indian Law Institute, vol. 53, no. 4, 2011, pp. 663–77. JSTOR,  http://www.jstor.org/stable/45148583. Accessed 14 June 2023. ↩︎
2. https://www.ncbi.nlm.nih.gov/pmc/articles/PMC3270933/ ↩︎
3. https://www.legalserviceindia.com/legal/article-5404-right-to-privacy-in-digital-era-a-study-with-indian context.html ↩︎
4. https://www.legalserviceindia.com/legal/article-5404-right-to-privacy-in-digital-era-a-study-with-indian context.html ↩︎