The Bombay High Court (‘HC’) in Vinit Kumar v CBI was faced with a situation familiar to the constitutional courts in India. The HC was called upon to decide whether telephone recordings obtained in contravention of section 5(2) of the Telegraphs Act, 1885 (‘Act’) would be admissible in a criminal trial against the accused. Before delving into the reasoning of the HC, it will be instructive to refer to the facts of the case and an overview of India’s interception regime.
Section 5(2) of Telegraph Act, permits interception (or ‘phone tapping’) done in accordance with a “procedure established by law” and lays down two conditions: the occurrence of a “public emergency” and in the interests of “public safety”,under which such orders may be passed. Moreover, the order must be “necessary” for reasons related to the security of the state, friendly relations with other states, sovereignty or preventing the commission of an offense. The Apex Court in PUCL v. UOI (‘PUCL’) stated that telephone tapping without following the appropriate safeguards and legal process would infringe the Right to Privacy of an individual. Accordingly, procedural safeguards, in addition to those under section 5(2) of the Act, were laid down; eventually incorporated in the Telegraph Rules, 1951 (‘Telegraph Rules’). These included; such orders being only issued by the Home Secretaries of Central and State governments in times of emergency. Secondly, such an order shall be passed only when necessary and the authority passing the order shall maintain a detailed record of the intercepted communication and the procedure followed. Further, the order shall cease to be effective within two months, unless renewed. Lastly, the intercepted material shall be used only for purposes deemed necessary under the Act.
In the Vinit Kumar case, during a bribery related investigation, three interception orders were issued directing the interception of telephone calls by the petitioner. These were challenged as being ultra vires of section 5(2) of the Act, non-compliant with the Telegraph Rules, and for being in violation of the fundamental rights guaranteed under Part-III of the Indian Constitution.
The HC quashed the said orders by holding that:
Firstly, the right to privacy would include telephone-conversation in the privacy of one’s home or office. Telephone-tapping would, thus, impermissibly infringe on the interceptee’s Article 21 rights unless it is conducted under the procedure established by law (in this case, the law laid down in PUCL and the Telegraph Rules). In Vinit Kumar, the HC found the impugned orders were in contravention of the procedural guidelines laid down for the protection of the right to privacy by the Supreme Court in PUCL, section 5 of the Act and Rule 419A of the Telegraph Rules. Additionally, (and crucially) the evidence obtained through infringement of the right to privacy would be inadmissible in the court of law.
This blog analyses this third aspect of the HC judgment and argues that the approach of the HC reflects a true reading of the decision of the SC in K.S. Puttaswamy v UoI (‘Puttaswamy’) and ushers us into a new regime of right to privacy for accused persons. While doing so, the author critically examines the previous decisions wherein the courts have held the evidence collected through processes that infringe the fundamental rights of the accused to be admissible.
Correct Reading of Privacy Doctrine and Puttaswamy Development
Based on the decisions of the SC in State v Navjot Sandhuand Umesh Kumar v State, the current legal position would appear to be that illegally obtained evidence is admissible in courts as long as it is relevant. Consequently, as Vrinda Bhandari and Karan Lahiri have argued, the State is placed in a position whereby it is incentivised to access private information of an accused in a manner which may not be legally permissible. There are no adverse legal consequences for illegally obtaining evidence, only prosecutorial benefits. This is reflected in the decisions concerning the admissibility of recordings of telephonic conversations without the knowledge of the accused. The rule regarding admissibility of illegally collected evidence stems from a couple of cases, however it is submitted that the rule has a crumbling precedential basis.
A good starting point is the Supreme Court’s decision in RM Malkani v State (‘Malkani’). It was held that telephone recordings without the knowledge of the accused would be admissible in evidence as long as they are not obtained by coercion or compulsion. The Court had negligible analysis to offer insofar as the right to privacy of an individual is concerned. However, this decision dates back to the Pre-PUCL and the Pre-Puttaswamy era, wherein the right to privacy (especially vis-a-vis telephonic conversations) was not recognised as a fundamental right. Hence, it becomes imperative to question the continued relevance and correctness of this decision in light of the new developments in our understanding of fundamental rights under the Constitution. Moreover, Malkani relied on Kharak Singh v. State of U.P, which was explicitly overruled by Puttaswamy. This also casts doubt on other cases which relied on the reasoning in Kharak singh on the issue of privacy.
In Vinit Kumar, the HC rejected the approach adopted in Malkani and Kharak Singh. Affirming the right to privacy as a fundamental right, and relying on the requirements of ‘public emergency’ or ‘public order’, the HC observes that the respondents failed to justify any ingredients of “risk to the people at large or interest of the public safety, for having taken resort to the telephonic tapping by invading the right to privacy” (¶ 19). It emphasized the need to adhere by procedural safeguards, as provided in the Act, the Telegraph Rules, and the PUCL judgment, so as to ensure that the infringement of the right to privacy in a particular case meets the standards of proportionality laid down in Puttaswamy. Crucially, the HC goes a step further to hold that since the infringement of the right to privacy is not in accordance with the procedure established by law, the intercepted messages ought to be destructed and not used as evidence in trial as it is sourced from the infringement of the fundamental right to life (¶ 22).
Thus, we can see an adherence to the new constitutional doctrines espoused by the Supreme Court whereby the HC emphatically rejected the now-overruled reasoning of Kharak Singh v Stateas far as the right to privacy is concerned, and refused to apply the cases of Malkani and Dharambir Khattar v UoI whose ratios flow from Kharak Singh’s non-recognition of a right to privacy. The HC held that such judgements have been overruled by Puttaswamy (to the extent that they do not recognise the right to privacy as a fundamental right). Furthermore, it was also held that these cases involved no examination of law on the touchstone of principles of proportionality and legitimacy, as laid down in Puttaswamy (¶ 37). It circumvented the issue of ‘relevancy’ by distinguishing between ‘illegally collected evidence’, and ‘unconstitutionally collected evidence’, ruling that the latter was inadmissible as it would lead to the erosion of fundamental rights at the convenience of the State’s investigatory arm.
The HC judgment is, therefore, an important landmark with respect to the admissibility of evidence involving violation of fundamental rights. However, given the absence of a clear Supreme Court judgment in this regard, the rights of the Indian citizenry are susceptible to the difference in the approaches taken by other HCs. A case in point is the Delhi HC judgment in Deepti Kapur v. Kunal Julka wherein a video-recording of the wife’s conversation with her friend, collected by the CCTV camera in her room was admitted in evidence despite the arguments raised with regards to infringement of the right to privacy. Thus, the exact application of a bar on evidence collected through privacy infringing measures in different contexts will need to be developed on a case by case basis.
The Bombay HC judgment correctly traces the evolution of the right to privacy debate in the Indian jurisprudence. It is based on the transformative vision of the Puttaswamy judgment and appropriate application of precedent with regards to the case in hand. It symbolizes a true deference to the Constitution by protecting the citizenry from state surveillance and potential abuses of power. Especially in the current electronic era where personal information can be extracted through unconstitutional means, the Vinit Kumar judgment affirms the importance of procedural due process under the fundamental rights regime in India.
The introduction ofThe Criminal Procedure (Identification) Act, 2022( ‘the Identification Act’) raised several surveillance and privacy concerns. Replacing the Identification of Prisoners Act 1920 ( ‘the Old Prisoners Act’), it attempts to modernize the process of identification of persons involved in criminal allegations to expedite and enhance criminal investigations. This is accomplished by expanding the types of ‘measurements’ that can be obtained (ie, the data that can be collected), the persons from whom measurements may be collected, and the storage of the said data for a period of 75 years.
The Identification Act permits the collection of measurements for an expansive set of categories and increases the persons whose measurements can be collected. Section 2 (1)(b) of the Identification Act, defines “measurements.” While the Old Prisoners Act authorizedonly the collection of measurements such as finger-impressions and foot-impressions, the Identification Act now includes within its ambit “finger-impressions, palm-print impressions, foot-print impressions, photographs, iris and retina scan, physical, biological samples and their analysis, behavioural attributes including signatures, handwriting,” on top of any other examination mentioned in Section 53 and 53Aof the Code of Criminal Procedure, 1973. This represents a significant expansion in the type of data collected from individuals.
In the Old Prisoners Act, measurements could only be taken from persons who were convicted or those arrested in connection with an offence punishable by rigorous imprisonment of more than one year. However, in the Identification Act, the measurements can be taken of all convicted and arrested persons, without any requirement of a minimum threshold for those not convicted. Further, measurements can be taken from individuals under preventive detention as per Section 3(c). Thus, all-in-all, the new Act has introduced a whole sea of new measurements that could be taken, and these new measurements can be taken from more people than under the Old Prisoners Act.
In this blog, the authors analyse the constitutionality of the Identification Act by examining whether the collection and storage of measurements satisfy the proportionality test for privacy infringing measures set out in Justice K. S. Puttaswamy v Union of India (5 judge-bench) (“Puttaswamy”).
Proportionality: the Puttaswamy test
The proportionality test, first set out in the Right to Privacydecision, was subsequently elucidated on and applied by J. Sikri in the Puttaswamy judgment; the criteria for judging the constitutionality of State interference with an individual’s right to privacy may be summarised as follows:
Legitimate aim – the action taken by the government must be for a proper or legitimate purpose.
Rational nexus – there should be a rational connection between the infringing act and the legitimate state aim sought to be achieved.
Necessity – the state must demonstrate that it is necessary to introduce an intrusive measure despite the negative effect on the rights of the individuals; including that there are no lesser restrictive measures of similar efficacy available to the State.
Balancing – between the need to adopt the measure and the right to privacy.
Assessing the Identification Act –
Legitimate Aim; the expansive provision of the measurements does, arguably, have a proper purpose. Just like the Old Prisoners Act, it is meant to aid the police in investigating crimes.
Rational Nexus; completion of the investigative procedure with speed and accuracy is a legitimate state aim and the current expansion in the categories of measurements that can be obtained will aid in achieving that. The new measures would enable the authorities to create a database using the collected measurements and match the data of suspects against it, thereby aiding criminal investigations.
Necessity; there is no denying that the Identification Act interferes with extremely personal data of individuals as it broadens the scope of both the measurements (as explained above) and the categories of people from whom it can be obtained. On a comparative reading of the Section 2(a) Prisoners Act and Section 2(1)(b) of the Identification Act, it is evident that the latter encompasses significantly more data collection than the former. As the erstwhile Old Prisoner’s Act thus constitutes a lesser restrictive measure, the burden then lies on the state to establish that the Old Prisoners Act did not fulfill the “legitimate state aim” as effectively as the Identification Act will. This requires the State to demonstrate that the Prisoners Act failed to meet the state aim of expediting the criminal investigation process because of which there arose a need for a new, more privacy infringing measure Act. Absent this, the Old Prisoners Act remains a viable lesser restrictive measure. However, the State has failed to discharge its burden as it did not provide any data or conduct a study which showed that the Prisoners Act fell short of achieving the state aim. Thus, due to the existence of a less-restrictive alternative (in the form of the Old Prisoners Act), the necessity limb of the proportionality test is not met.
Proportionality or Balancing; it is imperative that State’s rights-infringing measures are not absolute and do not curtail the rights of individuals any more than necessary. The removal of the minimum requirement of severity of offences as it relates to whose data can be collected will enable the authorities to collect data of persons charged with petty offences carrying punishment as little as a month. The Identification Act doesn’t even attempt to define the term ‘biological samples’ and what it would entail. This leaving a major scope for misuse at the hands of state authorities. Due to the term not being defined anywhere, it could be construed to include tests such as narco-analysis, polygraph test, brain electrical activation profile test, etc. Such methods are not only extremely intrusive, violative of bodily autonomy, but also of the right against self incrimination. Further, the proportionality test requires the maintenance of balance between the extent and nature of the interference and the reasons for interfering. While there might be substance in the rationale behind collection of measurements, there is no reasonable justification for retaining the measurements for a period of 75 years, especially as the same severely undermines the right to privacy of such individuals even when they have served their sentence, if any. This is especially true considering that the life expectancy in India is itself 71 years. Thus, even if the necessity limb of the test would have been satisfied, the balancing limb would still warrant that the Identification Act be struck down.
Conclusion The proportionality test given under “Puttaswamy” is a conjunctive test and thus, failing any limb results in the measure being struck down. The Criminal Procedure (Identification) Act, 2022 fails to satisfy the necessity test to begin with, as the government has nowhere demonstrated that the lesser restrictive measure that the Identification Act replaces failed to meet its investigative requirements. Further, even beyond that, balancing limb of the proportionality test is also not satisfied given the Act’s extremely broad application and excessive data retention requirements. Thereby, it impermissibly restricts the right to privacy of convicted and non-convicted persons.
Section 91 of the Criminal Procedure Code 1973 (“CrPC”) empowers the police to require the production of ‘any document or thing’ from any person if they consider it ‘necessary or desirable’ for any investigation, inquiry, or proceeding under the CrPC. The provision grants the police broad power to obtain evidence and it is frequently used to mandate the production of revealing data like Call Detail Records, (“CDRs”) which contain details of communications made over a telecommunications network. While they do not contain the content of the communication, they contain metadata such as the duration of call, who made it, who it was addressed to, when it was made and from where. The section, which stands in effect unchanged from section 94 of the CrPC, 1898 is a colonial provision that was enacted by a foreign power when fundamental rights, and in specific a right to privacy, did not exist. Moreover, our personal data, today, is available to a larger number of actors, at a higher level of granularity, than in the past. This makes the privacy risk associated with requisitioning data significantly greater. For example, RazorPay was recently required to hand over the data on thousands of transactions that had been made via its platform to AltNews. This post explores the privacy implications of the current framework, arguing that the provision is a significant infringement on individual privacy that lacks crucial safeguards. It also makes recommendations to address these concerns.
Issues with Section 91
The judgment in Puttuswamy Irecognized the right to privacy as a fundamental right under Article 21 of the Constitution. By recognising privacy within the ambit of Article 21, the court ensured that restrictions on privacy would have to comply with the requirements of a ‘fair, just, and reasonable’ procedure set out by the decision in Maneka Gandhi. In fact, the court in PUCL had ruled that a surveillance provision in the Telegraph Act did not contain sufficient safeguards, prompting the court to lay down guidelines that were eventually codified in the Telegraph Rules. In Puttaswamy I, itself,Justice Chandrachud’s opinion traced and emphasized the importance of procedural safeguards for the right to privacy. Moreover, Justice Kaul at Para 71 of his opinion in the same judgment identifies the requirements of legality, necessity, proportionality, and procedural safeguards that must be met for a provision to be constitutional.
The lack of procedural safeguards causes Section 91 to constitute an impermissible infringement of individual privacy. At first blush, Section 91 of the CrPC seems to have some safeguards. It lays down a standard of ‘necessity or desirability’ to require the production of information. Textually speaking, ‘desirability’ means ‘the quality of being wanted’, which confers significant discretion by conflating ‘when the police want’ data and ‘when it is legal for the police to requisition data’. The standard may be contrasted with Section 311 of the CrPC, which permits the Court to summon a witness ‘essential to the just decision of the case.’ The Supreme Court recently distinguished Sections 91 from 311 in Varsha Garg v State of Madhya Pradesh. It held that the “necessary or desirable” standard under section 91 is met when the information sought is relevant, while 311 requires the higher standard of essentiality to be met. Even aside from this low standard, these safeguards are largely illusory as there is no independent oversight mechanism (either ex-ante or ex-post) to scrutinize whether the action was necessary (or desirable at the time it was done).
Moreover, there are primarily two stages where section 91 requisitions are made – (1) during investigation by the police and (2) during trial on an application made in court. While applications made in court can be, and are, challenged (as they were in Varsha Garg), orders made during investigation are not. These orders are made by the police to entities in possession of data, which are corporations and intermediaries such as banks, telecos, etc. These entities lack any incentive to challenge any such order made against them, especially when noncompliance carries criminal consequences under section 174 of the Indian Penal Code, 1860 (Non-attendance in obedience to an order from public servant). Further, there is no requirement to notify the affected individual (either ex ante or post facto) so little or no adversarial contestation to section 91 orders made during investigation by the police to third party intermediaries. This further limits any potential challenge to Section 91 orders by investigative agencies.
Additionally, since Section 91 does not limit whose data can be demanded, it is possible that a third person’s CDRs are presented at trial as evidence, this person will probably never learn of it or have the opportunity to challenge the disclosure of such information even post or during trial. Ultimately, the affected individual does not know when such a request is made, these requests are legally binding, the substantive threshold for initiating a request for information provides almost absolute discretion to the executive, and there is no mechanism to enforce a standard even if it is construed narrowly. Thus, there is a significant lack of procedural safeguards.
Call data records
Another issue with Section 91 is that it is essentially a shortcut to a level of invasive surveillance that ordinally requires the State to satisfy higher standards. The Telegraph Act, 1885 and the Information Technology Act, 2000 provide for the interception of calls and electronic transmissions but have some safeguards in place. Specifically, Section 5(2) of the Telegraph Act allows for interception of messages on the occurrence of a public emergency or in the interest of public safety. Further, Rule 419A of the Indian Telegraph Rules of 1951 provides for review of directions under Section 5(2) of the Telegraph Act. Similarly, section 69A of the Information Technology Act read with IT (Procedure and Safeguards for Interception, Monitoring and Decryption of Information) Rules, 2009 empowers senior government officials to issue surveillance directions if it is necessary or expedient to do so for specific grounds (including in this case investigation of an offense). These directions are also reviewed as per Rule 22 of the Interception Rules.
CDRs and ongoing interception (surveillance) may appear to be different since the latter deals with the recording of content of calls in real time while CDRs are metadata of past calls. However, the routine maintenance of CDRs itself represents an indirect and ongoing form of surveillance. With access to metadata, it is possible to combine this metadata with other publicly available data, such as phone books, social media accounts, etc., and discern information such that it constitutes a significant violation of the right to privacy, arguably on par with real-time surveillance. Moreover, metadata can be more easily processed by computers than content data. For e.g A calls her sister B for an hour following which A calls an abortion clinic which is followed with multiple follow up calls over the period of a few months. It may reasonably be deduced, even without knowing the contents of the call, that A got an abortion. This is private information but can be revealed just by perusing metadata. Metadata, thus, also carries substantial privacy implications. Accordingly, the requisitioning of CDRs should be accorded similar safeguards to those which apply to interception. The provisions under the Telegraph Act and IT Act have more safeguards in the form of who is empowered to issue the directions and that the directions are reviewed by specific authorities. Though these safeguards are in no way sufficient, the issue is that section 91 effectively bypasses the limited safeguards that do exist to obtain information that is privacy infringing to a similar degree.
Alternatives and recommendations
Choices made with respect to the collection of evidence strike a specific balance between Crime Control and Due Process models of criminal procedure. The former emphasizes the importance of tailoring evidence law to ensure sufficient punishment of crimes while the latter provides greater importance to the protection of rights and liberties. Since Section 91 allows for a broad, unchecked power for police to acquire CDRs and other documents, it clearly leans towards a crime control model.
What would a due process approach look like? The South African Constitutional Court recently held that surveillance orders constitutionally require notification to the person affected as soon as it can be given without jeopardizing the purpose of the investigation. It further required the collected data to be deleted after a fixed amount of time. In the United States, a warrant is required for the production of such evidence and consequently, as per the IVth Amendment, requires probable cause in order to justify infringing the privacy of individuals. Probable cause must be shown to a judge for the issue of a warrant, meaning that there is a procedural safeguard in the form of application of judicial mind to ensure adherence to the standard.
Therefore, a good starting point for additional safeguards (for CDRs at the bare minimum) includes requiring prior permission from a judicial authority in the form of a warrant and a notification of the surveillance (either ex ante or post facto). This would allow a challenge to the requisition order in a court of law as violating their fundamental rights and ensure some prior judicial application of mind in the process.
Following the judgment of the Supreme Court in Puttaswamy, the privacy rights of accused persons have been litigated upon across various High Courts in India. The right to privacy is especially relevant at various stages of a criminal case where numerous situations can potentially infringe the accused’s privacy. In this post, I will examine how privacy claims made by the accused have been examined by courts post-Puttaswamy. I specifically examine two types of claims: (i) cases where the personal information of the accused is available (or has been made available) in the public domain; and (ii) cases concerning the procedures an accused may be subjected to.
In cases where the accused has raised a privacy claim, the State typically makes a ‘countervailing interest’ argument; that a key governmental interest such as effectively investigating crimes is furthered by interfering with an individual’s privacy, and hence is justified. However, Puttaswamy, laid down that State infringements on privacy cannot merely serve an important interest, but must fulfil the four-part test of legality, necessity, proportionality, and reasonable safeguards. The Supreme Court held that “An invasion of life or personal liberty must meet the threefold requirement of (i) legality, which postulates the existence of law; (ii) need, defined in terms of a legitimate State aim; and (iii) proportionality which ensures a rational nexus between the objects and the means adopted to achieve them.” The proportionality limb also specifically requires the State’s measure to be the least rights infringing measure possible that continues to fulfil the State’s desired objective, with courts balancing competing interests. Justice Kaul’s separate opinion would add a fourth limb to this test, ‘procedural safeguards against abuse of interference with rights’, in line with Article 21’s guarantee of a ‘procedure established by law’.
The first set of privacy claims is where the personal information of accused persons were made public due to them being the subject of a criminal prosecution and judicial interventions were sought to safeguard this data. One of the prominent cases in this regard was Re: Banners before the Allahabad High Court. The district administration and police had put up banners displaying the names and photographs of persons who were accused of vandalism.
Expressly referring to Puttaswamy’s, and applying thefour-tier test, the High Court in Re: Banners first held that there were no statutory provisions “permitting the State to place the banners with personal data of the accused” in public (contravening the ‘legality’ test). Further, the publication of personal data also failed the ‘legitimate aim’ and ‘proportionality’ requirements. The purported aim, as argued by the State, was to deter people from violating the law. According to the Court, this was insufficient as the action of publishing personal information on banners was not necessary to achieve this aim. Therefore, the banners were ordered to be removed and the administration was asked to refrain from such actions in the future without legal authority.
In Karthick Theodre, an individual who had been acquitted of criminal charges by a 2014 judgement sought the “erasure or redaction of his personal information from the public domain.” In other words, the petitioner sought the redaction or erasure of his name from the judgement. Relying on Puttaswamy, various arguments including the right to be forgotten were raised before the Madras High Court. The apprehension of the petitioner was duly noted, that whenever his name was searched through search engines, results relating to the judgment would appear. However, the Court dismissed the plea on the grounds that without an adequate data protection law, laying down the parameters of when the redaction of the names of the accused should be directed, there was no objective criteria based on which the court can pass orders. While certain High Courts have granted reliefs based on the right to be forgotten, (See Jorawar Singh Mundy, Zulfiqar Ahman Khan,) the Madras High Court held that absence of a statute renders the petitioner remediless.
The second set of cases are privacy claims by accused persons as to the procedures they can be subjected to during an investigation. In Mursaleen Mohammad, the appellant was convicted under the provisions of the Narcotic Drugs and Psychotropic Substances Act, 1985 (“NDPS”). The appellant was subject to an x-ray examination by the authorities and subsequently confined till he defecated to recover the contraband allegedly stored in his body. The Calcutta High Court observed that the search and recovery of contraband from a person contemplated under section 50 of the NDPS Act does not allow for invasive medical procedures absent compliance with strict statutory safeguards. The Court noted that there were procedural irregularities in collecting the ‘evidence’. By relying on Puttaswamy, the Court affirmatively held that ‘recovery of contraband inside the body of a suspect must not only be in accordance with the procedure established by law but also be compatible to (sic) the dignity of the individual and ought not subject him to cruel, inhuman treatment.” The recovery of contraband, according to the Court, encroached on the appellant’s right to privacy.
In Vinod Mittal, the Himachal Pradesh High Court considered the legality of an order by a Special Judge, directing the petitioner to undergo a polygraph test and provide a voice sample to the investigating agency. The petitioner challenged the constitutionality of these directions, relying on Article 20(3) of the Constitution and the decisions in Ritesh Sinha and Selvi. The petitioner, however, admitted that he was willing to provide the sample if the court found such procedures to be legally permissible. The High Court said that the tests the accused could be subjected to could broadly be divided into three kinds: “(i) permissible with or without consent, (ii) permissible with consent only, and (iii), impermissible altogether.” After studying relevant judgments, the Court held that polygraph tests fall under the second category.
The Court concluded that “It is not legally impermissible [for a court] to issue direction[s] to a person to undergo Narco Analysis, polygraph and BEAP test, but such direction shall be subject to consent of said person and the person has a right to elect to consent or refuse to undergo such test…” The Himachal Pradesh High Court, therefore, indicated through this case that such techniques, if done in an involuntary manner, would be an unjustified intrusion and violate an individual’s (mental) privacy.
These cases demonstrate that the four-tier test laid down in Puttaswamy has been significantly engaged with by constitutional courts in interpreting the right to privacy of the accused. The use of the conjunctive test laid down by the Supreme Court has facilitated a more robust scrutiny of State action vis-à-vis accused individuals. The interpretation certainly requires further development, with greater sophistication in enhancing the analysis under Puttaswamy. However, these are positive judicial observations that will likely result in a consistent and continuous engagement with violations of the right to privacy. While various aspects of the right to privacy, including the right to be forgotten, await comprehensive judicial recognition, privacy jurisprudence has tremendous potential to protect the rights of the accused in the years to come.
Recent judicial decisions have transformed our understanding of privacy, autonomy, and equality; significantly so post the Supreme Court’s PuttaswamyI judgement. In Puttaswamy I, the Court reaffirmed privacy as a fundamental right grounded in the ideas of autonomy and dignity. An important consequence of this understanding of privacy is its impact on questions of individual privacy within the confines of a marriage. For example, in a recent case on the subject of marital rape, the Karnataka High Court allowed rape charges against the husband and emphasised the importance of reinforcing the right to equality and the right to individual autonomy and dignity of a woman within a marriage.
One such provision within family law that raises concerns about individual autonomy and privacy within marriage is the Restitution of Conjugal Rights (‘RCR’). It is a legal remedy available to spouses where one spouse deserts the other without a ‘reasonable’ excuse or on certain ‘unlawful’ grounds. In such cases, the ‘aggrieved’ party has the right to seek a decree for RCR, by which a court order may direct the deserting party to compulsory cohabit with the ‘aggrieved’ party. The remedy of RCR is provided for under Section 9 of the Hindu Marriage Act, 1955 as well as, Muslim Personal Law, the Parsi Marriage and Divorce Act, 1936 (S. 36), the Indian Divorce Act, 1869 (S. 32-33), and the Special Marriage Act, 1954 (S. 22). Generally, if a person fails to comply with a RCR decree a court can attach their property under the Civil Procedure Code (Order 21, Rule 32).
In this post, I analyse the State’s objectives in providing spouses with the RCR remedy and argue that the remedy itself violates the right to privacy under Article 21 by failing to satisfy the test of proportionality.
Privacy, autonomy, and State interference
State regulation of domestic relations has seen laws governing marriage, divorce, adultery, and sexual relations between consenting adults, for example the criminalisation of homosexuality. Marriage is a social contract recognised by the State and to a certain extent, is also subject to regulation by the State. Although regulations around marriage may be for a variety of reasons, it may be argued that they serve two key interests: protection of individual rights, and the State objective to protect the institution of marriage (often articulated as maintaining “cultural ethos and societal values”). Examples of the former rationale include laws recognising domestic violence, cruelty, and prioritising individual autonomy by providing divorce as a remedy. The latter rationale can be seen in laws criminalising adultery and homosexuality (both of which have been struck down by the Supreme Court of India post Puttaswamy I) and providing restitution of conjugal rights as a remedy. However, by protecting the institution of marriage, the State also protects a particular conceptionof that institution, specifically the socially accepted notion of a monogamous, heterosexual, and procreative marriage.
It is widely accepted that RCR is an archaic English law (from a time when cohabitation was expected of women) that, as the Bombay High Court noted in 1885, did not exist prior to colonial rule. However, the remedy was codified in the Hindu Marriage Act in 1955 even after India achieved independence and continues to exist despite its patriarchal connotations. The 71st Law Commission Report of 1978 (page no. 27, para 6.5) emphasised the importance of cohabitation to protect the ‘sanctity of marriage’. The High Court of Delhi, in Harvinder Kaur vs. Harmander Singh Choudhry (1984)also adopted this view and held that the restitution of conjugal rights is an important remedy to protect the institution of marriage. The Delhi High Court rejected privacy considerations by stating that a decree of RCR was not the “starkest form of governmental intervention into marital privacy” since it merely aims to restore cohabitation and does not enforce sexual intercourse. As I argue below, this reasoning raises questions about individual autonomy. However, the Delhi High Court’s rationale was accepted by the Supreme Court in Saroj Rani vs. Sudarshan Kumar Chadha (1984), where the apex Court upheld the constitutionality of RCR and reiterated that the right to cohabitation is “inherent in the very institution of marriage itself.”
This view of RCR — to preserve the institution/ sanctity of marriage — creates tensions with the objective of the State to protect individual rights. An RCR decree interferes with the right to privacy and autonomy by compelling an individual to cohabit with their spouse against their will. This may especially be true after the articulation of the right to privacy by the Supreme Court in Puttaswamy I. The decree of RCR creates an unwanted intrusion into a person’s personal life by denying them autonomy over where they live, and also potentially on the sites of sexual and reproductive decision making. Any analysis of RCR must recognise the power asymmetry within domestic relations that pervasively results in women being subject to physical and sexual violence at home. Thus, contrary to the reasoning given by courts in Harvinder Kaur and Saroj Rani, by compelling women to cohabit with men they have deserted, a decree of RCR may place women at significant risk of domestic violence, economically compromised living conditions, and non-consensual sexual intercourse.
The Andhra Pradesh High Court in T Sareetha vs. Venkata Subbaiah in 1983 recognised that the grant of an RCR decree would amount to an interference of the State into the private sphere, compelling cohabitation or even indirectly, sexual intercourse. The High Court found that this interference of the State through RCR violated the right to privacy, autonomy, and dignity of the individual against whom the decree was sought by ‘transferring the decision to have or not have marital intercourse from the individual to the State’. This decision was overruled by the Supreme Court’s Saroj Rani decision in 1984. While the Puttaswamy 1 judgement in 2017 did not expressly refer to Sareetha, all nine judges broadly adopted the approach taken in the Sareetha judgement, adopting a conception of privacythat recognises its basis in individual autonomy and dignity.
In Puttaswamy I, the Supreme Court ruled that individual autonomy, that recognises the ability of individuals to control vital aspects of their life (including reproductive rights, sexual orientation, gender identity), is an intrinsic part of the right to privacy guaranteed under Article 21 of the Constitution. By this reasoning, a decree of RCR does not account for the right to autonomy of an individual and violates their right to privacy by legally compelling the individual to cohabit despite them making a conscious choice to separate from their spouse.
In recent years, there has been a shift in the thinking of courts, where the right to individual privacy and autonomy is prioritised as opposed to protection of the institution (and specific conceptions of that institution) of marriage. For instance, in Joseph Shine, the Supreme Court held that the law that criminalised adultery treated women as property and was unconstitutional. It opined that although the criminalisation of adultery was introduced to protect the institution of marriage, it serves the interests of one party and denies agency to women. The Court noted –
“The provision is proffered by the legislature as an effort to protect the institution of marriage. But it proceeds on a notion of marriage which is one sided and which denies agency to the woman in a marital tie. The ability to make choices within marriage and on every aspect concerning it is a facet of human liberty and dignity which the Constitution protects.”
Bearing in mind this view of the court, RCR would not stand up to judicial scrutiny as a constitutionally valid right, since it disregards the autonomy and dignity of an individual under the notion of the State aim to protect the institution of marriage.
The proportionality test
In 2017, Puttaswamy I laid down a four-part test for determining the validity of an infringement of the right to privacy. The test’s first limb necessitates the existence of a codified law, which is met with in the case of RCR through various statutory provisions. The test also requires the existence of procedural safeguards against abuse of State interference, which is of reduced significance in the case of RCR as both a RCR decree and post-decree attachment of property require prior judicial authorisation and oversight. In addition to the need for statutory authorisation and procedural safeguards, for an infringement to be valid it must satisfy the limbs of legitimate aim, necessity, and proportionality. The Puttaswamy II (Aadhar) case applied this test, which was first articulated in the Modern Dental College judgement in 2016. This test requires:
any limitation of a constitutional right is enforced for a proper purpose (legitimate aim);
there is a rational nexus between the proper purpose and the measure adopted to achieve it and there are no alternative measures which would achieve the purpose but are less restrictive of rights (necessity); and
the restriction on the constitutional right must be proportionate to the purpose set out by the State (balancing or proportionality).
Firstly, it must be noted that, as observed by the Supreme Court in Saroj Rani, the stated purpose of the measure is protecting the institution of marriage. As stated above, in Joseph Shine the Supreme Court rejected the State’s argument that protecting the institution of marriage was a proper purpose where the State’s measure protected “a notion of marriage that is one sided and denies agency to women.”. In this context, RCR only protects a notion of marriage where individuals cohabit and engage in sexual intercourse, denying agency to individuals and violating individual autonomy. Secondly, the decree of RCR should have a rational nexus with the aim of protecting the institution of marriage. In this regard, it is relevant to note that, in certain instances, individuals routinely file RCR cases expecting non-compliance by the other party, using this non-compliance with the RCR decree as a ground for divorce. Thus, the historically dominant objective of the State of “protecting” the institution of marriage through the positive remedy of RCR may also not be satisfied.
Even if RCR furthers the State’s aim of protecting marriage, it would need to pass the third prong of the proportionality test, i.e., the State must meet the objective of the law through the ‘least restrictive measure’. The State could resort to alternate measures, similar to the ones observed under divorce petitions; an order of mediation or a ‘cooling off’ period provisioned in cases of divorce with mutual consent furthers the aim of protecting the institution of marriage without violating individual rights. However, in a decree of RCR there persists a violation of an individual’s privacy, enforced by coercion through the attachment of property.
The fourth part of the proportionality test emphasises the need to have a balance between the interest of the State and the rights of individuals. As stated earlier, the infringement of individual rights through an RCR decree creates severe consequences that violate the right to privacy and autonomy of an individual, including putting women in particular, at risk of harm. Thus, the gravity of the rights violation arguably outweighs the State interest of protecting marriage, especially since the State aim is often not met and the decree becomes a ground for divorce.
The application of the test of proportionality by Indian courts has garnered criticism as being deferential to the State. However, even with this deferential application, as demonstrated above, RCR would likely not pass the four-part test of proportionality endorsed by the courts in Modern Dental College and Aadhaar.
In the post-Puttaswamy era, various High Courts have recognised the autonomy and dignity of women within marriage under the fundamental right to privacy. For instance, in a recent right to abortion case, the High Court of Kerala relied on Puttaswamy I and held that a woman’s autonomy of body and mind with respect to reproductive decisions are part of the right to privacy. As discussed above, the High Court of Karnataka, in its recent decision, while allowing rape charges against the husband, acknowledged that the exception of marital rape stems from an archaic notion of marriage where the wife was considered property. On similar grounds, one may argue that RCR should be considered invalid since it is based on the outdated notion of marriage where the wife was considered the property of the husband and had no individual autonomy of her own. As noted above, it is also incompatible with the test of proportionality.
On 30 December, 2021, the Gujarat HC observed that an RCR decree could not force a woman to cohabit with her husband. The court recognised that a decree of RCR needs to consider both the parties’ and not solely the ‘right of the husband’. Further, it opined that the very fact that there exists an option given to not comply with the RCR decree under the Civil Procedure Code indicates that the court cannot force a woman to cohabit against her will. The court further laid down certain grounds under which a person could refuse to comply with an RCR decree including cruelty, adultery, and failure of the husband in performing marital obligations. Although this decision seems to encourage considering the rights of women in a marital relationship – it fails to reaffirm the right to privacy and autonomy of the subject of the decree against a law that is effectively discriminatory. It grants power to the courts to decide on a case-to-case basis whether the right can be granted, which could lead to a potential violation of individual rights given the nature of this provision.
Striking down RCR provisions does not mean that there must be a complete embargo on the interference of the State into marriage – for example, the power asymmetry in domestic relationships necessitates the enforcement of laws against domestic violence and most likely requires the criminalisation of marital rape. However, taking into consideration the constitutional scrutiny of laws against the backdrop of State interference and right to privacy, RCR may not stand the test of constitutionality. Currently, a petition challenging the constitutionality of RCR is pending before the Supreme Court – if the above arguments are considered by the court, RCR may be struck down on the grounds that it violates the right to privacy.
This post was originally published on Livelawon 26 April 2022.
In Justice (Retd.) K.S. Puttaswamy vs. Union of India (“Puttaswamy”) the Apex Court noted that there is a distinction between public and private spaces. Keeping this in mind, this post investigates the scope of one’s right to privacy in one’s own home. In the course of writing this post, I relied on CCG’s Privacy High Court Tracker to identify cases that discuss the extent to which the right to privacy may be interpreted in light of this public-private distinction.
The case of Vilasini vs. State of Kerala from the High Court of Kerala sheds some light on the issue. This case relates to Kerala’s toddy (palm wine) shops, that were increasingly being described as somewhat of an eyesore, with the manufacturing, storage, consumption, and disposal of toddy creating a challenging atmosphere for surrounding residents. The people affected most by the existence of these toddy shops were immediate neighbours. Several individuals filed writ petitions against the operation of toddy shops in their neighbourhoods. One such petition also challenged the shifting of a toddy shop to the petitioner’s colony, which is also near a local “anganwadi”. The writ petitions filed — concerned several different toddy shops and varied issues, however, the Kerala High Court noted that the underlying concern in all these petitions was the protection of their privacy in their own homes and therefore considered these petitions together in a common judgement.
In the judgement, a single judge bench of Justice A. Muhamed Mustaque, stated that since the sale of liquor is regulated by the State, the State is bound to address any implication on the rights of others who are affected by the conduct and placement of toddy shops. Crucially, in this case it was the State that determined the location of toddy shops through a licensing regime. The High Court observed that the Apex court noted in the Puttaswamy case that privacy is not lost or surrendered merely because the individual is in a public space. Privacy attaches to the person and not the place as it part of the dignity of the human being. Furthermore, the Court added that “Privacy has both positive and negative content: The negative content restrains the State from committing an intrusion upon the life and personal liberty of a citizen. Its positive content imposes an obligation on the State to take all necessary measures to protect the privacy of the individual”. This is important because, while Puttaswamy did not enumerate an exhaustive list of rights that fall under ‘privacy’, it stated that anything that is essential to the dignity of a human being in private can be enforced by the person in public, including their well-being in their homes.
With this in mind, in the case of Vilasini, the Kerala High Court observed that there needs to be a standard by which a violation of privacy can be assessed. The High Court sought guidance from certain judgements of the European Court of Human Rights (‘ECtHR’) and laid down a framework of assessment that may apply in the Indian context as well. After having perused several European cases, the High Court noted that the ECtHR had developed a test; for an action to be a “breach of privacy, it must have a direct immediate consequence to the applicants’ right to respect for their homes” under Article 8 of the European Convention of Human Rights (respect for home and private life). These ECtHR cases balanced the gravity and severity of nuisance caused by the impugned action with the community’s interests as a whole, assessing if the State had struck a fair balance or violated the right to privacy of an individual. For example, one case concerned noise pollution from bars and discotheques near the petitioner’s house, with the ECtHR ruling that the excessive noise was above the permitted levels and had occurred over a number of years, thus violating the privacy of the petitioner.
In Vilasini, the High Court uses the phrase, a ‘threshold severity test’ to describe this analysis. But the roots of this test, can be traced from these ECtHR cases which relate to the minimum level of severity of the action complained against and an evaluation of the authorities’ role upon a complaint being made. Although Article 8 of the European Convention expressly refers to ‘the home, private life, and family’, the Kerala High Court has read this as a facet of India’s right to privacy doctrine. Based on this interpretation of the right to privacy, the High Court restrained the operation of one toddy shop and directed the State authorities to assess the privacy impact of the operation of other shops.
The case of Puttaswamy has led to a diverse applicability of privacy and Article 21. New contours of privacy are now being explored in different high courts around the country. While courts now study the scope of the right to privacy and associated rights, it’s important to chart trends and understand the implications of new facets of privacy being recognised. The specific contours of privacy and its interactions with the public realm are being developed by courts on a case by case basis, with each new challenge to state action throwing up novel questions for Indian privacy jurisprudence. In furthering this jurisprudence, it is important to keep in mind the most fundamental aspect of privacy – that it is integral to every aspect of a person’s overall well-being. The Kerala High Court’s recognition that the right to privacy includes a right to be left alone and at peace in one’s own home, and the State’s duty to facilitate this, is the concrete application of a new facet of the right to privacy.
In the wake of disclosures by the Pegasus Project, it has become more important than ever to understand the law which authorises the government to conduct surveillance – especially the provisions which permit non-digital phone tappings. To that end, the ‘Privacy High Court Tracker’ is an extremely useful tool developed by the Centre For Communication Governance, National Law University Delhi. The tracker enables stakeholders to analyse the evolving jurisprudence on privacy. High Courts across the country are at the forefront of this evolution. For the purposes of this piece, which discusses the law on state-mandated surveillance with a focus on phone-tappings, two judgments from the tracker are relevant – Vinit Kumar vs. CBI and Ors., 2019 (Bombay High Court) and Sanjay Bhandari and Ors. vs The Secretary of Govt. of India and Ors.2020 (Madras High Court).
But before we analyse these judgments, it is important to refer to the provisions of law that enable the government to listen to our conversations and the decision of the Supreme Court in PUCL vs. Union of India, (1997), which is the locus classicus on this subject.Section 5(2) of the Telegraph Act, 1885 (Telegraph Act) empowers the government to intercept any communication by a ‘telegraph’ from a person to another “on the occurrence of a public emergency” or “in the interest of public safety” if it is in the interest of sovereignty and integrity of India, the security of the state, friendly relations with foreign states or public order or to prevent incitement to the commission of an offence. Any order under Section 5(2) must be issued before the surveillance begins. Section 69 of the Information Technology Act, 2000 (IT Act) permits the government to intercept, monitor or decrypt communication generated, transmitted, received or stored in a computer.
Interestingly, Section 69 of the IT Act has not been subject to much judicial scrutiny. While challenges to its constitutionality are pending before the Supreme Court, the lack of scrutiny is perhaps because there is opacity around when, where and how this provision is used to conduct surveillance. Notably, the government has even refused to provide the total number of orders it has passed under this provision in a response to a right to information application filed by the Internet Freedom Foundation. Unlike Section 69 of the IT Act, Constitutional Courts have examined Section 5(2) of the Telegraph Act on several occasions. As mentioned above, the most notable instance is PUCL.
In PUCL, the constitutional validity of Section 5(2) of the Telegraph Act was challenged. The Supreme Court’s decision, which was subsequently affirmed in K.S. Puttaswamy vs. Union of India, , held that conversations over the telephone are private in nature. While this is significant since this judgment is from before Puttaswamy, the bite of the judgment was the Court’s interpretation of the phrases “on the occurrence of a public emergency” and “in the interest of public safety”. The Court held that public emergency would mean the prevailing of a sudden condition or state of affairs affecting the people at large, calling for immediate action. The expression “public safety” means the state or condition of freedom from danger or risk for the people at large. The Court also held that the phrases “take their colour off each other”, and that a breach of public safety/ a public emergency are evident to a reasonable person as they are not secretive conditions.
In terms of procedural safeguards, the Court, amongst other things, directed the Government to not conduct phone tapping unless there is an order from the home secretary which would ex-post be subject to review by a review committee also consisting of government officials. Notably, the Court stopped short of either prior or post judicial scrutiny.
The CCG Privacy High Court Tracker is a useful resource to examine how High Court’s have relied upon the decision in PUCL, especially after the Supreme Court’s decision in Puttaswamy. In this regard, the Bombay High Court decision in Vinit Kumar and Madras High Court’s decision in Sanjay Bhandari, offer a study in contrast.
In Vinit Kumar, the petitioner challenged three phone tapping orders issued against him, on the ground that they were ultra vires Section 5(2) of the Telegraph Act. Of course, the petitioner only found out that his conversations were being monitored after the Central Bureau of Investigation filed a charge-sheet against him in a criminal proceeding, where the petitioner was accused of bribing a public servant. The petitioner argued that there was no threat to public safety nor a public emergency to occasion such phone-tapping. The Bombay High Court agreed and noted that circumstances did not exist which “would make it evident to a reasonable person that there was an emergency or a threat to public safety”. The Court also went a step ahead and tested the phone tapping orders on the Puttaswamy proportionality standard (Kaul J, Paragraph 70) which requires the government to show – a) The action must be sanctioned by law; b) The action must be necessary in a democratic society; c) Proportionality – infringing action must be proportionate to the need for such interference; and d) Procedural safeguards. The Court found that the orders could not withstand the test and struck them down as they ‘neither had the sanction of law’ (as there was no public emergency nor a threat to public safety) nor have they been issued for a legitimate aim. (Paragraph 19)
In Sanjay Bhandari, the petitioners, who held official government positions, were accused of accepting a bribe in return for granting benefits. They found out that the Government was monitoring their conversations, and challenged the phone-tapping orders before the Madras High Court. Evidently, there was neither a public emergency nor threat to public safety that would justify the imposition of such an order. In PUCL, the Supreme Court had held that these situations are evident to a reasonable person as they are not secretive conditions. The Court also held that public emergency would mean the prevailing of a sudden condition or state of affairs affecting the people at large, calling for immediate action, and the expression “public safety” means the state or condition of freedom from danger or risk for the people at large.
The Madras High Court, going against established precedence, held that “Restricting the concept of public safety to the mere “situations that would be apparent to the reasonable persons” will exclude most of the actual threats which present the most grave circumstances like terrorist attacks, corruption at high places, economic and organised crimes, most of which are hatched in the most secretive of manners.”
Thus, the decision in Sanjay Bhandari interpreted Section 5(2) in a manner which was entirely contrary to the decision and perhaps, even legislative intent. The Court read into the provision its understanding of what constitutes “actual threats” and extended the scope of the provision to offences which do not have any bearing on public safety, as interpreted in PUCL and affirmed in Puttaswamy. And there is merit to that interpretation. The word safety follows the word ‘public’ which implies that the situation should be such that it puts at risk the people at large. Surely economic offences do not meet this criteria. There is merit to that interpretation, even from a rights perspective. Monitoring a person’s conversations constitutes a grave infringement on their right to privacy, and the need to undertake such an infringement must be proportionate to the ends sought to be achieved.
The judgment of the Supreme Court in Justice (Retd.) K.S. Puttaswamy vs. Union of Indiawas the first comprehensive verdict on the right to privacy in India. While earlier judgments such as Rajagopal or Gobind discussed certain aspects of this right, in Puttaswamy, the court’s pronouncement was categorical, laying down definite principles and different contours of the right to privacy. The judgment in Puttaswamy will have – and in some cases, has already had – significant influence on various issues including state surveillance, data collection and retention and rights of sexual privacy. In this blog, I will focus on Puttaswamy’simpact on the right to intimate choices including marriage.
Among other things, the Supreme Court in Puttaswamy has made two aspects clear. First, the right to privacy is part of the right to liberty and dignity under part III, especially Article 21 and certain freedoms under Article 19 of the Constitution. Secondly, it located the right to intimate choices as part of the right to privacy. We shall see how this has enabled the courts to decide certain cases. (See here the Privacy High Court Tracker by CCG, used to identify the cases. The tracker “is a resource consisting of decisions on the constitutional right to privacy passed by all High Courts in India.”).
At various places in the judgment, there is agreement that privacy necessarily must protect the right to intimate choices. The court said – “The family, marriage, procreation and sexual orientation are all integral to the dignity of the individual” and that “privacy includes at its core the preservation of personal intimacies, the sanctity of family life, marriage, procreation, the home and sexual orientation.” Importantly, the oft-quoted right to be left alone was interlinked with the right to choose who enters one’s house, whom to live with and “what relationship” to live in. (Justice Kaul, para 78).
With this background, some cases from the Privacy Tracker are worthwhile studying. In Safiya Sultana and Ors. vs. State of U.P. and Ors., the writ petition was moved by the petitioner in the Allahabad High Court claiming that she is in the illegal custody of her father and she would like to live with her husband. During the deliberation, the court took up the issue of the requirements under the Special Marriage Act, 1954 (SMA) which make it difficult for couples to register their marriages.
The SMA is a secular law, meaning it can be used by persons belonging to any religion (or no religion at all). Persons belonging to the same religion, such as two Hindus also can marry under the SMA, as many often choose to. The petitioners argued that the provisions requiring notice before marriage and subsequent publication must be read as directory, instead of mandatory. They pointed out that “any such notice would be an invasion in their privacy and would have definitely caused unnecessary social pressure/interference in their free choice with regard to their marriage.”
Section 5 of the SMA provides that the couple intending to marry must give a notice in writing to the marriage officer before thirty days. According to section 6, the notice will be displayed for the public and the details of the notice entered into in the Marriage Notice Book, which is open for inspection by any person. Section 7 enables persons to object to the marriage on violation of certain conditions. In a society where agency of women in particular is curtailed and love-marriages often violently resisted, it is not difficult to see how these provisions can have significant dignity implications. While agreeing with the petitioners, the court noted that “society has no role to play in determining our choice of partners.”
Intimate choice consists of a bundle of rights where both privacy and autonomy interact: the right to choose a partner, the right to marry or not to marry, the right to choose a live-in relationship, the right to keep details of the marriage or nature of the relationship private. It becomes too ‘costly’ for young people to exercise the right to privacy and choice since there is constant invasion. Essentially, the actions of other persons and their possible access to your personal information impact your decisions on how to lead your life. The provisions of the SMA provide for this type of invasion by enabling the private details to be accessible to public. It went beyond the legitimate purpose of the state in securing the details of marriages in its register.
The court held that that giving and publication of notice under these provisions of the SMA shall be voluntary and not mandatory. Sections 5 and 6 were read down to this extent. The court directly relied on Puttaswamy to ascertain “the ability to make decisions on matters close to one’s life.” It also relied on Common Cause vs. Union of India and Anr. which said that “our autonomy as persons” is also founded in our ability to decide “whom to love and whom to partner.” This according to the High Court, is a protected entitlement of the Constitution. Hence, the court located “a right to a union” under Article 21. This union includes but is not exhausted by marriage. Neither the state nor other persons can intrude upon this right.
Moreover, according to the court, the provisions, if read as mandatory do not fulfil the three-tier test recognised by Puttaswamy while determining validity of laws (of legality, necessity and strict proportionality). The requirements of notice and publication apply only under the SMA, in comparison to other personal laws on marriage. “There is no apparent reasonable purpose achieved by making the procedure to be more protective or obstructive under the Act of 1954…”
Often, in addition to the SMA provisions, various States have made specific rules, guidelines or checklists for registration of marriages under the Act. One such checklist was the matter in issue before the Punjab & Haryana High Court. In this case, the Haryana government had issued a marriage checklist with 16 requirements to be fulfilled for registration. The petitioners argued that requirements such as notice to parents of the couple, publication of proposed marriage in a national newspaper violate their right to privacy. The court held that such a requirement violates the right to privacy and asked the state to modify the checklist.
In Salamat Ansari vs. State of UP and Others, a FIR was lodged against the accused for the offence, inter alia, of kidnapping a woman under the Indian Penal Code, 1860. The petitioners argued that the woman in question and the accused were married and hence the FIR, registered by the father of the woman must be quashed. The court relied on the ‘choice’ jurisprudence emerging out of Puttaswamy, Shakti Vahini vs. Union of Indiaand Shafin Jahan vs. Asokan K.M, that an adult person’s choice on whom to marry is not a territory for the court or the state to intervene. The court quashed the FIR reiterating no offences were made out and the case was simply of individuals choosing to live together.
In Monika Mehra vs. State and Ors., the petitioners, who were a married couple approached the Jammu and Kashmir High Court seeking directions for adequate security on grounds of facing threats to their life. By relying on Supreme Court jurisprudence on the rights to privacy and choice, the court allowed the prayer for adequate protection of life and liberty of the petitioners.
There are few aspects binding these cases together. The first is the choice-privacy intersection. In Puttaswamy, this link was clearly explained. How an artist or a musician expresses herself is illustrative of how “privacy facilitates freedom and is intrinsic to the exercise of liberty.” Therefore, privacy and choice are not mutually exclusive or disjoint. One facilitates the growth of another and infringement of the one can constitute infringement of the other. In the context of the SMA, burdensome requirements violating privacy rights, such as publication of intended marriage force a person to make corresponding choices of partner or marriage.
The second is that all cases reflect that the right to privacy is vulnerable when exercised in a society that does not seriously value it. The provisions in SMA, for instance are used by vigilante groups to invade privacy at a large scale. For example, online applications of inter-faith couples under the SMA were publicised on the internet by certain groups in Kerala. The provisions, when functional in a peculiar socio-political context can be more burdensome, as different from a less intrusive social climate. Requirements such as notice of intended marriage to the parents aim to infringe the intimate zone of privacy. This is also the motivation behind criminal charges of kidnapping as in Salamat and Monika, filed to intimidate persons who have made free and independent choices, and ascertained their right to self-determination. Ultimately, the Puttaswamy judgment has played an important role in shaping the right to intimate choices for future cases and one can hope that it continues to do so.
The Personal Data Protection Bill, 2019 (PDP Bill/ Bill) was introduced in the Lok Sabha on December 11, 2019 , and was immediately referred to a joint committee of the Parliament. The joint committee published a press communique on February 4, 2020 inviting comments on the Bill from the public.
The Bill is the successor to the Draft Personal Data Protection Bill 2018 (Draft Bill 2018), recommended by a government appointed expert committee chaired by Justice B.N. Srikrishna. In August 2018, shortly after the recommendations and publication of the draft Bill, the Ministry of Electronics and Information Technology (MeitY) invited comments on the Draft Bill 2018 from the public. (Our comments are available here.)
In this post we undertake a preliminary examination of:
The scope and applicability of the PDP Bill
The application of general data protection principles
The rights afforded to data subjects
The exemptions provided to the application of the law
In future posts in the series we will examine the Bill and look at the:
The restrictions on cross border transfer of personal data
The structure and functions of the regulatory authority
The enforcement mechanism and the penalties under the PDP Bill
Scope and Applicability
The Bill identifies four different categories of data. These are personal data, sensitive personal data, critical personal data and non-personal data
Personal data is defined as “data about or relating to a natural person who is directly or indirectly identifiable, having regard to any characteristic, trait, attribute or any other feature of the identity of such natural person, whether online or offline, or any combination of such features with any other information, and shall include any inference drawn from such data for the purpose of profiling”. (emphasis added)
The addition of inferred data in the definition realm of personal data is an interesting reflection of the way the conversation around data protection has evolved in the past few months, and requires further analysis.
Sensitive personal data is defined as data that may reveal, be related to or constitute a number of different categories of personal data, including financial data, health data, official identifiers, sex life, sexual orientation, genetic data, transgender status, intersex status, caste or tribe, and religious and political affiliations / beliefs. In addition, under clause 15 of the Bill the Central Government can notify other categories of personal data as sensitive personal data in consultation with the Data Protection Authority and the relevant sectoral regulator.
Similar to the 2018 Bill, the current bill does not define critical personal data and clause 33 provides the Central Government the power to notify what is included under critical personal data. However, in its report accompanying the 2018 Bill, the Srikrishna committee had referred to some examples of critical personal data that relate to critical state interest like Aadhaar number, genetic data, biometric data, health data, etc.
The Bill retains the terminology introduced in the 2018 Draft Bill, referring to data controllers as ‘data fiduciaries’ and data subjects ‘data principals’. The new terminology was introduced with the purpose of reflecting the fiduciary nature of the relationship between the data controllers and subjects. However, whether the use of the specific terminology has more impact on the protection and enforcement of the rights of the data subjects still needs to be seen.
Application of PDP Bill 2019
The Bill is applicable to (i) the processing of any personal data, which has been collected, disclosed, shared or otherwise processed in India; (ii) the processing of personal data by the Indian government, any Indian company, citizen, or person/ body of persons incorporated or created under Indian law; and (iii) the processing of personal data in relation to any individuals in India, by any persons outside of India.
The scope of the 2019 Bill, is largely similar in this context to that of the 2018 Draft Bill. However, one key difference is seen in relation to anonymised data. While the 2018 Draft Bill completely exempted anonymised data from its scope, the 2019 Bill does not apply to anonymised data, except under clause 91 which gives the government powers to mandate the use and processing of non-personal data or anonymised personal data under policies to promote the digital economy. There are a few concerns that arise in context of this change in treatment of anonymised personal data. First, there are concerns on the concept of anonymisation of personal data itself. While the Bill provides that the Data Protection Authority (DPA) will specify appropriate standards of irreversibility for the process of anonymisation, it is not clear that a truly irreversible form of anonymisation is possible at all. In this case, we need more clarity on what safeguards will be applicable for the use of anonymised personal data.
Second, is the Bill’s focus on the promotion of the digital economy. We have previously discussed some of the concerns regarding focus on the promotion of digital economy in a rights based legislation inour comments to the Draft Bill 2018.
These issues continue to be of concern, and are perhaps heightened with the introduction of a specific provision on the subject in the 2019 Bill (especially without adequate clarity on what services or policy making efforts in this direction, are to be informed by the use of anonymised personal data). Many of these issues are also still under discussion by thecommittee of experts set up to deliberate on data governance framework (non-personal data). The mandate of this committee includes the study of various issues relating to non-personal data, and to make specific suggestions for consideration of the central government on regulation of non-personal data.
The formation of the non-personal data committee was in pursuance of a recommendation by the Justice Srikrishna Committee to frame a legal framework for the protection of community data, where the community is identifiable. The mandate of the expert committee will overlap with the application of clause 91(2) of the Bill.
Data Fiduciaries, Social Media Intermediaries and Consent Managers
As discussed above the Bill categorises data controllers as data fiduciaries and significant data fiduciaries. Any person that determines the purpose and means of processing of personal data, (including the State, companies, juristic entities or individuals) is considered a data fiduciary. Some data fiduciaries may be notified as ‘significant data fiduciaries’, on the basis of factors such as the volume and sensitivity of personal data processed, the risks of harm etc. Significant data fiduciaries are held to higher standards of data protection. Under clauses 27-30, significant data fiduciaries are required to carry out data protection impact assessments, maintain accurate records, audit policy and the conduct of its processing of personal data and appoint a data protection officer.
Social Media Intermediaries
The Bill introduces a distinct category of intermediaries called social media intermediaries. Under clause 26(4) a social media intermediary is ‘an intermediary who primarily or solely enables online interaction between two or more users and allows them to create, upload, share, disseminate, modify or access information using its services’. Intermediaries that primarily enable commercial or business-oriented transactions, provide access to the Internet, or provide storage services are not to be considered social media intermediaries.
Social media intermediaries may be notified to be significant data fiduciaries, if they have a minimum number of users, and their actions have or are likely to have a significant impact on electoral democracy, security of the State, public order or the sovereignty and integrity of India.
Under clause 28 social media intermediaries that have been notified as a significant data fiduciaries will be required to provide for voluntary verification of users to be accompanied with a demonstrable and visible mark of verification.
The Bill also introduces the idea of a ‘consent manager’ i.e. a (third party) data fiduciary which provides for management of consent through an ‘accessible, transparent and interoperable platform’. The Bill does not contain any details on how consent management will be operationalised, and only states that these details will be specified by regulations under the Bill.
Data Protection Principles and Obligations of Data Fiduciaries
Consent and grounds for processing
The Bill recognises consent as well as a number of other grounds for the processing of personal data.
Clause 11 provides that personal data shall only be processed if consent is provided by the data principal at the commencement of processing. This provision, similar to the consent provision in the 2018 Draft Bill, draws from various principles including those under the Indian Contract Act, 1872 to inform the concept of valid consent under the PDP Bill. The clause requires that the consent should be free, informed, specific, clear and capable of being withdrawn.
Moreover, explicit consent is required for the processing of sensitive personal data. The current Bill appears to be silent on issues such as incremental consent which were highlighted in our comments in the context of the Draft Bill 2018.
The Bill provides for additional grounds for processing of personal data, consisting of very broad (and much criticised) provisions for the State to collect personal data without obtaining consent. In addition, personal data may be processed without consent if required in the context of employment of an individual, as well as a number of other ‘reasonable purposes’. Some of the reasonable purposes, which were listed in the Draft Bill 2018 as well, have also been a cause for concern given that they appear to serve mostly commercial purposes, without regard for the potential impact on the privacy of the data principal.
In a notable change from the Draft Bill 2018, the PDP Bill, appears to be silent on whether these other grounds for processing will be applicable in relation to sensitive personal data (with the exception of processing in the context of employment which is explicitly barred).
The Bill also incorporates a number of traditional data protection principles in the chapter outlining the obligations of data fiduciaries. Personal data can only be processed for a specific, clear and lawful purpose. Processing must be undertaken in a fair and reasonable manner and must ensure the privacy of the data principal – a clear mandatory requirement, as opposed to a ‘duty’ owed by the data fiduciary to the data principal in the Draft Bill 2018 (this change appears to be in line with recommendations made in multiple comments to the Draft Bill 2018 by various academics, including our own).
Purpose and collection limitation principles are mandated, along with a detailed description of the kind of notice to be provided to the data principal, either at the time of collection, or as soon as possible if the data is obtained from a third party. The data fiduciary is also required to ensure that data quality is maintained.
A few changes in the application of data protection principles, as compared to the Draft Bill 2018, can be seen in the data retention and accountability provisions.
On data retention, clause 9 of the Bill provides that personal data shall not be retained beyond the period ‘necessary’ for the purpose of data processing, and must be deleted after such processing, ostensibly a higher standard as compared to ‘reasonably necessary’ in the Draft Bill 2018. Personal data may only be retained for a longer period if explicit consent of the data principal is obtained, or if retention is required to comply with law. In the face of the many difficulties in ensuring meaningful consent in today’s digital world, this may not be a win for the data principal.
Clause 10 on accountability continues to provide that the data fiduciary will be responsible for compliance in relation to any processing undertaken by the data fiduciary or on its behalf. However, the data fiduciary is no longer required to demonstrate such compliance.
Rights of Data Principals
Chapter V of the PDP Bill 2019 outlines the Rights of Data Principals, including the rights to access, confirmation, correction, erasure, data portability and the right to be forgotten.
Right to Access and Confirmation
The PDP Bill 2019 makes some amendments to the right to confirmation and access, included in clause 17 of the bill. The right has been expanded in scope by the inclusion of sub-clause (3). Clause 17(3) requires data fiduciaries to provide data principals information about the identities of any other data fiduciaries with whom their personal data has been shared, along with details about the kind of data that has been shared.
This allows the data principal to exert greater control over their personal data and its use. The rights to confirmation and access are important rights that inform and enable a data principal to exercise other rights under the data protection law. As recognized in the Srikrishna Committee Report, these are ‘gateway rights’, which must be given a broad scope.
Right to Erasure
The right to correction (Clause 18) has been expanded to include the right to erasure. This allows data principals to request erasure of personal data which is not necessary for processing. While data fiduciaries may be allowed to refuse correction or erasure, they would be required to produce a justification in writing for doing so, and if there is a continued dispute, indicate alongside the personal data that such data is disputed.
The addition of a right to erasure, is an expansion of rights from the 2018 Bill. While the right to be forgotten only restricts or discontinues disclosure of personal data, the right to erasure goes a step ahead and empowers the data principal to demand complete removal of data from the system of the data fiduciary.
Many of the concerns expressed in the context of the Draft Bill 2018, in terms of the procedural conditions for the exercise of the rights of data principals, as well as the right to data portability specifically, continue to persist in the PDP Bill 2019.
Exceptions and Exemptions
While the PDP Bill ostensibly enables individuals to exercise their right to privacy against the State and the private sector, there are several exemptions available, which raise several concerns.
The Bill grants broad exceptions to the State. In some cases, it is in the context of specific obligations such as the requirement for individuals’ consent. In other cases, State action is almost entirely exempted from obligations under the law. Some of these exemptions from data protection obligations are available to the private sector as well, on grounds like journalistic purposes, research purposes and in the interests of innovation.
The most concerning of these provisions, are the exemptions granted to intelligence and law enforcement agencies under the Bill. The Draft Bill 2018, also provided exemptions to intelligence and law enforcement agencies, so far as the privacy invasive actions of these agencies were permitted under law, and met procedural standards, as well as legal standards of necessity and proportionality. We have previously discussed some of the concerns with this approach here.
The exemptions provided to these agencies under the PDP Bill, seem to exacerbate these issues.
Under the Bill, the Central Government can exempt an agency of the government from the application of this Act by passing an order with reasons recorded in writing if it is of the opinion that the exemption is necessary or expedient in the interest of sovereignty and integrity, security of the state, friendly relations with foreign states, public order; or for preventing incitement to the commission of any cognizable offence relating to the aforementioned grounds. Not only have the grounds on which government agencies can be exempted been worded in an expansive manner, the procedure of granting these exemptions also is bereft of any safeguards.
The executive functioning in India suffers from problems of opacity and unfettered discretion at times, which requires a robust system of checks and balances to avoid abuse. The Indian Telegraph Act, 1885 (Telegraph Act) and the Information Technology Act, 2000 (IT Act) enable government surveillance of communications made over telephones and the internet. For drawing comparison here, we primarily refer to the Telegraph Act as it allows the government to intercept phone calls on similar grounds as mentioned in clause 35 of the Bill by an order in writing. However, the Telegraph Act limits the use of this power to two scenarios – occurrence of a public emergency or in the interest of public safety. The government cannot intercept communications made over telephones in the absence of these two preconditions. The Supreme Court in People’s Union for Civil Liberties v. Union of India, (1997) introduced guidelines to check abuse of surveillance powers under the Telegraph Act which were later incorporated in Rule 419A of the Indian Telegraph Rules, 1951. A prominent safeguard included in Rule 419A requires that surveillance and monitoring orders be issued only after considering ‘other reasonable means’ for acquiring the required information. The court had further limited the scope of interpretation of ‘public emergency’ and ‘public safety’ to mean “the prevalence of a sudden condition or state of affairs affecting the people at large and calling for immediate action”, and “the state or condition of freedom from danger or risk at large” respectively. In spite of the introduction of these safeguards, the procedure of intercepting telephone communications under the Telegraph Act is criticised for lack of transparency and improper implementation. For instance, a 2014 report revealed that around 7500 – 9000 phone interception orders were issued by the Central Government every month. The application of procedural safeguards, in each case would have been physically impossible given the sheer numbers. Thus, legislative and judicial oversight becomes a necessity in such cases.
The constitutionality of India’s surveillance apparatus inclduing section 69 of the IT Act which allows for surveillance on broader grounds on the basis of necessity and expediency and not ‘public emergency’ and ‘public safety’, has been challenged before the Supreme Court and is currently pending. Clause 35 of the Bill also mentions necessity and expediency as prerequisites for the government to exercise its power to grant exemption, which appear to be vague and open-ended as they are not defined. The test of necessity, implies resorting to the least intrusive method of encroachment up on privacy to achieve the legitimate state aim. This test is typically one among several factors applied in deciding on whether a particular intrusion on a right is tenable or not, under human rights law. In his concurring opinion in Puttaswamy (I) J. Kaul had included ‘necessity’ in the proportionality test. (However, this test is not otherwise well developed in Indian jurisprudence). Expediency, on the other hand, is not a specific legal basis used for determining the validity of an intrusion on human rights. It has also not been referred to in Puttaswamy (I) as a basis of assessing a privacy violation. The use of the term ‘expediency’ in the Bill is deeply worrying as it seems to bring down the threshold for allowing surveillance which is a regressive step in the context of cases like PUCL and Puttaswamy (I). A valid law along with the principles of proportionality and necessity are essential to put in place an effective system of checks and balances on the powers of the executive to provide exemptions. It seems unlikely that the clause will pass the test of proportionality (sanction of law, legitimate aim, proportionate to the need of interference, and procedural guarantees against abuse) as laid down by the Supreme Court in Puttaswamy (I).
The Srikrishna Committee report had recommended that surveillance should not only be conducted under law (and not executive order), but also be subject to oversight, and transparency requirements. The Committee had argued that the tests of lawfulness, necessity and proportionality provided for under clauses 42 and 43 (of the Draft Bill 2018) were sufficient to meet the standards set out under the Puttaswamy judgment. Since the PDP Bill completely does away with all these safeguards and leaves the decision to executive discretion, the law is unconstitutional. After the Bill was introduced in the Lok Sabha, J. Srikrishna had criticised it for granting expansive exemptions in the absence of judicial oversight. He warned that the consequences could be disastrous from the point of view of safeguarding the right to privacy and could turn the country into an “Orwellian State”. He has also opined on the need for a separate legislation to govern the terms under which the government can resort to surveillance.
Clause 36 of the Bill deals with exemption of some provisions for certain processing of personal data. It combines four different clauses on exemption which were listed in the Draft Bill 2018 (clauses 43, 44, 46 and 47). These include processing of personal data in the interests of prevention, detection, investigation and prosecution of contraventions of law; for the purpose of legal proceedings; personal or domestic purposes; and journalistic purposes. The Draft Bill 2018 had detailed provisions on the need for a law passed by Parliament or the State Legislature which is necessary and proportionate, for processing of personal data in the interests of prevention, detection, investigation and prosecution of contraventions of law. Clause 36 of the Bill does not enumerate the need for a law to process personal data under these exemptions. We hadargued that these exemptions granted by the Draft Bill 2018 (clauses 43, 44, 46 and 47) were wide, vague and needed clarifications, but the exemptions under clause 36 of the Bill are even more ambiguous as they merely enlist the exemptions without any specificities or procedural safeguards in place.
In the Draft Bill 2018, the Authority could not give exemption from the obligation of fair and reasonable processing, measures of security safeguards and data protection impact assessment for research, archiving or statistical purposes As per the current Bill, the Authority can provide exemption from any of the provisions of the Act for research, archiving or statistical purposes.
The last addition to this chapter of exemptions is that of creating a sandbox for encouraging innovation. This newly added clause 40 is aimed at encouraging innovation in artificial intelligence, machine-learning or any other emerging technology in public interest. The details of what the sandbox entails other than exemption from some of the obligations of Chapter II might need further clarity. Additionally, to be considered an eligible applicant, a data fiduciary has to necessarily obtain certification of its privacy by design policy from the DPA, as mentioned in clause 40(4) read with clause 22.
Though well appreciated for its intent, this provision requires clarification on grounds of selection and details of what the sandbox might entail.
 At the time of introduction of the PDP Bill 2019, the Minister for Law and Justice of India, Mr. Ravi Shankar Prasad suggested that over 2000 inputs were received on the Draft Bill 2018, based on which changes have been made in the PDP Bill 2019. However, these comments and inputs have not been published by MeitY, and only a handful of comments have been published, by the stakeholders submitting these comments themselves.
The Puttaswamy judgement of 2017 reaffirmed the ‘Right to Privacy’ as a fundamental right in Indian Jurisprudence. Since then, it has been used as an important precedent in many cases, to emphasize upon the right to privacy as a fundamental right and to clarify the scope of the same. In this blog, we discuss some of the cases of the Supreme Court and various High Courts, post August 2017, which have used the Puttaswamy judgement and the tests laid in it to further the jurisprudence on right to privacy in India. With the Personal Data Protection Bill tabled in 2019, the debate on privacy has been re-ignited, and as such, it is important to explore the contours of the right to privacy as a fundamental right, post the Puttaswamy judgement.
Navtej Singh Johar and ors Vs. Union of India (UOI) and Ors., 2018 (Supreme Court)
In this case, the Supreme Court of India unanimously held that Section 377 of the Indian Penal Code 1860 (IPC), which criminalized ‘carnal intercourse against the order of nature’, was unconstitutional in so far as it criminalized consensual sexual conduct between adults of the same sex. The petition, challenged Section 377 on the ground that it was vague and it violated the constitutional rights to privacy, freedom of expression, equality, human dignity and protection from discrimination guaranteed under Articles 14, 15, 19 and 21 of the Constitution. The Court relied upon the judgement in the case of K.S. Puttaswamy v. Union of India, which held that denying the LGBT community its right to privacy on the ground that they form a minority of the population would be violative of their fundamental rights, and that sexual orientation forms an inherent part of self-identity and denying the same would be violative of the right to life.
Justice K.S. Puttaswamy and Ors. vs. Union of India (UOI) and Ors., 2018 (Supreme Court)
The Supreme Court upheld the validity of the Aadhar Scheme on the ground that it did not violate the right to privacy of the citizens as minimal biometric data was collected in the enrolment process and the authentication process is not exposed to the internet. The majority upheld the constitutionality of the Aadhaar Act, 2016 barring a few provisions on disclosure of personal information, cognizance of offences and use of the Aadhaar ecosystem by private corporations. They relied on the fulfilment of the proportionality test as laid down in the Puttaswamy (2017) judgment.
Joseph Shine vs. Union of India (UOI), 2018 (Supreme Court)
The Supreme Court decriminalised adultery in this case where the constitutional validity of Section 497 (adultery) of IPC and Section 198(2) of Code of Criminal Procedure, 1973 (CrPC) was challenged. The Court held that in criminalizing adultery, the legislature has imposed its imprimatur on the control by a man over the sexuality of his spouse – in doing that, the statutory provision fails to meet the touchstone of Article 21. Section 497 was struck down on the ground that it deprives a woman of her autonomy, dignity and privacy and that it compounds the encroachment on her right to life and personal liberty by adopting a notion of marriage which subverts true equality. Concurring judgments in this case referred to Puttaswamy to explain the concepts of autonomy and dignity, and their intricate relationship with the protection of life and liberty as guaranteed in the Constitution. They relied on the Puttaswamy judgment to emphasize the dangers of the “use of privacy as a veneer for patriarchal domination and abuse of women.” They also cited Puttaswamy to elucidate that privacy is the entitlement of every individual, with no distinction to be made on the basis of the individual’s position in society.
Indian Young Lawyers Association and Ors. vs. The State of Kerala and Ors., 2018 (Supreme Court)
In this case, the Supreme Court upheld the right of women aged between 10 to 50 years to enter the Sabrimala Temple. The court held Rule 3(b) of the Kerala Hindu Places of Public Worship (Authorisation of Entry) Rules, 1965, which restricts the entry of women into the Sabarimala temple, to be ultra vires (i.e. not permitted under the Kerala Hindu Places of Public Worship (Authorisation of Entry) Act, 1965). While discussing the guarantee against social exclusion based on notions of “purity and pollution” as an acknowledgment of the inalienable dignity of every individual J. Chandrachud (in his concurring judgment) referred to Puttaswamy specifically to explain dignity as a facet of Article 21. In the course of submissions, the Amicus to the case had submitted that the exclusionary practice in its implementation results in involuntary disclosure by women of both their menstrual status and age which amounts to forced disclosure that consequently violates the right to dignity and privacy embedded in Article 21 of the Constitution of India.
(The judgement is under review before a 9 judge constitutional bench.)
Vinit Kumar Vs. Central Bureau of Investigation and Ors., 2019 (Bombay High Court)
This case dealt with phone tapping and surveillance under section 5(2) of the Indian Telegraph Act, 1885 (Telegraph Act) and the balance between public safety interests and the right to privacy. Section 5(2) of the Telegraph Act permits the interception of telephone communications in the case of a public emergency, or where there is a public safety requirement. Such interception needs to comply with the procedural safeguards set out by the Supreme Court in PUCL v. Union of India (1997), which were then codified as rules under the Telegraph Act. The Bombay High Court applied the tests of legitimacy and proportionality laid down in Puttaswamy, to the interception orders issued under the Telegraph Act, and held that in this case the order for interception could not be substantiated in the interest of public safety and did not satisfy the test of “principles of proportionality and legitimacy” as laid down in Puttaswamy. The Bombay High Court quashed the interception orders in question, and directed that the copies / recordings of the intercepted communications be destroyed.
Central Public Information Officer, Supreme Court of India vs. Subhash Chandra Agarwal, 2019 (Supreme Court)
In this case, the Supreme Court held that held that the Office of the Chief Justice of India is a ‘public authority’ under the Right to Information Act, 2005 (RTI Act) – enabling the disclosure of information such as the Judges personal assets. In this case, the Court discussed the privacy impact of such disclosure extensively, including in the context of Puttaswamy. The Court found that the right to information and right to privacy are at an equal footing, and that there was no requirement to take a view that one right trumps the other. The Court stated that the proportionality test laid down in Puttaswamy should be used by the Information Officer to balance the two rights, and also found that the RTI Act itself has sufficient procedural safeguards built in, to meet this test in the case of disclosure of personal information.
X vs. State of Uttarakhand and Ors., 2019 (Uttarakhand High Court)
In this case the petitioner claimed that she had identified herself as female, and undergone gender reassignment surgery and therefore should be treated as a female. She was not recognized as female by the State. While the Court primarily relied upon the judgment of the Supreme Court in NALSA v. Union of India, it also referred to the judgment in Puttaswamy. Specifically, the judgment refers to the finding in Puttaswamy that the right to privacy is not necessarily limited to any one provision in the chapter on fundamental rights, but rather intersecting rights. The intersection of Article 15 with Article 21 locates a constitutional right to privacy as an expression of individual autonomy, dignity and identity. The Court also referred to the Supreme Court’s judgment in Navtej Singh Johar v. Union of India, and on the basis of all three judgments, upheld the right of the petitioner to be recognized as a female.
(This judgment may need to be re-examined in light of the The Transgender Persons (Protection of Rights) Bill, 2019.)
Indian Hotel and Restaurant Association (AHAR) and Ors. vs. The State of Maharashtra and Ors., 2019 (Supreme Court)
This case dealt with the validity of the Maharashtra Prohibition of Obscene Dance in Hotels, Restaurant and Bar Rooms and Protection of Dignity of Women (Working therein) Act, 2016. The Supreme Court held that the applications for grant of licence should be considered more objectively and with open mind so that there is no complete ban on staging dance performances at designated places prescribed in the Act. Several of the conditions under the Act were challenged, including one that required the installation of CCTV cameras in the rooms where dances were to be performed. Here, the Court relied on Puttaswamy (and the discussion on unpopular privacy laws) to set aside the condition requiring such installation of CCTV cameras.
(The Puttaswamy case has been mentioned in at least 102 High Court and Supreme Court judgments since 2017.)