Humans are considered to be autonomous beings with a natural need to have control and confidentiality in certain aspects of their lives. This inherent and inalienable need for privacy in human behavior is now recognized as a fundamental human right. Each person’s privacy is an intrinsic part of their life and liberty and therefore required to be protected. The necessity of this right to privacy has been recognized by scholars and judges from time to time and now it holds an irreplaceable position in the modern life.

Even in India, the right to privacy is not explicit in the Constitution of the country, but was brought under the purview of fundamental rights by the instrument of judicial interpretation. The intensity and complexity of the advancing civilization have made man more sensitive to publicity, making solitude and privacy more essential for an individual. But with the evolution of society, the modern enterprises have unearthed many objects which lead to invasion of privacy.

The present time is an era of information technology. With the evolution of the internet and its extension in accessibility, a new world with better communication, faster information sharing and more transparency has come into being. But everything has its own pros and cons. With the rapid technological advancement, there is also an increase in its misuse, which is largely inevitable and is further added on by the expanding use of the internet for exchange of sensitive, private and commercial information.

Privacy cannot always be absolute and comes with certain limitations. Several laws have been made by the concerned state authorities to protect the privacy of their subjects but these safeguards are not absolute and are limited by government in certain matters. But as more data is being digitized and more information is exchanged online, more importance is being attached to privacy. Data has to be regulated according to its perceived significance as people have a lot at stake when it comes to the privacy of their information.

In this paper we will study how the advanced realms to technology can affect the life and liberty of an individual with privacy as its important component. We will also discuss the new arenas which have opened up in the digital era of technology where the privacy of an individual has to be protected and up to what extent it has to be protected. The study will also include an overview about how the government has managed the data privacy through various laws and regulations.

Privacy in the Digital Age
We are in an information age and any information is just a few clicks away. The information explosion has manifold advantages but also some disadvantages. Over the last decade there has been a substantial increase in the amount of data that is generated through the usage of various electronic devices and applications. In nearly everything we do, data surrounds us and is produced.

One sort is information that we can willingly share, and the second sort is information that is produced literally whenever we do something–whether it’s travelling, ordering a meal, or using transport. It is without any doubt that such information holds great value and has emerged has a new currency in this era of universal internet access. Several big companies evaluate the data from this information and apply it while determining their business strategies.[1] This access to information, which an individual may not want to give, needs the protection of privacy. The right to privacy is claimed against the state as well as non state actors.

Privacy Concerns against the State: States are utilizing Technology in the most imaginative ways particularly in view of increasing global terrorist attacks and heightened public safety concerns. One such technique being adopted by States is ‘profiling’, which involves automated processing of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyze or predict aspects concerning that natural person's performance at work, economic situation, health, personal preferences interests, reliability, behavior, location or movements.[2] Such profiling can result in discrimination based on religion, ethnicity and caste.

However, ‘profiling’ can also be used to further public interest and for the benefit of national security. The security environment, not only in our country, but throughout the world makes the safety of persons and the State a matter to be balanced against this right to privacy.

Privacy Concerns against Non- State Actors: The capacity of non-State actors to invade the home and privacy has also been enhanced. Technological Development has facilitated journalism that is more intrusive than ever before. Further, in this digital age, Individuals are constantly generating valuable data which can be used by non-State actors to track their moves, choices and preferences.

Data is generated not just by active sharing of information, but also passively, with every click on the internet. It has been pointed out that ‘Uber’ knows our whereabouts and the places we frequent, ‘Facebook’ at the least, knows who we are friends with, ‘Alibaba’ knows our shopping habits, ‘Airbnb’ knows where we are travelling to. [3] Social networks providers, search engines, email service providers, messaging applications are all further examples of non-state actors that have extensive knowledge of our movements, financial transactions, conversations both personal and professional, health, mental state, interest, travel locations, fares and shopping habits.

Thus, there is a need for protection of such information which the users are not willing to share. It requires appropriate action by the state and legislative intervention so that the privacy of the users is maintained and also to determine the extent to which it can be necessarily invaded.

Thus, it would not be wrong to say that in the present scenario right to privacy of the citizens occur as a limitation on the powers of government as well as other non state actors.[4]

Current Techno-Legal Protection
Now Right to Privacy is a fundamental right and an intrinsic part of Article 21 that protects life and liberty of the citizens and as a part of the freedoms guaranteed by Part III of the Constitution. This landmark decision was held in Justice K.S. Puttaswamy v. Union of India[5] led by a nine judge bench on 24th August 2017, by giving a unanimous verdict, affirming that the Constitution of India guarantees to each individual a fundamental right to privacy.

However, India has not yet enacted any specific legislation on data protection. The primary enactments which deal with protection of data are Information Technology Act, 2000 and the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Information) Rules, 2011 (also known as “IT Rules”). The IT Rules imposed additional requirements on commercial and business entities in India relating to the collection and disclosure of sensitive personal data or information.

It included various new rules that required companies and organizations which process personal information to obtain data owner’s written consent before undertaking certain activities. Previously the IT Act, 2000 had undergone certain changes which were introduced by the Information Technology (Amendment) Act, 2008 and added section 43A and 72A to the Act. Section 43A deals with implementation of reasonable security practices for sensitive Personal data or information and provides for the compensation of the person affected by wrongful loss or wrongful gain.[6]

The Sensitive personal data or information as referred in the provision includes passwords, financial information (such as bank account or credit card details), physical, physiological and mental health condition, sexual orientation, medical records and history, biometric information. Section 72A provides for imprisonment for a period up to 3 years and or a fine up To Rs. 5, 00,000 for a person who causes wrongful loss or wrongful gain by disclosing Personal information of another person while providing services under the terms of lawful contract.[7]

Under rule 5 of the IT Rules, 2011 any Body Corporate or person on its behalf shall not collect any personal data or information unless it is collected for a legal purpose concerning any functional activity of the body corporate and that collection of such information is necessary for that purpose. Further, the person whose information is shared must be made aware of the fact that the information is being collected, the purpose behind it, the intended recipients of such information, the name and other details of the agency collecting the information and the agency retaining the information.

Any corporate body or person holding the personal information of the data subjects cannot retain it longer than the period of its lawful requirement and also cannot be used for purposes other than for which it was collected. The provider of the information has the option to give or not give his consent for data collection and can even withdraw his earlier given consent at anytime. The consent is required even for the purpose of sharing information with the third parties.

However, no such consent from the information provider is required where the information is shared with Government agencies mandated under the law to obtain information including sensitive personal data or information for the purpose of verification of identity, or for prevention, detection, investigation including cyber incidents, prosecution, and punishment of offences.[8]

However, these regulations deal only with a corporate body collecting and disseminating data. The information freely available in the public domain is not considered within the scope of sensitive personal data or information. The Indian legal system lacks a comprehensive legislation to regulate the collection and dissemination of personal data. There are no specific regulations which govern the processing of personal data which is not per se ‘sensitive personal data or information’.

Personal Data Protection Bill, 2019: In July 2017, a Committee of Experts, chaired by Justice B. N. Srikrishna was set up to examine various issues related to data protection in India. The Committee submitted its report along with a Draft Personal Data Protection Bill, 2018 to the Ministry of Electronics and Information Technology in July 2018.[9] The Personal Data Protection Bill, 2019 was introduced in Lok Sabha by the Minister of Electronics and Information Technology, on December 11, 2019.

The purpose of this Bill is to provide for protection of privacy of individuals relating to their Personal Data and to establish a Data Protection Authority of India for the said purposes and the matters concerning the personal data of an individual.[10] The bill proposes to apply to the processing of personal data that has been collected, disclosed, shared or otherwise processed within the territory of India:

1. By the government, any Indian Company, any citizen of India or any person or body of persons incorporated in India, and
2. Foreign companies dealing with personal data of individuals in India. Currently, the bill is referred to a Joint Parliamentary Committee after it was introduced in Lok Sabha and is expected to submit its report in the approaching monsoon session.

Whatsapp- Facebook Privacy Issue: There are various service providers having business in India for providing communication by engaging private conversations and sharing media and other data. Whatsapp is one such smartphone application that is very popular in India. Whatsapp was introduced in 2010 and was acquired by the global tech giant- Facebook in 2014, arguing that its privacy policy will remain unchanged.

In 2016, changes in Whatsapp privacy policy were announced under which the account information of Whatsapp users will be shared with Facebook. A petition was filed before the Supreme Court against this changed privacy policy on the grounds that it infringed the right to privacy of the users after the decision of the Delhi High Court which allowed the information shared via Whatsapp to be accessed under its new privacy policy.[11]

The Court, however, directed Whatsapp to delete the data, until 25th September 2016, of users who choose to delete the application as well as users who choose to retain the application on the mobile phones.[12] In January 2021 Whatsapp announced its new privacy policy which has started lot of debates. According to the new policy Whatsapp users would not have the option to opt out of their data being shared with Facebook.

In February 2021 an application was filed in the case of Karmanya Sareen v. Union of India[13] which challenged this new privacy policy based on the contention that privacy protection standards being followed in India are much lower than those being observed in European countries which amounts to a sheer discrimination for its Indian users. The Supreme Court has issued notice to the parties and asked them to file their replies.

Whatsapp, because of grave criticism have extended the deadline to update till May 15, 2021. The matter is being addressed by a three judge bench which consists of Chief Justice of India SA Bobde, and Justices AS Bopanna and V Ramasubramanian.

Conclusion
The right to privacy is a fundamental right. It is a right which protects the inner sphere of the individual from interference from both State, and non-State actors and allows the individuals to make autonomous life choices. It is rightly expressed that the technology has made it possible to enter a citizen’s house without knocking at his/her door and this is equally possible both by the State and non-State actors. It is an individual’s choice as to who enters his house, how he lives and in what relationship.

The privacy of the home must protect the family, marriage, procreation and sexual orientation which are all important aspects of dignity. If the individual permits someone to enter the house it does not mean that others can enter the house. The only check and balance is that it should not harm the other individual or affect his or her rights.

This applies both to the physical form and to technology. In an era where there are wide, varied, social and cultural norms and more so in a country like ours which prides itself on its diversity, privacy is one of the most important rights to be protected both against State and non-State actors and be recognized as a fundamental right. The legislature should take the required measures to ensure that the privacy of its citizens is not violated.

There are only few things such as national security, etc which surpass the value of individual’s privacy and thus justifies the concept that privacy is not an absolute right and is under some reasonable restrictions. The advanced technology demands more advanced laws and it is hoped that the pending Personal Data Protection Bill covers the existing gap between the technology and the legal system, when it is brought into force.

End Notes

1. Data Protection & Privacy Issues in India, Economic Law Practice 2017, September 01, 2017, available at www.eplaw.in (last accessed on April 06, 2021
2. Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation)
3. Tom Goodwin, “The Battle is for customer interface,” March 03, 2015, available at https://techcrunch.com/2015/03/03/in-the-age-of-disintermediation-the-battle- is- all-for-the- customer-interface/ (last accessed on April 06, 2021)
4. Daniel Solove, “10 Reasons Why Privacy Matters,” January 20, 2014, available at http://www.teachprivacy.com/10-reasons- privacy-matters/ (last accessed on April 06, 2021)
5. (2017) 10 SCC 1
6. The Information Technology Act, 2000, s 43A
7. The Information Technology Act, 2000, s 72A
8. The Information Technology Rules, 2011, rule 06
9. Anurag Vaishnav, "The Personal Data Protection Bill, 2019: All you need to know,” The PRS Blog, December 23, 2019, available at https://www.prsindia.org/theprsblog/personal-data-protection-bill-2019-all-you-need-know (last accessed on April 07, 2021
10. Angelina Talukdar, “India: Key Features of The Personal Data Protection Bill, 2019,” March 16, 2020, available at https://www.mondaq.com/india/data-protection/904330/key-features-of-the-personal-data-protection-bill-2019 (last accessed on April 07, 2021)
11. Karmanya Singh Sareen v. Union of India, SLP (C) 804/2017
12. Whatsapp Facebook Privacy, by Supreme Court Observer, available at https://www.scobserver.in/court-case/whatsapp-facebook-privacy-case (last accessed on April 10, 2021)
13. SLP(C) 804/2017

Award Winning Article Is Written By: Ms.Anmoldeep Kaur

Authentication No: AP111796752025-27-0421