#RighttoPrivacy: Implications for Organizations
Since the Supreme Court ruled Privacy to be a Fundamental Right in India, we got a lot of queries about what this means to an organization and to an individual whose Personal Information is in the custody of an organization. This note discusses key points in this context and presents a set of FAQs to clarify on some aspects.
Note: The judgement is a veritable tome on privacy – covering various aspects of privacy in great detail. This note looks at it from just the Information Privacy aspect.
Key Aspects of Privacy:
In the Indian context, the judgement says, a fundamental right to privacy would cover at least the following three aspects:
• Privacy that involves the person i.e. when there is some invasion by the State of a person’s rights relatable to his physical body, such as the right to move freely
• Informational privacy which does not deal with a person’s body but deals with a person’s mind, and therefore recognizes that an individual may have control over the dissemination of material that is personal to him. Unauthorised use of such information may, therefore lead to infringement of this right; and
• The Privacy of choice, which protects an individual’s autonomy over fundamental personal choices
The three facets of Information:
The following is an interesting view of how Information can be looked at.
Key concepts discussed:
Outlined below are some of the key points that the judgement talks about.
The judgement mentions the Justice Srikrishna committee set up to draft a data protection framework for India and urges the setting up of a robust data protection regime at the earliest. Detailed references to the work of the Justice AP Shah committee’s report have also been made.
The above points give us an indication of what laws, regulations and interpretations are expected down the line – and organizations need to gear up for the same.
Frequently Asked Questions (FAQs):
Here are some questions that we were asked.
While companies should certainly stop collecting unnecessary data from individuals via any device – whether a phone or a laptop – the only law in India that talks of some aspects of privacy is the Indian Information Technology Act. Hence until specific laws and regulations are passed to curb such collection, OR there are other drivers like reputational impact, client demands, etc, it is unlikely that rampant data collection would get curbed.
Decisions with regard to Aadhaar would be taken by the smaller 5-Judge bench set up to listen to the Aadhaar-specific cases. One would need to wait and see what the ruling would be.
In its order dated 15th October 2015, the Supreme Court of India reaffirmed that the Aadhaar card Scheme is purely voluntary and it cannot be made mandatory till the matter is finally decided by this Court one way or the other. As the matter is yet to be decided, no one can be compelled to give their Aadhaar number or be forced to provide their Aadhaar number mandatorily. However, the reality on the ground is different and various agencies are mandating the collection of Aadhaar numbers and data.
A fundamental right is a restriction on the actions of the state with respect to its citizens and residents. The liabilities of companies with respect to their actions affecting citizens would have to be governed by a legislation i.e. a national data protection legislation. Having said that, this is an indication of how things stand as of today. The Courts would be faced with numerous situations in the future where they might be asked to suggest appropriate remedies with respect to the interaction between companies and individuals vis-a –vis this right or issue directions to the government to make laws to deal with these problems.
It’s a big step in the right direction for India. Constitutional recognition of the Right to Privacy shows the existence of a privacy culture in the nation. However, for India to be compliant nation with the EU GDPR, India could have to have a comprehensive data protection legislation that reflects the privacy principles accepted worldwide and provides a stringent enforcement mechanism.
No Fundamental Right under Part III of the constitution is absolute in nature. They are subject to restrictions that may be imposed to curtail them but these restrictions have to be fair, just and reasonable in nature. For example, Article 19(1) (a) of the Constitution gives a citizen the right to freedom of expression is subject to restrictions listed under Article 19 (2) of the constitution which provides that the freedoms guaranteed under Article 19 (1) do not prevent the government from making laws that might restrict them on the basis of sovereignty and integrity of India, the security of the State, etc.
We will be happy to address more queries. Do send them to firstname.lastname@example.org
Shivangi Nadkarni is Co-Founder & CEO and Anand Krishnan is Associate Consultant at Arrka Consulting