Data Privacy is a very critical & sensitive subject as it relates to the privacy of an individual since it includes an individual’s details. Data has always been an important source of information as it gives you factual information, be it of a person, object, or anything else. In present times, data is like a priceless commodity as no matter what you do be it purchasing something from a supermarket, using mobile applications, using internet-based services like social media, etc. you have to share some of your personal information. Individual data is a private aspect of an individual & it shall only be collected with the consent of an individual, however, in today’s times, you are somewhat forced to share some of your data to use a service or mobile & internet-based applications which is stored with that particular agency or authority.
Similarly, government agencies also collect an individual’s personal information in various ways. Like in India the government collects data primarily while issuing ID cards like Voter ID, Driving License, PAN, Aadhaar or during the population census & various citizen welfare schemes, etc. This also brings in an additional responsibility for the government of securely collecting such data & also to keep such database securely& making other organisations work in the same manner as far as data privacy is concerned. This added responsibility brings to light a very important question as to for what all purposes can the government agencies collect an individual’s data, to what extent & on which grounds. That’s when the doctrine of constitutional morality comes in the picture as it is a tool which ensures that the government prepares policies in line with the constitutional spirit by considering all such aspects & to resolve the issues amicably if there are any.
Data privacy is basically how data i.e. the information should be handled. It is the right of a person to have control over how his personal information is collected and used. The concept of data privacy applies to personal information of an individual as well as business-related information& government data. For an individual, it comprises of personally identifiable information (PII) and personal health information (PHI) which includes your basic details like full names, addresses and birthdates as well as critical information like Social Security numbers, health and medical records, financial data, including bank account and credit card numbers. Similarly, for business groups & firms, apart from the personal information of employees & customers/clients, it also includes the operational & financial information of a company. Likewise, for a government, it includes the details of its citizens, government servants, secret intelligence information & operational information. The list of details that come under data privacy for an individual, company or governments is not exhaustive & may include more such information. Data privacy is of utmost importance in today’s fast-growing digital world as more & more of our data is getting digitized. Subsequently, there is a lot at stake for an individual as well as businesses & hence, data protection is a must ensure the privacy of data. Data protection is an important aspect of data privacy as, without data protection, data privacy cannot be achieved.
Constitutional morality basically means adherence to the fundamental principles of a constitutional democracy. Constitutional morality ensures that the governance is based on the principles desired through the constitution. It is based on the expectation that the text of the constitution is followed in a way which ensures the real purpose of the Constitutioni.e. the soul of the constitution shall be meted& not just the literal interpretation of provisions is to be done.Constitutional morality aims at making the governing institutions and representatives accountable while specifying the norms for institutions to survive. Moreover, Constitutional Morality is not just limited to the constitutional provisions& is vast enough to ensure the ultimate aim of the Constitution i.e. to secure the best interests of the citizens for whom and by whom the Constitution exists & as well as of the country.
Constitutional Morality is a sentiment which needs to be cultivated in the minds of the citizens & simultaneously promoted by a judiciary which is impartial & independent. Judiciary & responsible citizenry is very important to ensure that the morality envisaged in the constitution is meaningful as otherwise the ultimate aim of the welfare of the citizens can be compromised. Judicial diligence& integrity is very much important as its absence has bad implications for Constitutional Morality& the fruits of such morality cannot be enjoyed by the people as their grievances would not be adequately redressed.
Constitutional Morality in India
In Indian context, Constitutional morality is not a new concept as it is imbibed in the constitution from its inception through the Preamble to the constitution & other provisions like Fundamental Rights &Directive Principle of State Policy and later on Fundamental duties were added in furtherance of the same. It has been regarded as a paramount reverence for the constitution. In words of Dr.B.R. Ambedkar, “Constitutional morality would mean an effective coordination between conflicting interests of different people and the administrative cooperation to resolve the issues amicably without any confrontation amongst the various groups working for the realization of their ends at any cost.”
In India, Constitutional morality is based on values like individual autonomy and liberty, equality without discrimination, recognition of identity with dignity, the right to privacy, etc.
The Indian judiciary is the custodian of Indian constitution & is entrusted with the responsibility of delivering justice to the sovereign mandate. Moreover, Constitutional morality and judicial values are both inextricably entangled by our Indian constitution which helps in ensuringthe achievement of constitutional goals.
In the Naz Foundation case,[i] it was observed that “only Constitutional Morality and not Public Morality should prevail.”
In Lt Governor of Delhi case[ii] the honourable judges highlighted the importance of constitutional morality & the need to preserve the trust of people in the institution of democracy.
In the Sabarimala case,[iii] Constitutional morality was up against social morality as there was discrimination against women based on biological reasons like menstruation & rightly the Supreme Court declared the practice of banning entry of women of a certain age to the Sabarimala temple in Kerala as unconstitutional.
Constitutional morality is superior to all other forms of morality & this fact has been highlighted by the judges of the apex court in the aforementioned cases.
Data Privacy in India
Starting from the late 1990s, India witnessed a gradual growth in the IT sector & the telecom revolution led to a rapid rise in the digital services.Subsequently, the growing digital services & platforms has increased interconnectivity & simultaneously increased the reach of the government for implementation of social welfare schemes by helping with direct cash transfers or other such policies. The increased usage has meant that more & more data is getting digitalized which needs proper protection & safeguards.
The Government of India has also used such services for social-welfare schemes & the most recent example is Aadhaar, which is a unique identification number issued by the government of India for the citizens. The government collects the biometrics including the iris scan of the citizens along with other personal details such as name, gender, father’s name, etc. for issuing the same. However, in the absence of any express legislation governing data privacy in India, the growing ubiquity of Aadhaar is precarious as Aadhaar was being used by private firms forpurposes other than social-welfare delivery& additionally, the storage of Aadhaar-related customer information is also a concern.
At present, India does not have any express legislation governing data protection or privacy but there are laws which partly deal with data protection which are as follows:
The Information Technology Act, 2000
- The IT Act, 2000 deals with cases of wrongful disclosure and misuse of personal data and violation of contractual terms in respect of personal data. It provides for compensation and punishment depending on the nature of the case i.e. civil or criminal.
- By an amendment in 2008, section 43A was added to this act which provides for compensation in cases of failure to protect data by a body corporate who is possessing, dealing, or handling any sensitive personal data or information.
- In the same amendment Section 72A was also added which Act provides for penalty for breach of confidentiality and privacy related to any electronic record, book, register, correspondence, information, document, or other material without the consent of the person concerned.
Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011
The rules were notified by the central government & deal with protection of “Sensitive personal data or information of a person”, which includes the following information:
- Biometrics& related information
- Medical Records & related history
- Financial information such as bank account details or credit & debit card details or other payment instrument details
- Mental Health condition &Sexual orientation
These rules provide for the reasonable security practices and procedures which are to be followed by the respective body corporates or persons who collect, receive, possess, store, deal, or handle such “Personal sensitive data or information”. In case of any breach, they may be held liable to pay damages to the person so affected.
The Personal Data Protection Bill
The Personal Data Protection Bill has first introduced in the parliament in the year 2006 & then again after several amendments in 2014. However, it never culminated into the passing of an act. This critical aspect of data privacy cropped up again after the verdict in the Justice K.S. Puttaswamy case(the Aadhaar case),[iv]wherein the right to privacy was held to be an intrinsic part of the fundamental right to life and personal liberty under Article 21 & ‘informational privacy’ was observed to be an important aspect of the right to privacy that can be claimed against state and non-state actors, but subject to certain restrictions. Subsequently, a committee chaired by Retired Supreme Court Justice B.N. Srikrishna was constituted by the Indian government in August 2017 to design and draft data protection laws for India. The committee released a draft bill titled ‘The Personal Data Protection Bill, 2018” after a year of deliberations and public consultations.
The Personal Data Protection Bill,2019 was introduced in the parliament in December 2019 which aims at providing for protection of Personal Data privacy and to establish a Data Protection Authority of India for the said purposes and to deal with the matters concerning the personal data of an individual that has been collected, disclosed, shared or otherwise processed within the territory of India by the government, any Indian Company, any citizen of India or any person or body of persons incorporated in India, andForeign companies dealing with personal data of individuals in India.This bill also prescribes the manner in which personal data is to be handled be it related to its collection, processing, use, disclosure, storage, and transfer. Moreover, this bill also provides for punishment such as penalty payment or imprisonment in respective cases of non-compliance like violation of provisions, failure to fulfil obligations & re-identification & processing of de-identified data without consent, etc.
The latest bill is a step in the right direction & just like other such laws it is subject to reasonable restrictions &significantly strengthens the state’s role in the data economy, dilutes property rights in data, and increases state power to surveillance in the name of national security & other legal proceedings without creating adequate checks and balances. Even the judgement in the Puttaswamy case had mention of the term reasonable restrictions. This has to be kept in check by upholding the intrinsic principles of morality which are there in the constitution.
Role of Judiciary in the privacy of Data
As discussed earlier, the judiciary has time & again highlighted the importance of constitutional morality. When it comes to data privacy, in the absence of an express law dealing with data privacy, the judiciary’s role becomes very much important & even after the passing of such a law the judiciary will have to ensure that the morality inherent in the constitution is not compromised at any point of time. The judiciary has been performing its duty diligently as is evident from its judgement in the Aadhaar case. Recently, In Balu Gopalakrishnan and ors vs. the State of Kerala and ors (The Sprinklr Case),[v]The Kerala High Court directed the Kerala Government to ensure confidentiality of data related to COVID patients as well as vulnerable &susceptible persons which were being collected in order to control the spread of the pandemic across the state. The Hon’ble High Court issued directions to both the state government & Sprinklr in order to prevent commercial exploitation of data in the custody of Sprinklr.
Data in the wrong hands may lead to undesirable outcomes & many-a-times unfortunate things can happen. Moreover, a data breach puts ups this risk asinformationgoes in the hands of unknown people who may use it for their benefit as per their own whims & fancies.
It can be concluded that data privacy is a critical subject in today’s fast growing world as it ensures autonomy. This aspect of privacy needs to be safeguarded at all costs as digitization has increased its scope manifold. In India, there is no express law dealing with data privacy & the legislature has tried to address this subject with the Personal Data Protection Bill which provides for a preventive framework focussed on increasing compliance by the organisations handling data in any capacity however, it allows for unlimited state intervention in the name of national security. A precise policy framework needs to be designed considering all the aspects including keeping a check on state intervention as even that amounts to breach of data privacy & limits need to be defined since unlimited intervention even in the name of national security is cannot be justified as itgoes against constitutional morality.
Frequently Asked Questions (FAQs)
- What is Data?
- What is Data Privacy?
- What is Constitutional Morality?
- Does India have any express legislation dealing with Data Privacy?
- Which bill is aimed at dealing with the issue of Data Protection in India?
[i]Naz Foundation vs Government of NCT of Delhi And Others, WP(C) No.7455/2001
[ii]Govt. Of NCT Of Delhi vs Union of India, CIVIL APPEAL NO. 2357 OF 2017
[iii]Indian Young Lawyers’ Association v. State of Kerala, WP (C) 373/2006
[iv] Justice K.S. Puttaswamy (Retd.) v. Union of India & Ors. 2017 (10) SCALE 1
[v] W.P.(C). Temp. NO.84 OF 2020
- The Constitution of India
- The Information Technology Act, 2000