By Kanishka Chopra- BALLB First Year
“Privacy is not an option, and it shouldn't be the price we accept for just getting on the Internet.”
-Gary Kovacs.
Privacy in India has always taken a backseat and yet again, people’s Right to Privacy, recognized as a fundamental right in the landmark Privacy Judgement aka Justice K S Puttaswamy (Retd.) & Anr. v. Union of India and Ors.,[1] has been breached with the presence of an Israeli spyware- Pegasus. It is created by the Israeli cyber arms firm NSO to maintain tabs on a user's mobile device. A phishing link is delivered to the user or targeted person in this spyware, and as soon as the targeted person clicks on the link, malware is injected into the device, allowing surveillance of the target and is called ‘Zero-Day Exploit’. The infringement of a person’s privacy is just a click away!
This virus has not spared India among other nations. Yet, even the suit filed by Facebook Inc. owned WhatsApp in California Court in 2019 did not become an eye-opener for the Indian government. The governments, including the current one, have claimed that there have only been lawful interceptions on being questioned about the alleged illegal phone tapping. The government has been taking a garb under Section 5(2) of the Indian Telegraph Act, 1885[2] which empowers for lawful interception “in the interest of the sovereignty and integrity of India, the security of the State, friendly relations with the foreign States, or public order or for preventing incitement to the commission of an offense.” Further, the Central Government or a State Government even has the authority under Section 69 of the Information Technology Act, 2000[3] to intercept, monitor, or decrypt any information generated or stored in any computer resource.
However, “Informational Privacy” has been recognized by the court as being a facet of the right to privacy and held that information about a person and the right to access that information also needs to be given the protection of privacy. Sanctuary (protection from invasive observation) and time, according to Justice Chelameswar, are three aspects of the right to privacy. The verdict makes it apparent that privacy, as a basic right, is a private aspect of citizens' lives that must be preserved as a right under Article 21.[4] Even when certain limits are imposed for the sake of public order or national security, people's fundamental rights should not be violated. But what is actually happening in the name of lawful interceptions is a blatant disregard of people’s right to privacy. Without jeopardizing the national security, need is to maintain a balance and only under exceptional circumstances people’s right to privacy must be compromised.
India is not a signatory to any data protection convention equivalent to the GDPR or the Data Protection Directive. However, other international declarations and agreements that recognize the right to privacy, such as the Universal Declaration of Human Rights and the International Covenant on Civil and Political Rights, have been adopted by India. Unfortunately, India has failed to establish an explicit data protection legislation. Though the Information Technology Act (2000) (“IT Act”) and the SPDI rules were amended by the Indian legislature to include Sections 43A and 72A, yet they were unable to cope up with new challenges.
Hence, the Personal Data Protection Bill of 2019 was one of the awaited bills but it has yet not seen the light of the day. Even it has been subjected to a lot of scrutiny and criticism. While some consider it broad and arbitrary, others see this as a necessity to tackle spyware in the first place. The fight for the right to privacy has been long and winding, stretching from M.P Sharma and Ors. v. Satish Chandra[5] to the Puttaswamy & Ors. v. Union of India and Anr. New threats and challenges like Pegasus have kept on knocking on our doors but the question remains if, in the four years since recognizing privacy as a fundamental right, we could have created a law that helps in its effective realization.