INFORMATIONAL PRIVACY IN INDIA: AN UNRESOLVED PENUMBRA Akshita Mittal (Online Intern at Lawof) and Avani Dubey,NLU Nagpur
The recent judgment of K. Puttaswamy v. Union of India has conferred upon Indian citizens the fundamental right to privacy, implicit under Article 21 of the Constitution of India, and has brought to the forefront a dilemma which has long been unresolved: the right to informational privacy, the most controversial aspect of this fundamental right.
The judgment has put forward the Right to Privacy as a crucial component of the right to human dignity, where the latter is not possible without the former. It has underlined the essentials of the Right to Privacy, which are fourfold: (i) It is the consumer’s consent as to what data one wants to share, and what one does not; (ii) The data one has consented to share is to be only used for the purpose specified at the time of sharing; (iii) the data when used by the recipient, has to be sufficiently anonymised, so as to render the individual reasonably unidentifiable; and (iv) one has a clear choice to opt out of the sharing process and have the information deleted by the recipient. These are the pillars on which the privacy of a citizen is built. It has to be understood that the person’s home, indeed, is one’s castle, as the right to privacy embalms a citizen’s liberty to do what the person wants, the way they want, without any unwanted outside interference whatsoever.
India, however, while having recently recognized it as a fundamental right, still hasn’t enacted a data protection law, and is hence putting millions of citizens’ data at risk for misuse. The existing legislations such as the Informational Technology Act, 2000 do not adequately protect personal data, as § 43 A which provides for remedies against corporations in the events of handling data negligently and against persons in provisions such as § 72 A, but does not cover the liabilities of bodies corporate who obtain and sell data without the consent of the individuals, and not merely the consent of the data providers. The Court, in K. Puttaswamy v. Union of India, has recognized these inadequacies, and therefore, has suggested that a robust statutory framework should be adopted for the same. The recent White Paper released by the government has, though, neglected to answer many questions.
On the other hand, it may be argued that the right to privacy cannot be absolutely guaranteed, due reasons such as: (i) Complete anonymisation of data is not possible; fragmented information can be put back together to re-identify an individual. As long as direct identifiers such as phone numbers are present, information is merely pseudo-anonymised, and can be easily used to re-identify a person. Moreover, DNA and biometric data cannot be anonymised at all. That is the reason they are called “unique” identifiers. Moreover, too much anonymisation renders information unfit for any type of use. (ii) Social media websites which thrive on sharing of personal data, and span all across the world, cannot be regulated by a mere legislation. (iii) An even more difficult area to regulate is the internet of things, which comprises of objects of daily use such as televisions, air conditioners, remotes, etc. which is linked to the internet, that record and store personal information, which can then be obtained and used. (iv) It has also been argued that privacy is an elitist concept, useless to an average Indian citizen, who needs food and shelter more than he needs privacy.
Methods such as k-anonymity are being developed to help anonymise DNA in a better way, and other suggestions such as the Privacy Report, 2012 by the Federal Trade Commission of U.S.A. has highlighted the only situations where data may be used without owner’s immediate consent such as first party use and collation of non-sensitive data. As for the last argument against ensuring the right to privacy, it is clear that there can be no development without fundamental rights. Civil liberties are a sine qua non of a democracy, and it is essential that to let a democracy flourish, fundamental rights are truly realised, in addition to being recognised.
 Rowan v. United States Post Office Dept., 397 U.S. 728, 737 (1981).
 Information Technology Act, §43 A (2008).
 Ontario De-identification Guidelines for Structured data, (Information and Privacy Commissioner for the State of Ontario 2016).
 Council for Responsible Genetics, Do You Know Where Your DNA is? Genetic Privacy and Non-Forensic Biobanks 14 (2014).
 FED. TRADE COMM’N, PROTECTING CONSUMER PRIVACY IN AN ERA OF RAPID CHANGE: RECOMMENDATIONS FOR BUSINESSES AND POLICYMAKERS (2012).
 Shivam Vij, SC Quotes Amartya Sen To Answer Modi Government’s Claim That Privacy Is An Elitist Concern, HUFFPOST, (Dec 19, 11:10 AM), http://www.huffingtonpost.in/2017/08/25/sc-quotes-amartya-sen-to-answer-modi-government-s-claim-that-privacy-is-an-elitist-concern_a_23179015/.