Quick on Surveillance Slow on Privacy

Right to privacy exists in India as many judgments by the Supreme Court ruled that the right to privacy is implicit in right to life and personnel liberty. Nevertheless, privacy needs to get explicit focus in our legal and regulatory system. Indian IT Act have some data protection  clauses like section 43A and Section 72A but these sections hold the body corporate responsible towards the personal data. Then there are Sensitive Data Protection Rules under section 43A of Information Technology Act that exist. But the act / rules are limited to a body corporate and does not apply to government.

In past a group of experts under the chairmanship of Justice AP Shah was constituted which gave its report in October 2012. A draft bill on right to privacy was also prepared.

Nevertheless, one of the key question is that why do we need a privacy law. The need is driven by technology advancement wherein a lot of personal data is digitized and available conveniently. Then there are business houses that collect data of people. Like the private telecom players have details of all numbers one has called or received. Internet service providers have all the details on internet activity of an individual. Then the social media companies also have a lot of personal information about individuals in their account details. This data has a lot of economic value and the companies are using it for behavioral advertising, targeted content delivery or selling it to 3rd parties.

Also there is increased surveillance by not only the Indian authorities but foreign agencies because of rise of terrorism. In India projects like UIDAI (Unique Identification Authority of India), NATGRID (National Intelligence Grid), PSP (Passport Seva Project), CCTNS (Crime and Criminal Tracking Network and Systems) , CMS (Central Monitoring System) will  have direct impact on privacy in absence of legislative framework governing these projects. However, the UID number is not mandatory but it is expected that in future government and businesses will be using this number for authentication and then privacy concern will arise. India also needs these laws, as the booming outsourcing Indian enterprises have to adhere to the privacy laws of the countries from where data is coming.

If we look back, the developments for privacy law started with Code of Fair Information Practices in the US in 1974. In 1970 the European Countries like Sweden, Germany, France began to enact the privacy laws. In 1980 the Organization for Economic Cooperation and Development (OECD) developed the OECD guidelines on the Protection of Privacy and Transborder Flows of Personal Data. In 1995 European Union formally adopted a directive on privacy. In 1994 A Model Code for Protection of Personal Information was formulated by Canadian Standards Association. In 2014 Australia established Australian Privacy Principles (APPs) whereas United States and Canada jointly developed Generally Accepted Privacy Principles (GAPP).

Apart from guidelines and principles there are specific legislation within various countries.  The United States have the Health Insurance and Accountability Act (HIPAA); The Health Information Technology for Economic and Clinical Health Act (HITEC); Gramm-Leach-Bliley Act; Fair Credit Reporting Act (FCRA); Fair and Accurate Credit Transaction Act (FACTA); Children’s Online Privacy Protection Act (COPPA); The Privacy Act of 1974 wherein privacy protection provision.

European Union has The EU Data Protection Directive 95/46/EC.  Australia has  the Privacy Amendment Act 2012; Malaysia has the Malaysian Personal Data Protection Act (PDRA); The Philippines has the Data Protection Act of Philippines which was passed in October, 2012; South Korea has the Personal Information Protection Act (PIPA); Canada has the Privacy Act and the Personal Information Protection and Electronic Documents Act (PIPEDA); The United Kingdom has the Data Protection Act ; Germany has the Federal Data Protection Act. These are the privacy acts in few key nations across the globe.

But parallel to privacy acts there are a numerous laws which are used for Surveillance. The United States have the Foreign Intelligence Surveillance Act and the  USA PATRIOT Act.  The United Kingdom has a Regulation of Investigatory Powers Act (RIPA) 2000. India has the Indian Telegraph Act, 1885 and the Information Technology (Amendment) Act, 2008. Australia has the Telecommunications (Interception and Access) Act 1979 and Surveillance Devices Act 2004.

With these laws in place the privacy principles are compromised many times in the country. In India there are no provisions under any act to capture the biometrics of individuals. Despite that biometrics are collected at a time when one applies for a passport; when one registers for UIDAI database; when one visits a foreign country and in some offices the attendance management systems.

In the era of terrorism where it appears to be requirements to conduct surveillance and interception, these introduce significant privacy risks. Therefore there is a legitimate requirement of Privacy Act in India.

Nike Air Huarache


Add new comment