Data privacy: Great idea, but there’s room for the State to step in
By Chinmayi Arun | Published: 25th August 2017 11:18 AM |
After years of lecturing on privacy, it was a joy to see the range of material the Supreme Court used in the judgment it delivered on Thursday. The fundamental right to privacy has been defined expansively, and its many dimensions highlighted. The judgment recognises how essential privacy is to dignity, autonomy and liberty and offers many illustrations to make this point.
As powerfully as a right might be articulated, much depends on how it may be restricted. This is where the judgment’s treatment of the State’s role in privacy falls short of its own very high bar. It follows up its painstaking articulation of the importance of privacy with a relatively clumsy exception that might undermine this right after all.
Consider this purely from the point of view of informational privacy. Information technology and data protection are discussed extensively in the verdict. It notes many key developments in this context, including the volume and nature of data held by web-based platforms and the dangers of information aggregation. It references big data and wearable technology.
After this discussion, the judges suddenly throw up their hands and say it is for the State to draft an appropriate data protection law. So for anyone who was wondering whether this judgment will offer any recourse if a web-based platform sells their data, the answer is no. The judgment says privacy has positive content, and that the State is obligated to take measures to protect individuals’ rights. Perhaps one day, another judgment will build on this one and offer recourse if necessary.
The judgment also acknowledges that anything shared in a private space cannot be made public. By this yardstick, an email exchange cannot be shared publicly, and that web-based companies will not be able to use the data they collect as easily as they have done thus far. However, the Supreme Court has said it expects the Union government to create a data protection law to govern itself and private players.
The judges’ approach to potential violation of privacy by the State is disconcerting. The judgment acknowledges the many ways in which the State can abuse power. It then undoes this by giving way to an overwhelming concern about vital State interests. As an example, it suggests vaguely that privacy online enables terrorists and cyber attacks. This may be bad news for encryption communication and platforms like WhatsApp.
Justice D V Chandrachud seems to argue that the State has a legitimate interest in monitoring the web to “secure the nation against cyber attacks and the activities of terrorists” to justify potential restraint of the right to privacy. This loophole is worrying since it does not seem to acknowledge the dangers of surveillance. It does not also bode well that the majority judgment has not acknowledged the infirmities of the SC’s phone-tapping judgment. A similar fig-leaf protection will do nothing for our right to privacy in the face of surveillance.
The most worrying part of the verdict is its outline of the conditions under which the State may violate the right to privacy. It must establish the existence of law; the need, or legitimate State aim; and proportionality showing a rational nexus between the object and means of the law.
The court explicitly refers to social welfare programmes in the context, arguing that there is a ‘vital State interest’ in making sure scarce public resources are not diverted to persons who do not qualify as recipients. If this is a reference to the Aadhaar case, arguably the Aadhaar database fails the proportionality test.
However, it will not help the petitioners that the Supreme Court has rather unnecessarily offered up this example. This means that the Aadhaar bench will need to be less faint of heart and more nuanced in its acknowledgement of the power of databases.
(Chinmayi Arun is an assistant professor at the National Law University, Delhi)