CCG’s Comments to the Department of Telecommunications on the Draft Telecommunication Bill, 2022

On 21st September 2022, the Department of Telecommunications (“DoT”) released the Draft Telecommunication Bill, 2022 for feedback and public comments. The draft is based on the consultation paper on ‘Need for a new legal framework governing Telecommunication in India’ which was published by the DoT in July 2022. The proposal aims to replace three laws: the Indian Telegraph Act, 1885, the Indian Wireless Telegraphy Act, 1933, and the Telegraph Wires (Unlawful Possession) Act, 1950.

CCG submitted its comments on the Bill, highlighting its feedback and key concerns. The comments were authored by Aishwarya Giridhar, Priyanshi Dixit, Sidharth Deb, reviewed and edited by Jhalak M. Kakkar, Shashank Mohan, Sachin Dhawan with research help from Shreenandini Mukhopadhyay and Shreya Parashar. 

CCG’s key comments on the Government of India’s proposals under the Bill are divided into 6 parts –

Exclude digital/ internet based services from telecommunication regulation

The Information Technology Act, 2000 (“IT Act”) exclusively deals with issues pertaining to the internet and digital platforms, and provides corresponding regulation and user safeguards. The Bill’s proposed inclusion of digital services within telecommunications law may create a parallel legal regime and regulatory confusion that hinders innovation and the ease of doing business. Additionally, this Bill would likely subsist in parallel to the forthcoming Digital India Act which is under development at the Ministry of Electronics and Information Technology (“MeitY”). Therefore, we propose that the telecommunication regulation in India should not include digital services as it would create dual compliances for services which will negatively impact India’s overall internet ecosystem.

Revisit the Premise of Licensing Internet Based Digital and Software Services

Telecom Service Providers (“TSPs”) require a license to operate in the market since their operations are dependent on the use of spectrum, which is a limited natural resource. It is based on this scarcity that the Government grants exclusive licenses to access and use spectrum to select service providers. The Government’s privilege in this regard emerges from spectrum scarcity and the public trust doctrines. Conversely, internet based services do not function with the same scarcities and resource requirements as TSPs. Instead, they offer their services over the internet/ telecom network infrastructure. The internet is an ecosystem of abundance and thus digital service providers need not contend with the same infrastructural scarcities as network operators. Since OTTs services do not require exclusive allocation of a scarce public resource like spectrum, imposing strict licensing requirements on them would hinder innovation, consumer choice and user accessibility.

The Bill Should Avoid One Size Fits All Regulation

The Bill in its current form deploys overbroad definitions for several terms including “telecommunication services” and “message”. This particular definition will envelope all OTT communication services, data communication services, email, and other digital platforms within a common licensing regime as all telecom services. Aside from compromising the principle of legal certainty, this overbroad definition contributes to a one size fits all regulatory approach for both carriage and content providers. Such a broad approach is antithetical to the internet’s innate characteristics and heterogeneities across its network stack. It is also inconsistent with the growing international and domestic consensus that the internet requires differential regulations which are curated to the features and contextual harms which are native to specific types of platforms and services. 

The Bill’s Interception Proposals are Overbroad and may Violate Constitutional Rights

The Bill allows the State to order the interception of messages transmitted over telecommunication services or networks in specific situations. The broad definition in the Bill allows this provision to broadly apply to all messages communicated over all digital services, which may amount to a disproportionate restriction on users’ right to privacy. Under Indian jurisprudence, measures restricting privacy must: (a) be provided by law; (b) pursue a legitimate aim and be necessary in a democratic society; (c) be proportionate to the need for the interference with the right to privacy; and (d) contain procedural safeguards to prevent against abuse. Existing provisions permitting interception must be re-examined for conformity with these standards and recent Supreme Court jurisprudence. Additionally, interception provisions in the Bill overlap with those in the IT Act and risks creating a parallel regulatory regime over digital services. 

The Bill’s ID Verification Proposals may Violate Constitutional Rights to Privacy and Free Expression

The Bill requires service providers to identify users of their services, and also requires the identity of persons sending messages over telecommunication services to be made available to the recipient. Although these measures may have sought to target cyber-fraud, they will also serve to effectively remove anonymity in online communications. Online anonymity and encrypted services can however play a key role in protecting user privacy and the right to free expression, and mandated identity verification systems can significantly restrict these rights, particularly for minorities and vulnerable populations.

Provisions relating to the Suspension of Telecommunications Services Would Restrict the Right to Free Expression

The Bill authorises the State to direct the suspension of communications transmitted or received by telecommunication networks. It allows for the suspension of ‘telecommunication services’, which would include all digital services, along with phone calls, text messaging, etc. This provision would expand the ambit of suspension powers to allow states to restrict or blacklist specific services, in addition to restricting access to the internet as a whole. The internet plays a key role in exercising fundamental rights such as free expression and education, and in accessing essential services. Wide powers to restrict access to the internet as a whole, as well as specific services can therefore significantly restrict the fundamental rights of users.

You can read CCG’s full submission to the DoT here.

Guest Post: Puttaswamy and privacy rights of the accused

This post is authored by Thulasi K. Raj

Following the judgment of the Supreme Court in Puttaswamy, the privacy rights of accused persons have been litigated upon across various High Courts in India. The right to privacy is especially relevant at various stages of a criminal case where numerous situations can potentially infringe the accused’s privacy. In this post, I will examine how privacy claims made by the accused have been examined by courts post-Puttaswamy. I specifically examine two types of claims: (i) cases where the personal information of the accused is available (or has been made available) in the public domain; and (ii) cases concerning the procedures an accused may be subjected to.

In cases where the accused has raised a privacy claim, the State typically makes a ‘countervailing interest’ argument; that a key governmental interest such as effectively investigating crimes is furthered by interfering with an individual’s privacy, and hence is justified. However, Puttaswamy, laid down that State infringements on privacy cannot merely serve an important interest, but must fulfil the four-part test of legality, necessity, proportionality, and reasonable safeguards. The Supreme Court held that “An invasion of life or personal liberty must meet the threefold requirement of (i) legality, which postulates the existence of law; (ii) need, defined in terms of a legitimate State aim; and (iii) proportionality which ensures a rational nexus between the objects and the means adopted to achieve them.” The proportionality limb also specifically requires the State’s measure to be the least rights infringing measure possible that continues to fulfil the State’s desired objective, with courts balancing competing interests. Justice Kaul’s separate opinion would add a fourth limb to this test, ‘procedural safeguards against abuse of interference with rights’, in line with Article 21’s guarantee of a ‘procedure established by law’.

The first set of privacy claims is where the personal information of accused persons were made public due to them being the subject of a criminal prosecution and judicial interventions were sought to safeguard this data. One of the prominent cases in this regard was Re: Banners before the Allahabad High Court. The district administration and police had put up banners displaying the names and photographs of persons who were accused of vandalism.

Expressly referring to Puttaswamy’s, and applying thefour-tier test, the High Court in Re: Banners first held that there were no statutory provisions “permitting the State to place the banners with personal data of the accused” in public (contravening the ‘legality’ test). Further, the publication of personal data also failed the ‘legitimate aim’ and ‘proportionality’ requirements. The purported aim, as argued by the State, was to deter people from violating the law. According to the Court, this was insufficient as the action of publishing personal information on banners was not necessary to achieve this aim. Therefore, the banners were ordered to be removed and the administration was asked to refrain from such actions in the future without legal authority.

In Karthick Theodre, an individual who had been acquitted of criminal charges by a 2014 judgement sought the “erasure or redaction of his personal information from the public domain.” In other words, the petitioner sought the redaction or erasure of his name from the judgement. Relying on Puttaswamy, various arguments including the right to be forgotten were raised before the Madras High Court. The apprehension of the petitioner was duly noted, that whenever his name was searched through search engines, results relating to the judgment would appear. However, the Court dismissed the plea on the grounds that without an adequate data protection law, laying down the parameters of when the redaction of the names of the accused should be directed, there was no objective criteria based on which the court can pass orders. While certain High Courts have granted reliefs based on the right to be forgotten, (See Jorawar Singh Mundy, Zulfiqar Ahman Khan,) the Madras High Court held that absence of a statute renders the petitioner remediless.

The second set of cases are privacy claims by accused persons as to the procedures they can be subjected to during an investigation. In Mursaleen Mohammad, the appellant was convicted under the provisions of the Narcotic Drugs and Psychotropic Substances Act, 1985 (“NDPS”). The appellant was subject to an x-ray examination by the authorities and subsequently confined till he defecated to recover the contraband allegedly stored in his body. The Calcutta High Court observed that the search and recovery of contraband from a person contemplated under section 50 of the NDPS Act does not allow for invasive medical procedures absent compliance with strict statutory safeguards. The Court noted that there were procedural irregularities in collecting the ‘evidence’. By relying on Puttaswamy, the Court affirmatively held that ‘recovery of contraband inside the body of a suspect must not only be in accordance with the procedure established by law but also be compatible to (sic) the dignity of the individual and ought not subject him to cruel, inhuman treatment.” The recovery of contraband, according to the Court, encroached on the appellant’s right to privacy.

In Vinod Mittal, the Himachal Pradesh High Court considered the legality of an order by a Special Judge, directing the petitioner to undergo a polygraph test and provide a voice sample to the investigating agency. The petitioner challenged the constitutionality of these directions, relying on Article 20(3) of the Constitution and the decisions in Ritesh Sinha and Selvi. The petitioner, however, admitted that he was willing to provide the sample if the court found such procedures to be legally permissible. The High Court said that the tests the accused could be subjected to could broadly be divided into three kinds: “(i) permissible with or without consent, (ii) permissible with consent only, and (iii), impermissible altogether.” After studying relevant judgments, the Court held that polygraph tests fall under the second category.

The Court concluded that “It is not legally impermissible [for a court] to issue direction[s] to a person to undergo Narco Analysis, polygraph and BEAP test, but such direction shall be subject to consent of said person and the person has a right to elect to consent or refuse to undergo such test…” The Himachal Pradesh High Court, therefore, indicated through this case that such techniques, if done in an involuntary manner, would be an unjustified intrusion and violate an individual’s (mental) privacy.

These cases demonstrate that the four-tier test laid down in Puttaswamy has been significantly engaged with by constitutional courts in interpreting the right to privacy of the accused. The use of the conjunctive test laid down by the Supreme Court has facilitated a more robust scrutiny of State action vis-à-vis accused individuals. The interpretation certainly requires further development, with greater sophistication in enhancing the analysis under Puttaswamy. However, these are positive judicial observations that will likely result in a consistent and continuous engagement with violations of the right to privacy. While various aspects of the right to privacy, including the right to be forgotten, await comprehensive judicial recognition, privacy jurisprudence has tremendous potential to protect the rights of the accused in the years to come.

Protecting Privacy: A Case Against State Interference Through Restitution of Conjugal Rights

Recent judicial decisions have transformed our understanding of privacy, autonomy, and equality; significantly so post the Supreme Court’s Puttaswamy I judgement. In Puttaswamy I, the Court reaffirmed privacy as a fundamental right grounded in the ideas of autonomy and dignity. An important consequence of this understanding of privacy is its impact on questions of individual privacy within the confines of a marriage. For example, in a recent case on the subject of marital rape, the Karnataka High Court allowed rape charges against the husband and emphasised the importance of reinforcing the right to equality and the right to individual autonomy and dignity of a woman within a marriage.

One such provision within family law that raises concerns about individual autonomy and privacy within marriage is the Restitution of Conjugal Rights (‘RCR’). It is a legal remedy available to spouses where one spouse deserts the other without a ‘reasonable’ excuse or on certain ‘unlawful’ grounds. In such cases, the ‘aggrieved’ party has the right to seek a decree for RCR, by which a court order may direct the deserting party to compulsory cohabit with the ‘aggrieved’ party. The remedy of RCR is provided for under Section 9 of the Hindu Marriage Act, 1955 as well as, Muslim Personal Law, the Parsi Marriage and Divorce Act, 1936 (S. 36), the Indian Divorce Act, 1869 (S. 32-33), and the Special Marriage Act, 1954 (S. 22). Generally, if a person fails to comply with a RCR decree a court can attach their property under the Civil Procedure Code (Order 21, Rule 32).

In this post, I analyse the State’s objectives in providing spouses with the RCR remedy and argue that the remedy itself violates the right to privacy under Article 21 by failing to satisfy the test of proportionality.

Privacy, autonomy, and State interference

State regulation of domestic relations has seen laws governing marriage, divorce, adultery, and sexual relations between consenting adults, for example the criminalisation of homosexuality. Marriage is a social contract recognised by the State and to a certain extent, is also subject to regulation by the State. Although regulations around marriage may be for a variety of reasons, it may be argued that they serve two key interests: protection of individual rights, and the State objective to protect the institution of marriage (often articulated as maintaining cultural ethos and societal values). Examples of the former rationale include laws recognising domestic violence, cruelty, and prioritising individual autonomy by providing divorce as a remedy. The latter rationale can be seen in laws criminalising adultery and homosexuality (both of which have been struck down by the Supreme Court of India post Puttaswamy I) and providing restitution of conjugal rights as a remedy. However, by protecting the institution of marriage, the State also protects a particular conceptionof that institution, specifically the socially accepted notion of a monogamous, heterosexual, and procreative marriage.

It is widely accepted that RCR is an archaic English law (from a time when cohabitation was expected of women) that, as the Bombay High Court noted in 1885, did not exist prior to colonial rule. However, the remedy was codified in the Hindu Marriage Act in 1955 even after India achieved independence and continues to exist despite its patriarchal connotations. The 71st Law Commission Report of 1978 (page no. 27, para 6.5) emphasised the importance of cohabitation to protect the ‘sanctity of marriage’. The High Court of Delhi, in Harvinder Kaur vs. Harmander Singh Choudhry (1984) also adopted this view and held that the restitution of conjugal rights is an important remedy to protect the institution of marriage. The Delhi High Court rejected privacy considerations by stating that a decree of RCR was not the “starkest form of governmental intervention into marital privacy” since it merely aims to restore cohabitation and does not enforce sexual intercourse. As I argue below, this reasoning raises questions about individual autonomy. However, the Delhi High Court’s rationale was accepted by the Supreme Court in Saroj Rani vs. Sudarshan Kumar Chadha (1984), where the apex Court upheld the constitutionality of RCR and reiterated that the right to cohabitation is “inherent in the very institution of marriage itself.”  

This view of RCR — to preserve the institution/ sanctity of marriage — creates tensions with the objective of the State to protect individual rights. An RCR decree interferes with the right to privacy and autonomy by compelling an individual to cohabit with their spouse against their will. This may especially be true after the articulation of the right to privacy by the Supreme Court in Puttaswamy I. The decree of RCR creates an unwanted intrusion into a person’s personal life by denying them autonomy over where they live, and also potentially on the sites of sexual and reproductive decision making. Any analysis of RCR must recognise the power asymmetry within domestic relations that pervasively results in women being subject to physical and sexual violence at home. Thus, contrary to the reasoning given by courts in Harvinder Kaur and Saroj Rani, by compelling women to cohabit with men they have deserted, a decree of RCR may place women at significant risk of domestic violence, economically compromised living conditions, and non-consensual sexual intercourse.

The Andhra Pradesh High Court in T Sareetha vs. Venkata Subbaiah in 1983 recognised that the grant of an RCR decree would amount to an interference of the State into the private sphere, compelling cohabitation or even indirectly, sexual intercourse. The High Court found that this interference of the State through RCR violated the right to privacy, autonomy, and dignity of the individual against whom the decree was sought by ‘transferring the decision to have or not have marital intercourse from the individual to the State’. This decision was overruled by the Supreme Court’s Saroj Rani decision in 1984. While the Puttaswamy 1 judgement in 2017 did not expressly refer to Sareetha, all nine judges broadly adopted the approach taken in the Sareetha judgement, adopting a conception of privacythat recognises its basis in individual autonomy and dignity.

In Puttaswamy I, the Supreme Court ruled that individual autonomy, that recognises the ability of individuals to control vital aspects of their life (including reproductive rights, sexual orientation, gender identity), is an intrinsic part of the right to privacy guaranteed under Article 21 of the Constitution. By this reasoning, a decree of RCR does not account for the right to autonomy of an individual and violates their right to privacy by legally compelling the individual to cohabit despite them making a conscious choice to separate from their spouse.

In recent years, there has been a shift in the thinking of courts, where the right to individual privacy and autonomy is prioritised as opposed to protection of the institution (and specific conceptions of that institution) of marriage. For instance, in Joseph Shine, the Supreme Court held that the law that criminalised adultery treated women as property and was unconstitutional. It opined that although the criminalisation of adultery was introduced to protect the institution of marriage, it serves the interests of one party and denies agency to women. The Court noted –

“The provision is proffered by the legislature as an effort to protect the institution of marriage. But it proceeds on a notion of marriage which is one sided and which denies agency to the woman in a marital tie. The ability to make choices within marriage and on every aspect concerning it is a facet of human liberty and dignity which the Constitution protects.”

Bearing in mind this view of the court, RCR would not stand up to judicial scrutiny as a constitutionally valid right, since it disregards the autonomy and dignity of an individual under the notion of the State aim to protect the institution of marriage.

The proportionality test

In 2017, Puttaswamy I laid down a four-part test for determining the validity of an infringement of the right to privacy. The test’s first limb necessitates the existence of a codified law, which is met with in the case of RCR through various statutory provisions. The test also requires the existence of procedural safeguards against abuse of State interference, which is of reduced significance in the case of RCR as both a RCR decree and post-decree attachment of property require prior judicial authorisation and oversight. In addition to the need for statutory authorisation and procedural safeguards, for an infringement to be valid it must satisfy the limbs of legitimate aim, necessity, and proportionality. The Puttaswamy II (Aadhar) case applied this test, which was first articulated in the Modern Dental College judgement in 2016. This test requires:

  1. any limitation of a constitutional right is enforced for a proper purpose (legitimate aim);
  2. there is a rational nexus between the proper purpose and the measure adopted to achieve it and there are no alternative measures which would achieve the purpose but are less restrictive of rights (necessity); and
  3. the restriction on the constitutional right must be proportionate to the purpose set out by the State (balancing or proportionality).

Firstly, it must be noted that, as observed by the Supreme Court in Saroj Rani, the stated purpose of the measure is protecting the institution of marriage. As stated above, in Joseph Shine the Supreme Court rejected the State’s argument that protecting the institution of marriage was a proper purpose where the State’s measure protected “a notion of marriage that is one sided and denies agency to women.”. In this context, RCR only protects a notion of marriage where individuals cohabit and engage in sexual intercourse, denying agency to individuals and violating individual autonomy. Secondly, the decree of RCR should have a rational nexus with the aim of protecting the institution of marriage. In this regard, it is relevant to note that, in certain instances, individuals routinely file RCR cases expecting non-compliance by the other party, using this non-compliance with the RCR decree as a ground for divorce. Thus, the historically dominant objective of the State of “protecting” the institution of marriage through the positive remedy of RCR may also not be satisfied.

Even if RCR furthers the State’s aim of protecting marriage, it would need to pass the third prong of the proportionality test, i.e., the State must meet the objective of the law through the ‘least restrictive measure’. The State could resort to alternate measures, similar to the ones observed under divorce petitions; an order of mediation or a ‘cooling off’ period provisioned in cases of divorce with mutual consent furthers the aim of protecting the institution of marriage without violating individual rights. However, in a decree of RCR there persists a violation of an individual’s privacy, enforced by coercion through the attachment of property.

The fourth part of the proportionality test emphasises the need to have a balance between the interest of the State and the rights of individuals. As stated earlier, the infringement of individual rights through an RCR decree creates severe consequences that violate the right to privacy and autonomy of an individual, including putting women in particular, at risk of harm. Thus, the gravity of the rights violation arguably outweighs the State interest of protecting marriage, especially since the State aim is often not met and the decree becomes a ground for divorce.

The application of the test of proportionality by Indian courts has garnered criticism as being deferential to the State. However, even with this deferential application, as demonstrated above, RCR would likely not pass the four-part test of proportionality endorsed by the courts in Modern Dental College and Aadhaar.

Conclusion

In the post-Puttaswamy era, various High Courts have recognised the autonomy and dignity of women within marriage under the fundamental right to privacy. For instance, in a recent right to abortion case, the High Court of Kerala relied on Puttaswamy I and held that a woman’s autonomy of body and mind with respect to reproductive decisions are part of the right to privacy. As discussed above, the High Court of Karnataka, in its recent decision, while allowing rape charges against the husband, acknowledged that the exception of marital rape stems from an archaic notion of marriage where the wife was considered property. On similar grounds, one may argue that RCR should be considered invalid since it is based on the outdated notion of marriage where the wife was considered the property of the husband and had no individual autonomy of her own. As noted above, it is also incompatible with the test of proportionality.

On 30 December, 2021, the Gujarat HC observed that an RCR decree could not force a woman to cohabit with her husband. The court recognised that a decree of RCR needs to consider both the parties’ and not solely the ‘right of the husband’. Further, it opined that the very fact that there exists an option given to not comply with the RCR decree under the Civil Procedure Code indicates that the court cannot force a woman to cohabit against her will. The court further laid down certain grounds under which a person could refuse to comply with an RCR decree including cruelty, adultery, and failure of the husband in performing marital obligations. Although this decision seems to encourage considering the rights of women in a marital relationship – it fails to reaffirm the right to privacy and autonomy of the subject of the decree against a law that is effectively discriminatory. It grants power to the courts to decide on a case-to-case basis whether the right can be granted, which could lead to a potential violation of individual rights given the nature of this provision.

Striking down RCR provisions does not mean that there must be a complete embargo on the interference of the State into marriage – for example, the power asymmetry in domestic relationships necessitates the enforcement of laws against domestic violence and most likely requires the criminalisation of marital rape. However, taking into consideration the constitutional scrutiny of laws against the backdrop of State interference and right to privacy, RCR may not stand the test of constitutionality. Currently, a petition challenging the constitutionality of RCR is pending before the Supreme Court – if the above arguments are considered by the court, RCR may be struck down on the grounds that it violates the right to privacy.

This post was originally published on Livelaw on 26 April 2022.

Trends from the CCG High Court Tracker

Authors: Sravya Movva, Joanne D’Cunha, Bilal Mohamed and Anna Kallivayalil

The CCG High Court Case Tracker (‘Tracker’) is a resource that catalogues decisions featuring the constitutional right to privacy delivered by High Courts across the country. The tracker aims to trace decisions delivered by various High Courts post the verdict in the case of Justice (Retd.) K.S. Puttaswamy vs. Union of India (Puttaswamy’), where a nine-judge bench of the Supreme Court reaffirmed the right to privacy as a fundamental right. The Tracker currently captures only the cases reported on Manupatra and has 90 cases in total at present.

This post aims to analyse cases captured in the Tracker and to highlight general trends emerging from the decisions of various High Courts. The analysis is based on cases reported up to 15 March 2022 (CCG will continue to update the tracker periodically).

Cases decided by year

There has been a consistent rise in the number of cases decided by High Courts since Puttaswamy. In the same year as Puttaswamy, i.e., 2017, the Kerala High Court was the first and the only High Court to refer to Puttaswamy in Mini KT vs. Senior Divisional Manager (Disciplinary Authority) LIC and ors, while discussing the dignity of a woman. The Kerala High Court in this case restated the observations on dignity in Puttaswamy and quashed disciplinary actions against a woman employee for her absence from duty on account of compelling circumstances for taking care of her child. The Court held that in order to understand the dignity of a woman, societal background has to be considered. In the year 2018, the High Courts delivered 13 judgements with the right to privacy as a feature, and in 2019, this number rose to 20 judgements. In 2020, the number of cases increased only slightly to a total of 21. This could arguably be due to the fractured functioning of the High Courts during the pandemic. In 2021, the High Courts decided an additional 26 cases that dealt with the right to privacy. Within the first quarter of 2022 (i.e., upto March 2022), the High Courts have already decided upon 9 cases involving the right to privacy. As can be seen from the graph below, there has been a clear trend of High Courts increasingly engaging with the right to privacy.

Which courts have given the most decisions?

The Kerala High Court and the Madras High Court have decided the most number of cases with 14 judgements each that feature the right to privacy. The Kerala High Court, for instance, has dealt with the subjects of autonomy (i.e., 5 judgements) and informational privacy (i.e., 4 judgements) under the right to privacy, the most. Similarly, judgements by the Madras High Court have related largely to surveillance, search and seizure (i.e., 5 judgements), and autonomy (i.e., 4 judgements). The Delhi High Court has pronounced 12 judgements, and the Allahabad High Court follows closely with 10 judgements.

Interestingly, all the judgements from the Allahabad High Court have upheld the right to privacy. Within the judgements given by the Allahabad High Court, a majority of them relate to dignity (i.e., 6 judgements) and informational privacy (i.e., 5 judgements). For instance, the Allahabad High Court in Rajiv Kumar, while interpreting the right to privacy has upheld the right of individuals to not disclose information relating to their prosecution, for an offence committed while they were children or juveniles. In Guruvinder Singh, it has also held that disclosure of information relating to people accused of vandalism or sharing sexually explicity images for purpose of revenge/harassment constitute a violation of privacy.

Bench Strength

Bench strength is also an important metric; a judgement by a larger bench would be binding on more subsequent cases before a High Court. Therefore, a ruling delivered by a larger bench ensures more predictability and consistency. 

Of the 90 cases, 57 cases (63.33%) were decided by single-judge benches while 33 cases (36.66%) were decided by two-judge benches. While the Madras High Court pronounced 14 judgements on the right to privacy covering aspects such as autonomy, bodily integrity, surveillance, search and seizure amongst others, all of them were delivered by single judge benches. Naturally the absence of a larger bench judgement weakens the influence on subsequent cases. The Bombay High Court and Kerala High Court, on the other hand, feature six judgements each with a two judge bench. From the right to make reproductive choices to protection from unlawful search and seizure, the larger bench decisions dealt with vastly diverse issues.

Aspect-focused analysis

The Tracker maps judgements across 5 primary themes of privacy. These are – (a) autonomy, (b) bodily integrity, (c) dignity, (d) informational privacy, and (e) surveillance, search and seizure. The tracker also notes various sub-themes within a case. For depiction of the data, we have considered only the 5 pre-dominant aspects of privacy as listed above.  It is also important to note that the themes of privacy across these cases are not siloed and often have overlaps with one another. For instance, in an appeal by a petitioner against a requirement to disclose details of criminal prosecutions faced as a juvenile, the Court had to engage with issues around both dignity and informational privacy of the individual. Similarly, in cases involving the petitioner’s right to make reproductive choices, there is an interface between the aspects of autonomy and bodily integrity.

The highest number of judgements (24 judgements) given by the High Courts have dealt with the theme of autonomy. For instance, the Jammu and Kashmir High Court in Monika Mehra and the Allahabad High Court in Salamat Ansari have held that an individual’s autonomy to make intimate decisions such as those relating to marriage are a part of the right of privacy. A different approach to autonomy has been taken by the Karnataka High Court in Bushra Abdul Aleem where it held that graduated candidates in the medical field would have to compulsorily provide medical services for one year and this would not be violative of the right to privacy.

This is followed by judgements on the aspects of dignity, and informational privacy, with 23 judgements on dignity and 20 judgements on informational privacy. While dealing with dignity, the Orissa High Court in Subhranshu Rout, held that a victim of sexual offences has the right to have offensive posts erased from any public platform as a part of their right to privacy. Similarly, the Allahabad High Court in Rajiv Kumar, also dealt with dignity when ruling that a requirement to disclose details of criminal prosecutions faced as a juvenile would be violative of the right to privacy. With respect to informational privacy, where a memory card was provided to the accused in a sexual assault case, the Kerala High Court held in Gopalakrishnan P that this action was a serious violation of the right to privacy of a sexual assault victim. On the other hand, the Delhi High Court in Horlicks Ltd has taken a view that the right to privacy cannot be claimed over information that is already available in the public domain.

Surveillance, search and seizure as an aspect of privacy was the primary focus in 15 cases. There was a general consensus amongst the courts that surveillance, search and seizure must be conducted in accordance with the law. The difference amongst the courts was based on the difference in approaches. For instance, the Karnataka High Court in Sudarshan involving the collection of voice samples for comparisons to the voice in phone call recordings held that such a collection would not amount to a breach of privacy or self incrimination. In another case Deepti Kapur, the Delhi High Court examined the admissibility of evidence collected in breach of privacy and held that merely because the rules of evidence favour a liberal approach for admitting evidence, it doesn’t mean that everyone should adopt illegal means to collect evidence.

Bodily integrity as an aspect of privacy saw the fewest number of cases, with only 11 cases focusing on this aspect. For instance, when considering if a State ordered non-consensual DNA test would be violative of the right to privacy, the Karnataka High Court in Venkateshappa held that it would. However, in another case Abhilash R, the Kerala High Court has held that a Court ordered DNA test to determine the paternity of a child does not violate the right to privacy of a child.

General Trends

The 90 cases captured within the Tracker could be divided into the following three broad categories – (a) judgements that have protected and expanded upon the right to privacy, (b) judgements that have taken a limited or restricted view of the right to privacy, and (c) judgements in which the right to privacy has been mentioned but there is no specific analysis through which the right to privacy has been expanded or limited.

With respect to judgements that are in the first category i.e., judgements that have protected and expanded on the right to privacy, the approach is straightforward. The courts in these cases have held that certain actions or inaction have resulted in a violation of privacy, or have reinforced the ability of an individual to pursue an action as a part of their right to privacy. For instance, in Vinit Kumar, when considering the illegal tapping of a telephone conversation, the Bombay High Court clearly held it to be against the right to privacy. In the case of Mahesh Chand Sharma, the Rajasthan High Court held that the right to privacy includes the right of an unmarried mother not to disclose the paternity of the child.Of the 90 cases captured in the Tracker, majority of them i.e, 64 (i.e., 71.11%) cases fall within this category.

A further quantitative analysis of the judgements shows that the Kerala High Court, Allahabad High Court and the Madras High Court have the most number of judgements (i.e., 10 judgements) that protect and expand on the right to privacy. As has been mentioned before, in the case of the Allahabad Court, all of its judgments have expanded the application of the right to privacy (i.e., 10 out of 10 judgements). There are specific categories of cases in which the courts have tended to take a similar view by expanding upon the right to privacy. For instance, courts have generally shown a tendency to protect the reproductive rights of women. The Bombay High Court in XYZ has held that a women’s right to privacy includes a right to make reproductive choices and terminate pregnancy. The Allahabad High Court went ahead to further read in a positive obligation upon a university to provide maternity benefits to students as a part of the right to privacy in the Saumya Tiwari case.

The second category of cases are the ones in which the courts have taken a limited or restricted view of the right to privacy. These cases account for 17 (i.e., 18.89%) of the 90 cases. While these include specific situations and facts, there are specific categories of cases in which the courts tend to take a restricted approach towards the right to privacy. For instance, in cases involving judicial orders to conduct medical examinations during the course of a case, the courts have often held that there is no violation of privacy. An example of this is the X vs. S case in which the Kerala High Court acknowledged the right to privacy in a case where a matrimonial Court required the individual to undergo and produce medical tests. However, the Court interpreted the right narrowly by stating that the right to privacy would not be infringed if the Court requires the production of an individual’s medical records. Another such category of cases are those that involve information that is in the public domain or individuals who can be considered as public figures. For example, in the Ramgopal Varma case, the Telangana High Court has held that while a person has the right to privacy in relation to their family, marriage, children etc., there is an exception when the matter becomes a matter of public record (including through court recordings). The Court held that the right to privacy no longer exists in such a situation and it becomes a legitimate subject for comments from the press and media.

The third category of cases are those where the right to privacy has been mentioned but the courts have not engaged in an analysis that would either expand or restrict the application of the right to privacy. In some cases, the right to privacy or the Puttaswamy judgement have simply been acknowledged by the courts, or have only restated a position of law with respect to privacy. A total of 9 (i.e., 10%) out of 90 cases fall within this category. The courts do not engage with a discussion on the right beyond referencing the judgement or to the right to privacy. The case is often decided based on another facet of law such as the law on trademarks or evidence.. For example, in Alli Noushad, the Kerala High Court has held that conversations between husband and wife are protected as privileged conversation and would be inadmissible as evidence. While the Court remarks that sacrosanctity of a family includes its privacy, it arrived at its decision on admissibility of evidence based on the provisions of the Evidence Act and not by examining the aspects of right to privacy. Simialarly, in Sunil Sachdeva, the case dealt with the right to privacy and discriminatory online posts, however, the Court did not engage with a proactive application of the right to privacy to the facts of the case. It only acknowledged that informational privacy is one of the aspects of the right.      

The blogpost highlights an increasing trend of High Courts engaging with the right to privacy. While it is promising to discover that a majority of the cases involve positive (privacy enhancing or expanding)judgements, they are largely provided by single judge benches. To read more about each case, please visit our Tracker here. Additionally, for summaries on judgements from other jurisdictions, do visit our Privacy Law Library here.

Guest Post: Right to Privacy at Home

This post is authored by Suhavi Arya.

In Justice (Retd.) K.S. Puttaswamy vs. Union of India (“Puttaswamy”) the Apex Court noted that there is a distinction between public and private spaces. Keeping this in mind, this post investigates the scope of one’s right to privacy in one’s own home. In the course of writing this post, I relied on CCG’s Privacy High Court Tracker to identify cases that discuss the extent to which the right to privacy may be interpreted in light of this public-private distinction.

The case of Vilasini vs. State of Kerala from the High Court of Kerala sheds some light on the issue. This case relates to Kerala’s toddy (palm wine) shops, that were increasingly being described as somewhat of an eyesore, with the manufacturing, storage, consumption, and disposal of toddy creating a challenging atmosphere for surrounding residents. The people affected most by the existence of these toddy shops were immediate neighbours. Several individuals filed writ petitions against the operation of toddy shops in their neighbourhoods. One such petition also challenged the shifting of a toddy shop to the petitioner’s colony, which is also near a local “anganwadi”. The writ petitions filed — concerned several different toddy shops and varied issues, however, the Kerala High Court noted that the underlying concern in all these petitions was the protection of their privacy in their own homes and therefore considered these petitions together in a common judgement.

In the judgement, a single judge bench of Justice A. Muhamed Mustaque, stated that since the sale of liquor is regulated by the State, the State is bound to address any implication on the rights of others who are affected by the conduct and placement of toddy shops. Crucially, in this case it was the State that determined the location of toddy shops through a licensing regime. The High Court observed that the Apex court noted in the Puttaswamy case that privacy is not lost or surrendered merely because the individual is in a public space. Privacy attaches to the person and not the place as it part of the dignity of the human being. Furthermore, the Court added that “Privacy has both positive and negative content: The negative content restrains the State from committing an intrusion upon the life and personal liberty of a citizen. Its positive content imposes an obligation on the State to take all necessary measures to protect the privacy of the individual”. This is important because, while Puttaswamy did not enumerate an exhaustive list of rights that fall under ‘privacy’, it stated that anything that is essential to the dignity of a human being in private can be enforced by the person in public, including their well-being in their homes.

With this in mind, in the case of Vilasini, the Kerala High Court observed that there needs to be a standard by which a violation of privacy can be assessed. The High Court sought guidance from certain judgements of the European Court of Human Rights (‘ECtHR’) and laid down a framework of assessment that may apply in the Indian context as well. After having perused several European cases, the High Court noted that the ECtHR[1]  had developed a test; for an action to be a “breach of privacy, it must have a direct immediate consequence to the applicants’ right to respect for their homes” under Article 8 of the European Convention of Human Rights (respect for home and private life). These ECtHR cases balanced the gravity and severity of nuisance caused by the impugned action with the community’s interests as a whole, assessing if the State had struck a fair balance or violated the right to privacy of an individual. For example, one case concerned noise pollution from bars and discotheques near the petitioner’s house, with the ECtHR ruling that the excessive noise was above the permitted levels and had occurred over a number of years, thus violating the privacy of the petitioner.

In Vilasini, the High Court uses the phrase, a ‘threshold severity test’ to describe this analysis. But the roots of this test, can be traced from these ECtHR cases which relate to the minimum level of severity of the action complained against and an evaluation of the authorities’ role upon a complaint being made. Although Article 8 of the European Convention expressly refers to ‘the home, private life, and family’, the Kerala High Court has read this as a facet of India’s right to privacy doctrine.   Based on this interpretation of the right to privacy, the High Court restrained the operation of one toddy shop and directed the State authorities to assess the privacy impact of the operation of other shops.

The case of Puttaswamy has led to a diverse applicability of privacy and Article 21. New contours of privacy are now being explored in different high courts around the country.  While courts now study the scope of the right to privacy and associated rights, it’s important to chart trends and understand the implications of new facets of privacy being recognised.  The specific contours of privacy and its interactions with the public realm are being developed by courts on a case by case basis, with each new challenge to state action throwing up novel questions for Indian privacy jurisprudence. In furthering this jurisprudence, it is important to keep in mind the most fundamental aspect of privacy – that it is integral to every aspect of a person’s overall well-being. The Kerala High Court’s recognition that the right to privacy includes a right to be left alone and at peace in one’s own home, and the State’s duty to facilitate this, is the concrete application of a new facet of the right to privacy.  


[1] of Moreno Gomez vs. Spain (Application No.4143/02); Hatton and Others vs. the United Kingdom [GC] (No. 36022/97, ECHR 2003- VIII); Lopez Ostra vs. Spain (Application No.16798/90); Guerra and Others vs. Italy [Application No.116/1996/735/932]; Cuenca Zarzoso vs. Spain [Application No.23383/12]; of Deés vs. Hungary [Application No.2345/06] and Fadeyeva vs. Russia [Application No.55723/00]

Right to Privacy: The Puttaswamy Effect

By Sangh Rakshita and Nidhi Singh

The Puttaswamy judgement of 2017 reaffirmed the ‘Right to Privacy’ as a fundamental right in Indian Jurisprudence. Since then, it has been used as an important precedent in many cases, to emphasize upon the right to privacy as a fundamental right and to clarify the scope of the same. In this blog, we discuss some of the cases of the Supreme Court and various High Courts, post August 2017, which have used the Puttaswamy judgement and the tests laid in it to further the jurisprudence on right to privacy in India. With the Personal Data Protection Bill tabled in 2019, the debate on privacy has been re-ignited, and as such, it is important to explore the contours of the right to privacy as a fundamental right, post the Puttaswamy judgement.   

Navtej Singh Johar and ors Vs. Union of India (UOI) and Ors., 2018 (Supreme Court)

In this case, the Supreme Court of India unanimously held that Section 377 of the Indian Penal Code 1860 (IPC), which criminalized ‘carnal intercourse against the order of nature’, was unconstitutional in so far as it criminalized consensual sexual conduct between adults of the same sex. The petition, challenged Section 377 on the ground that it was vague and it violated the constitutional rights to privacy, freedom of expression, equality, human dignity and protection from discrimination guaranteed under Articles 14, 15, 19 and 21 of the Constitution. The Court relied upon the judgement in the case of K.S. Puttaswamy v. Union of India, which held that denying the LGBT community its right to privacy on the ground that they form a minority of the population would be violative of their fundamental rights, and that sexual orientation forms an inherent part of self-identity and denying the same would be violative of the right to life.

Justice K.S. Puttaswamy and Ors. vs. Union of India (UOI) and Ors., 2018 (Supreme Court)

 The Supreme Court upheld the validity of the Aadhar Scheme on the ground that it did not violate the right to privacy of the citizens as minimal biometric data was collected in the enrolment process and the authentication process is not exposed to the internet. The majority upheld the constitutionality of the Aadhaar Act, 2016 barring a few provisions on disclosure of personal information, cognizance of offences and use of the Aadhaar ecosystem by private corporations. They relied on the fulfilment of the proportionality test as laid down in the Puttaswamy (2017) judgment.

Joseph Shine vs. Union of India (UOI), 2018 (Supreme Court)

The Supreme Court decriminalised adultery in this case where the constitutional validity of Section 497 (adultery) of IPC and Section 198(2) of Code of Criminal Procedure, 1973 (CrPC) was challenged. The Court held that in criminalizing adultery, the legislature has imposed its imprimatur on the control by a man over the sexuality of his spouse – in doing that, the statutory provision fails to meet the touchstone of Article 21. Section 497 was struck down on the ground that it deprives a woman of her autonomy, dignity and privacy and that it compounds the encroachment on her right to life and personal liberty by adopting a notion of marriage which subverts true equality. Concurring judgments in this case referred to Puttaswamy to explain the concepts of autonomy and dignity, and their intricate relationship with the protection of life and liberty as guaranteed in the Constitution. They relied on the Puttaswamy judgment to emphasize the dangers of the “use of privacy as a veneer for patriarchal domination and abuse of women.” They also cited Puttaswamy to elucidate that privacy is the entitlement of every individual, with no distinction to be made on the basis of the individual’s position in society.

Indian Young Lawyers Association and Ors. vs. The State of Kerala and Ors., 2018 (Supreme Court)

In this case, the Supreme Court upheld the right of women aged between 10 to 50 years to enter the Sabrimala Temple. The court held Rule 3(b) of the Kerala Hindu Places of Public Worship (Authorisation of Entry) Rules, 1965, which restricts the entry of women into the Sabarimala temple, to be ultra vires (i.e. not permitted under the Kerala Hindu Places of Public Worship (Authorisation of Entry) Act, 1965). While discussing the guarantee against social exclusion based on notions of “purity and pollution” as an acknowledgment of the inalienable dignity of every individual J. Chandrachud (in his concurring judgment) referred to Puttaswamy specifically to explain dignity as a facet of Article 21. In the course of submissions, the Amicus to the case had submitted that the exclusionary practice in its implementation results in involuntary disclosure by women of both their menstrual status and age which amounts to forced disclosure that consequently violates the right to dignity and privacy embedded in Article 21 of the Constitution of India.

(The judgement is under review before a 9 judge constitutional bench.)

Vinit Kumar Vs. Central Bureau of Investigation and Ors., 2019 (Bombay High Court)

This case dealt with phone tapping and surveillance under section 5(2) of the Indian Telegraph Act, 1885 (Telegraph Act) and the balance between public safety interests and the right to privacy. Section 5(2) of the Telegraph Act permits the interception of telephone communications in the case of a public emergency, or where there is a public safety requirement. Such interception needs to comply with the procedural safeguards set out by the Supreme Court in PUCL v. Union of India (1997), which were then codified as rules under the Telegraph Act. The Bombay High Court applied the tests of legitimacy and proportionality laid down in Puttaswamy, to the interception orders issued under the Telegraph Act, and held that in this case the order for interception could not be substantiated in the interest of public safety and did not satisfy the test of “principles of proportionality and legitimacy” as laid down in Puttaswamy. The Bombay High Court quashed the interception orders in question, and directed that the copies / recordings of the intercepted communications be destroyed.

Central Public Information Officer, Supreme Court of India vs. Subhash Chandra Agarwal, 2019 (Supreme Court)

In this case, the Supreme Court held that held that the Office of the Chief Justice of India is a ‘public authority’ under the Right to Information Act, 2005 (RTI Act) – enabling the disclosure of information such as the Judges personal assets. In this case, the Court discussed the privacy impact of such disclosure extensively, including in the context of Puttaswamy. The Court found that the right to information and right to privacy are at an equal footing, and that there was no requirement to take a view that one right trumps the other. The Court stated that the proportionality test laid down in Puttaswamy should be used by the Information Officer to balance the two rights, and also found that the RTI Act itself has sufficient procedural safeguards built in, to meet this test in the case of disclosure of personal information.

X vs. State of Uttarakhand and Ors., 2019 (Uttarakhand High Court)

In this case the petitioner claimed that she had identified herself as female, and undergone gender reassignment surgery and therefore should be treated as a female. She was not recognized as female by the State. While the Court primarily relied upon the judgment of the Supreme Court in NALSA v. Union of India, it also referred to the judgment in Puttaswamy. Specifically, the judgment refers to the finding in Puttaswamy that the right to privacy is not necessarily limited to any one provision in the chapter on fundamental rights, but rather intersecting rights. The intersection of Article 15 with Article 21 locates a constitutional right to privacy as an expression of individual autonomy, dignity and identity. The Court also referred to the Supreme Court’s judgment in Navtej Singh Johar v. Union of India, and on the basis of all three judgments, upheld the right of the petitioner to be recognized as a female.

(This judgment may need to be re-examined in light of the The Transgender Persons (Protection of Rights) Bill, 2019.)

Indian Hotel and Restaurant Association (AHAR) and Ors. vs. The State of Maharashtra and Ors., 2019 (Supreme Court)

This case dealt with the validity of the Maharashtra Prohibition of Obscene Dance in Hotels, Restaurant and Bar Rooms and Protection of Dignity of Women (Working therein) Act, 2016. The Supreme Court held that the applications for grant of licence should be considered more objectively and with open mind so that there is no complete ban on staging dance performances at designated places prescribed in the Act. Several of the conditions under the Act were challenged, including one that required the installation of CCTV cameras in the rooms where dances were to be performed. Here, the Court relied on Puttaswamy (and the discussion on unpopular privacy laws) to set aside the condition requiring such installation of CCTV cameras.

(The Puttaswamy case has been mentioned in at least 102 High Court and Supreme Court judgments since 2017.)

Big Brother is Watching : The Right to Privacy for Minors

The 2017 judgement by a 9 judge bench in the case of Justice K.S. Puttaswamy vs. Union of India successfully cemented the Right to Privacy for citizens under Article 21 of the Constitution. The judgement was a turning point in the debate on the right to privacy which has been raised in court time and again starting from the 1964 judgement in the case of Kharak Singh vs. State of UP.

However, this was not the end of the conversation on the right to privacy, the recent decision of the Supreme Court in the case of Amber Tickoo vs Government of NCT of Delhi reignited the debate which surrounds the right to privacy, specifically the right to privacy of minors.

The Amber Tickoo Case

In September 2017, following the murder of a 4-year-old at Ryan International School, Delhi education minister Manish Sisodiya made the decision to install CCTV cameras in every Delhi government school. These cameras would cover not only the hallways and the common areas but also the classrooms. Further, in December of the same year it was decided that the feed from these cameras would be made available online for the parents to access.

 In July 2019, a Delhi government school in Lajpat Nagar became the first school fully equipped with CCTV cameras in all classrooms. According to the government the next step would be to provide the parents access to the live feed through a mobile app which they can access using a password.

These decisions of the Delhi government were challenged before the Supreme Court though a public interest litigation in the Amber Tickoo case. The petitioners argued that the installation of these cameras would result in an infringement of the right to privacy ensured in the Puttaswamy judgement. They also argued that making the live feed of students available online would jeopardize the safety and security of the students.

The Supreme Court dismissed the petition without granting any interim relief, and disposed of the case. Consequently, the implementation of the programme will see almost 1000 schools across Delhi equipped with CCTV camera’s by November.

Right to Privacy in Public Spaces

The Puttaswamy judgement while broadly dealing with the issue of the right to privacy, extended the right to privacy of individuals to the public space.

“If the reason for protecting privacy is the dignity of the individual, the rationale for its existence does not cease merely because the individual has to interact with others in the public arena. The extent to which an individual expects privacy in a public street may be different from that which she expects in the sanctity of the home. Yet if dignity is the underlying feature, the basis of recognising the right to privacy is not denuded in public spaces… Privacy attaches to the person and not to the place where it is associated.”

The court thus acknowledges that acts done by individuals in public spaces are not necessarily public in nature, and that individuals would still be guaranteed the right to privacy in such situations.

However, in this case, the right is not being extended to minors. In his interview, Akshay Marathe, a member of Delhi government’s Dialogue & Development Commission Task force on school education argues that classrooms cannot be considered to be private by ‘any stretch of imagination’. Following the principle laid down in the Puttaswamy judgement, despite classrooms being a public space, children still possess a right to privacy, since the right is attached to their person and not the space, they are in. The installation of CCTV cameras in classrooms would thus ignore these rights and appears to imply that minors do not possess the same right to privacy as adults.

CCTV cameras in Schools

The government has supported its decision to install security cameras inside classrooms for many reasons. The decision was made in response to incidents of violence in schools such as the assault of a 4-year-old girl . However, in addition to assuaging safety concerns, the government also states that having access to the live feeds from these cameras would bring down delinquency and truancy complaints for children. This measure is also meant to bolster the confidence of parents in the quality of education being imparted to the students as they would personally be able to judge the performance of the teachers via the live feed.

This experiment with CCTV cameras in school is not a novel concept. Several other jurisdictions have already implemented similar strategies in schools from equipping teachers with two-way radios, to installing CCTV cameras in schools, even in changing rooms. Almost 90% of secondary schools in the UK are now equipped with security cameras, and this constant surveillance has been criticized by many, including the teachers. Research suggests that pupils in UK are monitored as frequently as inmates in prisons and customers at an airport.

A study conducted on CCTV surveillance of primary school children in Israel also concludes that the cameras lead to a growing fear in the children that they were constantly being recorded everywhere. The study also revealed a tension between the normalisation of school surveillance, but increased resistance to other surveillance among children which could eventually cause behavioural problems in the children outside of school.

In addition to the previous problems faced in the implementation of CCTV systems in schools, the Delhi government also faces increased concerns about the responsibility of the government towards the children, as there are no laws which govern the use of CCTV cameras in schools in India. The question of parental access to feeds is also in question as the present digital infrastructure may not be able to support this venture, and the government has given no answers on how it intends to validate the identity of the parents on the smartphone app.

Rights of Minors

The rights of minors differ in aspect and scope from the rights provided to adult citizens of a state. As a vulnerable group of society, the state has chosen to prioritise security concerns over the right to privacy of children. While the installation of CCTV cameras in Delhi government schools is in the limelight now, this is by no means the only policy of such a nature to be implemented in the country. A bench at the Madras High Court recently directed the Tamil Nadu transport commissioner to issue orders mandating the installation of CCTV cameras and GPS in all school buses. Schools in Gurugram are now also set to follow in the footsteps of the Delhi model where the district education officer has called for all government schools to install CCTV cameras. They also allow schools with a paucity of funds to seek additional grants for the installation of these cameras.

While the installation of the cameras has generated mixed reviews with parents being generally happy with the news and teachers apprehensive about the same, the move has ignored some large concerns relating to the scrutiny of minors. The livestreaming of the classroom feeds is one such issue, due to the enormous scale of the process, it will be impossible to ensure the safety of this feed. The feed can be accessed though a mobile app and a password, which makes it vulnerable to leaks. There has also been no research done to investigate the effect of such constant scrutiny on children and teachers.

To sum up, the right to privacy of children is often considered subjugated to other concerns, this can most accurately be seen in the statement by CM Kejriwal which states that “There will be no privacy breach, children go to school for education, to learn discipline and become good citizens of the country… they do not go there for anything private”. It also fully ignores the question of illegal access to these live-feeds by unauthorized parties arguing that “Hypothetically even if one does get access, he will only see 40 kids studying. Nothing more can be obtained out of it.”

The decision to install CCTV cameras in schools ultimately made to benefit students and bolster the security in schools following recent events. However, the move to live-stream feeds from these classrooms has come under considerable scrutiny, with the Government School Teachers Association protesting the same. Following the refusal of the Supreme Court to intervene on the matter, Delhi schools are set to implement the policy, with other places following suit. 

Towards a Data Protection Framework (CCG Privacy Law Series)

Smitha and I are writing a series of papers on a data protection law for India, based on our research. We hope that our discussion of the options before us and their relative merits and demerits will help other engage with these difficult questions in a nuanced manner.

The first paper sets out the context for the data protection law. It discusses the reasons and purpose for regulation and what specifically will be regulated.

It also discusses who will be regulated, since this is important while considering the regulatory strategies to use while implementing the data protection principles. It is available here.

CCG on the Privacy Judgment

A 9 judge bench of the Supreme Court of India passed a landmark judgment two weeks ago, which unanimously recognized the right to privacy as a fundamental right under the Constitution of India. The Court found the right to privacy to be a part of the freedoms guaranteed across fundamental rights, and an intrinsic aspect of dignity, autonomy and liberty.

In 2012, a petition was filed before the Supreme Court by Justice K. S. Puttuswamy (Retd.), challenging the validity of Aadhaar. During the course of the hearings, the Attorney General argued that the Supreme Court in M.P. Sharma v. Satish Chandra (1954) and Kharak Singh v. State of U.P. (1962) had found that there was no fundamental right to privacy in India, because of which its position in the Indian Constitution was debatable. As a consequence, the Court in its order on August 11, 2015 referred the question to a Constitution bench of the Supreme Court. Last month, the Constitution bench decided to refer the matter to a 9 judge bench, in view of M.P. Sharma and Kharak Singh being decided by an 8 judge bench, and a 6 judge bench respectively. A timeline of events, from the filing of the petition, to the constitution of the 9 judge bench, may be found here.

During the proceedings, the petitioners broadly argued that M.P. Sharma, and Kharak Singh were no longer good law; that privacy was an essential component of liberty, dignity and other core aspects of the Constitution; and the fundamental right to privacy could be located in a combined reading of the rights under Part III of the Constitution. Further, they argued that India’s international obligations presented an imperative to recognize the right. The respondents argued, among other things, that privacy was a vague concept, of which only certain aspects could be elevated to the status of a fundamental right, if at all. They argued that the right could be protected through the common law, or by statute, and did not need the protection of a fundamental right. Further, that the right to life, and the concomitant duty of the state to provide welfare, must trump privacy. An index of our posts reporting the arguments is also available below.

The petition and reference posed some critical questions for the Court. The Court had to evaluate whether privacy, as argued, was just an alien, elitist construct unsuitable to India, or a necessary protection in a digital age. It was further tasked with defining its safeguards and contours in a way that would not invalidate the right. Chinmayi Arun’s piece specifically addresses these concerns here.

Fortunately, the Supreme Court also has an illustrious history of recognizing and upholding the right to privacy. The Centre for Communication Governance recently published an infographic, illustrating the Court’s jurisprudence on the right to privacy across 63 years.

The Court eventually decided on an expansive articulation of the fundamental right to privacy. However, the judgment raises a few crucial implications. We at the Centre for Communication Governance have presented our analysis of the judgment in various news media publications. Chinmayi Arun, our Research Director, has presented her views on the judgment as part of a panel of experts here, and in an interview, here. She also argues that the Court seems to have left a significant leeway, presumably for intrusion by the state. Smitha presents a detailed assessment of the implications of the right to privacy here. The judgment has also been lauded for its critique of the Suresh Kumar Koushal v. NAZ Foundation, which recriminalized consensual same-sex intercourse. As Arpita writes here, a strong formulation of the right to privacy, with its close connection to bodily integrity, can forge a more progressive expression of the rights of women and sexual minorities.

While the judgment is a step forward, its effect and implementation are yet to be seen. Recently, in the ongoing matter of Karmanya Singh v. Union of India (WhatsApp data sharing case), the Puttaswamy judgment was visited. Following from the judgment, the petitioners argued that the state should protect an individual’s right to privacy even when it is being infringed by a non-state actor.

 Reports of arguments made before the Supreme Court:

Digitisation of Health / Medical Records: Is the Law Keeping Up?

Medical and health records are increasingly digitised, and ease of access is considered one of the key benefits of this trend. However, patient privacy and security of such records are important concerns that need to be addressed both under the existing legal framework, and in terms of development of new laws.

Earlier this month, news reports suggested that private medical records of over 35000 patients had been made publicly available through the website of a diagnostic laboratory based in Mumbai. Reports indicate that the website of the lab was hacked. However, other reports specify that the lab has disclaimed liability, stating that any requirement for confidentiality is limited in applicability to doctors only. Further, the lab suggested that since they were shortly to be moving to a different system, there was no urgency in remedying the security flaws.

While the above seems to be an internal security issue on the part of the lab, we have seen that health records are a favourite for hackers, across the world. These records are then either held for ransom or sold by such hackers.

The healthcare industry as a whole is seen as one of the least secure industries globally. At the same time, medical and health records of individuals are increasingly being digitised. Individuals and institutions in the healthcare industry are digitising records within their organisations to improve ease of access. The Ministry of Health and Family Welfare, Government of India, is in the process of setting up an Integrated Health Information Platform, and has issued Electronic Health Record Standards (EHR Standards). The EHR Standards are meant to provide for creation and maintenance of health records in a standardised manner that would allow for interoperability across platforms and institutions across the country. There are many pros and cons to undertaking such a digitisation effort – however, this post is limited to examining the legal framework surrounding such digitisation and the protection of privacy of patients.

Current Legal Framework in India

Today, India does not have a comprehensive privacy law, or an industry specific privacy regulation that focuses on the healthcare / medical industry. We do have the Information Technology Act, 2000 (“IT Act”), and the Information Technology (Reasonable security practices and procedures and sensitive personal data or information) Rules, 2011 (“IT Rules”), as well as the Indian Medical Council (Professional conduct, Etiquette and Ethics) Regulations, 2002 (“MCI Code of Ethics”).

The MCI’s Code of Ethics provides that physicians must maintain medical records pertaining to patients for a period of 3 years from commencement of treatment. Further, physicians must also make such records available to patients, authorised attendants and legal authorities upon request. Physicians are also required to make efforts to computerise such records. While there is no specific provision on maintenance of privacy and security of these medical records, the MCI Code of Ethics does provide that confidences entrusted by patients to physicians must be not be revealed, unless required by law or in public interest. However, the MCI Code of Ethics is applicable to physicians i.e. doctors with MBBS or equivalent qualifications only.

On the other hand, the IT Act and the IT Rules are wider in application. They deal specifically with electronic records and require any person dealing with certain defined types of sensitive information, including medical records, to undertake data protection and security measures.

Any violation of the MCI Code of Ethics calls for disciplinary action against the concerned physician which could include removal of the physician’s name from the register of qualified physicians. The IT Act however, does not provide for any direct action or penalty in the case of non-compliance with the IT Rules, and relies on the person affected by the non-compliance to take action.

In addition to the MCI Code of Ethics and the IT Act, there are a few other laws such as the Medical Termination of Pregnancy Act, 1971 which provide for maintenance of confidentiality of patient information. However, these are largely specific to certain circumstances and are not comprehensive.

Potential Developments

In the absence of a comprehensive privacy and data protection law in India, some regulators have taken to establishing basic rules to protect consumers and individuals in their respective industries. For instance, the RBI places certain restrictions on the circumstances in which customer information can be shared by banks. Insurance and telecom companies are restricted from transferring certain customer information outside India.

Given the highly sensitive nature of medical / health related information, and recent trends of commoditisation of such information in the black market, such laws are much needed in the healthcare industry.

The EHR Standards do deal with certain aspects of privacy of patients and security of healthcare records. They prescribe several international standards to be adhered to by members of the healthcare industry while dealing with electronic health records. However, they appear to default back to the IT Act as the legislation that would govern the implementation of any data protection measures in relation to such records.

The Human Immunodeficiency Virus and Acquired Immune Deficiency Syndrome (Prevention and Control) Bill, 2014 also provides certain safeguards to ensure the privacy of patients, specifically in relation to their HIV status. Some concerns regarding the provisions of this bill have previously been discussed here. However, this proposed bill is again limited in scope, and does not apply across the medical industry.

Reports suggest that recognising the need for a more comprehensive law, the Central Government has taken up the initiative of drafting a healthcare industry specific privacy and data protection law.

Given that this law would be drafted from scratch, we suggest that it should be (a) holistic i.e. be applicable across the entire healthcare / medical industry, and not specifically to doctors / hospitals, and (b) technology agnostic, addressing medical / health information in any format, digitised or not.

The law should also take into account the internationally recognised privacy / fair information principles. These principles provide, among other things, for (a) collection of data by lawful means, and only when required (b) use of data for the purpose it is collected only, (c) adequate security measures to be undertaken to protect data, and (d) accountability and openness about policies in place for use and protection of data.

Further, to the extent that it provides for the digitisation of records, and implementation of EHR Standards, it should be ensured that, the principles of ‘privacy by design’ should be used. The concept of privacy by design stipulates that privacy and data protection measures must be built into any system as a default, taking a preventative approach to data protection rather than a remedial approach.

Another important concern is enforcement – our current laws such as the IT Act, do not provide for proactive enforcement in case of failure to protect privacy / data of individuals, and leave it up to the affected individuals to act. Ideally, a dedicated regulator with the ability to investigate and direct action against defaulters is required. Perhaps the role of the National e-Health Authority proposed by the Government could be expanded to deal with privacy and security of all health records and information.

While the idea of implementing a health privacy and data protection law is a welcome move, it remains to be seen how far this proposed legislation will go towards fully protecting patients’ rights.