The Supreme Court has included the right to privacy as an inherent part of the right to life guaranteed by Article 21 of the Constitution. Several recent actions and proposals have implications for this “right”.
In a ruling in 1996 related to telephone tapping, the Supreme Court laid out that any interception of phone conversations would be an infringement of the right to life and the right to free speech, unless it is permitted by procedure established by law. It clarified that the Telegraph Act permitted telephone interception only in the case of “occurrence of any public emergency” or “interest of public safety”. [It has also ruled (in a 1976 judgement) that public emergency is a situation which raises problems concerning the interest of public safety, the sovereignty and integrity of India, the security of the State, friendly relations with sovereign States or public order or the prevention of incitement to the commission of an offence.] The government has issued guidelines that require each case of telephone tapping to be authorised by the union or state home secretary, prescribed time limits for surveillance and a mechanism for periodic review. In a press release issued this April, the government has clarified that telephones cannot be tapped to detect economic offences such as tax evasion.
There are five recent events that have implications for an individual’s right to privacy. These include Rules notified by the government; requirements for mobile telecom equipment; a Bill in Parliament; and two draft Bills. We discuss these below.
The Information Technology Rules, 2011
The Information Technology Rules, 2011 were discussed in detail in the last issue of Pragati. Two of these rules have provisions that may violate the privacy of individuals.
The Information Technology Act provides that any entity that deals with “sensitive personal data and information” is required to implement “reasonable security practices” to safeguard the data. Any entity that fails to do so is liable to compensate the owner of the data for any consequent loss. The Act delegates the power to define these two terms to the central government through Rules. The Rules issued in April define sensitive information to include biometrics, financial data, health records etc. They also prohibit the sharing of such data with a third party without the consent of the owner. However, they require the holder of the data to provide access to any government agency for the purpose of investigation, prevention, prosecution or punishment of an offence. The government agency has to give a written request. The usual safeguards (such as a search warrant signed by a magistrate) are not required.
The Cybercafé Rules require every cybercafé to maintain a register of all users, their addresses and copies of their photo identities. The cybercafés may also take a photo using a webcam and store that. They are also required to keep a log of all websites that are accessed. The Rules also have requirements relating to the layout of the cybercafe, with the objective that the computer screen should be visible from common areas. All these provisions prevent confidential communication and deter use of the internet from cybercafés. To take an example, any person using a cybercafé for net-banking runs the risk of his account details being seen by others.
Location Information from Mobile Phones
The Cellular Operators Association of India has reported that the new Equipment Security Agreement requires certain standards to be maintained. By June 2012, the operators should be able to maintain location to an accuracy of 50 metres for customers specified by security agencies. By June 2014, they should implement this facility to cover all customers, regardless of whether they are identified for legal interception. This implies that the movement of every person carrying a mobile phone in India will be tracked.
The National Identification Authority of India Bill, 2010
The Bill establishes an authority to implement the unique identification number (UID) project. It requires all the information related to any person (including biometric, demographic and authentication requests) to be kept confidential and prescribes penalties for sharing of the information without consent of the individual. However, it permits the information to be accessed without consent under two conditions. First, a court may order that it be made available. Second, in cases related to national security, any authorised officer of the rank of Joint Secretary in the central government may ask for the information.
The draft Lok Pal Bill
The Jan Lok Pal Bill drafted by Anna Hazare’s nominees in the joint drafting committee provides the Lok Pal with the power to authorise interception of telephone and internet communication. This power is currently provided to only 29 officers: home secretaries of the central and state government. Interestingly, the government’s version of the Lok Pal Bill does not have this provision.
The draft Prevention of Communal and Targeted Violence Bill
The National Advisory Council has drafted a Bill addressing the issue of violence targeted against groups of people. This Bill specifies that the central or state government may intercept messages in the interest of prevention or control of organised communal and targeted violence. The interception may be sanctioned on the occurrence of any offence under the Bill or on the threat or apprehension of the occurrence of any such offence. The Rules and safeguards under the Telegraph Act are required to be followed. Given that the Telegraph Act permits interception in the interest of “public safety”, it is not clear why a specific provision is required unless the definition of “public safety” is being expanded.
The Indian Constitution recognises the tension between individual liberty and wider public safety. It specifies certain fundamental rights that protect people from possible excesses of the State. It also provides exceptional circumstances when these rights may be overruled. The Supreme Court has also finessed these issues through several cases. These include issues related to privacy, and the conditions that would justify the supercession of these rights.
The government is in the process of drafting a new Privacy Bill. After that Bill is published, it needs to be discussed widely both within and outside Parliament. Once a consensus is reached on the special circumstances when privacy may be legally overruled, all other laws need to be aligned.
We have discussed five recent cases in which privacy rights are being trumped by issues that are ostensibly of higher public interest. It is important for citizens and civil society to be vigilant on moves that may abridge their rights, even in cases when such proposals originate from civil society activists.