The term 'Privacy' is derived from the Latin word 'Privatus' which means separated from the rest. Though it is a variable concept and varies with cultural or social context, but actually it means, the right to be left alone. The need for Privacy is to create a balance between individual and social interests, which is equally applicable to past, present and future society. In this sense, the necessity of Privacy was found in the dawn of human civilization. Also, the growth and expansion of Privacy varied according to the variation in different stages of human civilization.

Hence, the description of origin and history of Right to Privacy should proceed from the ancient period to the modern period. In fact, the idea of Privacy was originated in the animal society and gradually it has been incorporated into the human society. The world is witnessing rapid growth in technology, with the internet becoming a ubiquitous presence and breaking down geographical boundaries in terms of the flow of information Data has become an important part of our daily lives, with almost every aspect of modern life connected to some form of data.

Whether it's social media, banking, or retail, our daily routines are intricately linked to the data. This increased interconnectedness brings with it a number of new and complex challenges in terms of privacy and data protection, making it crucial to ensure that individuals have control over their personal data. India, as one of the largest growing economies, is at the forefront of this digital transformation with various sectors being digitized and the launch of the digital India program.

In response to the growing concern over the protection of personal data and individual privacy rights, the Indian government has introduced a number of legislations. The bill's preamble aims to provide a legislative outlook for protecting personal data and individual rights in India's rapidly growing digital landscape.

Introduction:
Privacy is a state of affairs where information regarding individual's life and conditions that are private in nature is beyond the reach and knowledge of others. In the current technological milieu where one can access the personal details and information regarding individual's diverse affairs, all what privacy means is that people want to have a control over what information needs to be there in the public domain. Privacy ordains that the individual is at liberty to avoid unsanctioned intrusions in his life and personal affairs and pre-supposes that the individual will have unqualified control over the information pertaining to him. Privacy is an interest of the human personality. It protects the inviolate personality, the individual's independence, dignity and integrity1.

The reason behind protecting one's privacy are varied. Some people want to maintain anonymity, some others want to conceal facts about themselves that are embarrassing, discreditable or which may put them under some risk to their life and property, whereas a few may like to have peace and solitude. Thus, one can safely argue that basically there are three elements in privacy: secrecy, anonymity and solitude. It is a state which can be lost, whether through the choice of the person in that state or through the action of another person.2

The Discourse on privacy interests and the corresponding legal rights have seen drastic changes from one technological era to another. Privacy intrusions, in the old legal order, when there was no telecom, communication and computational technologies available were primarily treated as trespassing, assault, or eavesdropping. Privacy in those days had not attained the intensity and magnitude as it has achieved in today's modern world where we have telephone wiretaps and microphones for overhearing, digital photography and spycams for undercover and intelligence operations, computers, mass storage devices and database software for storing, collating and circulating personal and financial information.

With these inventions no one can be rest assured that his personal information shall remain within the confines of his home or personal archives. New technologies have made it possible to clandestinely transmit and broadcast information pertaining to individual without his knowledge. Organized collection, collation and storage of an individual's private and personal information on databases, has made it possible to invade people's privacy.

The data storage and surveillance potential of computer systems has given a new direction to the discourse on privacy rights. The question could no longer be whether the information could be obtained, but rather whether it should be obtained and, where it has been obtained, how it should be used. Technological inventions such as data matching, profiling, data mining, smart cards, cookies and spam have created an increased threat to the privacy of persons.

History and Background of Law of Privacy:
Fundamental rights are basic rights inherent in human being and such rights should be entrusted to every citizen of the country along with proper remedial mechanisms. "Right to privacy" has travelled a prolonged journey for the obtainment of status of fundamental right under Indian constitution and how this privacy right attained the status of fundamental right then elucidation of certain prominent case laws is mandatory for substantiating the discussion and for providing a clear and unambiguous idea about right to privacy. Right to privacy was derived from "protection of life and personal liberty"

enshrined under article 21 of the Indian constitution and the discussion on case laws is essential for better understanding of this utmost significant right in the present scenario. In 1859, John Stuart in his essay "On Liberty" gave expression to the need to preserve a zone within which the liberty of the citizen would be free from the authority of the state.

In late 1890, Samuel D Warren and Louis Brandeis stipulated the need for the right to enjoy life which included the 'right to be alone'. The right "to be let alone" thus represented a manifestation of "an inviolate personality", a core of freedom and liberty from which the human being had to be free from intrusion. It justified the need of being left alone with the early developments in technology, photography, and newspaperization.3

The primary protection is provided under the Constitution of India under article 19, article 21 and article 25. Privacy as a right for the first time came under the judicial lens in M.P. Sharma v. Satish Chandra4, wherein the provision of search and seizure as provided under the Criminal Procedural Code, 1973 was challenged as fundamental rights of the petitioner under article 19 (1) (f) and article 20 (3)5.

The court held that search and seizure does not infringe constitutional rights. The court further observed that, "if the Constituent Assembly thought it fit not to recognise fundamental right to Privacy, analogous to 4th Amendment of US Constitution, then we have no justification to import it". In the case Kharak Singh vs State of Uttar Pradesh6 where the appellant was being harassed by police under regulation 236(b) of the UP regulation, which permits for domiciliary, visits at night.

The supreme court held that the regulation 236 is unconstitutional and violative of article 21. The court concluded by saying that article 21 of the constitution to include "right to privacy" as a part of right to "protection of life and personal liberty". Justice Subba Rao equated personal liberty with privacy and he observed that concept of liberty in article 21 was comprehensive enough to include privacy and that a person's house, where he lives with his family is his castle and that nothing is more deleterious to a man's physical happiness and health than a calculated interference with his right to privacy.

This was also re-strengthened by Maneka Gandhi v. Union of India (1970),7 in which court ruled that enumeration in Article 19 does not deprive Article 21 of its expansive ambit. While analyzing the discordant view in the ADM Jabalpur case, the court held that the constitution is not the sole repository of life and liberty. Even if the rights were not granted under Article 21, the state would not be permitted to suspend such rights. For example, as under the 44th Amendment, Article 359, even in an emergency, the power to move to the court for enforcement of rights shall not be suspend such rights. For example, as under the 44th Amendment, Article 359, even in an emergency, the power to move to the court for enforcement of rights shall not be suspended for Article 20 and 21.

Later, three judgments saw and acknowledged privacy as a constitutionally protected fundamental right, namely, Gobind v. State of Madhya Pradesh8, PUCL v. Union of India (telephone tapping case)9 and R. Rajagopal v. State of Tamil Nadu (1994)10 (Court dealt with a conflict between the freedom of the press and the right to privacy). However, all three judgments were of smaller benches and left the stakeholders in dilemma.

However, all three judgments were of smaller benches and left the stakeholders in dilemma with regards to the interpretation of Privacy under Article 21 of the constitution of India or not. In Rajagopal Case (1994)11 the court held that the right to privacy has two aspects: the first affords an action in tort in damages for the unlawful invasion of privacy, and the second is a constitutional right.

Concept of Privacy:
The concept of 'Privacy' has been a matter of debate, discussions and deliberations since its inception. However, the recent Judgement delivered by the Supreme Court in the case of Justice K.S. Puttaswamy (Retd) v. Union of India12 has gained more prominence to the concept of Privacy in India as it dealt with the issues related to aadhaar database. The aadhaar is a database containing intrinsic details of the citizens including their bio-metric information.13 This creates a provision for privacy related to the person's information i.e., informational privacy.

It was argued that the compulsory requirement of aadhaar for access to social welfare schemes violates the right to privacy of an individual. As Aadhaar includes bio-metric information and it is connected with bank accounts, permanent account number (PAN) etc., there is every possible chance that the information collected and connected through Aadhaar may get misused and will eventually hamper the framework of interest associated with privacy of citizens.

Privacy is a subjective concept which varies from person to person. It originates from the term "Privatus" which means separated from the rest of the world. Steven Lukes, in his article on 'The Meanings of "Individualism" explains that the concept of Privacy is evolved and developed through the perception of "Individualism".14 Individualism is a moral stance, political philosophy, ideology or social outlook that stresses "the moral worth of the individual".

The theory of individualism reflects that an individual is an independent entity because the creator has granted life to him/ her and thereby an individual can avail all the freedom including privacy. According to John Locke, privacy is intrinsic to the notion of freedom. As per Locke's views, "a person who operated within the confine of a social contract,

but is free within the confines of those contracts" and only in the state of war he can give this freedom. Privacy allows every individual to be left alone in a core which is sacrosanct. As discussed by Charles Warren and Louis D. Brandeis in the famous article, "The Right to Privacy", "Once a civilization has made a distinction between the 'outer' and the 'inner' man, between the life of the soul and the life of the body, between the spiritual and the material, between the sacred and the profane, between the realm of God and the realm of Caisar, between Church and state, between rights inherent and inalienable and rights that are in the power of government to give and take away, between public and private, between society and solitude, it becomes impossible to avoid the idea of privacy by whatever name it may be called- the idea of a private space in which man may become and remain himself".15

Kinds of Privacy:

1. Informational Privacy:
   Informational privacy is an emerging phenomenon. With the advent of technology and internet, new dimensions are being added to the traditional notion of right to privacy like informational privacy or data privacy. Technology allows an individual to generate both personal and non-personal information about him in the cyberspace knowingly or unknowingly. According to IITF Principle of the Unites States, Information privacy is "an individual's claim to control the terms under which personal information i.e., information identifiable to the individual is acquired, disclosed, and used".16
   
   The informational privacy does have the essence of privacy law which lies in the claim of an individual to control disclosures, use, or access to information pertaining to that person. Informational privacy or data privacy is the relationship between accumulation and dissemination of data, technology, legal and political issues surrounding them.
   
   It covers information that links individual specifically with particular events, background facts, or other information. The Informational privacy rights depend on whether the subject matter consists of "personal information" or non-personal information because every sort of non personal information will not be able to claim right to privacy. Initially let's evaluate the term personal information and then the non-personal information17.
   
   Under the regime of privacy rights, every individual wants to keep his or her personal affairs to himself, but in the electronic transactions, variety of individual's information are collected and stored, which can easily make others to identify that individual. Technology enhances productivity and provides opportunities, livelihood, recognition and social growth. It can be said that an individual's autonomy in the information society can be recognised as an "informational self-determination"18.
    
2. Personal Information:
   Here "Personal" does not mean especially sensitive. Rather, it describes a relationship between the information and a person, namely that the information whether sensitive or trivial is somehow identifiable to an individual.
   
   Personal information can include:
   
   1. any information which creates an ownership relation to the individual,
   2. any descriptive relation to the individual and
   3. any instrumental mapping relation to the individual.
   An individual owns his personal information which as per his/her interest he/she offers and describe to the society as a medium of identification. This information may include the individual's biometric state, such as sex, height, weight, blood type, fingerprint, retina pattern, DNA, or state of health. It may relate to biographical facts, such as birth date, marital status, sexual orientation, immigration status, criminal history, or educational degrees and also identify social connections, such as membership in religious and political organizations. The descriptive information includes records which are more discrete wherein transient actions are taken by an individual. For example, it contains information related to data footprints of individual visiting a particular store online at a particular time to purchase a particular item. Such information is regularly collected by undercover surveillance through cyberspace19
    
3. Medical Privacy:
   The patient's anonymity regarding his/her treatment is critical and must be protected. Individuals have the right to privacy and confidentiality about their personal and medical information. Such sensitive and secret information about an individual should only be shared between him and his doctor, physician, healthcare provider, or health insurance organization. The patient's medical information provided to a health care practitioner will not be disclosed to outsiders unless the patient grants his agreement to do so. The confidentiality of a patient should be protected because the disclosure of personal information or records may cause personal or professional problems, whereas patients rely on doctors to keep their medical information private. Though it is extremely rare to keep medical records or information fully private, a common violation of confidentiality happens when doctors divulge medical information to others and use it as one of their case studies. If this material is published in professional publications, the patient's identity is never revealed, and if it appears in any manner, the patient has the right to sue.20
    
4. Internet Privacy:
   Internet privacy refers to the control over personal information on the Internet, including who can access it and how it is used. Many websites collect, store, and potentially exchange personally identifying information about visitors, which may raise concerns.
   
   Internet email users value their privacy and would be concerned if third parties accessed, read, saved, or forwarded their emails without their authorization. Encryption and anonymizing services, such as I2P and Tor, are used to preserve online privacy.21
    
5. Financial Privacy:
   Protecting personal financial information is crucial for preventing fraud and identity theft. Purchase information can expose a person's interests, travel history, contacts, medicine use, and habits. Financial privacy extends to personal bank accounts. Sharing information on an individual's bank account, even if it is in a non-sharing country, can aid in combating tax evasion22

Issues and concerns:

1. Violation of confidentiality and privacy: The terms violation of confidentiality and privacy are described under the IT Act. Section 66-E23 very eloquently explains violation of privacy as 'whoever, intentionally or knowingly captures, publishes or transmits the image of a private area of any person without his or her consent, under circumstances violating the privacy of that person.' Section 66-E explanation (e) has also explained violation of privacy as 'circumstances in which a person can have a reasonable expectation that—
   1. he or she could disrobe in privacy, without being concerned that an image of his private area was being captured; or
   2. any part of his or her private area would not be visible to the public, regardless of whether that person is in a public or private place.'
   Section 72 provides for penalty for breach of confidentiality and privacy as meaning 'any person securing access to any electronic record, book, register, correspondence, information, document or other material without the consent of the person concerned discloses such electronic record book, register, correspondence, information, document or other material to any other person.'
    
2. Absence of right to be deleted: Considering the potential of social media and the World Wide Web, Justice Kaul identifies the need for "right to be forgotten." He was of the view that, "the right to be forgotten refers to the ability of individuals to limit, de-link, delete, or correct the disclosure of personal information on the internet that is misleading, embarrassing, irrelevant, or anachronistic." Due to the right to privacy, an individual must have control over his personal information, which means if he wishes to delete his information, then it must get erased from cyberspace. However, the data protection laws across the world support the right to be forgotten but not the right to be deleted. Forgotten means that the data will be there in cyberspace; the only thing is it will appear at the end of search pages, whereas the right to be deleted gives control to the owner of information to delete it permanently from cyberspace.
    
3. Telephone tapping: Right to privacy is affected by new technologies. Right to privacy relating to a person's correspondence has become a debating issue due to technological developments. There have been cases of intercepting mails and telephonic communication of political opponents as well as job seekers. Section 5(2) of the Indian Post Office Act and section 26(1) of the Indian Telegraph Act empower the central and state governments to intercept telegraphic and postal communications on the occurrence of a public emergency in the interest of public safety.
    
4. No control over information: The RTI query on UIDAI revealed that the terms of the contract of UIDAI with US-Based biometric service providers like L-1 Identity Solutions Operating Company Private Ltd, Morpho, and Accenture Services Private Ltd used the Aadhar data. This is apparent from contract clauses 15.1, on 'Data and Hardware', as well as clause 3, which authorizes the collection, use, transfer, storage, and processing of data. The burning question here is, 'Do individuals have control over the manner in which information pertaining to them is accessed and processed by others?' Therefore, the Supreme Court has opened the opportunity for citizens to appeal against the government under certain established principles concerning these constitutional rights which can protect informational privacy.

Legal Introspection in India:

1. The Indian Telegraph Act, 1885
   Early reference of protection of information can be traced way back in 1885 under the Indian Telegraph Act, 1885 wherein under section 5 (1) temporary possession of the message by the authority is permitted and under section 5 (2) the interception of messages by the authority is permitted only in case of any public emergency or in the interest of public safety. Thereby, state will interfere with information communicated in the form of message only in case of any public emergency or in the interest of public safety and in any other case the state cannot interfere, which is nothing but the protection of right to privacy over the message. Further section 24 provides for the consequences of attempting to learn the contents of messages unlawfully. Any unlawful access to message is a punishable offence, therefore the privacy in message was protected under this act.
    
2. The Information Technology Act, 2000
   To counter the challenge of data privacy, another significant reference can be taken from the Information Technology Act, 2000. An amendment was made in the IT Act in 2008 by adding section 43A and section 72A for dealing with sensitive personal data. Section 43A creates a private right of action in civil law by which any person can sue a body corporate for negligent handling of its sensitive personal data or information.
   • Body corporate possessing, dealing, or handling, any SPD or information in a computer resource.
   • The body corporate has a duty to implement and maintain reasonable security practices.
   • Causing wrongful gain or wrongful loss to any person.
   • The body corporate shall be liable to pay compensation.
      
3. The Aadhaar Act, 2016
   The Government of India through The Aadhaar (Targeted Delivery of Financial and Other Subsidies, Benefits and Services) Act, 2016 has recently mandated the use of the biometric database known as aadhar card to deliver targeted subsidies, benefits and services. The biometric information of every individual is unique and this uniqueness makes the individual "only one in the world". Thus, the biometric information is extremely sensitive and personal in nature and attracts the right to privacy which needs to be protected. Section 28 of the act provides that the UIDAI shall ensure the security of identity information and authentication records of individuals. Section 29 prohibits the sharing of core biometric information collected or created under the Aadhaar Act, with anyone for any reason; or be used for any purpose other than generation of Aadhaar numbers and authentication under the Aadhaar Act. Also, under the Aadhaar Regulations, 2016 sharing of core biometric information by the authority is prohibited.
    
4. Personal Data Protection Bill, 2019
   The Indian government introduced a Bill on December 11, 2019, aimed at drafting a data protection regime to address current issues and potential statutory protection. The Bill entrusts data intermediaries with the responsibility to execute security measures and inform individuals about data breaches. It also establishes data protection officers and a Data Protection Public Authority (DPPA) to address grievances and take action against data collectors or processors. The Bill also requires affirmative consent for processing sensitive or personal information. Although the Bill is yet to be enacted, it is considered a significant step towards data protection and could be considered effective legislation if it becomes an Act in the future.

Conclusion:
The concept of privacy has evolved significantly in the digital age. While traditional concerns about physical privacy remain, the vast amount of personal information collected and stored electronically poses new challenges. This article explored the concept of privacy, its legal framework in India, and the threats posed by technological advancements.

The Supreme Court of India recognized privacy as a fundamental right under Article 21 of the Constitution. This right encompasses informational privacy, protecting individuals from the unauthorized collection, use, or disclosure of their personal data. With the rise of the internet and digital technologies, the concept of privacy extends to the control individuals have over their personal information. The Indian legal system provides some protection for informational privacy through the Information Technology Act (2000) and the Aadhaar Act (2016).

However, concerns remain regarding the "right to be forgotten" and the potential for government surveillance. Strengthening data protection laws and regulations is crucial to ensure responsible handling of personal information by businesses and the government. Technological solutions like encryption and anonymization can help individuals maintain control over their data. Public awareness about privacy rights and responsible data sharing practices is essential.

Reference:
Books:

• Gaurav Goyal, Ravinder Kumar, The Right to Privacy in India: Concept and Evolution, Oxford University Press, published on 2016
• Dr. Ankita Yadav, Privacy and Data Protection: Special Reference to India

Articles:

• Warren, Samuel D., and Louis D. Brandeis. "The Right to Privacy." Harvard Law Review 4 (1890): 193-203.
• Puttaswamy (Retd.), K.S. v. Union of India. [2017] 10 SCC 1.

Websites:

• https://en.wikipedia.org/wiki/Information_privacy#cite_note-1
• https://www.dailypioneer.com/2017/columnists/aadhaar-data-security-and-breach-of-privacy.html
• https://cis-india.org/internet-governance/blog/aadhaar-act-and-its-non-compliance-with-data-protection-law-in-India

End Notes:

1. "Privacy as an Aspect of Human Dignity". New York University Law Review 39 (1964)
2. "Privacy and the Limits of Law". Yale Law Journal 89 (1980)
3. Warren and Brandeis, "The Right to Privacy", Harvard Law Review, Vol.4, No. 5, (1890)
4. M.P. Sharma v. Satish Chandra, (1954) SCR 1077
5. The Indian Constitution
6. (1954) SCR 1077
7. 1 SCC 248
8. (1975 2 SCC 14)
9. (1975 2 SCC 14)
10. AIR 1997 SC 568
11. SCC (6) 632
12. AIR 2018 SC (SUPP) 1841
13. R.Venkata Rao, Subha Rao (eds), "A Public Disclosure on Privacy – An Analysis of Justice K.S. Puttaswamy v. UOI"
14. Steven Lukes, "The Meanings of Individualism" 32 (1) JHI, 45-66(1971)
15. Samuel Warren, Louis Brandies, "The Right to Privacy" 4 HLR 193 (1890)
16. Principles for Providing and Using Personal Information ("IITF Principles") issued by the Clinton administration's Information Infrastructure Task.
17. "Information Privacy", available at: https://en.wikipedia.org/wiki/Information_privacy#cite_note-1
18. http://docs.manupatra.in/newsline/articles/Upload/46D5708A-2C89-424B-91A2-1144BCD95C4D.pdf
19. Jerry Kang, "Information Privacy in Cyberspace Transactions" 50(4) Stanford Law Review 1193-1294 (1998)
20. https://code-medical-ethics.ama-assn.org/ethics-opinions/privacy-health-care
21. https://www.techopedia.com/definition/24954/internet-privacy
22. https://store.lexisnexis.com/products/the-law-of-financial-privacy
23. Information Technology Act, 2000
24. Government of India, Report: Committee on A Free and Fair Digital Economy Protecting Privacy, Empowering Indians (Union Ministry of Electronics & Information Technology, 2017)
25. Data Security and Breach of Privacy, 2017, available at: https://www.dailypioneer.com/2017/columnists/aadhaar-data-security-and-breach-of-privacy.html
26. The Indian Telegraph Act, 1885. S. 5. Power for Government to take possession of licensed telegraphs and to order interception of messages.
27. https://en.wikipedia.org/wiki/Information_Technology_Act,_2000
28. https://cis-india.org/internet-governance/blog/aadhaar-act-and-its-non-compliance-with-data-protection-law-in-india
29. https://prsindia.org/billtrack/the-personal-data-protection-bill-2019 last visit on 03/09/2024