Win Bro Win
Win Bro Win
Win Bro Win
In the famous Gopalan case11 (1950), the Supreme Court has taken a narrow interpretation of the Article 21. It
held that the protection under Article 21 is available only against arbitrary executive action and not from
arbitrary legislative action. This means that the State can deprive the right to life and personal liberty of a
person based on a law. This is because of the expression ‘procedure established by law’ in Article 21, which is
different from the expression ‘due process of law’ contained in the American Constitution. Hence, the validity of
a law that has prescribed a procedure cannot be questioned on the ground that the law is unreasonable, unfair
or unjust.
But, in Menaka case12 (1978), the Supreme Court overruled its judgement in the Gopalan case by taking a
wider interpretation of the Article 21. Therefore, it ruled that the right to life and personal liberty of a person
can be deprived by a law provided the procedure prescribed by that law is reasonable, fair and just. In other
words, it has introduced the American expression ‘due process of law’. In effect, the protection under Article 21
should be available not only against arbitrary executive action but also against arbitrary legislative action.
Further, the court held that the ‘right to life’ as embodied in Article 21 is not merely confined to animal
existence or survival but it includes within its ambit the right to live with human dignity and all those aspects of
life which go to make a man’s life meaningful, complete and worth living. It also ruled that the expression
‘Personal Liberty’ in Article 21 is of the widest amplitude and it covers a variety of rights that go to constitute
the personal liberties of a man
This freedom entitles every citizen to move freely throughout the territory of the country. He can move freely
from one state to another or from one place to another within a state. This right underline the idea that India is
one unit so far as the citizens are concerned. Thus, the purpose is to promote national feeling and not
parochialism. The grounds of imposing reasonable restrictions on this freedom are two, namely, the interests of
general public and the protection of interests of any scheduled tribe. The entry of outsiders in tribal areas is
restricted to protect the distinctive culture, language, customs and manners of scheduled tribes and to
safeguard their traditional vocation and properties against exploitation. The Supreme Court held that the
freedom of movement of prostitutes can be restricted on the ground of public health and in the interest of
public morals. The Bombay High Court validated the restrictions on the movement of persons affected by AIDS.
The freedom of movement has two dimensions, viz, internal (right to move inside the country) and external
(right to move out of the country and right to come back to the country). Article 19 protects only the first
dimension. The second dimension is dealt by Article 21 (right to life and personal liberty).
Mp jain
1.The Supreme Court has reiterated in Malak Singh v. State of Punjab25 that police
can maintain discreet surveillance over reputed bad characters, habitual offenders
and other potential offenders in order to maintain public peace and prevent
commission of offences. However, intrusive surveillance seriously encroaching
3.The Court also treated it as an aspect of privacy and invoked Art. 21 against
telephone tapping
4. The right to privacy is not, however, absolute, and reasonable restrictions can
be placed thereon in public interest under Art. 19(5). The impugned police regulations
were characterised as making ‘drastic inroads directly into the privacy’
and ‘indirectly into the Fundamental Rights,’ of the suspect and, therefore, they
In the MP Sharma vs Satish Chandra case, the Supreme Court decided in favour of the practice of search and
seizure when contrasted with privacy. In 1962, while deciding the Kharak Singh vs State of UP (AIR 1963 SC
1295), the Court examined the power of police surveillance with respect to historysheeters and it ruled in favour
of the police, saying that the right of privacy is not a guaranteed right under the Constitution.
It was 1975 that became a watershed year for the right to privacy in India. The Supreme Court while hearing
the Gobind vs State of MP & ANR [1975 SCC(2) 148] case introduced the compelling state interest test from the
American jurisprudence. The court stated that right to privacy of an individual would have to give way to larger
state interest, the nature of which must be convincing. With time, the domain of privacy has expanded and it
has come to incorporate personal sensitive data such as medical records and biometrics. In 1997 in the matter
of PUCL vs Union of India2 , commonly known as telephone tapping cases, the Supreme Court unequivocally
held that individuals had a privacy interest in the content of their telephone communications. Thus, through a
series of cases, it can be observed that the right to privacy was being recognised, but its exceptions were also
given due place.
In the second decade of the 21st century, questions with respect to the right to privacy have centred around
Aadhaar, a government scheme in which residents get a unique ID after giving their biometrics such as
fingerprints and iris scan and demographic details. Aadhaar was challenged in court on the grounds of violation
of privacy and its usage was limited by the Supreme Court through its order in September 2013, with Aadhaar
being allowed in public distribution system and LPG subsidy only. However, in October 2015, it amended its
order and said that Aadhaar can be used to deliver services such as Mahatma Gandhi National Rural
Employment Guarantee Act (MNREGA), Pradhan Mantri Jan-Dhan Yojana, pension and provident fund schemes
but no person should be deprived of any service in absence of Aadhaar3 .
Justice K.S Puttaswamy & Another vs. Union of India and Others [Writ Petition (civil) No. 494 of 2012] 4 . The
Court in a landmark judgement on 24 August, 2017 unanimously ruled that privacy is a fundamental right, and
that the right to privacy is protected as an intrinsic part of the right to life and personal liberty, as a part of the
freedoms guaranteed by Part III of the Constitution. The Bench also ruled that the right to privacy is not
absolute, but is subject to reasonable restrictions (as is every other fundamental right)5 .
Recently, a Bill was introduced in Parliament by Shri Baijayant Panda (BJD) proposing to bring privacy under the
ambit of legislation. His latest attempt through the Data (Privacy and Protection) Bill, 2017 is pending before
the Lok Sabha. Yet another Bill, namely, The Right to Privacy Bill, 2010 was tabled in the Rajya Sabha by Shri
Rajeev Chandrasekhar. Two more Bills seeking to secure citizen's private data were introduced in 2016 in the
Rajya Sabha by Shri Vivek Gupta, MP of the Trinamool Congress and by Shri Om Prakash Yadav, BJP 4 India.
Stakeholder Report, Universal Periodic Review, 27th Session on "The Right to Privacy in India". 5 Mainstream
Weekly, Vol LV No. 37 dated 2 September, 2017 4 Member of Parliament, in Lok Sabha. But, none of these Bills
have secured the nod of Parliament. Existing Law on Privacy In the absence of a specific law on privacy, this
right is legally viewed under the Information Technology Act, 2000. The Act has some express provision
guarding individuals against breach of privacy by corporate entities. The Act was amended in 2008 to insert
Section 43 A which made the Companies compromising sensitive personal data liable to pay compensation.
Exercising its powers under Section 43A of the IT Act, 2000, the Government framed eight rules to protect
privacy of an individual. These all relate to seeking permission by a company before accessing privacy data of
individuals and fixing liabilities for violation of the same6
Supreme Court verdict on Right to Privacy10 A nine-judge Constitution Bench headed by Chief Justice, J.S.
Khehar on 24th August, 2017 gave a landmark decision on Right to Privacy. Supreme Court ruled that Right to
Privacy is "intrinsic to life and personal liberty" and is inherently protected under Article 21 and as a part of the
freedoms guaranteed by Part III of the Constitution. Reading out the common conclusion arrived at by the nine-
judge Bench, the Chief Justice said the Court had overruled its own eightjudge Bench and six-judge Bench
judgements of M.P. Sharma and Kharak Singh cases delivered in 1954 and 1961 respectively that privacy is not
protected under the Constitution. To overcome these two precedents, a five-judge Bench led by Chief Justice J.S.
Khehar had referred the question whether privacy is a fundamental right or not to the numerically superior
nine-judge Bench.11 10 In 2012, Justice K.S. Puttaswamy (Retd.) filed a petition in the Supreme Court
challenging the constitutionality of Aadhaar on the grounds that it violates the Right to Privacy. 11 The Hindu ,
dated August 24, 2017. 8 The verdict could now test the validity of Aadhaar, the biometric identification
project. Issuing the ruling, the nine-Judge Bench said right to privacy was at par with right to life and liberty,
and that the verdict will protect citizens‟ personal freedom from intrusions by the state.
Key conclusions from the Judgment on Justice K.S. Puttaswamy (Retd) and Another vs Union of India and Others
(Writ Petition Civil No. 494 of 2012):
1. Life and personal liberty are inalienable rights. These are rights which are inseparable from a dignified
human existence. The dignity of the individual, equality between human beings and the quest for liberty are the
foundational pillars of the Indian Constitution;
2. Judicial recognition of the existence of a constitutional right of privacy is not an exercise in the nature of
amending the Constitution nor is the Court embarking on a constitutional function of that nature which is
entrusted to Parliament;
3. Privacy includes at its core the preservation of personal intimacies, the sanctity of family life, marriage,
procreation, the home and sexual orientation. Privacy also connotes a right to be left alone.
4. Personal choices governing a way of life are intrinsic to privacy.
5. ...privacy is not lost or surrendered merely because the individual is in a public place. Privacy attaches to the
person since it is an essential facet of the dignity of the human being;
6. Technological change has given rise to concerns which were not present seven decades ago and the rapid
growth of technology may render obsolescent many notions of the present. Hence the interpretation of the
Constitution must be resilient 9 and flexible to allow future generations to adapt its content bearing in mind its
basic or essential features;
7. Like other rights which form part of the fundamental freedoms protected by Part III, including the right to life
and personal liberty under Article 21, privacy is not an absolute right. A law which encroaches upon privacy will
have to withstand the touchstone of permissible restrictions on fundamental rights.
8. Privacy has both positive and negative content. The negative content restrains the state from committing an
intrusion upon the life and personal liberty of a citizen. Its positive content imposes an obligation on the state
to take all necessary measures to protect the privacy of the individual.
9. The right of privacy is a fundamental right. It is a right which protects the inner sphere of the individual from
interference from both State, and non-State actors and allows the individuals to make autonomous life choices.
10. The privacy of the home must protect the family, marriage, procreation and sexual orientation which are all
important aspects of dignity.
11. ...in a country like ours which prides itself on its diversity, privacy is one of the most important rights to be
protected both against State and non-State actors and be recognized as a fundamental right.
12. ...right of privacy cannot be denied, even if there is a miniscule fraction of the population which is affected.
The majoritarian concept does not apply to Constitutional rights...
13. Let the right of privacy, an inherent right, be unequivocally a fundamental right embedded in part-III of the
Constitution of India, but subject to the restrictions 10 specified, relatable to that part. This is the call of today.
The old order changeth yielding place to new12 .
Judgement: Right to privacy includes the right to be forgotten and the right to be left alone.
About the Right to Privacy: In Puttaswamy v. Union of India case, 2017, the Right to Privacy was
declared a fundamental right by the Supreme Court.
o Right to privacy is protected as an intrinsic part of the right to life and personal liberty under
Article 21 and as a part of the freedoms guaranteed by Part III of the Constitution
About Right to be Forgotten (RTBF): It is the right to have publicly available personal
information removed from the internet, search, databases, websites or any other public
platforms, once the personal information in question is no longer necessary, or relevant.
o The RTBF gained importance after the 2014 decision of the Court of Justice of the
European Union (“CJEU”) in the Google Spain case.
o In the Indian context, the Supreme Court in Puttaswamy v. Union of India, 2017 noted
that the RTBF was a part of the broader right of privacy.
The RTBF emerges from the right to privacy under Article 21 and partly
from the right to dignity under Article 14.
About the Right to be Left Alone: It doesn’t mean that one is withdrawing from society. It is an
expectation that society will not interfere in the choices made by the person so long as they do
not cause harm to others.
Government Steps to Protect Privacy
Personal Data Protection Bill 2019:
To provide for protection of privacy of individuals relating to their Personal Data and to establish a
o
Data Protection Authority of India for the said purposes and the matters concerning the personal
data of an individual.
o Framed on the recommendations of B N Srikrishna Committee (2018).
Information Technology Act, 2000:
o Provides for safeguard against certain breaches in relation to data from computer systems. It
contains provisions to prevent the unauthorized use of computers, computer systems and data
stored therein.
Way Forward{use as prayer}
The Parliament and the Supreme court to engage in a detailed analysis of RTBF and evolve a
mechanism for balancing the conflicting rights of privacy and freedom of expression.
In this digital age, data is a valuable resource that should not be left unregulated. In this context, the
time is ripe for India to have a robust data protection regime.
o Thus, the government should expedite the enactment of the Personal Data Protection Bill 2019.
The Supreme Court has asserted that in order to treat a right as a fundamental right, it is not necessary that it should be expressly stated in
the constitution as a Fundamental Right. Political, social, and economic changes in the country entail the recognition of new rights. The law
in its eternal youth grows to meet the demands of society.
Before we get into a complete discussion of Right to Privacy first of all we need to know what does the word Privacy mean. According to
Black’s Law Dictionary “right to be let alone; the right of a person to be free from any unwarranted publicity; the right to live without any
unwarranted interference by the public in matters with which the public is not necessarily concerned”.
Article 21 of the Constitution of India states that “No person shall be deprived of his life or personal liberty except according to procedure
established by law”. After reading the Article 21, it has been interpreted that the term ‘life’ includes all those aspects of life which go to make
a man’s life meaningful, complete and worth living.
Like everything mankind has ever achieved, there has been a positive and a negative side to it. Technology has invaded every part of our
lives whether the invasion was desired or not, we cannot be sure whether what we say has been heard by a third party as well whether that
was desired or not. The proverbial Hindi saying of even walls having ears has never rung truer. The principle of the world today can be:
whatever you may do, the world will get to know before you realize, ask a certain Tiger Woods about it.
n the earlier times in India, the law would give protection only from physical dangers such as trespass from which the Right to Property
emerged to secure his house and cattle. This was considered to be the Right to Life. As the ever changing common law grew to
accommodate the problems faced by the people, it was realized that not only was physical security required, but also security of the spiritual
self as well as of his feelings, intellect was required. Now the Right to Life has expanded in its scope and comprises the right to be let alone
the right to liberty secures the exercise of extensive civil privileges; and the term “property” has grown to comprise every form of possession
— intangible, as well as tangible.
Right to privacy is not enumerated as a Fundamental Right in the Constitution of India. The scope of this right first came up for
consideration in Kharak Singh’s Case which was concerned with the validity of certain regulations that permitted surveillance of suspects.
The minority decision of SUBBA RAO J. deals with this light. In the context of Article 19(1) (d), the right to privacy was again considered by
the Supreme Court in 1975. In a detailed decision, JEEVAN REDDY J. held that the right to privacy is implicit under Article 21. This right is
the right to be let alone. In the context of surveillance, it has been held that surveillance, if intrusive and seriously encroaches on the privacy
of citizen, can infringe the freedom of movement, guaranteed by Articles 19(1)(d) and 21. Surveillance must be to prevent crime and on the
basis of material provided in the history sheet. In the context of an anti-terrorism enactment, it was held that the right to privacy was
subservient to the security of the State and withholding information relevant for the detention of crime can’t be nullified on the grounds of
right to privacy.
Article 17 of International Covenant of Civil and Political Rights (to which India is a party) states “No one shall be subjected to arbitrary or
unlawful interference with his privacy, family, home and correspondence, nor to unlawful attacks on his honour and reputation”
Article 8 of European Convention on Human Rights states “Everyone has the right to respect for his private and family life, his home and his
correspondence; there shall be no interference by a public authority except such as is in accordance with law and is necessary in a
democratic society in the interests of national security, public safety or the economic well-being of the country, for the protection of health or
morals or for the protection of the rights and freedoms of others
In Govind v. State of Madhya Pradesh , Mathew, J. accepted the right to privacy as an emanation from Art. 19(a), (d) and 21, but right to
privacy is not absolute right. “Assuming that the fundamental rights explicitly guaranteed to a citizen have penumbral zones and that the
right to privacy is itself a fundamental right, the fundamental right must be subject to restriction on the basis of compelling public interest”.
Surveillance by domiciliary visits need not always be an unreasonable encroachment on the privacy of a person owing to the character and
antecedents of the person subjected to surveillance as also the objects and the limitation under which the surveillance is made. The right to
privacy deals with ‘persons not places’.
In Smt. Maneka Gandhi v. Union of India & Anr.,(1978) in this case SC 7 Judge Bench said ‘personal liberty’ in article 21 covers a variety
of rights & some have status of fundamental rights and given additional protection u/a 19. Triple Test for any law interfering with personal
liberty: (1) It must prescribe a procedure; (2) the procedure must withstand the test of one or more of the fundamental rights conferred u/a
19 which may be applicable in a given situation and (3) It must withstand test of Article 14. The law and procedure authorising interference
with personal liberty and right of privacy must also be right just and fair and not arbitrary, fanciful or oppressive.
In Naz Foundation Case (2009) Delhi HC gave the landmark decision on consensual homosexuality. In this case S. 377 IPC and Articles
14, 19 & 21 were examined. Right to privacy held to protect a “private space in which man may become and remain himself”. It was said
individuals need a place of sanctuary where they can be free from societal control- where individuals can drop the mask, desist for a while
from projecting on the world the image they want to be accepted as themselves, an image that may reflect the values of their peers rather
than the realities of their nature.
It is now a settled position that right to life and liberty under article 21 includes right to privacy. Right to privacy is ‘a right to be let alone’. A
citizen has a right to safeguard the privacy of his own, his family, marriage, procreation, motherhood, child-bearing and education among
other matters. Any person publishing anything concerning the above matters except with the consent of the person would be liable in action
for damages. Position however, be different, if a person voluntarily thrusts himself into controversy or voluntarily invites or raises a
controversy.
The questions posed above have been fully considered by the Supreme Court in People’s Union for Civil Liberties v. Union of India. In
this case Public Interest Litigation was filed protesting rampant instances of phone tapping of politician’s phones by CBI. The court ruled
that ‘telephone conversation is an important facet of a man’s private life’. The right to hold a telephone conversation in the privacy of one’s
home or office without interference can certainly be claimed as “right to privacy”. So, tapping of telephone is a serious invasion of privacy.
This means that telephone tapping would infract Article 21 unless it is permitted under the procedure established by law. The procedure has
to be “just, fair and reasonabl.
he Court said public emergency would mean the prevailing of sudden condition or state of affairs affecting the people at large calling for
immediate action. The expression ‘public safety’ means the state or condition of grave danger or risk for the people at large. When either
these two conditions are not in existence, the Court said, the Central Government or the State Government or the authorised officers cannot
resort to telephone tapping even though there is satisfaction that it is necessary or expedient so to do in the interest of sovereignty and
integrity of the country. In other orders, even if the Central Government is satisfied that it is necessary or expedient so to do in the interest of
the sovereignty or integrity of the country or the security of the State or friendly relations with foreign States or public order or for preventing
for incitements to the commission of an offence it cannot intercept the message or resort to telephone tapping unless a public emergency
has occurred or the interest of public safety or the existence of the interest of public safety requires.
These conversations would be available to every citizen under the RTI Act because the only objection that one could raise would be on the
ground of 8(j) of RTI Act which says-information which relates to personal information, the disclosure of which has no relationship to any
public activity on interest. It also says “or which would cause unwarranted invasion of the privacy of the individual unless the public authority
is satisfied, unless the information officer is satisfied that the larger public interest justifies the disclosure of such an information.”
In the case of Kharak Singh vs. State of U.P and Ors. (AIR 1963 SC 1295), it was held by the court, “We feel unable to hold
that the term was intended to bear only this narrow interpretation but on the other hand consider that “‘personal liberty” is used
in Article 21 of the Constitution of India as a compendious term to include within itself all the varieties of rights which go to
make up the “personal liberties” of man other than those dealing with in the several clauses of Art. 19 (1). In other words, while
Art. 19(1) deals with particular species or attributes of that freedom, “personal liberty” in Art. 21 takes in and comprises the
residue. Further, the right to personal liberty takes in not only a right to be free from restrictions placed on his movements but
also free from encroachments on his private life. It is true our Constitution does not expressly declare a right to privacy as a
fundamental right, but the said right is an essential ingredient of personal liberty. Every democratic country sanctifies domestic
life; it is expected to give him rest, physical happiness, peace of mind and security.”
In yet another case of Govind vs. State of M.P. And Others (1975 (2) SCC 148), the court laid down, “Rights and freedoms of
citizens are set forth in the Constitution in order to guarantee that the individual, his personality and those things stamped with
his personality shall be free from official interference except where a reasonable basis for intrusion exists many of the
Fundamental Rights of Citizens can be described as contributing to the right to privacy individuals need a place of sanctuary
where they can be free from societal control. The importance of such a sanctuary is that individuals can drop the mask, desist
for a while from projecting on the World, the image they want to be accepted themselves, an image that may reflect the values
of their peers rather than the realities of their nature.”
In the landmark case of R.Rajagopal vs. State of Tamil Nadu (1994 (6) SCC 632, the court opined, “The right to privacy as an
independent and distinctive concept originated in the field of Tort law, under which a new cause of action for damages resulting
from unlawful invasion of privacy was recognised. This right has two aspects which are but two faces of the same coin – (1) the
general law of privacy which affords a tort action for damages resulting from an unlawful invasion of privacy and (2) the
constitutional recognition given to the right to privacy which protects personal privacy against unlawful governmental invasion.
The first aspect of this right must be said to have been violated where, for example, a person’s name or likeness is used,
without his consent, for advertising – or non-advertising purposes or for that matter, his life story is written- whether laudatory or
otherwise -and published without his consent as explained hereinafter. In recent times, however, this right has acquired a
constitutional status. We shall proceed to explain how? The right to privacy is not enumerated as a fundamental right in our
Constitution but has been inferred from Article 21.”
In Naz Foundation Case (2009), Delhi HC gave the landmark decision on consensual homosexuality. In this case, Section
377 IPC and Article 14, Article 19 & Article 21 were examined. The right to privacy is held to protect a “private space in
which man may become and remain himself”. It was said individuals need a place of sanctuary where they can be free
from societal control- where individuals can drop the mask, desist for a while from projecting on the world the image they
want to be accepted as themselves, an image that may reflect the values of their peers rather than the realities of their
nature.
Puttaswamy case is apparently the most significant landmark case in the history of Right to privacy laws in India because this
was the case which laid down that Right to privacy is an important aspect of Article 21 of the Constitution. It held that
whenever a challenge is laid to an action of the State on the ground that it violates the right to privacy, the action of the State is
to be tested on the following parameters:
The judgment in Puttaswamy II further elaborates on the doctrine of proportionality by enunciating four sub-components:
(a) A measure restricting a right must have a legitimate goal (legitimate goal stage).
(b) It must be a suitable means of furthering this goal (suitability or rationale connection stage).
(c) There must not be any less restrictive but equally effective alternative (necessity stage).
(d) The measure must not have a disproportionate impact on the right holder (balancing stage
he Right to privacy can not be termed an absolute right. It varies from case to case. In cases where the public interest is
involved, the public interest is always given the upper hand, as has also been held in the case of Mr. X v. Hospital Z.
The Court held that the use of Aadhaar for the purpose of welfare schemes was constitutional as the Aadhaar Act
withstood the constitutional tests of legitimate state aim, necessity and proportionality. The Court also upheld the
mandatory linking of Aadhaar with PAN cards, while declaring the mandatory linking of Aadhaar to bank accounts as
unconstitutional and disproportionate. The Court further held that private companies could not require citizens to provide
their Aadhaar numbers for the provision of services. The court went on to say, “Privacy postulates the reservation of a
private space for the individual, described as the right to be let alone. The concept is founded on the autonomy of the
individual. The ability of an individual to make choices lies at the core of the human personality. The notion of privacy
enables the individual to assert and control the human element which is inseparable from the personality of the individual.
The inviolable nature of the human personality is manifested in the ability to make decisions on matters intimate to human
life. Privacy constitutes the foundation of all liberty because it is in privacy that the individual can decide how liberty is best
exercised. Individual dignity and privacy are inextricably linked in a pattern woven out of a thread of diversity into the fabric
of a plural culture.”
he Right to Privacy is an essential component of the right to life envisaged by Article 21, The ‘right, however, is not
absolute and may be lawfully restricted for the prevention of crime, disorder or protection of health or morals or protection
of rights and freedom of others.
Right to Privacy is indeed a very significant part of one’s living because, without privacy, there can be no dignity and
dignity is an important facet of Article 21 of the Constitution of India. The insertion of the right to privacy is a principal move
for India toward its goal of a welfare state.
Justice Chandrachud eloquently stated, “ …The best decisions on how life should be lived are entrusted to the individual. ……The duty of
the state is to safeguard the ability to take decisions – the autonomy of the individual – and not to dictate those decisions.” He went on to
hold that dignity permeates the core of the rights guaranteed to the individual under Part III of the constitution and privacy assures dignity to
the individual.
The Information Technology Act 2000 as amended (IT Act) allows individuals to sue an organization for
damages caused by its negligence in implementing and maintaining "reasonable security practices and
procedures" to secure sensitive personal data or information (Section 43-A, (IT Act)). The IT Act and the
Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or
Information) Rules 2011 (IT Act Rules) define sensitive personal data or information as personal
information relating to: • Passwords. • Financial information, such as bank account or credit card details or
other payment details. • Physical, physiological, and mental health condition. • Sexual orientation. •
Medical records and history. • Biometric information.
They said that right to liberty, which also included the right to privacy, was a pre-existing "natural right" which
the Constitution acknowledged and guaranteed to the citizens in case of infringement by the state
Privacy is associated with and is the bulwark of other rights. It is located in the golden trinity of Articles 14,19, and 21 (right to
liberty and equality).
* There can be no dignity without privacy, and dignity is part of the Preamble, part of the basic structure of the Constitution
* Privacy is a vague concept, and vague concepts cannot be made fundamental rights.
* Right to life of others, including right to food, is more important than right to privacy.
* Internationally, in most jurisdictions, right to privacy has not been recognized explicitly.
Manupatra
The notion of a person's right to privacy has many facets. It alludes to the unique privilege of an internet
user to manage the accumulation, storage, and dissemination of his identifiable data. Private data of an
individual entails within its ambit identification information, hobbies, preferences, as well as data of others
whom they're connected to, schooling, wellness, and finances are all examples of private data. Private data
can potentially be creatively exploited for a variety of objectives, such as government monitoring and
commercial profit generating. Although Constitution of India does not expressly recognise "Right to
Privacy" as a fundamental right, yet the Apex Judicial Authority decided it to be a fundamental right, in
August 2017.1 Despite numerous administrative initiatives, hardly a legislation protecting data, or a data
safeguarding agency exists in India currently. However, India has come a long way in recognising privacy
of an individual.
In the case of Manohar Lal Sharma v. Union of India,6 The court held that the right to privacy which is
guaranteed under Article 21, has been manifested in the multiple facets in the personal and public lives of
the citizens of India.{ 6Writ Petition No. 314 of 2021}
The Puttaswamy judgment's test, at best, provides an answer to this problem. This ruling proposes a
"menu" of tests that could be applied to consider how the boundaries and application of the constitutional
right to privacy might be decided in other situations. A "law," a "legitimate State interest," and the
necessity of "proportionality" are the three criteria the Court set forth to determine whether any State
activity violates the basic right to privacy. The Court also reaffirmed the four sub-tests for determining
proportionality of a state action that were adopted in a 2016 decision in Modern Dental College and
Research Centre v. State of Madhya Pradesh .26 The state can interfere subjected to meeting the following
criteria: (a) the goal must be legitimate (the legitimacy stage); (b) it must be a suitable means of achieving
the goal; (c) there must be no less stringent but equally effective alternatives; and (d) the measure must
not have a disproportionate effect on the right holder (balancing stage). Therefore, if state measures
restricting the right to privacy fail the aforementioned conditions, they would constitute a fundamental
right infringement. 27
Privacy and data protection require that information about individuals should
not be automatically made available to other individuals and organizations.
Each person must be able to exercise a substantial degree of control over
that data and its use. Data protection is legal safeguard to prevent misuse of
information about individual person on a medium including computers. It
is adoption of administrative, technical, or physical deterrents to safeguard
personal data. Privacy is closely connected to data protection. An individual's
data like his name address, telephone-numbers, profession, family, choices, etc.
are often available at various places like schools, colleges, banks, directories,
surveys and on various web sites. Passing of such information to interested
parties can lead to intrusion in privacy like incessant marketing calls. The main
principles on privacy and data protection enumerated under the Information
Technology (Amendment) Act, 2008 are defining data, civil and criminal
46. Mr. Xv. Hospital 'Z' AIR 2003 SC 664.
47. See Bbabani Prasad Jena v. Onssa State Commission for Women , (2010) 8 SCC 633.
48. See Sarda v. Dharmpal , AIR 2003 SC 3450.
672 Journal of the Indian Law Institute Vol. 53 : 3
liability in case of breach of data protection and violation of confidentiality
and privacy.
Concept of data protection
The Information Technology Act which came into force in the year 2000 is the
only Act to date which covers the key issues of data protection, albeit not every
matter. In fact, the Information Technology (Amendment) Act, 2008 enacted
by the Indian Parliament is the first legislation, which contains provisions
on data protection. According to section 2(1) (o) of the Act, "Data" means
a representation of information, knowledge, facts, concepts or instructions
which are being prepared or have been prepared in a formalised manner, and
is intended to be processed or is being processed or has been processed in a
computer system or computer network, and may be in any form (including
computer printouts magnetic or optical storage media, punched cards, punched
tapes) or stored internally in the memory of the computer". The IT Act doesn't
provide for any definition of personal data and, the definition of "data" would
be more relevant in the field of cyber-crime. Further, the IT Act defines certain
key terms with respect to data protection, like access,49 Computer,50 Computer
network,51 Computer resource,52 Computer system,53 Computer database,54
Data,55 Electronic form,56 Electronic record,57 Information,58 Intermediary,59
Secure system, 60and Security procedure.61 The idea behind the aforesaid section
is that the person who has secured access to any such information shall not
take unfair advantage of it by disclosing it to the third party without obtaining
the consent of the concerned party. 'Third party information' is defined to
mean 'any information dealt with by an intermediary in his capacity as an
intermediary', and it may be arguable that this limitation also applies to 'data'
and 'communication'. Section 79 provides that an intermediary shall not be
liable for any third party information, data, or communication link made
available or hasted by him except in the conditions provided in sub-section (2)
49. Information (Amendment) Technology Act , 2008, s. 2 (1) (a).
50. Id., S.2 (1) (i).
51. Id., S.2 (1) (j).
52. Id ., s.2 (1) (k).
53. Id., s. 2 (1) ©.
54. Id., s. 43, explanation (ii).
55. Id., s. 2 (1) (o).
56. Id., s. 2 (l) (r).
57. Id., s. 2 (1) (t).
58. Id., s. 2 (1) (v).
59. Id., s. 2 (1) (w).
60. Id., s. 2 (1) (ze).
61. Id., s. 2 (1) (zf).
2011] Notes and Comments 673
and (3) thereof.
The IT Act doesn't provide any definition of personal data. Furthermore, the
definition of "data" would be more relevant^ in the field of cyber-crime. Data
protection consists of a technical framework of security measures designed to
guarantee that data are handled in such a manner as to ensure that they are safe
from unforeseen, unintended, unwanted or malevolent use.
Civil liability and data protection
The Information Technology (Amendment) Act 2008 provides for civil
liability in case of computer database theft, computer trespass, unauthorized
digital copying, downloading and extraction of data, privacy violation etc .
Furthermore, section 43 provides for penalty for a wide range of cyber
contraventions such as: (a) related to unauthorised access to computer, computer
system, computer network or resources; (b) unauthorised digital copying,
downloading and extraction of data, computer database or information, theft
of data held or stored in any media; (c) introduced any computer contaminant
or computer virus into any computer system or computer network; (d)
unauthorised transmission of data or programme residing within a computer,
computer system or computer network; (e) computer data/ database disruption,
spamming etc.; (f) denial of service attacks, data theft, fraud, forgery etc.; (g)
unauthorised access to computer data/computer databases; (h) instances
of data theft (passwords, login IDs) etc.; (i) destroys, deletes or alters any
information residing in a computer resource etc and (j) steal, conceal, destroy
or alter any computer source code used for a computer resource with an
intention to cause damage. Explanation (ii) of section 43 provisions definition
of computer database as "a representation of information, knowledge, facts,
concepts or instructions in text, image, audio, video that are being prepared
or have been prepared in a formalized manner or have been produced by a
computer, computer system or computer network and are intended for use in
a computer, computer system or computer network."
Section 43A provides for 'compensation for failure to protect data', it provides:
"Where a body corporate, possessing, dealing or handling any sensitive
personal data or information in a computer resource which it owns, controls
or operates, is negligent in implementing and maintaining reasonable security
practices and procedures and thereby causes wrongful loss or wrongful gain
to any person, such body corporate shall be liable to pay damages by way
of compensation to the person so affected". There is no limitation imposed
on the compensation that can be awarded. Section 43A which provides for
civil action for security breaches is based on the concept of 'sensitive personal
674 Journal of the Indian Law Institute Vol. 53 :4
information'. Other than that, there is no special protection in Indian law for
sensitive personal information. Section 43A provides for compensation to an
aggrieved person whose personal data including sensitive personal data may
be compromised by a company, during the time it was under processing with
the company, for failure to protect such data whether because of negligence in
implementing or maintaining reasonable security practices.
This provision, therefore, provides a right of compensation against anyone
other than the person in charge of the computer facilities concerned, effectively
giving a person a right not to have their personal information disclosed to third
parties, or damaged or changed by those third parties. The section is equally able
to be used by data controllers or the subjects of personal information against
third parties. It is only that they will be 'affected' in different ways which
justify compensation. It also provides that accessing data in an unauthorized
way is a civil liability.
Criminal liability and data protection
The Information Technology (Amendment) Act, 2008 provides for criminal
liability in case of computer database theft, privacy violation etc. The Act
also make wide ranging amendments in chapter XI enfacing sections 65-74
which cover a wide range of cyber offences, including offences related to
unauthorised tempering with computer source documents,62 dishonestly
or fraudulently doing any act referred to in section 43, 63 sending offensive
messages through communication service etc.,64 dishonestly receiving stolen
computer resource or communication device,65 identity theft,66 cheating
by personation by using computer resource,67 violation of privacy,68 cyber
terrorism,69 transmitting obscene material in electronic form,70 transmitting of
material containing sexually explicit act, etc., in electronic form,71 transmitting
of material depicting children in sexually explicit act, etc., in electronic form,72
any intermediary intentionally or knowingly contravening the provisions of
62. Id ., s. 65.
63. Id ., s. 66.
64. Id s. 66 A.
65. Id., s. 66B .
66. Id. , s. 66C.
67. Id., s. 66D.
68. Id., s. 66E.
69. Id., s. 66F.
70. Id., s. 67.
lì. Id., s. 67 A.
12. Id., s. 67B.
2011] Notes and Comments 675
sub-section (1) of section 43, 73 any person intentionally or knowingly failing
to comply with any order of controller,74 interception or monitoring or
decryption of any information through any computer resource,75 blocking
for public access of any information through any computer resource,76
intermediary contravening the provisions of sub section (2) of section 69B
by refusing to provide technical assistance to the agency authorised by the
Central Government to monitor and collect traffic data or information
through any computer for cyber security,77 securing access or attempting to
secure access to any computer resource which directly or indirectly affects
the facility of Critical Information Infrastructure,78 any misrepresentation
to or suppressing any material fact from the Controller or the Certifying
Authority,79 breach of confidentiality and privacy,80 disclosure of information
in breach of lawful contract,81 publishing electronic signature certificate false
in certain particulars,82 and electronic signature certificate for any fraudulent
or unlawful purpose.83
India does not have specific data protection legislation, other then the IT
Act, which may give the authorities sweeping power to monitor and collect
traffic data, and possibly other data. The IT Act does not impose data quality
obligations in relation to personal information and does not impose obligations
on private sector organizations to disclose details of the practices in handling
personal information.
Violation of confidentiality and privacy
The terms violation of confidentiality and privacy are described under the
IT Act. Section 66-E very eloquently explains violation of privacy as 'whoever,
intentionally or knowingly captures, publishes or transmits the image of a
private area of any person without his or her consent, under circumstances
violating the privacy of that person.' Section 66-E explanation (e) has also
explained violation of privacy as 'circumstances in which a person can have
a reasonable expectation that- (i) he or she could disrobe in privacy, without
73. Id., s. 67C.
74. Id., s. 68.
15. Id., s. 69.
76. Id. s. 69A.
77. Id., S.69B.
78. Id. s. 70.
79. Id., s. 71.
80. Id., s. 72.
81. Id., s. 72A.
82. Id. , s. 73.
83. Id., s. 74.
676 Journal of the Indian Law Institute Vol. 53 :4
being concerned that an image of his private area was being captured; or (ii)
any part of his or her private area would not be visible to the public, regardless
of whether that person is in a public or private place.' Section 72 provides
for penalty for breach of confidentiality and privacy as meaning 'any person
securing access to any electronic record, book, register, correspondence,
information, document or other material without the consent of the person
concerned discloses such electronic record book, register, correspondence,
information, document or other material to any other person.' Section 72A
also explains the law of privacy and asserts that disclosure of information in
breach of lawful contract -'save as otherwise provided in this Act or any other
law for the time being in force, any person including an intermediary who,
while providing services under the terms of lawful contract, has secured access
to any material containing personal information about another person, with
the intent to cause or knowing that he is likely to cause wrongful loss or
wrongful gain discloses, without the consent of the person concerned, or in
breach of a lawful contract, such material to any other person' amounts to
•breach of privacy and provides for punishment for the same.
Sections 66E, 72, and 72A require the consent of the concerned persons
but, within limited scope as it would be difficult to consider that it could
provide a sufficient level of personal data protection. Indeed, these sections
confine themselves to the acts and omissions of those persons, who have
been conferred powers under the Act. These sections provide for monitoring
violation of privacy, breach of confidentiality and privacy, and disclosure of
information in breach of lawful contract. Breach of confidentiality and privacy
is aimed at public and private authorities, which have been granted power
under the Act. In District Registrar and Collector v. Cañara Bank,u the Supreme
Court said that the disclosure of the contents of the private documents of its
customers or copies of such private documents, by the bank would amount to
a breach of confidentiality and would, therefore, be violative of privacy rights
of its customers.