Right To Privacy with Emphasis on Aadhaar Scheme

The treats of the online world comes at the cost of privacy. The technology in recent times has grown to such an extent that any person can virtually gain access to every mouse click of any individual. Before addressing these concerns, an important question which needs to be addressed is that, are individuals entitled to have a right to privacy of information which needs to be protected?

Right to privacy was recognized to be a ‘right’ in Kharak Singh v. The State of U.P[1], wherein, the minority judges stretched the right to personal liberty as well as freedom of movement to include right to privacy. Further in Govind v. State of M.P.[2], the Honorable Supreme Court of India decided and interpreted the right to privacy as a Fundamental Right, which was derived out of the right to Freedom of Speech and movement and the right to Life and Personal Liberty. In Justice K.S. Puttaswamy v. Union of India[3] case, considering that whether Kharak Singh case was a good law? Last year, the nine-judge bench gave landmark decision that Right to Privacy is a fundamental right of an individual under the Indian constitution. If Right to Privacy would not have been given the status of fundamental right then it would have lost its status amongst the Golden Trinity of Article 14 (Equality), Article 19 (freedom of speech and expression) and Article 21 (Right to Life)[4]. Kharak Singh[5]  had correctly held that the content of the expression ‘life’ under Article 21 means not merely the right to a person’s “animal existence” and that the expression ‘personal liberty’ is a guarantee against invasion into the sanctity of a person’s home or an intrusion into personal security. Kharak Singh[6] also correctly laid down that the dignity of the individual must lend content to the meaning of ‘personal liberty’.

The Court further reasoned in K S Puttaswamy[7] that “privacy is not an absolute right, like other fundamental freedoms under Part III. On page 264, Justice Chandrachud writes that a ‘law which encroaches upon privacy will have to withstand the touchstone of permissible restrictions on fundamental rights. Thus, in context of Article 21, an invasion of privacy must be fulfilled on the basis of a law which stipulates a procedure which is fair, just and reasonable.’ He further said that an invasion of life or personal liberty must meet the following: (i) legality, which postulates the existence of law; (ii) need, defined in terms of legitimate state aim; and (iii) proportionality which ensures a rational nexus between the objects and the means adopted to achieve them.”

In the year, 2008, the Information Technology Act was amended by adding S43A[8] and 72A[9]. The data protection concept has taken an important place in today’s world. Slowly, all the nations are recognizing the Data protection concepts to be important and implementing rules, and laws regulating the usage and misuse of sensitive and personal information.[10] The data protection concepts and data privacy are more or less connected with an individual’s Right to Privacy.

In 2009, Government of India coined the Unique Identification Authority of India (UIDAI) with the objective to issue unique identification to every resident of India. Though UIDAI has continuously stated that the Aadhaar scheme is completely voluntary, the central government has repeatedly pushed the state governments to make Aadhaar linking mandatory to avail a huge range of government services available to the public. The Aadhaar number means an identification number issued to an individual, identity information in respect of an individual includes his Aadhaar number, his biometric and demographic information. The main objective of this scheme was to eliminate duplication of identity and fake persons. The main feature of Aadhaar scheme that makes it unique is the biometric information collected during the enrolment process. The authority has so far issued more than 111 crore Aadhaar numbers to the resident of India , Aadhaar is the world’s largest biometric based identification program, which not only provides identification to people, it also helps the government to channelize public oriented schemes and services. Although Aadhaar has proved to be beneficial for the citizens and the government of the country, but at the same time it has come out with certain drawbacks and major loopholes. Since Aadhaar contains such sensitive data regarding individuals, the lack of appropriate measures of safeguarding the data has created a great issue relating to the privacy of people.

The data collection by authorities is done in two stages:

STAGE I: The collection of data has been outsourced to private players. There has been a common scenario of unorganized data collection which has led to a large amount of data mishandling. Personal information leaked during this process will lead to misuse of confidential data by third party users. Though Aadhaar Act[11] restricts collection of data related to race, cast, ethnicity, there are no such hard and fast regulations that stops the data collector to ask such questions.

STAGE II: The data hence collected is stored in Central Identities Data Repository. If there is a security breach in the repository, personal data of millions can be stolen and misused.

Since Aadhaar is a common identification scheme, it also includes data of defence and security personnel and leakage of such data will lead to catastrophic effects and will directly impact the nation’s security.

To address the above mentioned problems government should take necessary steps, as it is high time we adopt a new law related to data protection and cyber security issues, since the laws in terms of technology have almost become obsolete, which threatens our data protection systems. This affects our economy, as global investors are reluctant to invest in our country due to security reasons, it effects our position on global scale in terms of ease of doing business, these problems make it difficult for us to protect our right to privacy against various online threats, such as hacking, cracking, and malwares, as everything, today is processed through computers and internet. These problems are the root cause for our slow pace of development towards e governance.

The data privacy consists of three factors, first, secrecy, a person’s right to control access to the processed information on an Internet platform, so that it is available only to a selected group of people. Secondly, anonymity, even when the available data is an open content, it should not reveal the information regarding publisher and the information regarding the receiver of the information. Finally, autonomy is the ability to decide freely, by one’s own free will, without any fear or concerns regarding one’s privacy.  Today, when each and every information of ours is connected to our Aadhaar numbers, which store our personal and highly sensitive data, such as finger prints, retina patterns, photograph, and other identification attributes. These can be misused by anyone if fall in wrong hands, while the increasing risk of cyber terrorism knocks our doors. How can we proceed towards a technologically advanced form of governance when even government websites are not safe?

There is no doubt that without Puttaswamy[12], we would have been far worse off than we are today. And there is also no doubt that Puttaswamy[13] has built a foundation for a new jurisprudence of civil rights. But we must all be equally clear about the fact that the real task will begin now: it will begin with the first bench that is asked to apply Puttaswamy[14] to a concrete case where privacy runs up against reasons of State, and it will continue in the months, years, and decades to come.

[1] see Kharak Singh v. State of U.P, (1963) A.I.R 1295 (India).

[2] see Govind v. State of M.P, (1975) A.I.R 1378 (India).

[3] see Justice K.S. Puttaswamy v. Union of India, (2017) 10 S.C.C. 1 (India).

[4] Constitution of India, 1950, Universal Law Publishing Co.

Article 14: The State shall not deny to any person equality before the law or the equal protection of the laws within          the territory of India.

Article 19: Protection of certain rights regarding freedom of speech etc.

Article 21: No person shall be deprived of his life or personal liberty except according to procedure established by law.

[5] supra note 2.

[6] Id.

[7] supra note 4.

[8]Information Technology Act, (2000).

[9] Id.

[10] Information Technology Act, § 2(o) (2008) provides "Data" means ‘a representation of information, knowledge, facts, concepts or instructions which are being prepared or have been prepared in a formalized manner, and is intended to be processed, is being processed or has been processed in a computer system or computer network, and may be in any form (including computer printouts magnetic or optical storage media, punched cards, and punched tapes) or stored internally in the memory of the computer.”

[11] The AADHAAR (Targeted Delivery of Financial and Other Subsidies, Benefits and Services) Act, No. 18 of  2016 (India).

[12] supra note 4.

[13] Id.

[14] Id.