In continuation to our previous blog, Data Privacy vis-à-vis Cybersecurity: Part I in this blog we shall discuss the landmark case laws that shaped the Right to Privacy as a fundamental right in India.
KEY CASE LAWS
MP Sharma and Ors. v. Satish Chandra, District and Ors. [AIR 1978 SC 597]
The abovementioned case is one of the key judgments wherein the Supreme Court for the first time considered the issue that whether the Right to Privacy is a fundamental right or not. It was challenged that the warrant issued for search and seizure under Sections 94 and 96(1) of the Code of Criminal Procedure, 1973 was violating the right to privacy of a person.
However, the Supreme Court held that the power of search and seizure does not contravene any of the constitutional provisions and was said to protect social security. The Supreme Court stated that the Right to Privacy is not a guaranteed fundamental right under the Constitution of India.
Justice K.S Puttuswamy v. Union of India [(2017) 10 SCC 1]
The Puttaswamy judgment is the most significant judgement with regards to development of the concept of data privacy in India as the Supreme Court declared Right to Privacy as a fundamental right guaranteed under the Articles 14, 19 and 21 of the Constitution of India.
Herein the ‘Aadhar Card Scheme’ was challenged as it was violating the Right to Privacy of the citizens because under this scheme, the Unified Identification Authority of Indian (UIDAI) was accused of collecting and processing the biometric information of the citizens for different pursuits. It was submitted by the Petitioner that the Right to Privacy is a fundamental right under the umbrella of Article 21 of the Constitution.
The nine-judge bench unanimously held that the Right to Privacy is an intrinsic part of the Right to Life and Personal Liberty under Article 21 and enumerated under Part III of the Constitution of India. Further, it was added that it is the duty of the State that it must protect the privacy of its citizens.
The Supreme Court furthermore noted that privacy is not an absolute right but the grounds for reckoning violations are slightly vague. While observing that the proportionality is yet to be determined by subsequent decisions, the Supreme Court took the backing of existing standards stipulated under the Constitution or established through different precedents for the test of privacy. The impugned action of any kind of processing of data has to fulfil the very principle of the “just, fair and reasonable” of Article 21.
The Supreme Court laid down that the constitutional requirement for testing privacy is threefold:
- legality, which postulates the existence of law;
- need, defined in terms of a legitimate state aim; and
- proportionality which ensures a rational nexus between the objects and the means adopted to achieve them.
However, the Supreme Court held that the Adhaar Card Scheme is not violative of the Privacy Right as it passes the aforementioned three-fold test.
Karmanya Singh Sareen v. Union of India [233 (2016) DLT 436] (Whatsapp – Facebook Privacy Case)
In the present case, the allegation raised was related to the violation of the Right to Privacy and Personal Liberty as enshrined in the Indian Constitution by WhatsApp under its New Privacy Policy of 2016. The Petitioners, namely Karmanya Singh and Shreya Sethi, as the users of the application claimed that the 2016 policy seeks to gather information of all WhatsApp accounts, such as addresses, comments, phone numbers, third-party records and system information that can be utilised to assess consumer accounts, finance activities and acts, and promote their services.
The Delhi High Court granted a partial relaxation and directed WhatsApp to delete the data of the users who opted to uninstall the application; which it collected until 25.09.2016.
Furthermore, the Delhi High Court directed WhatsApp to not to share the data of the existing users with Facebook which has been collected up to 25.09.2016.
Subsequently, a Special Leave Petition (SLP) was filed by the Petitioners in Supreme Court against the Delhi High Court judgment. The SLP was initially heard by a Division Bench and later a Constitution Bench. The Supreme Court primarily focused on the following issues:
- Whether the manner in which WhatsApp obtains user consent is misleading?
- Whether the Internet networking system that permits users to communicate data by audio/video/text messages and induce audio/video calls can be called a ‘telecommunication’ system and consequently, subject to the regulations of the competent authorities?
On 17.03.2017, Facebook duly filed the affidavit wherein the reasons why the said petition was not maintainable were stated as follows:
- Voluntary signatures of the users on the agreements which shall amount to a consensual contract.
- Since the Respondents therein, Facebook and WhatsApp were private entities, they shall not be subjected to the jurisdiction of the High Court. Therefore, they contended that the SLP being the product of that writ petition cannot be preserved.
- The Respondents highlighted the “End to End Encryption” feature of WhatsApp which ensures confidentiality and as a result of which, neither Facebook nor WhatsApp could access the user information.
Moving forward, in January 2021, WhatsApp introduced a new privacy policy (the Policy) that allowed users to accept and update the application until February 28, 2021. Certain aspects of the new privacy policy seemed controversial, for example, the policy did not give an opportunity to opt-out of data sharing with WhatsApp’s parent company, Facebook Inc.
In furtherance to the introduction of the Policy, a writ petition was again filed in the Delhi High Court wherein it was argued that the Policy violates the fundamental right of privacy and allows WhatsApp to profile users’ data without any Government regulation.
While the proceedings were in progress, the Federation of All Indian Traders brought a similar plea to the Supreme Court. Since the Delhi High Court already heard the objection, the Supreme Court refused to allow the written application. The application claimed that WhatsApp provides low privacy protection for Indian users compared to European users. A committee of three judges, chaired by Hon’ble CJI Bodbe, issued a notice requesting all parties to submit their responses.
The petition is awaiting a decision and is expected to serve as a testing ground to see if the enforcement of the Right to Privacy will apply in these circumstances of facts. More specifically, it could be a predictor of whether the state’s active responsibilities are exhausted, or at least legally satisfied with the implementation of data protection legislation. The Supreme Court refused immediate relief but sought responses from WhatsApp, Twitter, and Google regarding their policy of disclosing information to third parties
AMLEGALS REMARKS
The legislature and judiciary both are playing a proactive role for development of data privacy as a fundamental right in India, but there still remain a lot to be ironed.
After the deliberations for almost four years by the Joint Parliamentary Committee, the Personal Data Protection Bill, 2019 is expected to be enacted in the near future.
Various precedents have affirmed and re-affirmed the existence of the Right to Privacy as an intrinsic part of the Right to Life and Personal Liberty enshrined under Article 21 of the Constitution. The Supreme Court has taken care to establish the outlines of informational privacy while leaving the drafting to the legislature. With such landmark case laws devoted solely to data privacy, India can be expected to make significant progress in the aspect of data privacy and data security.
-Team AMLEGALS, assisted by Ms. Radhika Agrawal (Intern)
For any query or feedback, please feel free to get in touch with aditi.tiwari@amlegals.com or mridusha.guha@amlegals.com.
Leave a Reply