This Article is written by Kaavya Sarin, a Second-Year law student of SLS,Noida

INTRODUCTION

Law is a scheme of societal control, backed and sanctioned by the power of the state, for the protection of those social interests which society in some way decides, shall be protected by the means of legal capacities and legal redress. [1]. Privacy arising from contours of law is embedded in principles of societal interest as old as civilization, though contemporary concepts of social media and an inclusive list of data distilled it into an independent concept, yet poorly discussed and understood in Modern legal thought.

Though ‘Right to be left alone’[2] aptly connotes privacy, but suffocates it under the baggage of misconceptions parallelizing principles of timelessness and privacy. Thus, the definition of privacy in our constitution holds a wider perspective by safeguarding “individual autonomy” and the ability of oneself to control “vital aspects of his or her life”.[3]. This common principle of privacy was interpreted by the Indian Courts by bringing it under the ambit of “Right to Life and personal liberty”. Furthermore, inversion AI and social networking call for widening constitutional analogies to the extent of the symmetric line differentiating originality and modern interpretation.

“Even in a contract, everything is not contractual”. The seminal statement propelling ‘state of flux’ or ‘state of being’ reminds us of dynamic network expansion under the ambit of privacy which should be viewed from the lenses of constitutional values of ‘forever grows, but never ages’, safeguarding principle of ‘mutuality of trust’ intact with foundational values of the constitution. [4]

This enigma poses certain questions and justifications for judicial imagination to expand the scope of a definition under the principles of constitutional democracy and potentially reshape India’s national fabric. Journey from K.S Puttasawamy [5]to the power of dissent appreciates questioning unquestioning of Why is Article 21 [6]insufficient to deal with the conundrum of Internet Privacy? in the hands of the modern and developing era of constitutional challenges and changing definitions.

ANALYSIS

1. FROM COMMON LAW PRINCIPLE TO SPARKING GLOBAL DEBATE: THE EVOLUTION OF PRIVACY.

1.1 . Privacy as Autonomy: The Right to be left alone.

Privacy seems to be the action of liberation, but its roots are embedded deep into an equitable doctrine though not a common law right still, enjoys a robust legal framework internationally. Samuel Warren and Louis Brandeis were first to define the right to protect one’s “inviolative personality” from invasion or unwanted utterance. [7]They decipher it as “Right to be let alone” the most encompassing of all rights and the one most valued by a “civilized society”.[8]Similar protection against public disclosure of private facts was evolved under common law tort claims.

The scope was expanded by applying a similar definition to intimate relationships such as marriage, procreation and family. Landmark Judgement of 1973 quoted the colliery “Right to Privacy” regarding the sexual choices of a woman. Henceforth, this limb of privacy is applied in the present, past and future in a varied and constructive manner keeping in mind three major chambers of justice pertaining to personality, integrity and dignity.

1.2 . Autonomy to constructive application: Indian’ position on privacy

Human Rights, are the foundational source for individuals which derive their definition through the concept of rights one has because one is a human being(person) or the “rights that derive from the inherent dignity of the human person” [9]Individuality derives its essence from the very existence of human rights, originating from proclaiming “human rights is the language that systematically embodies [the] intuition" that "our species is one, and each of the individuals who compose it is entitled to equal moral consideration."[10]This definition tends to widen in the modern scenario by becoming the coin of the normative realm. In continuation of the common chapter on Human Rights theory “Right to have Right” [11]giving direction to the foundational beam to the idea that the state or external authorities do not grant some rights but are inherent to the individual's status as a human being. Right to Privacy works on similar concepts which need to be protected from “arbitrary influence”. It was defined indisputably through Article 12 of the Universal Declaration of Human Rights,1948(UDHR)[12] and Article 17 of the International Covenant on Civil and Political Rights 1966(ICCPR).[13]

Whereas, prior to K.S Puttaswamy the horizon was unclear because it was not defined by Constitutional framers. It was supported by a minority opinion of Justice Subba Rao demanding the inclusion of the “Right to Privacy” under the essence of “Personal Liberty”[14].

The journey went through major inclusion-exclusion in the definitions. The first claim for a Right to Privacy the Supreme Court rejected to safeguard privacy under the constitution in M.P.Sharma v. Satish Chandra, retreating the process of strained construction making it beyond court power to import this concept into a totally different fundamental right when constitutional framers decided not to fit directly.[15] The Supreme Court took a more comprehensive analysis in the judgment of Gobind vs. State of Madhya Pradesh & ANR[16], by adopting the compelling state interest test from American jurisprudence, stating that an individual's right to privacy may need to be overridden when weighed against the greater interests of the state. The court also accepted a limited Right to Privacy indirectly laid down under the founding stones of Article 21 [17]and Article 19(1)(a).[18]

Thinking and rethinking the aspect of ‘personal liberty’ from the minds of constitutional framers states that the words 'personal liberty' should not be read in the insolation, but it should be inclusive of various other rights linked to it. [19], this underlining principle was elucidated in R Rajagopal case that “right to personal liberty also means life free from encroachments unsustainable in law", and such a right flows from Article 21 of the Constitution.”[20] Adding more value, P.N. Bhagwati in the judgement of Menaka Gandhi reiterated Article 21 is of “widest amplitude” and covers the diversity of rights underlining the personal liberty of a man.[21] On similar grounds, privacy entails from values of personal liberty marked under the Auto Shankar Case[22], which ultimately gives rise recognition of privacy under the roots of Article 21.

Landmark judgment of PUCL laid down, that there is no hesitation in holding the “Right To Privacy” as a part of the right to ‘life’ and ‘personal Liberty’ and it cannot be hindered except according to ‘procedure established by law’[23] which should be explicitly treated within THREE TEST of the Maneka Gandhi case. Ultimately such intrusion should be just, fair and reasonable. However, the court desisted from providing a comprehensive and particle definition of privacy. Forthcoming paragraphs of said decision claimed that “The right to privacy” in Indian law has today encompassed a large number of facets of human personality that merit protection. [24]

Expanding the scope of the definition to another arm dealing with privacy against private parties which was supported by the Auto Shankar[25] case postulating the right to privacy as a fundamental right is not a protection in public law but also recognizes Remedial measures available under public-private law, such as damages or injunction, can be used to address privacy violations.

Indian Judiciary responds to the contours of Judicial activism by defining bodily privacy which needs to be protected under the ambit of Article 21. This very principle could be be interfered with only insofar as the state can demonstrate a strong need for it. [26] Originating from a similar principle, The common law doctrine was expanded to apply in a number of particular instances where women's rights were violated. Wherein, the Court opined that “even a woman of easy virtue is entitled to privacy, which is entitled to be protected equally.”[27]Eventually, augmenting the same in the context of public figures who are thought, as the word suggests, a socialite. Still arms of this right impression under the semblance of “Human Rights” which is entitled to be assured equally.[28]

The legal case commonly referred to as Justice K.S. Puttaswamy (Retd.) v. Union of India[29], or the "Aadhaar case," represented an important turning point in the Indian privacy movement's evolution. The issue concerned the Aadhaar plan of the Indian government, which included gathering personal data from each resident, including biometric and demographic information.

The court determined that this right originates from other fundamental rights entrenched in Part III of the Constitution, which safeguards numerous facets of freedom and dignity, in addition to the guarantee of “life” and “personal liberty” included in this of the Constitution.

“This principle tried to overshadow major shortcomings by clearly defining privacy It includes at its core the preservation of personal intimacies, the sanctity of family life, marriage, procreation, the home, and sexual orientation. Privacy also connotes a right to be left alone, safeguarding individual autonomy and recognizing the ability of individuals to control vital aspects of their lives. The Court emphasised that personal choices governing a way of life are intrinsic to privacy, and this protection of heterogeneity acknowledges the plurality and diversity of Indian culture.”[30]

The Court made it clear that, depending on the situation, a genuine expectation of privacy may differ in private areas versus public spaces. Crucially, privacy is a part of human dignity that is inherent to each individual and is neither lost nor given up just because they are in a public setting. This decision also emphasised how crucial it is to maintain balance between rights belonging to oneself and other rights belonging to society as a whole, such as the freedom of the press, the right to knowledge, and state security.

Significantly, the Right To Privacy found basis in Articles 21,19 and 14.

2. SOCIAL MEDIA AND INDIVIDUAL PRIVACY: LAWS GOVERNING THE FRAMEWORK.

2.1.Advent of social media postulating threats on individual privacy

Social media is a step towards the world becoming ‘glocal ’ from global, where people share ideas, humour, emotions, preferences, prejudices, and priorities. This common platform was created to extend the line of Social Networking, through converging media with the internet. Ultimately, the aim was to bring people together to the platform of their choice. Establishing kinship was brought into the limelight during the period of COVID-19 when people were dealing on their own with ups and downs, there many things got easier through social because it provided a window through which the human kingdom got the opportunity to peep into the world of virtual realities. This window, in several instances, serves as an “anathema to privacy”[31]. “Facebook would be the third-largest nation in the world if it were a nation” [32].

Algorithms operate in different manners targeting the information we disclose in such a way that is mined, measured, sorted and sold. Majorly online transactions, where purchases take place through social media, the site puts on record our activity, expenditure, interest, category of goods we like, our bank account, emails and various other private information which consumers abruptly agree to be retained. This agreement might be under the influence of technical algorithms attached to the privacy policies of these companies [33]. The word “agree” serves as option to move into the site with lengthy policies which are certainly remain unread by people. Further, social media sites practice data mining by selling data to third parties and certainly help them analyzing customer behaviour and build manipulation mechanisms to target customers into the chains of fraud by tracing tracing there activities, and location to accumulate people tagged around them.

The baseline for primary threats identified was “identity disclosure” and “attribute disclosure” When a person’s identity is linked to particular data points in a dataset, “identity disclosure” takes place, and “attribute disclosure” arises when new information about a person is deduced from the data that is already available. A major anonymization technique was devised to protect users by removing personally identifiable information (PII). Netflix Prize Challenge, where Netflix released an anonymized dataset of movie ratings by 500,000 subscribers. Researchers demonstrated that the anonymized data could be de-anonymized by cross-referencing it with public profiles on IMDB, effectively re-identifying users despite the removal of PII.[34]

This instance shows that technology helps in devising safeguarding techniques that are more often followed by tricks challenging them. Thus, robust mechanism and laws are need of hour to protect against this global threat.

2.2.Legislation Safeguarding Privacy interfered through algorithms of social media.

“Data is a new oil” rightly stated by Clive Humbly in 2006 which left lawmakers in “Social delima”. Internet privacy and, the address above leave no room to pose a threat to individuals. There is no specific legislation existing in India regarding social media and privacy.

However, in 2000, lawmakers began to address privacy concerns related to social media. As a result, India now has the most extensive Internet privacy laws, which are found in the Information Technology Act, 2000[35]. It can somewhat dilute the privacy, even though it cannot fully protect it. Sections 43A, 66, 66F, and 67,72 of the Information Technology Act of 2000, as well as the Act's regulations, contain provisions that unambiguously safeguard user privacy.

In many circumstances, they fall short of definitions. Privacy was enacted in section 66E of IT act 2000 but in such as a manner that it portrays literal interpretation which extend only to physical privacy. Further, Section 79(1) of IT Act,2000 Section 79(1), provides intermediaries, such as social media platforms, if certain requirements are met, are immune from liability for the information given by a third party. This exemption is applicable in cases when the intermediary’s only function is to provide access to a communication system for the transmission, hosting, or storage of information belonging to third parties. Furthermore, the intermediary cannot be involved in any manner in choosing the receiver, starting or stopping the transmission or changing the content.

Growing society calls for amendments to these rules which is evident by the 2023 provision/add-ons/changes to Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021[36] casting certain responsibilities on intermediaries (social media platforms) formulating convincing privacy policies and checking restoration of data. [37]

After the chain of scandals and data leakages, India introduced a comprehensive “Digital Personal Data Protection Bill of 2023” to address the privacy rights of citizens, which is influenced by “Europe’s General Data Protection Right (GDPR)”. [38]It tried to cover majorly all the parties involved in data protection and data usage either by way of consented transfer or taken up by the government [39]the purpose of proportionality based on the very principle of the “proportionality test”. [40] Underlining the concept of consent and permission to be taken up by data fiduciaries, under which social media intermediaries should be covered. Through this legislation, clear and defined responsibilities are placed on Social Media intermediaries to vigilantly handle user data.

Ultimately this Act flows basis of Article 21, the very basis of fundamental rights and privacy laws of India.

3. STILL INSUFFICIENT LEGAL FRAMEWORK

3.1.Conundrums revolving around contemporary bluffs, segmenting privacy laws.

When it comes to data breaches statistics outrightly showcase the vulnerable position of India, marking it 5th in the tally of most breached countries with 5.5 million leaked accounts in 2023. [41]

A major data breach story lies in the red hands of FACEBOOK, private information from 533 million accounts leaked online. One of the features of this site is to find friends using their phone’s contact list which was supported by the contact importer feature. This premium feature was exploited by hackers to scrape personal data such as user IDs, addresses, phone numbers, email addresses, workplace names, birthdates, and account creation dates[42]. This gave birth to various suspicious activities such as spam emails, phishing campaigns, targeting advertising and identity threats. The data leaked is nowadays widely across the Dark web, used for the commission of fraud, and transfer of hefty money by impersonating. [43]

In recent times, there were various reports circulating about WhatsApp’s end-to-end encryptions policy which is a major privacy prevention tool and the most preferred by users. But, with the emergence of Metadata, this tool is now under the bubble of the question mark. Recent reports highlight that governments or other entities could exploit this metadata through network-level monitoring or traffic analysis. This involves analyzing communication patterns to infer relationships, movements, and social interactions, even without accessing the actual message content. Such information can be used for surveillance, creating detailed user profiles, or even orchestrating phishing attacks. [44]

Around 10 Indian user accounts were leaked every minute in 2023.[45]

The list goes on and on, every day, every hour, every minute there is one or other case highlighting a data breach.

CONCLUSION

In the arena of invisible theories revolving around the world, there lies the common name under the shambles and shades of technologies with hands engulfed with ropes of victimization.

The right to privacy, once a simple concept of being "left alone," has evolved to address complex issues in the digital age. Indian jurisprudence, particularly through landmark cases like the Aadhar case has identified Privacy as a basic fundamental concept. However, the legal framework still struggles with the challenges posed by modern technology, and concepts. Moreover, Privacy extends its arms to the concept of “The Right To be Forgotten” which is interpreted by the Indian courts, still, some nitty-gritty needs to be handled properly.

Recent incidents, such as the Facebook and WhatsApp data breaches, reveal gaps in current legal protections. Despite legislative advancements like The Digital Personal Data Protection bill of 2023[46], which aims to address these issues, the persistence of data breaches and privacy violations highlights the need for further refinement of laws. Further, no privacy law in India defines privacy in the context of social media, whereas the EU laws which ultimately influenced Indian laws stand clear on this aspect. Hence, the Indian Judiciary should not leave this context open to interpretation and properly define laws in this context, because citizens cannot afford more privacy scandals through the sites they trusted the most.

References:

[1] Willis, Hugh Evander. “A Definition of Law.” ,12 Virginia Law Review. 3, 203–14 (1926).

[2] Brian A. Garner, Black's Law Dictionary 484 (St. Paul, MN Thomson Reuters 2014)

[3] Guruswamy, Menaka, “Justice K.S. Puttaswamy (Ret’d) and Anr v. Union of India and Ors, Writ Petition (Civil) No. 494 of 2012.”,111 The American Journal of International Law.4,994–1000(2017).

[4] Kumar, Virendra, “DYNAMICS OF THE ‘RIGHT TO PRIVACY’: ITS CHARACTERIZATION UNDER THE INDIAN CONSTITUTION”,61 Journal of the Indian Law Institute .1, 68–96 (2019).

[5] K. S. Puttaswamy v. Union of India, (2017) 10 SCC 1.

[6] I NDIA CONST. art. 21, amended by The Constitution (Eightieth Amendment) Act, 2000.

[7] Warren, S., & Brandeis, L, The Right to Privacy, Harvard Law Review 4, 193-220(1890).

[8] Olmstead v. United States, 277 U.S. 438,478 (1928).

[9] Ingram, James D. “What Is a ‘Right to Have Rights’? Three Images of the Politics of Human Rights.” 102,The American Political Science Review 4, 401–16(2008).

[10] IGNATIEFF, MICHAEL, et al. Human Rights as Politics and Idolatry: Edited by AMY GUTMANN, Princeton University Press, 2001. JSTOR, http://www.jstor.org/stable/j.ctt7s610. Accessed 4 sep. 2024.

[11] Cane, Lucy. “Arendt on Principles, the Right to Have Rights, and Democracy: Response to Näsström.” Political Theory, vol. 43, no. 2, 2015, pp. 242–48. JSTOR, http://www.jstor.org/stable/24571665. Accessed 5 sep. 2024.

[12] UDHR,1948, art.12, Universal Declaration of Human Rights,1948.

[13] ICCPR,1966, art. 17 of the International Covenant on Civil and Political Rights, 1966.

[14] Kharak Singh vs The State Of U. P. & Others, 1964 SCR (1) 332.

[15] M.P.Sharma v. Satish Chandra ,AIR 1954 SC 300.

[16] Gobind vs. State of Madhya Pradesh & ANR, [1975 SCC(2) 148].

[17] INDIA CONST. art. 21, amended by The Constitution (Eightieth Amendment) Act, 2000.

[18] INDIA CONST. art. 19(1)(a), amended by The Constitution (Eightieth Amendment) Act, 2000.

[19] Bachal, V. M. “Judicial Interpretation of Article 21 of the Constitution of India.”,25 The Indian Journal of Political Science 3/4, 231–40(1964).

[20] R. Rajagopal vs State Of T.N, 1994 SCC (6) 632.

[21] Maneka Gandhi v. Union of India, (1978) 1 SCC 248.

[22] Rajagopal,supra note 20.

[23] People’s Union Of Civil Liberties ... vs Union Of India (UoI) And Anr.1997 (1) SCC 301

[24] Rishika Taneja, Sidhant Kumar, PRIVACY LAW 21-57 (Eastern Book Company 2014).

[25] Rajagopal,supra note 20.

[26] X vs. Hospital Z, (2003) 1 SCC 500.

[27] State Of Maharashtra And Another vs Madhukar Narayan Mardikar, AIR1991SC207.

[28] Phoolan Devi vs Shekhar Kapoor And Ors. , 57(1995)DLT154.

[29] JUSTICE K.S. PUTTASWAMY VS. UNION OF INDIA, (2017) 10 SCC 1.

[30] Id.at 60.

[31] Rishika Taneja, Sidhant Kumar, PRIVACY LAW 21-57 (Eastern Book Company 2014).

[32] Facebook population, the economist.https://www.econommist.com/nodel/1666040/1 (last accessed 11-9-2024).

[33] Helen Anderson, A Privacy Wake-Up Call for Social Networking Sites? 20(7) Entertainment Law Review,245 (2009).

[34] Ghazaleh Beigi and Huan Liu. 2018. Privacy in Social Media: Identification, Mitigation and Applications. ACM Trans. Web 9, 4, Article 39,36 pages (July 2018).

[35] Information Technology Act,2000, No. 21, Acts of Parliament, 2000(India).

[36] Ibdi.

[37] Mondaq ,A Guide to The Data Protection Bill, 2021,https://www.mondaq.com/india/privacy-protection/1213494/a-guide-to-the-data-protection-bill-2021. (last accessed on 5 August 2024).

[38] DOUWE KORFF OXFORD MARTIN SCHOOL - GLOBAL CYBER CAPACITY CENTRE; EUR. UNIVERSITY. VIADRINA - CENTRE FOR INTERNET & HUMAN RIGHTS; YALE UNIVERSITY - INFORMATION SOCIETY PROJECT; LONDON METROPOLITAN UNIVERSITY,October 27, 2023

[39] The Digital Personal Data Protection Bill, 2023.

[40] Puttaswamy,Supra note, 29.

[41]Surfshark,Global data breach statistics: 2023 recap , https://surfshark.com/research/study/data-breach-recap-2023. (last accessed on 5th August,2024).

[42] Ghosh S. (2021). Explained | how Facebook’s recent data breach affect its users [Online], https://www.thehindu.com/sci-tech/technology/internet/explainer-how-facebooks-recent-data-breach-affect-its-users/article34324019.ece/amp/. (last accessed on 5th August 2024).

[43] Pinaki Prasad Guha Neogi,Dive into WhatsApp'sEnd-to-EndEncryption,Research Gate,(5th August, 2024,9:21 AM), https://www.researchgate.net/publication/363765816_A_Dive_into_WhatsApp's_End-to-End_Encryption

[44] New WhatsApp Warning As Encryption Is‘Bypassed’,https://www.forbes.com/sites/zakdoffman/2024/05/24/new-whatsapp-warning-as-encryption-is-bypassed-on-iphone-and-android/. (last accessed on 5/8/2024).

[45] Surfshark., https://surfshark.com/research/data-breach-monitoring/methodology, (last accessed on 5th August 2024).

[46] The Digital Personal Data Protection Bill,2023,supra note.39