Brief on Privacy and Data Protection By Shubham Budhiraja


This article pertaining to the core issue of the modern digital economy. It is undisputed fact that the constitution is a living document and so is the environment we live in. with this note on, this is to submit here that:

In landmark verdict of Justice K. S. Puttaswamy (Retd.) and Anr. vs Union Of India And Ors, it was held by 9 judge bench that Right to Privacy is a Fundamental right under Article 21 to the constitution of India and the Hon’ble Supreme Court set aside its earlier judgment of MP Sharma (8 Judge bench) and Kharak Singh (6 Judge Bench). However, in Judgment of 547 Pages, it contains 6 different opinions of different judges on what exactly amount to privacy. It is pertinent to note that by virtue of bare reading of this judgment, one can find major obiter-dicta and few ratio-decidendi only. The Point where chandrachud J (Plural judgment he gave on behalf of four including itself) whereupon Kaul J agreed, amounts to binding Part of the judgment. i.e. Test of Infringement of Privacy.- Law, Legality, and Proportionality.

Further, it is noteworthy to mention here that Privacy is a subjective matter and like any other Fundamental right. the same is subject to certain restrictions. The same restrictions are nothing but Test of Infringement of Privacy as outlined in Puttsawamy Judgment.

  1. There is the existence of the law
  2. There is a legitimate goal behind the act
  3. There is nexus between the act and goal.
It is also important to note that State is also under a constitutional mandate to provide welfare state to its citizens under Article 38 to the constitution of India. Thus, the State Surveillance over its citizen Privacy is majorly a debatable issue of the modern era.  
 
The position of Present law on Data privacy is a weak law and not in consonance with the Right to Privacy. The loopholes can be viewed under the Information Technology act, 2000 and rules made thereunder.

Presently the section 43A of IT Act which Provides compensation for Failure to Protect data and (Reasonable security practices and procedures and sensitive personal data or information) Rules, 2011 (SPD RULES) which deals with an obligation upon Intermediaries to manage, store and deal with sensitive personal data.

The Present law is not in line with Right to Privacy and so is observed in Puttaswamy Judgment. Further, the Sri Krishna committee report on Data Protection law has also observed the anemology’s of present law on data protection. Few issues are
 
1. Consent- The report pointed out that the consent can be the same as of a traditional approach under section 14 of Indian contract act, 1872 rather it must be in line with the modern digital economy. That is, consent must be specific, free, informed, adequate, clear and explicit.

2. Right to be erasure and Right to be forgotten- The Present law allow the intermediary to retain the data for a period of 90 days even after the account is deleted. Further, the right to be forgotten is not explicit under present law and recently the Karnataka High Court in Sri Vasunathan vs The Registrar .has recognized right to be forgotten in India as underlying of the western approach to data privacy. It is pertinent to mention here that the Data Protection Bill 2018 which is yet to be tabled in Lower house is nothing but Indian version of General Data Protection Regulations (GDPR).
 
3. Further, the Present law takes away the consent mechanism if the data so required by investigating agency. One legal argument in this regard is that it is within the purview of Article 38 and for a greater social cause whereas the counter-argument is that Test of Proportionality does not comply here because the State cannot completely surveillance over data on the name of national security.
 
4. One Legal argument is that the Intermediary guidelines of 2011 whereby which the intermediary can retain the data for a period of 90 days and cannot be made liable for data breach within the purview of safe harbor rule under section 79 of Information Technology act,2000. However, the counter-argument Probably be that:
 
5. The existing law in itself in question and the mere existence of a law doesn’t uphold privacy keeping in mind the test of proportionality.
 
6. The Present law on Data Protection is a weak law and same has duly observed in Justice K. S. Puttaswamy (Retd.) and Anr. vs Union Of India And Ors and Sri Krishna committee report on data protection.
 
7. Further, Shreya Singhal v. Union of India has also observed that Rule 3(2) and Rule 3(4) of said guidelines are self-contradicting.
 
8. Further, the role of intermediary has duly questioned and efforts have been made to cut down its immunity under safe harbor rule by introducing the concept of active intermediary and passive intermediary in a matter of Christian Louboutin SAS v Nakul Bajaj & Ors CS (COMM) 344/2018.
 
Thus, we are living in the era of Digital economy where the state has to strike the balance between its actions to respect the Fundamental rights of individuals and to maintain the welfare state. Further, the Justification to infringe Privacy and rule of proportionality cannot be overlooked upon and will depend on the merits of each case.

Click here to read the disclaimer


Write a Comment