Privacy in the digital age

Photo: SNS


The current focus on the right to privacy is based on some new realities of the digital age. Personal spaces and safeties that were previously granted simply by physical separation are no longer protected.

The digital network enters the most proximate spaces and challenges the normally accepted notions of the private.

It brings into focus new means of exercising social, economic, and political power, and reducing of autonomies. Like in the physical space, the private and the public must be separated in the digital realm as well.

We need a constitutional definition and guarantee of the right to individuality, personal autonomy and privacy. It must be provided in the clearest terms by the Supreme Court, which is currently considering this issue. A definite legal definition of ‘privacy’ is not available.

Some legal experts tend to define privacy as a right enjoyed by every human being by virtue of his or her existence. It depends on no instrument or charter.

Privacy can also extend to other aspects, including bodily integrity, personal autonomy, informational self-determination, protection from state surveillance, dignity, confidentiality, compelled speech and freedom to dissent or move or think. In short, the right to privacy has to be determined on a case-by-case basis.

Privacy enjoys a robust legal framework internationally. Article 12 of the Universal Declaration of Human Rights, 1948 and Article 17 of the International Covenant on Civil and Political Rights (ICCPR), 1966, legally protect persons against “arbitrary interference” with one’s privacy, family, home, correspondence, honour and reputation.

India signed and ratified the ICCPR on 10 April 1979, without reservation. Articles 7 and 8 of the Charter of Fundamental Rights of the European Union, 2012, recognise the respect for private and family life, home and communications. Article 8 mandates protection of personal data and its collection for a specified legitimate purpose.

The trigger is the government’s Aadhaar scheme, which collects personal details and biometrics to identify beneficiaries for government welfare schemes. A bunch of petitions was filed in the Supreme Court in 2015 terming Aadhaar a breach of privacy.

The petitioners argued that Aadhaar enrolment was the means to a “totalitarian state” and an open invitation for personal data leakage. The government countered that the right to privacy of an “elite few” is submissive to the right of the masses to lead a dignified life in a developing country.

It said informational privacy does not exist before compelling state interests and is not an absolute right. It reasoned that collection and use of personal data of citizens for Aadhaar — now a law under the Aadhaar (Targeted Delivery of Financial and Other Subsidies, Benefits and Services) Act of 2016 — benefits millions of poor.

The government claims Aadhaar is a panacea for corruption in public distribution, money-laundering and terror funding. Plagued by contradictions in past judicial pronouncements on whether or not privacy is a fundamental right, a five-judge Constitution Bench of the Supreme Court decided to refer the question to a nine-judge Bench.

This nine-judge Bench for the first time engaged in an intense debate with legal scholars and prominent lawyers on whether or not privacy is a fundamental right in the Constitution.

At the same time, the judges and the legal community are vexed by the amorphous nature of privacy. The government argues that right to privacy is not expressly included in the Constitution as the founding fathers rejected or jettisoned the idea of inclusion of privacy as a fundamental right.

But petitioners insist that the recognition of privacy as a fundamental freedom is an essential deterrent against intrusion into personal space and data by state and private players in a technologically dynamic society. The apprehension expressed by the Supreme Court about the collection and use of data is the risk of personal information falling into the hands of private players and service providers.

The apprehension is best expressed in the words of Justice Chandrachud on the the nine-judge Bench: “I don’t want the state to pass on my personal information to some 2,000 service providers who will send me WhatsApp messages offering cosmetics and air conditioners…

That is our area of concern. Personal details turn into vital commercial information for private service providers.” Both the government and service providers collect personal data.

This adds to the danger of data leakage. The state must retain an important part in the organisation of new social and economic structures, which requires it to play a significant role in the data ecosystem.

The public sector will, for instance, need to manage some infrastructural social and economic databases above which the private sector can run a competitive economy. Some of these will be in the form of “data commons”, which will require a properly institutionalised stewardship of the state.

Citizens will also require the assistance of a public interest agency to enable management of their personal data in a manner that they can obtain the best benefit of a data economy/society and its personalised services.

All such roles of the state must be constitutionally circumscribed, with strict laws. While establishing a right to privacy, the Supreme Court must also direct the state to develop appropriate institutions for shaping the state’s role in a digital society/economy.

This may require, at some stage, an independent branch of the state exclusively dealing with data issues and management. Framing of a right to privacy must not curtail the state’s due role in our collective digital futures.

Only this will ensure that global digital corporations become all-powerful economic, social and political actors. They already provide most of the digital services that appear to be of a public good nature, and in turn control and shape entire sectors.

The state must be directed by the Supreme Court to ensure that people’s right to privacy is actually available against these corporations as well. In most contexts, there is nothing voluntary in checking an online box giving away one’s privacy. A citizen must have options to undertake basic digital functions like emailing, information search, social networking, etc. without sacrificing her privacy rights. This too is the state’s responsibility.