Need to operationalise Supreme Court verdict on fundamental right to privacy
There is also institutional failure when it comes to taking enforcement measures against private sector data misuse.Updated: Aug 24, 2019 09:51 IST
In August 2017, the Supreme Court delivered a judgment which went to the heart of the future of civil liberties in India and the larger global information society that the Internet and technology have brought in. It upheld that all residents of India have the fundamental right to privacy, rejecting arguments by government lawyers in favour of allowing discretion to the State to interfere in individual privacy. It laid down stricter standards against which government action would be tested, and it emphasised the proactive obligation of public offices to protect and expand privacy. But simply celebrating the Puttaswamy judgment is not enough. We must begin operationalising it.
Since 2017, it has been seen that the judgment was merely the first step in a much longer struggle to protect the fundamental right to privacy. The larger implications --- on further regulating government action --- began receiving resistance shortly after the ink in the judgment had dried. The Union government began expanding communications interception and surveillance powers, with the home ministry, in December 2018, operationalising and expanding the scope of overbroad legacy powers provided to them by poorly considered legislation passed earlier in Parliament. Law enforcement agencies have sought the undermining of everyday encryption used by millions of Indians on modern messaging applications; supporting calls for regulatory changes or judicial decisions that would force online services to re-engineer and make themselves more government tapping-friendly. The government’s own expert committee on data protection stated that current government powers on accessing user data and intercepting communications are likely to be unconstitutional, as per the privacy judgment. We should be alarmed that not only have policymakers failed to take up the task of reforming government surveillance powers, they have been reported as having considered diluting the language on government data collection in the proposed data protection bill. Meanwhile, the Union government and various state-level agencies are deploying dangerously pervasive surveillance systems focused on facial recognition and other tracking technologies.
The government often contributes to privacy harms, but is also one of the main channels to protect privacy. Independent privacy regulators are the main bulwark to enforce the rights of individuals with respect to data collection and use by firms ---- an area which requires significant action, given the rise of the surveillance capitalism paradigm. Two years after the right to privacy judgment and nearly a decade after a privacy and data protection bill were first proposed, India is still outsourcing the regulation of the data practices of businesses to other governments. Today, the protection which most Indians receive online is arguably thanks to the data protection standards enforced by the European Union and its national data protection authorities, and other States with similar systems.
There is also institutional failure when it comes to taking enforcement measures against private sector data misuse. The government has shown interest in demanding answers on data practices from messaging firms from China. But, so far, no major Indian or global firm has faced significant action for data-breach revelations. As Netflix’s documentary, The Great Hack, is now available for Indian users, what isn’t available is the progress of the CBI in the Cambridge Analytica scandal, which involved over 500,000 Indian users’ data.
The institutional regulatory and privacy enforcement gap seems to be growing between India and other major democracies. This is despite the fact that the Puttaswamy judgment has become a pillar of the country’s political discourse and constitutional values. During impassioned debates on controversial amendments to the Aadhaar Act during the recent Monsoon session, members of Parliament (MPs) quoted from the Puttaswamy judgment, emphasising that government moves which impact individual privacy have to be tested against its standards. Recently published research from Access Now revealed that the interest of elected lawmakers on privacy is fast-increasing. In the 16th Lok Sabha, MPs asked 290 questions on privacy, compared to 114 in the 15th Lok Sabha, a 154% increase over five years. Of these, 38 questions were on the government’s plan to introduce privacy legislation. A new Private Members Bill on Privacy has been introduced in the Lok Sabha by Ravi Kumar of the DMK, and MPs across party lines have demanded updates on the government’s commitment to introduce a privacy and data protection bill.
Citizens deserve more action by institutions to protect their privacy and liberty. Government actions are already being tested against these increased right to privacy standards before constitutional courts - or will soon be litigated. But we must stop thinking that it is only the judges who are burdened with protecting and deepening the right to privacy, and we must ensure progress from the executive and legislative branches.
Raman Chima is Asia Pacific policy director at Access Now and chair of the Internet Freedom Foundation
First Published: Aug 24, 2019 06:49 IST