Privacy is not a trade off for transparency

BY Venkatesh Nayak| IN Privacy | 27/08/2010
Agencies of the State and the private sector are collecting a variety of data on individuals. Adequate regulatory measures are needed to rein them in and safeguard individual privacy and data protection,
says VENKATESH NAYAK, discussing government consultations on a proposed privacy law

Big Boss may be watching your every move and there is no eye-popping prize money for surviving the ordeal of the house of horrors! While a miniscule percentage of the population eyeball the shenanigans of fading and wannabe celebrities on the telly reality show, season after season, the less theatrical but very real Big Boss, aka, the Kafkaesque State, keeps watch over unsuspecting citizens day in and day out without so much as a murmur of protest.

 

Consider this scenario: You are an honest and law-abiding citizen who visited a police station to lodge a complaint about your missing mobile phone? What would you get? Of course, apathy to start with, and if you were fortunate enough, filing in slow motion of a non-cognizable complaint by a very busily yawning policeman.

 

But if you are an honest and law-abiding citizen who is also in the habit of filing RTI applications for different issues, you might just find out that your phone was under the Big Boss’s surveillance even before you lost it. When I learnt of this true story, my benumbed mind sought to know "who authorised disclosure of information from the RTI application to the police and under which law?"

 

Such abuse of personal data would have been difficult if we had a sound legal architecture for protecting the privacy of individuals and for regulating the manner in which data about individuals is collected, processed and shared across agencies in the public and private spheres. In the absence of a sound law to protect personal data of citizens, arbitrary actions of the kind narrated above occur unfettered.

 

The recent launch of a debate on a law to protect privacy and personal data by the Central Government must be situated in this context of the growing paranoia of the surveillance State.

 

The Indian government, through the Department of Personnel and Training (DoPT), initiated a public consultation on this subject on 21st July this year. According to the DoPT, the increasing practice of digital data processing about individuals in the public and private sectors has necessitated the drafting of a law to protect privacy and personal data.  The handling of millions of bytes of personal data by BPO entities and the need for having a legal framework acceptable to the international community were also cited as reasons.

 

The DoPT operates under the Ministry of Personnel, Public Grievances and Pensions,) Government of India and senior bureaucrats from the Department of Information Technology, Ministry of Finance, Department of Legal Affairs, NATGRID, Registrar General, Census of India, Finance Intelligence Unit and the Indian Banks Association participated in this meeting. A handful of representatives from civil society and a law firm also took part in the deliberations held in Delhi.

 

(See DoPT "Summary of the Proceedings of the Workshop on Legal Framework for Privacy, Data Protection and Privacy", 21 July, 2010:

 http://persmin.gov.in/WriteReadData/RTI/12AUGUST.pdf accessed on August 26, 2010. The DoPT which is under the overall charge of Prime Minister of India has invited suggestions from civil society on what a law to protect privacy must contain. Readers are requested to send their suggestions to the Secretary DoPT at: secy_mop@nic.in)

 

Is right to privacy a Fundamental Right?

 

The Constitution-makers did not include the right to privacy in its fundamental rights chapter. Yet the demand for State protection to the citizens’ right to privacy was part and parcel of India’s struggle for independence from colonial domination. The Constitution of India Bill drawn up in 1895 under the influence of Tilak and Annie Besant and the Commonwealth of India Bill adopted in 1925 at an all-party conference chaired by Gandhiji, both called for constitutional protection for the right to privacy. However the Swaraj Constitution of 1928 drawn under the guidance of Motilal Nehru and Subhashchandra Bose failed to mention it. In 1950, while the right to property and the freedom to speak, express oneself and move about freely (all distinct elements of the right to privacy) were given constitutional status, the right to privacy was left out.

 

For the first time, in Kharak Singh vs The State of Uttar Pradesh (AIR 1963 SC1295) in 1962, the Supreme Court of India read the right of privacy into the fundamental right of life and liberty guaranteed under Article 21 as a measure of stemming the excessive intrusion of the surveillance State in the private lives of citizens.

 

Successive pronouncements of the apex court have elevated the individual’s right of privacy to the status of a deemed fundamental right. The protection for life and liberty and consequently privacy under Article 21 is available to any person in India without limitations of citizenship. But the Court declared that the right to privacy is not absolute and may be subject to restrictions if there is a countervailing State interest. The burden of proving that such a pressing interest exists is on the State agencies.

 

The statutory requirement that women and juvenile witnesses in any criminal case must be questioned only at their residences is a clear recognition of the need to protect the privacy and dignity of such people. Yet, violent intrusions into the homes of dalits, adivasis, and minorities by law enforcement agencies under the pretext of conducting combing operations and interrogations are a common occurrence today. Often such incidents do not even find mention in the mass media. Compensation for violation of privacy by State agents is a far cry.

 

Privacy and cultural ethos of India

 

Is there a strong tradition of protection for privacy in the cultural ethos of India? When compared with the civil liberties standard of protection for the right of privacy in the advanced democracies of Europe and the Americas, there is little to draw on from our cultural and intellectual traditions.

 

At least two of the classical languages – Sanskrit and Kannada, which I am familiar with, do not have synonyms that adequately convey the complexity of meaning of the terms ‘privacy’ or ‘private’. ‘Ekaanta’ comes closest to the basic notion of ‘solitude’ that underpins these terms and is extended to conjugal or friendly relations depending on context and usage. Similarly the terms ‘nija’,‘niji’ ‘vyaktigat’ and ‘vaiyaktik’ convey the sense of individuality or one’s personality more than the idea of privacy.

 

Hindi and Kannada use the loan word ‘khaas’ to convey the ramified meanings of privacy. More recently official language pundits have invented the term ‘ashaasakeeya’ to differentiate the private sphere from that of the State or government. So finding an accurate indigenous phrase to connote the complex notion of the ‘right to privacy’ will be a challenge before lawmakers.

 

Vigorous collection of personal data 

 

The absence of linguistic equivalents notwithstanding, there is no denying the fact that the agencies of the State and the private sector are industriously collecting a variety of data about individuals without adequate regulatory measures to rein them in. While the pretext of the State is to collect data for the purpose of policymaking through census and sample surveys, that of the private sector is to know the individual better in order to sell a product or service better.

 

The computer revolution has phenomenally increased the capability of these agencies to collect, process and use personal data about individuals in a manner never before imagined as a possibility. With the mobile revolution engulfing even remote rural areas, the private sector has acquired the necessary resources and technology to make the mobile phone in your pocket sing for the purpose of direct marketing.

 

The State agencies are investing huge sums of public money to collect biometric and other personal data under the pretext of giving everybody a unique identity card and creating a national population register. As citizens whose rights are at stake we need to ask the question what guides the making of a law on privacy in India today. In other words what is motivation for creating the legal architecture on privacy in India?

 

Why law on privacy?

 

David Banisar and Simon Davies – renowned research scholars on privacy and data protection laws have identified three major reasons why countries adopt laws to protect privacy. Past experience of injustices caused by violations under authoritarian regimes are a major reason why countries in Central Europe, South America and Africa have drawn up laws to protect privacy and personal data. Some countries in Asia and northern America do so to protect the interests of consumers in electronic commerce while others in Europe do so because of the compulsion to provide such protection under the pan-European treaties and conventions. What, then, is the motivation in India?

 

What was difficult to ignore was the exception to the data protection regime sought to be created for ‘legitimate needs’ such as ‘national security’. It is clear that the interests of the consumerist class, the market economy and the need for the State to tighten its grip on citizens in the name of fighting terrorism are driving this law-making exercise.

 

The concerns of lakhs of Indians who lack privacy because they cannot afford a roof over their heads, who deliver babies in the open because they cannot afford the trip to a health care facility, who relieve themselves under the open skies or next to railway tracks because they do not have access to sanitation facilities must also inform this debate on privacy. But amplifying their voices so as to echo against the corridors of policymaking in North Block has always been a major challenge.

 

Historically speaking, the adoption of laws to protect privacy and personal data have either preceded or proceeded hand in hand with the adoption of pro-transparency laws. For example in the UK, the Data Protection Act was adopted five years before the regime of access to government-held information was fully operationalised. Canada adopted its privacy and access to information laws in the 1983. In New Zealand a common authority, namely, the Ombudsman adjudicates over both information access and privacy violation-related disputes.

 

In India there is an urgent need to ensure that the regime of transparency established by the Right to Information Act (RTI Act) is not rolled back in the name of protecting privacy and personal data. The benchmarks for protecting personal data adopted in advanced democracies may not be ideally suited to the Indian ethos.

 

Before readers dub me as a cultural relativist, let me explain my position. Sensitive personal data that cannot be disclosed without the consent of the individual in these countries includes information such as racial or ethnic origin, political opinions, religious or other beliefs, membership of associations and trade unions, physical and mental health, sexual life, commission or alleged commission of an offence and legal proceedings related to commission of offence including sentence handed down in such cases.

 

In a majority of cases our names are clear indicators of religion, caste and linguistic identity. Protecting such information does not serve much purpose. In the celebrated R Rajagopal v State of Tamil Nadu the Supreme Court has held that the protection of privacy does not extend to information about a person contained in public records including those related to investigation of crimes. The only exception to this rule is in need for protecting the name and identity of victims of sexual offences. The proposed privacy law must not dilute these standards or seek to hide what is already obvious.

 

Again, in several countries ethnic and educational records of individuals are protected under privacy laws. Because of the big problem of fake degrees and caste certificates being used to corner jobs in the public and private sector, there is an overbearing public interest in making such information transparent. Personal tax records and information about bank transactions are guarded with utmost secrecy in advanced democracies.

 

Similar protection is provided in India under the RTI Act. Given the serious problems of tax evasion and loan defaulting which themselves impact on the availability and use of public funds, there is little justification in amplifying the protection for such information. If anything, all information about defaulters must be mandatorily available in the public domain. Privacy cannot be an excuse for escaping public scrutiny over the non-performance of one’s duties and obligations.

 

In an interesting case where loan defaulters challenged the action of the State Bank of India of publishing their photographs through the print media the Madras High Court debated their claim of the right to privacy and rejected it saying that under the circumstances of the case that right faded out in front of the citizens’ right to information (Mr. K J Doraiswamy vs The SBI Erode Branch and Othrs. (2006)4 MLJ 1877).

 

Similarly in the celebrated Supreme Court judges’ assets case, the Delhi High Court held that personal information related to the performance of the public duties by public officials does not receive the same level of protection as that of private individuals who do not perform such duties (The CPIO, Supreme Court of India vs Subhash Chandra Agarwal, WP(C) 288/2009).

 

The RTI Act requires the monthly salary and the entire compensation package given to public officials to be proactively disclosed to people through websites. The law on privacy should not become an excuse for rolling back this important gain at a time when corruption has become endemic in the bureaucracy. If anything, there is a need for adopting a special law requiring all public servants, including members of the judiciary, to publicly disclose their assets and liabilities.

 

The first round of consultation held by the Central Government signals its willingness to listen– a rarity in itself but laudable nevertheless. However that meeting was dominated by bureaucrats and several voiced the demand to amend the RTI Act to widen its list of exemptions to disclosure. Privacy protection cannot be traded off against transparency which is yet to be firmly institutionalised under the RTI Act. Civil society needs to engage with the Government more vigorously to ensure that the proposed data protection regime supports greater transparency and accountability in the public and private spheres. Nothing less will be acceptable.

 

 (The author is with the Commonwealth Human Rights Initiative, New Delhi)