1) Abstract
As per the UK based research firm survey in 2019, it was found that India is at
bottom three in privacy ranking after China and Russia, out of five non-European states including Thailand and Malaysia. India privacy score is 2.4, which is indicating towards the systematic failure to maintain safeguards on the issues of Privacy
India being the world largest market for the data theft, as of now doesnt have any strict legislation like General Data Protection Regulation (GDPR) which European states have.
This article deals with the recent issue which has cropped up after an announcement made by the Whatsapp on Januray 4,2021.
And also deals with the existing laws for data protection and even looking forward for an important one to come.
2) Privacy : Unwarranted Publicity
Introduction
Is Whatsapp following the take it or leave it approach? Probably all of us will say yes as the changed policy doesnt provide for an option to disagree with it.
Either accept the conditions or bear the loss of an account which seems to be a coercive act because it is forcing its users rather providing a discretion to accept or reject.
So, what next? Are we forced to accept those just by agreeing to it or Are there any provisions safeguarding our Privacy?
Before that one needs to clearly understand the concept of the privacy for which they are fighting Privacy?
Privacy in common parlance means Freedom from any intrusion or interference or state of being apart from other people or in one word we can say seclusion.
As defined by the Court of Law: Privacy means right to be forgotten or right to be left alone.
Recent heated debate over Privacy
Flashing news of New WhatsApp Privacy Policy all over the social media, news channels and in news papers have put the people in dilemma that Whether to keep or leave the app?
On January 4, 2021, WhatsApp changed its policy raising the question of privacy, which has become a big issue in Non-European states including India.
The New Privacy Policy talks about the sharing of user data with the parent company Facebook and with third parties, which is giving birth to the different versions of user opinions across the world.
After encountering huge criticism, clarifications have been made by the authorities that, change in whatsapp policy will only be applicable to the Business accounts for marketing purposes rather to personal accounts used for messaging to family or friends as they are protected by end to end encryption.
The issue here is Protection of data which is resulting in infringement of ones privacy.
Though the whatsapp as of now, has ceased the provision till May 15,2021, relating to
suspension of whatsapp accounts of those who have not accepted the policy by February 8, 2021.
Recent take of the Delhi High Court on January 18, 2021 in response to the Writ petition filed before it, by Adv. Chaitanya Rohilla, states that Whatsapp is a private app and its the discretion of an individual to use it or not, if he feels threat to its privacy.
Background of Privacy debate
Controversy related to Privacy is not a new debatable issue, its been there for many years starting from the Case :
M.P Sharma v. Sastish Chandra in which the eight judge bench of the Supreme Court talked Nandagopal Rajan , Shruti Dhapola ,Explained: How private is WhatsApp, what can Facebook see and should you look at alternatives?, The Indian Express, January 16, 2021.
Shreya Aggarwal, a Private App, if you dont want to use it, Dont use it: Delhi High Court on plea against whatsapp Updated Privacy Policy, Livelaw, January, 18, 2021 about the governments right to search and seizure of documents may give a way to breach the right to privacy leading to self incrimination.
Kharak Singh v. State of Uttar Pradesh , six judge bench of the Supreme Court here stated that any intrusion in a persons home is violative of the right to liberty.
But all together in both the cases the Supreme Court held that Indian Constitution doesnt specifically protect the Right to Privacy.
R.M Malkani v. State of Maharastra : Supreme Court observed that telephone tapping is an invasion of right to privacy and freedom of speech and expression, if done so, then it would be violative of article 21 of Indian Constitution.
Then in Gobind v. State of Madhya Pradesh : Court assented that the right to privacy in itself is a fundamental right.
Peoples Union for Civil Liberties v. Union of India : Court held that the right to hold a
telephonic conversation is a privacy of ones home and office without any interference and can certainly be claimed as Right to Privacy.
And finally the Case of Justice K.S Puttaswamy v. Union of India : Nine judge bench of the Supreme Court provides a clearer image of the Right to Privacy as a part of Right to Life, under article 21 of Indian Constitution , subject to reasonable restrictions to protect the legitimate interest of the state.
This Judgement was made in response to the Aadhar Controversy in which the government has mandated the use of biometric for all the services provided to its citizens. Where the petitioner Justice Puttaswayi argued that collection of biometric data should only be used for criminals as it will help the government to track the habitual offenders, instead applying it to common people for all the services they use.
And it also overruled the M.P Sharma v. Satish Chandra case and Kharak Singh v. Union of India.
Privacy Laws in India
There is no specified legislation which is enacted on data protection in India nor India is a party to any International Convention on protection of personal data except two which are: Universal Declaration on Human Rights and International Covenant on Civil and Political Rights both recognise the right to Privacy. Other legislations are: Information Technology Act, 2000 12 popularly known as IT Act deals with data protection. section 43(A) 13 of IT Act, 2000 states that a corporate body who is possessing, dealing or handling any sensitive personal data or information and is negligent in implementing and maintaining reasonable security practises resulting in wrongful gain or wrongful loss to any person, then such organisation will be held liable to pay damages to the affected party. section 72(A) 14 of the same act: states that disclosure of information knowingly and intentionally without persons consent and for breach of lawful contract will lead to imprisonment for a term extending to 3 years and fine upto 5,00,000.
The IT act was amended in 2008 and known as Information Amendment Act, 2008. Certain sections which were inserted are section 43(A): Compensation for failure to protect data. section 66(E) 15 : Punishment for Violation for Privacy.
In 2011, Government notified the Information Technology (Reasonable Security Practises and Procedures and Sensitive Personal Data or Information) Rules,2011: it only deals with protection of sensitive data of a person including:
(a) Passwords
(b) Financial information such as bank account / credit card or other instrument details.
(c) Physical, psychological and mental health conditions
(d) Sexual orientation
(e) Medical records and history
(f) Biometric information
And the most important law which is still being awaited by the country is Personal Data Protection Bill (PDPB), 2019 which was presented before the Lok Sabha in December, 2019, by Ministry of Electronics and Information Technology and is still being examined by the Joint Parliamentary Committee and is set to be presented before Parliament in upcoming budget session 2021.
India being the largest populated state has the major risk of data theft, and that too during pandemic when the whole world is dependent on technology, chances of data being misused is more.
Conclusion
So, its high time for the Indian government to look into the matter and take immediate action to enact the law for the protection of data and uphold the right of privacy which is impliedly being given by the Constitution of India under article 21.
Even separate bodies should be appointed at different levels to cater the issues of privacy across the nation because giving work to a single authority will never lead to smooth functioning.
Heavy fines should be imposed on the person or organisation who is trying to misuse the personal data without the affected partys consent.
