Privacy

Furthermore, the current privacy framework i.e. Section 43A of the Information Technology Act,
2000 and Information Technology (Sensitive Personal Data) Rules, 2011, penalises companies only in
the event that a wrongful loss or gain has occurred due to poor security practices.

The penalties are imposed depending up on the nature of violation and thereby, it prescribes
different levels of penalties; corresponding to the severity of the violation. In cases of failure to
adhere to security safeguards as prescribed in Section 31 of the Draft Bill, the data fiduciary shall be
liable to the highest level of penalty that can extend up to 4% of its total worldwide turnover or INR
15 Crores, whichever is higher. Such maximum level of penalty shall also be imposed in situations
where data fiduciaries have processed personal data of children in violation of the law or unlawfully
transferred personal data outside India.

This Right to Privacy was upheld in various Supreme Court Judgments. Few are Kharak Singh v State
of UP [6] , Gobind v State of M.P [7] , R. Rajagopal v State of Tamil Nadu [8] , State v Charulata
Joshi [9] .

Now a days most of the companies are relying upon contract law as an important tool to protect
their data. Almost all the Corporate houses enters into contractual agreement with their clients,
companies ect to protect their data to the maximum possible limit. Many Contractual agreements
such as ‘non circumvention and non-disclosure’ agreements, ‘user license’ agreements, ‘referral
partner’ agreements etc. are entered into by them which specifically contains confidentiality and
privacy clauses and also arbitration clauses for the purpose of resolving the dispute if arises. These
agreements help them in smooth running of business. BPO companies have implemented processes
like BS 7799 and the ISO 17799 standards of information security management, which restrict the
quantity of data that can be made available to employees of BPO and call centers.

Black’s Law Dictionary defines privacy as, “right to be let alone; right of a person to be free from
unwarranted publicity; and right to live without unwarranted interference by the public in matters
with which the public is not necessarily concerned.”

The question to recognize a right to privacy arose in Kharak Singh v. Sate of U.P. AIR 1963 SC
1295 wherein Justice Subbarao in his minority opinion expressed a need to recognize such a right
even though it is not expressly granted by the Constitution of India. The petitioner, in the afore-
mentioned case, was put under surveillance because of his criminal activities. The surveillance was
to keep a watch at the petitioners’ house which also involves secret visits to the petitioners’ house
at night. He challenged such provisions of Secret and domiciliary visits of the U.P. Police Regulation
as a violation of his right to privacy. The Court, however, refused to give recognizition to right to
privacy reason being that the Indian Constitution does not give express recognition to any such right.
The same view was observed by the Apex Court in M.P. Sharma v. Satish Chandra AIR 1954 SC
300. These views somehow diverted from the views of U.S Supreme Court wherein Justice
Frankfurter believed that security of one’s privacy is basic to a free society and hence, it should be
protected from unreasonable intrusion from police authorities.

Privacy of an individual needs to be protected as long as it does not adversely affect the public at
large. Maintaining social order is the first and the foremost objective of law. Fundamental rights
cannot be granted, setting aside the norms set for maintaining social order. However, with the
growing information technology and arbitrary use of powers by the Government officials,
recognition of such a right is essential but then obviously privacy cannot be an absolute right. Hence,
it is important to mention another observation of the Supreme Court in this regard- In Govind v.
State of M.P 1975 SCC 148; the Court laid down the following observation-

 Court cannot completely rely on a right which is not expressly granted by the Constitution. If
the Court did so then it would compel the citizens to question the judicial reliability.

 Right to privacy cannot be an absolute right and it has to comply with the “state interest
test”.

 Surveillance cannot be said to be violating right to life and also right to privacy because only
those criminals who are suspected of committing a crime are put under surveillance. This
step is necessary to prevent the commission of further crimes.

But the underlining principle in the said case can be said to be that the Court unlike previous other
cases did not completely deny the existence of a right of privacy. With the increasing number of
incidents with regards to infringement of privacy, it was evident for the Apex Court to give
recognition to this right. The saying that law should protect an individual both from person and
property is in existence from the common law times. However, the biggest challenge before the
Court of Justice was how to maintain the balance of between such a right, public order and also
other rights guaranteed by the Constitution.

In People’s Union for Civil Liberties v. Union of India, the Court mentioned as follows-

“We have; therefore, no hesitation in holding that right to privacy is a part of the right to “life” and
“personal liberty” enshrined under Article 21 of the Constitution. Once the facts in a given case
constitute a right of privacy, Article 21 is attracted. The said right cannot be curtailed “except
according to procedure established by law”.

The European Courts on Human Rights first recognized such need of protecting personal data of
patient in I v. Finland wherein the court did not allow free access to patient’s information.

Another issue concerning the said issue being that even after introduction of such a scheme, the
Government did not make any stringent laws to safeguard the personal data of the citizens. Article 8
of European Convention and Article 12 of Universal Declaration of human rights.

With the increase in the exchange of Trans-border data, the Organization for Economic Co-operation
and Development (OECD) has given various guidelines with respect to protection of personal data ,
some of them being-

 The data must be collected with the lawful consent of the person giving such data and must
be used for lawful means.

 The personal data must not be leaked or transferred to some other person without the prior
permission of the person giving data.

A paralysis of Constituent Assembly debates reveals that privacy was given utmost importance and
hence, right to privacy although not expressly mentioned in the Indian constitution, is an inherent
right under Right to life guaranteed by Article 21 of the Indian Constitution.

Wolf v Colorado14, which held :“The security of one's privacy against arbitrary intrusion by the
police ... is basic to a free society...We have no hesitation in saying that were a State
affirmatively to sanction such police incursion into privacy it would run counter to the guarantee of
the Fourteenth Amendment.”
The pregnant words of that famous Judge, Frankfurter J., inWolfv.Colorado[[1949] 238 US 25]
pointing out the importance of the security of one's privacy against arbitrary intrusion by the
police, could have no less application to an Indian home as to an American one.

rigin of “right to privacy” was traced and a number of American decisions, includingMunnv.Illinois[94
US 113 : 24 L Ed 77 (1877)]

n Ramlila Maidan IncidentvHome Secretary, Union of India134,Justice B S Chauhan in a concurring

judgment held that:“Right to privacy has been held to be a fundamental right of the citizen
being an integral part of Article 21 of the Constitution of India by this Court. Illegitimate intrusion
into privacy of a person is not permissible as right to privacy is implicit in the right to life and
liberty guaranteed under our Constitution.

State of Maharashtrav.Bharat Shanti Lal Shah[(2008) 13 SCC 5] this Court has recognised the
right to privacy as a fundamental right emanating from Article 21 of the Constitution of India.
In Sharda v. Dharmpal22 the Supreme Court said that though the right to personal liberty has
beenread into Article 21,it cannot be treated as an absolute right. To enable the court to arrive at ajust
conclusion a person could be subjected totest even though it would invade his right to privacy. It
concluded that one has to maintain a balance between the rightsof a citizen and the right to privacy.It
ultimately requires a healthy and congenial interrelationship between the socialgood and the
individual liberty

InNational Legal Services Authorityv Union of India145(“NALSA”), a Bench of two judges, while
dealing with the rights of transgenders, adverted to international conventions acceded to by
India including the UDHR and ICCPR. Provisions in these conventions which confer a
protection against arbitrary and unlawful interference with a person’s privacy, family and home
would, it was held, be read in a manner which harmonizes the fundamental rights contained in
Articles 14, 15, 19 and 21 with India’s international obligations

In Anuj Garg v. Hotel Assn. of India[(2008) 3 SCC 1] (SCC p. 15, paras 34-35), this Court held
that personal autonomy includes both the negative right of not to be subject to interference by
others and the positive right of individuals to make decisions about their life, to express
themselves and to choose which activities to take part in.
In District Registrar and Collector v. Canara Bank23, the Supreme Court said that the disclosure of
the contents of the private documents of its customers or copies of such private documents, by the
bank would amount to a breach of confidentiality and would, therefore, be violative of privacy rights of
its customers.
Privacy is closely connected to data protection. An individual’s data like his name, address,
telephone numbers, profession, family, choices, etc. are often available at various places likeschools,
colleges, banks,directories, surveys and on various websites. Passing of such information
tointerested parties can lead to intrusion inprivacy like incessant marketing calls. The main principles
on privacy and data protection enumerated under theInformation Technology Act, 2000 are defining
data, civil and criminal liability in case of breach of data protection and violation of confidentiality and
privacy.
proportionality test

Article 12 of the Universal Declaration of Human Rights, 1948 & Article 17 of the International
Covenant of Civil an Political Rights, 1966.