Governance & Risk Management , Privacy , Standards, Regulations & Compliance

Right to Privacy is a Fundamental Right, says Supreme Court

Article 21 of the Constitution Re-established
Right to Privacy is a Fundamental Right, says Supreme Court

After prolonged debate and discussions, the Supreme Court of India on Thursday announced that 'Right to Privacy' is a fundamental right of Indian citizens under Article 21 of the Constitution, which aims to protect individuals against misuse of data by government or private agencies. The judgement was pronounced by a nine bench judge that includes J.S. Khehar, J. Chelameswar, S.A. Bobde, R.K. Agarwal, R.F. Nariman, A.M. Sapre, D.Y. Chandrachud, S.K. Kaul and S. Abdul Nazeer.

See Also: Demonstrating HIPAA Compliance

The right to privacy "is protected as an intrinsic part of Article 21 that protects life and liberty," the justices said in the unanimous ruling.

The Article 21 in the Constitution of India 1949 establishes protection of life and personal liberty and no person shall be deprived of his life or personal liberty except according to procedure established by law.

Experts say the judgement has important implications for security.

"It's a new era for India as the judgement is a clear message to the world that privacy of Indians is sacrosanct and it can't be interfered lightly," says New Delhi based Pavan Duggal, advocate, Supreme Court of India.

"This will push corporates and private firms towards adopting good governance and secure corporate habits, thus redefining the way India as a nation looks at privacy," Duggal remarks.

Verdict on Right to Privacy

The bench, led by Chief Justice J.S. Khehar, pronounced a unanimous judgement even if the judges had slightly different arguments as to how privacy is intrinsic to right to life and liberty, according to a media report.

In its 547-page judgment that declares privacy to be a fundamental right, the Supreme Court has overruled verdicts given in the M.P. Sharma case in 1958 and the Kharak Singh case in 1961, both of which said that the right to privacy is not protected under the Indian constitution.

The judgment says privacy is a constitutionally protected right which emerges primarily from the guarantee of life and personal liberty in Article 21 of the Constitution. Elements of privacy also arise in varying contexts from the other facets of freedom and dignity recognised and guaranteed by the fundamental rights,

The judges agree that the right to privacy has been held to be a fundamental right of the citizen and is an integral part of Article 21 of the Constitution of India by this Court. Illegitimate intrusion into privacy of a person is not permissible as the right to privacy is implicit in the right to life and liberty guaranteed under our Constitution. However, right of privacy may not be absolute and in exceptional circumstance particularly surveillance inconsonance with the statutory provisions may not violate such a right.

During the deliberations, Governement of India's Aadhaar card scheme, which prescribed norms for and compilation of demographic biometric data by the government, was questioned by some justices on the ground that it violates the right to privacy.

Faced with this predicament and having due regard to the far-reaching questions of importance involving interpretation of the Constitution, the judges felt that institutional integrity and judicial discipline would require a reference to a larger Bench.

Implications on Security

Practitioners hail the judgement as a significant milestone for India.

"It will pave the way for greater acceptance of India as a data-safe country, if we can follow this with enactment of appropriate data-privacy regulations," says Srinivas Poosarla, a practitioner.

Many believe the judgement will be a blessing in disguise for companies who previously paid little attention to security or privacy of data.

"Now that expectations have been laid down, companies will have little choice but to improve their data privacy posture. This will not only improve the domestic ecosystem but will also bring India at par with other geographies globally in terms of data protection and privacy," says Vinayak Godse, senior director at Data Security Council of India or DSCI.

Poosarla agrees. "Now that privacy is recognized as a fundamental right, there will be greater appreciation by businesses in India to pay attention to data privacy, and they may no longer look at it as an alien concept," says Poosarla.

However, says Poosarla, unless we have data privacy regulation that covers all sectors, we may not see it flowing down to organizations as a necessary requirement. "One of the key requirement of any data privacy regulation is to protect and secure data and hence, a regulation that follows this verdict should bring an obligation for organizations to introduce appropriate safeguards and security practices," he says.

Nadkarni says task is cut out for the government. "What the government needs to do now is design laws and regulations around data collection, privacy, biometrics etc. This will spell out rules for app companies and others on what data they can collect and what not," says Shivangi Nadkarni CEO of Arrka Consulting. "This will also ensure that app developers and others collecting our data are not owners of it but have a fiduciary relationship with it," she says.

Privacy Challenges

The judges agree that privacy is a broad concept and informational privacy is a facet of the right to privacy. "The dangers to privacy in an age of information can originate not only from the state but from non-state actors as well. We commend to the Union Government the need to examine and put into place a robust regime for data protection," the bench said.

Experts highlight that most individuals in India are ignorant about privacy and data protection laws and regulations, and oblivious that a person is entitled to his or her privacy, and other users can only have limited access to information about them.

"There are practical issues with regard to understanding the privacy, data protection and cybersecurity law by citizens at large," Prof. M.V. Rajeev Gowda, Member of Parliament, Rajya Sabha had earlier said. "Even the best and most clued-into security systems often overlook privacy clauses and tend to sign up on every document or software without an iota of skepticism, which is a risky proposition."

Impact on Aadhaar

The judgement, for now, has cast a shadow over Aadhaar and how far the government can use it for its various schemes. To make matters clear, a five-judge bench of Supreme Court will now test the validity of Aadhaar on the basis of the fact that right to privacy is now a fundamental right. The date for the same is yet to be finalized.

"Kudos to Supreme Court for holding right to privacy as a fundamental right under Article 21. Aadhaar, any other law will be tested on reasonableness," Prashant Bhushan, lawyer, said to the media. "Any law which is made to restrict this fundamental right will have to be examined keeping Article 21 in mind," he adds. "For example, if the government tomorrow says that your Aadhaar card will be required for your travel and income tax filings, that will be an unreasonable restriction," says Bhushan.

Though more clarity on Aadhaar can be gauged only when the bench decides on its future, practitioners differ on their views on whether Aadhaar will be impacted by the decision. While some feel this judgement is a blow to Aadhaar as the government now has to convince SC that forcing citizens to give a sample of their fingerprints and their iris scan does not violate privacy, there are others who say that Aadhaar in its original form is just a Unique ID and hence should be looked in that context.

"It's a unique ID which is prevalent in many countries. The issue of privacy comes when the Aadhaar data collected is used for purposes other than for reasons coming under 'reasonable security'," says Na. Vijayashankar, cyber lawyer.

Furthermore, while the judgement has pronounced that privacy can be infringed with 'reasonable restrictions', it hasn't provided any clarity on what it means by it.

"What reasonable restrictions need to be put when asking Aadhaar or linking it to other services is yet to be decided," says Prashant Mali, an international cyber law expert. "I feel now the pain point of law makers and protectors of constitution have increased as they always need to think of what is reasonable and what is not. The positive thing is it paves way for privacy protection," Mali contends.

Experts warn that government will not be a mute spectator. "It will come up with legislations in areas and circumstances where right to privacy can be curtailed," says Duggal.

"Government needs to come out with solution either through amendment or should exclude some parameters from Aadhaar requirement," says Vaibhav Sakhare, head, fraud risk services at Esskay Computer Services.


About the Author

Suparna Goswami

Suparna Goswami

Associate Editor, ISMG

Goswami has more than 10 years of experience in the field of journalism. She has covered a variety of beats including global macro economy, fintech, startups and other business trends. Before joining ISMG, she contributed for Forbes Asia, where she wrote about the Indian startup ecosystem. She has also worked with UK-based International Finance Magazine and leading Indian newspapers, such as DNA and Times of India.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing inforisktoday.asia, you agree to our use of cookies.