Update from the Supreme Court – Aadhaar linking and Sabu Mathew George vs. Union of India

Aadhaar linking 

With regard to the pending matter of linking Aadhaar with certain services, the Bench stated that the hearing for interim relief would take place tomorrow (14/12). In addition, the Centre issued a notification on the 12th of December, stating that the deadline for linking Aadhaar with bank accounts, which was the 31st of December, was extended indefinitely. On the 13th of December however, this deadline was fixed as the 31st of March. Our coverage of the Aadhaar linking matter can be found here and here.

Sabu Mathew George vs. Union of India

Today, the Supreme Court heard the ongoing matter of Sabu Mathew George vs. Union of India. In 2008, a petition was filed to ban advertisements endorsing sex-selective abortions from search engine results. Advertisements endorsing sex selective abortions are illegal under Section 22 of the PNDT Act (The Pre-conception and Pre-Natal Diagnostic Techniques Act), 1994 Act. Several orders have been passed over the last few years, the last of which was passed on April 13th, 2017. Following from these orders, the Court had directed the Centre to set up a nodal agency where complaints against sex selective ads could be lodged. The Court had also ordered the search engines involved to set up an in-house expert committee in this regard. The order dated April 13th stated that compliance with the mechanism in place would be checked hereinafter. Our blog posts covering these arguments and other issues relevant to search neutrality can be found on the following links (1, 2 and 3).

In today’s proceedings, the matter was disposed off.

Senior counsel Sanjay Parikh appearing for the petitioners started off by commenting on the working of the nodal agencies and the limits within which they function. He stated that search engines were ‘washing their hands off’ and trying to pawn off their responsibilities to the government.

Counsel for the respondents argued that the petitioners displayed a fundamentally incorrect understanding of how the internet functioned. They stated that a blanket ban on content, as desired by the petitioners, would not be possible.

The respondents then stated that problematic content was taken down in the time period stipulated in the earlier orders. The petitioners refuted this statement.

The respondents once again stated that the petitioners ‘betrayed a lack of understanding’ of how search engines functioned.

The petitioners stated that search engines have been much more proactive and have had more success in taking down content related to child sexual abuse material and terrorism. As per the petitioners, this implies that search engines are capable of removing content in an efficient manner.

The respondents stated that material relating to sexual abuse usually relates to images and other visuals, as opposed to search terms or words. They stated that this was an important distinction, and would determine the extent to which search engines could efficiently take down content.

Referring to the affidavit filed, the petitioners reiterated that the government and the nodal agency were ‘helpless’ and would need further cooperation to prevent content from disseminating.

To this, the respondents stated that the government of India should block problematic URLs.

The petitioners then drew attention to the magnitude of illegitimate content on the internet, by discussing statistics from a YouTube search.

At this point, Chief Justice Dipak Misra interjected by stating that nodal agencies had to function in a competent manner and ensure that complaints were addressed in the requisite time period.

The petitioners responded stating that nodal agencies were finding it difficult to efficiently regulate content, since the takedown of URLs did not affect the availability of related illegitimate content on the internet.

The respondents then outlined the constraints within which search engines functioned. They stated that a search engine could only de-index illegitimate content on the internet, and that the content would continue to exist on the internet otherwise. They remarked on safe-harbour exceptions and also stated that filtering and indexing is an algorithmic process, which could only be regulated to a certain extent. Reiterating on the algorithmic nature of the process, they stated that ‘one step could not be removed from the process’.

They also reassured the petitioners that any problematic URLs, that they were intimated of, would be removed. However, proxy websites with similar content could still crop up. They stated that the possible permutations and combinations were endless, and eliminating search results was not possible. However, sponsored ads could be dealt with effectively.  They also stated that dealing with every instance of infringement on an individual level would be impossible.

At this point, the Chief Justice asked the respondents to elaborate on what could be done.

The respondents stated that there was a need to understand the technology better.

The Bench then asked the petitioners if they could interact with the committee to better understand technical solutions.

Mr. Parikh, referring to an affidavit filed, stated that Google, in 2014, had displayed the ability to ‘proactively’ takedown content, without being informed by external bodies.

The respondents stated that they would look into this.

The Bench concluded by stating that the nodal agency should hold a meeting with the respondents and the petitioners within 6 weeks.

Chief Justice Dipak Misra read out the order.

Mr. Sanjay Parikh appearing for the petitioners stated that the nodal agency, despite the orders passed, had not been able to stop the offending material from being used. According to Mr. Parikh, search engines alone have the potentiality to deliberately remove offending material. Mr. Parikh has also stated that there are other ways in which offending content can be removed by the search engines.

The counsel for the respondents have stated that content can only be removed once it is pointed out, and once a specific URL is specified. There are other permutations and combinations to consider while regulating search results.

Senior Counsel Pinky Anand has stated that the nodal agency is hard at work and addresses complaints efficiently whenever it receives them.

The matter was disposed off.

 

Advertisements

Call for Applications – Civil Liberties

The Centre for Communication Governance at the National Law University Delhi (CCG) invites applications for research positions in its Civil Liberties team on a full time basis.

About the Centre

The Centre for Communication Governance is the only academic research centre dedicated to working on the information law and policy in India and in a short span of four years has become a leading centre on information policy in Asia. It seeks to embed human rights and good governance within communication policy and protect digital rights in India through rigorous academic research and capacity building.

The Centre routinely works with a range of international academic institutions and policy organizations. These include the Berkman Klein Center at Harvard University, the Programme in Comparative Media Law and Policy at the University of Oxford, the Center for Internet and Society at Stanford Law School, Hans Bredow Institute at the University of Hamburg and the Global Network of Interdisciplinary Internet & Society Research Centers. We engage regularly with government institutions and ministries such as the Law Commission of India, Ministry of Electronics & IT, Ministry of External Affairs, the Ministry of Law & Justice and the International Telecommunications Union. We work actively to provide the executive and judiciary with useful research in the course of their decision making on issues relating to civil liberties and technology.

CCG has also constituted two advisory boards, a faculty board within the University and one consisting of academic members of our international networks. These boards will oversee the functioning of the Centre and provide high level inputs on the work undertaken by CCG from time to time.

About Our Work

The work at CCG is designed to build competence and raise the quality of discourse in research and policy around issues concerning civil liberties and the Internet, cybersecurity and global Internet governance. The research and policy output is intended to catalyze effective, research-led policy making and informed public debate around issues in technology and Internet governance.

The work of our civil liberties team covers the following broad areas:

  1. Freedom of Speech & Expression: Research in this area focuses on human rights and civil liberties in the context of the Internet and emerging communication technology in India. Research on this track squarely addresses the research gaps around the architecture of the Internet and its impact on free expression.
  2. Access, Markets and Public Interest: The research under this area will consider questions of access, including how the human right to free speech could help to guarantee access to the Internet. It would identify areas where competition law would need to intervene to ensure free, fair and human rights-compatible access to the Internet, and opportunities to communicate using online services. Work in this area will consider how existing competition and consumer protection law could be applied to ensure that freedom of expression in new media, and particularly the internet, is protected given market realities on the supply side. We will under this track put out material regarding the net neutrality concerns that are closely associated to the competition, innovation, media diversity and protection of human rights especially rights to free expression and the right to receive information and particularly to substantive equality across media. It will also engage with existing theories of media pluralism in this context.
  3. Privacy, Surveillance & Big Data: Research in this area focuses on surveillance as well as data protection practices, laws and policies. The work may be directed either at the normative questions that arise in the context of surveillance or data protection, or at empirical work, including data gathering and analysis, with a view to enabling policy and law makers to better understand the pragmatic concerns in developing realistic and effective privacy frameworks. This work area extends to the right to be forgotten and data localization.

Role

CCG is a young and continuously evolving organization and the members of the centre are expected to be active participants in building a collaborative, merit led institution and a lasting community of highly motivated young researchers.

Selected applicants will ordinarily be expected to design and produce units of publishable research with Director(s)/ senior staff members. They will also be recommending and assisting with designing and executing policy positions and external actions on a broad range of information policy issues.

Equally, they will also be expected to participate in other work, including writing opinion pieces, blog posts, press releases, memoranda, and help with outreach. The selected applicants will also represent CCG in the media and at other events, roundtables, and conferences and before relevant governmental, and other bodies. In addition, they will have organizational responsibilities such as providing inputs for grant applications, networking and designing and executing Centre events.

Qualifications

The Centre welcomes applications from candidates with advanced degrees in law, public policy and international relations.

  • All candidates must preferably be able to provide evidence of an interest in human rights / technology law and / or policy / Internet governance/ national security law as well. In addition, they must have a demonstrable capacity for high-quality, independent work.
  • In addition to written work, a project/ programme manager within CCG will be expected to play a significant leadership role. This ranges from proactive agenda-setting to administrative and team-building responsibilities.
  • Successful candidates for the project / programme manager position should show great initiative in managing both their own and their team’s workloads. They will also be expected to lead and motivate their team through high stress periods and in responding to pressing policy questions.

However, the length of your resume is less important than the other qualities we are looking for. As a young, rapidly-expanding organization, CCG anticipates that all members of the Centre will have to manage large burdens of substantive as well as administrative work in addition to research. We are looking for highly motivated candidates with a deep commitment to building information policy that supports and enables human rights and democracy.

At CCG, we aim very high and we demand a lot of each other in the workplace. We take great pride in high-quality outputs and value individuality and perfectionism. We like to maintain the highest ethical standards in our work and workplace, and love people who manage all of this while being as kind and generous as possible to colleagues, collaborators and everyone else within our networks. A sense of humour will be most welcome. Even if you do not necessarily fit requirements mentioned in the two bulleted points but bring to us the other qualities we look for, we will love to hear from you.

[The Centre reserves the right to not fill the position(s) if it does not find suitable candidates among the applicants.]

Positions

Based on experience and qualifications, successful applicants will be placed in the following positions. Please note that our interview panel has the discretion to determine which profile would be most suitable for each applicant.

  • Programme Officer (2-4 years’ work experience)
  • Project Manager (4-6 years’ work experience)
  • Programme Manager (6-8 years’ work experience)

A Master’s degree from a highly regarded programme might count towards work experience.

CCG staff work at the Centre’s offices at National Law University Delhi’s campus. The positions on offer are for duration of one year and we expect a commitment for two years.

Remuneration

The salaries will be competitive, and will usually range from ₹50,000 to ₹1,20,000 per month, depending on multiple factors including relevant experience, the position and the larger research project under which the candidate can be accommodated.

Where candidates demonstrate exceptional competence in the opinion of the interview panel, there is a possibility for greater remuneration.

Procedure for Application

Interested applicants are required to send the following information and materials by December 30, 2017 to ccgcareers@nludelhi.ac.in.

  1. Curriculum Vitae (maximum 2 double spaced pages)
  2. Expression of Interest in joining CCG (maximum 500 words).
  3. Contact details for two referees (at least one academic). Referees must be informed that they might be contacted for an oral reference or a brief written reference.
  4. One academic writing sample of between 1000 and 1200 words (essay or extract, published or unpublished).

Shortlisted applicants may be called for an interview.

 

CCG’s recommendations to the TRAI Consultation Paper on Privacy, Security and Ownership of Data in the Telecom Sector – Part III

In this series of blogposts, we discuss CCG’s responses and recommendations to the TRAI (available here), in response to their Consultation Paper on Privacy, Security and Ownership of the Data in the Telecom Sector. We focus on the principles and concerns that should govern the framing of any new data protection regime, whether limited to the telecom sector or otherwise. 

In our previous posts, we discussed the background against which we have provided our responses and recommendations, and the need for a separate regulatory framework for data within the telecom sector, in the context of the jurisdiction and powers of the TRAI.

In this post, we look at the basic data protection principles that we recommend form the basis for any new data protection regulation. Several of these principles are also discussed in the white paper of the Committee of Experts on a Data Protection Framework for India.

Any new data protection regulation, whether applicable across industries and sectors, or applicable only to the telecom sector, should be based on sound principles of privacy and data protection. As discussed in the Consultation Paper, the Report of the Group of Experts on Privacy[1] (GOE Report) identified 9 national privacy principles to be adopted in drafting a privacy law for India. These principles are listed below[2]:

  • Notice: A data controller, which refers to any organization that determines the purposes and means of processing the personal information of users, shall give simple to understand notice of its information practices to all individuals, in clear and concise language, before any personal information is collected from them. Such notices should include disclosures on what personal information is being collected; purpose for collection and its use; whether it will be disclosed to third parties; notification in case of data breach, etc.
  • Choice and consent: A data controller shall give individuals choices (opt-in/opt-out) with regard to providing their personal information, and take individual consent only after providing notice of its information practices.
  • Collection limitation: A data controller shall only collect personal information from data subjects as is necessary for the purposes identified for such collection.
  • Purpose limitation: Personal data collected and processed by data controllers should be adequate and relevant to the purposes for which they are processed.
  • Access and correction: Individuals shall have access to personal information about them held by a data controller and be able to seek correction, amendments, or deletion of such information, where it is inaccurate.
  • Disclosure of Information: A data controller shall only disclose personal information to third parties after providing notice and seeking informed consent from the individual for such disclosure.
  • Security: A data controller shall secure personal information using reasonable security safeguards against loss, unauthorised access or use and destruction.
  • Openness: A data controller shall take all necessary steps to implement practices, procedures, policies and systems in a manner proportional to the scale, scope, and sensitivity to the data they collect, in order to ensure compliance with the privacy principles, information regarding which shall be made in an intelligible form, using clear and plain language, available to all individuals.
  • Accountability: The data controller shall be accountable for complying with measures which give effect to the privacy principles. Such measures should include mechanisms to implement privacy policies, including training and education, audits, etc.

With the growth of businesses driven by big data, there is now a demand for re-thinking these principles, especially those relating to notice and consent[3].

While notice, consent and the other principles set forth in the GOE Report have formed the basis for data protection laws for many years now, additional principles have been developed in many jurisdictions across the world. In order to ensure that any new regulations in India are up to date and effective, it will be prudent to study such principles and identify the best practices that can then be incorporated into Indian law.

Graham Greenleaf has compared data protection laws across Europe and outside Europe and found that today, second and third generation ‘European Standards’ are being implemented across jurisdictions[4]. These ‘European Standards’, refer to standards that are applicable under European Union (EU) law, in addition to the original principles developed by the Organisation for Economic Co-operation and Development (OECD)[5]. The second generation European Standards that are most commonly seen outside the EU are:

  • Recourse to the courts to enforce data privacy rights (including. compensation, and appeals from decisions of DPAs)
  • Destruction or anonymisation of personal data after a period
  • Restricted data exports based on data protection provided by recipient country (‘adequate’), or alternative guarantees
  • Independent Data Protection Authority (DPA)
  • Minimum collection necessary for the purpose (not only ‘limited’)
  • General requirement of ‘fair and lawful processing’ (not only collection)
  • Additional protections for sensitive data in defined categories
  • To object to processing on compelling legitimate grounds, including to ‘opt-out’ of direct marketing uses of personal data
  • Additional restrictions on some sensitive processing systems (notification; ‘prior checking’ by DPA.)
  • Limits on automated decision-making (including right to know processing logic)

He also notes that there are several new principles put forward in the EU’s new General Data Protection Regulation[6] (GDPR) itself, and that it remains to be seen which of these will become global standards outside the EU. The most popular of these principles, which he refers to as ‘3rd General European Standards’ are[7]:

  • Data breach notifications to the DPA for serious breaches
  • Data breach notifications to the data subject (if high risk)
  • Class action suits to be allowed before DPAs or courts by public interest privacy groups
  • Direct liability for processors as well as controllers
  • DPAs to make decisions and issue administrative sanctions, including fines.
  • Opt-in requirements for marketing
  • Mandatory appointment of data protection officers in companies that process sensitive personal data.

We note that there exist other proposed frameworks that aim to regulate data protection and ease compliances required by businesses. Such additional frameworks may also be considered while formulating new data protection principles and regulations in India. However, it is recommended that the ‘European Standards’ described above, i.e. those set out in the GDPR may be adopted as the base on which any new regulations are built. This would ensure that India has greater chances of being recognised as having ‘adequate’ data protection frameworks by the EU, and improve our trade relations with the EU and other countries that adopt similar standards.

Professor Greenleaf’s studies suggest that the 2nd and 3rd General European Standards are being adopted by several countries outside the European Union. We note here that adoption of principles that are considered best practices across jurisdictions would also assist in increasing interoperability for businesses that operate across borders.

While adoption of these practices is likely to raise the cost of compliance, it is also likely to ensure that India remains a very competitive market globally for the outsourcing of services. In the long term, this will benefit Indian industry and the Indian economy. It will also safeguard the privacy rights of Indian citizens in the best possible manner.

[1] Report of the Group of Experts on Privacy, available at http://planningcommission.nic.in/reports/genrep/rep_privacy.pdf

[2] Report of the Group of Experts on Privacy, Chapter 3, as summarised in the TRAI Consultation Paper on Privacy, Security and Ownership of the Data in the Telecom Sector, pages 7-9

[3] TRAI Consultation Paper on Privacy, Security and Ownership of the Data in the Telecom Sector, Page 9; and Rahul Matthan, Beyond Consent: A New Paradigm for Data Protection, available at http://takshashila.org.in/takshashila-policy-research/discussion-document-beyond-consent-new-paradigm-data-protection/ (last visited on November 5, 2017)

[4] Graham Greenleaf, European data privacy standards in laws outside Europe, Privacy Law and Business International Report, Issue 149

[5]OECD Guidelines on the Protection of Privacy and Transborder Flows of Personal Data, available at http://www.oecd.org/sti/ieconomy/oecdguidelinesontheprotectionofprivacyandtransborderflowsofpersonaldata.htm (last visited on November 5, 2017)

[6] General Data Protection Regulation, Regulation (EU) 2016/679

[7] Graham Greenleaf, Presentation on 2nd & 3rd generation data privacy standards implemented in laws outside Europe (to be published and available on request).

CCG’s recommendations to the TRAI Consultation Paper on Privacy, Security and Ownership of Data in the Telecom Sector – Part II

In this series of blogposts, we discuss CCG’s responses and recommendations to the TRAI (available here), in response to their Consultation Paper on Privacy, Security and Ownership of the Data in the Telecom Sector. We focus on the principles and concerns that should govern the framing of any new data protection regime, whether limited to the telecom sector or otherwise.

In our previous blogpost, the first of the series, we discussed the background against which we have provided our responses and recommendations. In this post, we look at whether there is a need for a separate regulatory framework for data within the telecom sector, and the jurisdiction and powers of the TRAI.

We note that the Consultation Paper makes several references to stakeholders / players in the digital / telecommunications eco-system that are not traditional telecommunication service providers. These include online content / application service providers, device manufacturers, and providers of online communication services, operating systems, browsers. The Consultation Paper poses several questions about the regulation of data use and processing by such stakeholders.

In this context, we have examined the role and responsibilities of the TRAI beyond the regulation of traditional telecommunication service providers.

The preamble to the Telecom Regulatory Authority of India Act, 1997 (TRAI Act) states that the law is meant to “provide for the establishment of the Telecom Regulatory Authority of India and the Telecom Disputes Settlement and Appellate Tribunal to regulate the telecommunication services, adjudicate disputes, dispose of appeals and to protect the interests of service providers and consumers of the telecom sector, to promote and ensure orderly growth of the telecom sector and for matters connected therewith or incidental thereto”.

Telecommunication services have been defined to mean “service of any description (including electronic mail, voice mail, data services, audio tax services, video tax services, radio paging and cellular mobile telephone services) which is made available to users by means of any transmission or reception of signs, signals, writing, images and sounds or intelligence of any nature, by wire, radio, visual or other electromagnetic means”[1]. Broadcasting services have been excluded from the definition of telecommunication services[2].

Service providers means either the government as a service provider, or a licensee[3] – which refers to any person licensed to provide telecommunication services under the Indian Telegraph Act, 1885[4].

Section 11 of the TRAI Act describes the functions of the TRAI. These functions are divided into two broad areas: (i) making recommendations of certain matters, and (ii) regulatory functions. The regulatory functions largely deal with monitoring compliance with the telecom licenses, and other functions of service providers.

The TRAI’s powers to make recommendations extend to the following matters:

  • need and timing for introduction of new service provider;
  • terms and conditions of licence to a service provider;
  • revocation of licence for non-compliance of terms and conditions of licence;
  • measures to facilitate competition and promote efficiency in the operation of telecommunication services so as to facilitate growth in such services;
  • technological improvements in the services provided by the service providers;
  • type of equipment to be used by the service providers after inspection of equipment used in the network;
  • measures for the development of telecommunication technology and any other matter relatable to telecommunication industry in general;
  • efficient management of available spectrum

We note that most of the above matters deal specifically with functions of service providers. However, as mentioned above, telecommunication services do include some services beyond those provided by traditional telecommunication service providers – such as electronic mail and voice mail among others.

In this context, we would argue that the functions and powers of the TRAI would not extend to making recommendations regarding, or regulating online content and application providers, device manufacturers or other businesses that do not provide communication services.

At best, the TRAI may derive powers to make recommendations regarding based on questions posed in the Consultation Paper, under sub-section (iv) which provides the TRAI with the authority to make recommendations on improving efficiency of telecommunication services.

In our next posts in this series, we will discuss principles that we believe any data protection regulation, irrespective of the sector it applies to, should address. We also note that as Indian businesses grow and adopt new technology, they are increasingly beginning to function across sectors. In this context, we recommend that a basic data protection law that is applicable horizontally across sectors and regions, to cope with these cross-sectoral business models.  Where required, additional regulations may be made applicable to collection and processing of sector specific sensitive personal data.

[1] Section 2(1)(k) of the Telecom Regulatory Authority of India Act, 1997

[2] Section 2(1)(k) of the Telecom Regulatory Authority of India Act, 1997

[3] Section 2(1)(j) of the Telecom Regulatory Authority of India Act, 1997

[4] Section 2(1)(e) of the Telecom Regulatory Authority of India Act, 1997

Update on Aadhaar hearing

In October 2015, a 3-judge bench of the Supreme Court of India referred challenges to the Aadhaar program to a constitution bench. One of the primary concerns of this petition was to decide on the existence of a fundamental right to privacy, which has since been upheld. Other similar petitions, concerned with the legitimacy of Aadhaar had been tagged with this petition. While the existence of a fundamental right has been upheld, challenges against the Aadhaar programme are yet to be adjudicated upon.

On the 30th of October, the Chief Justice stated that a Constitution Bench would be constituted and the Aadhaar linking matter would be heard in the last week of November, 2017. More on this can be found in our post here.

Today, the matter was mentioned again.

The Attorney General stated that the hearing should be scheduled for the end of January or the beginning of February, since it would take 6 weeks to conclude. He also made reference to a white paper on data protection the Srikrishna Committee was about to release, and stated that the hearing should commence after these recommendations were considered.

At this point, Mr. Shyam Diwan stated that interim relief in the form of an order should be granted, if the matter could not be heard before the 31st of December. Mr. Diwan reiterated that interim relief was promised if the matter went on beyond the 31st of December.

The Attorney General mentioned that since the matter was of national importance, it would be best for it to be heard before the constitutional bench.

The Chief Justice stated that interim relief would have to be passed by the constitutional bench as well.

Presently, it is unclear whether the matter will be heard next week and dates for hearings in January and February have also not been mentioned.

Update on Aadhaar hearing

In October 2015, a 3 judge bench of the Supreme Court of India referred challenges to the Aadhaar program to a constitution bench. One of the primary concerns of this petition was to decide on the existence of a fundamental right to privacy, which has since been upheld. Other similar petitions, concerned with the legitimacy of Aadhaar had been tagged with this petition. While the existence of a fundamental right has been upheld, challenges against the Aadhaar programme are yet to be adjudicated upon.

Today, the Supreme Court decided on a date to continue hearing these challenges.

The Attorney General started off by addressing the orders passed and the Data Protection Committee’s pending report. He stated that they would prefer to argue the case in March, as mentioned previously.

At this point, the Chief Justice suggested hearing the matter in January.

Senior Advocate Gopal Subramaniam reiterated that 8 interim orders, related to Aadhaar linking, had been passed. He stated that if the hearing was to be held at a later date, the voluntary nature of such linking and a lack of compulsion had to be guaranteed.

Senior Advocate CA Sundaram appearing for the State of Maharashtra stated that regardless of an interim order or a final order, the case would still have to be argued. He also stated that the hearing should be held soon, since the matter had been in Court for a while.

The Chief Justice stated that a Constitution Bench would be constituted and the matter would be heard in the last week of November, 2017.

Update:  The deadline for linking Aadhaar with bank accounts is the 31st of December and the deadline for linking with mobile phones is the 6th of March. Contrary to media reports, this deadline has not been extended. 

In the event that the petition is not heard in November, the Court may issue interim orders to stay such linkings.  

 

CCG on the Privacy Judgment

Written by the Civil Liberties team at CCG

A 9 judge bench of the Supreme Court of India passed a landmark judgment two weeks ago, which unanimously recognized the right to privacy as a fundamental right under the Constitution of India. The Court found the right to privacy to be a part of the freedoms guaranteed across fundamental rights, and an intrinsic aspect of dignity, autonomy and liberty.

In 2012, a petition was filed before the Supreme Court by Justice K. S. Puttuswamy (Retd.), challenging the validity of Aadhaar. During the course of the hearings, the Attorney General argued that the Supreme Court in M.P. Sharma v. Satish Chandra (1954) and Kharak Singh v. State of U.P. (1962) had found that there was no fundamental right to privacy in India, because of which its position in the Indian Constitution was debatable. As a consequence, the Court in its order on August 11, 2015 referred the question to a Constitution bench of the Supreme Court. Last month, the Constitution bench decided to refer the matter to a 9 judge bench, in view of M.P. Sharma and Kharak Singh being decided by an 8 judge bench, and a 6 judge bench respectively. A timeline of events, from the filing of the petition, to the constitution of the 9 judge bench, may be found here.

During the proceedings, the petitioners broadly argued that M.P. Sharma, and Kharak Singh were no longer good law; that privacy was an essential component of liberty, dignity and other core aspects of the Constitution; and the fundamental right to privacy could be located in a combined reading of the rights under Part III of the Constitution. Further, they argued that India’s international obligations presented an imperative to recognize the right. The respondents argued, among other things, that privacy was a vague concept, of which only certain aspects could be elevated to the status of a fundamental right, if at all. They argued that the right could be protected through the common law, or by statute, and did not need the protection of a fundamental right. Further, that the right to life, and the concomitant duty of the state to provide welfare, must trump privacy. An index of our posts reporting the arguments is also available below.

The petition and reference posed some critical questions for the Court. The Court had to evaluate whether privacy, as argued, was just an alien, elitist construct unsuitable to India, or a necessary protection in a digital age. It was further tasked with defining its safeguards and contours in a way that would not invalidate the right. Chinmayi Arun’s piece specifically addresses these concerns here.

Fortunately, the Supreme Court also has an illustrious history of recognizing and upholding the right to privacy. The Centre for Communication Governance recently published an infographic, illustrating the Court’s jurisprudence on the right to privacy across 63 years.

The Court eventually decided on an expansive articulation of the fundamental right to privacy. However, the judgment raises a few crucial implications. We at the Centre for Communication Governance have presented our analysis of the judgment in various news media publications. Chinmayi Arun, our Research Director, has presented her views on the judgment as part of a panel of experts here, and in an interview, here. She also argues that the Court seems to have left a significant leeway, presumably for intrusion by the state. Smitha presents a detailed assessment of the implications of the right to privacy here. The judgment has also been lauded for its critique of the Suresh Kumar Koushal v. NAZ Foundation, which recriminalized consensual same-sex intercourse. As Arpita writes here, a strong formulation of the right to privacy, with its close connection to bodily integrity, can forge a more progressive expression of the rights of women and sexual minorities.

While the judgment is a step forward, its effect and implementation are yet to be seen. Recently, in the ongoing matter of Karmanya Singh v. Union of India (WhatsApp data sharing case), the Puttaswamy judgment was visited. Following from the judgment, the petitioners argued that the state should protect an individual’s right to privacy even when it is being infringed by a non-state actor.

 Reports of arguments made before the Supreme Court: