After the sc has declared right to privacy is fundamental right then how can it laws in the country be full operative and meet its objectives in last few years threre has been several cases related to the right to privacy and one of the most eminent is adhar card issue .
A nine-judge bench of the Supreme Court pronounced this verdict on Thursday morning of 24 aug 2017 .It was a unanimous decision with all the nine judges in favour of the Right to Privacy. The constitutional bench headed by Chief Justice JS Khehar ruled that “right to privacy is an intrinsic part of Right to Life and Personal Liberty under Article 21 and entire Part III of the Constitution.”
the judgement certainly gives incentives to work towards a strong data privacy policy. “There will be a need to set up appropriate and detailed standards of care regarding what is done with your data and how it is used. There is already a Data Protection Bill in consideration. Legislation will be required to implement the fundamental rights, so that in the future even private parties are subjected to regulation.
What privacy includes
Preservation of personal intimacies, the sanctity of family life, marriage, procreation, home and sexual orientation.
A right to be left alone.
Safeguards individual autonomy, recognises the ability of the individual to control vital aspects of his or her life.
Personal choices governing a way of life are intrinsic to privacy.
Protection of heterogeneity and recognition of plurality and diversity of our culture.
——. Privacy is not surrendered when a person is in public place
By being in public place doesn’t mean an individual has surrendered privacy, even as the legitimate expectation of privacy may vary from the intimate zone to the private zone and from the private to the public arena.
Privacy attaches to the person since it is an essential facet of the dignity of the human being
——- What Right to Privacy doesn’t mean
Not an absolute right: Like other rights which form part of the fundamental freedoms protected by Part III, including the right to life and personal liberty under Article 21, privacy is not an absolute right.
——Can law/state encroach upon privacy?
According to SC, a law which encroaches upon privacy will have to withstand the touchstone of permissible restrictions on fundamental rights.
In the context of Article 21, an invasion of privacy must be justified on the basis of a law which stipulates a procedure which is fair, just and reasonable.
The law must also be valid with reference to the encroachment on life and personal liberty under Article 21.
An invasion of life or personal liberty must meet the three-fold requirement of (i) legality, which postulates the existence of law; (ii) need, defined in terms of a legitimate state aim; and (iii) proportionality which ensures a rational nexus between the objects and the means adopted to achieve them; and
—— Privacy has both positive and negative content.
The negative content of privacy restrains the state from committing an intrusion upon the life and personal liberty of a citizen.
Positive content of the right to privacy imposes an obligation on the state to take all necessary measures to protect the privacy of the individual.
——-Robust regime needed for data protection
Informational privacy is a facet of the right to privacy. The court observed that dangers to privacy in an age of information can originate not only from the state but from non-state actors as well. The Union Government, hence, needs to examine and put into place a robust regime for data protection. The creation of such a regime would require a careful and sensitive balance between individual interests and legitimate concerns of the state.
—— For what reasons state can encroach upon individual’s privacy?
According to the judgement, the legitimate aims of the state should be “protecting national security, preventing and investigating crime, encouraging innovation and the spread of knowledge, and preventing the dissipation of social welfare benefits.” These matters should be considered by the Union government while designing the regime for the protection of the data.
How the IT laws be improved —
India’s existing data privacy framework dates only to the year 2009, introduced to address growing concern relating to ‘data protection’ and ‘data privacy’. This framework was primarily introduced through Sections 43-A and 72-A of the Information Technology Act 2000. Subsequently, the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules 2011 were issued. These regulate the collection, disclosure, transfer and storage of sensitive personal data and information.
Unfortunately, the above-mentioned legislative framework does not extend to government agencies, and also stops short of imposing an obligation upon the data collector to mandatorily report any data compromises to data subjects. Further, it imposes a stiff requirement to establish intent to cause wrongful gain or loss before an enforceable remedy against a data breach would be available to data subjects.
A well-functioning data privacy regime should ideally set the rules of the game for all actors, cut out any regulatory uncertainty and strike a balance between protecting the right of privacy of data subjects with the business needs of data collectors.
In 2012, the AP Shah report studied global best practices with a view to rebooting the existing domestic framework; it identified transparency, consent, and accountability as the fundamental building blocks of the ideal data protection regime. The report also observed that any new data privacy framework must aim to harmonise principles such as the principle of notice, choice and consent, limitation on collection and purpose, disclosure, openness, security, and accountability. These would also be relevant today.
Moreover, with technology constantly evolving, an approach based on standards would enable the law to keep pace with rapid changes in technology, as against objective rules that would fail to be relevant with constant technological developments.
Perhaps the biggest shift required from the existing regime is with respect to its applicability. It is imperative to bring government agencies within the ambit of the new framework. Although drafting a legislation that is applicable to both the private sector and the Government alike is a daunting task, it may be a streamlined method of ensuring that data subjects are adequately safeguarded.
While ‘consent’ is the cornerstone of any data privacy regime, the adequacy of such consent from the data subjects is sometimes debatable, especially in the context of standard-form contracts such as click wrap agreements. Recent studies show that this problem has been exacerbated manifold; people are often forced to accept unfavourable terms of service since most apps are designed to quit immediately if one does not click on the ‘I agree’ button.
Behavioural research also points to the inability of data subjects to manage their own data. This is attributed to a combination of lack of understanding and general disinclination.
To counter this, researchers have argued that perhaps regulating only the collection of data may not be enough, its use by data collectors and data processors could also be regulated such that there is a prohibition on using certain data in a manner that is detrimental to data subjects. This could be a useful supplement to temper the current prior consent-based approach where data subjects often surrender their data without truly understanding the wider ramifications of exploitation of such data.
Several stops and starts and multiple draft privacy Bills later, the Government has now taken the step to constitute a committee under Justice (Retd) BN Srikrishna to suggest and draft a new data protection Bill. While the Supreme Court continues to deliberate whether the right to privacy should be elevated to a separate fundamental right, a robust and well-functioning data privacy legislation will go a long way in complementing the constitutional right to privacy in not only creating the right incentives for all stakeholders but also providing an efficient redress mechanism for data subjects.
Eduindex News 