Imagine a scenario where you create a personal webpage, control
access to the content of this page by issuing account names and passwords to
co-workers who would e-mail you for requesting access, and post critical
comments about your employer. Your superiors at work gain access to it by using
the credentials you provided to a co-worker, and as a result of him seeing your
posts on that page, you are fired.
These are facts of an actual case[1], and the decision of the
courts would suggest that this act of employer’s eavesdropping would put the
act of accessing a private group on a social networking website in the category
of intrusion upon seclusion,
when private information in a private space is surreptitiously overseen or
overheard.
When eight major US tech companies –
Apple, Google, Microsoft Corp., Twitter, LinkedIn Corp., Yahoo Inc., AOL Inc.
and Facebook – on December 9, 2013, called for tougher controls of how
governments collect people’s personal data, opening a new front in the fight
for Internet security, they had but one purpose – Protection of “the rights
of the individual – rights that are enshrined in the US Constitution”.
The Constitution of India, in contrast,
does not explicitly guarantee the Right
to Privacy as a fundamental
right. However, in India it is the judiciary who has taken up the mantle of
bringing the Indian legal position on par with that of the First World
countries by recognizing the concept of “privacy” because neither the
Constitution nor any other statute in our country defines this concept.
In the landmark cases, Kharak Singh v.
Stateof U.P[2] and Govind v. State of
M.P.[3], the Supreme Court has held that the
right to privacy is one of the implicit penumbral rights of Article 21 of the
Constitution. It has observed that personal liberty is a compendium of rights
that go to make up the personal liberty of an individual and that the right to
life mentioned in Article 21 of our Constitution is only exercisable if such
penumbral rights of an individual are given due regard.
In the recent “Tax Haven” case[4] of 2011, the judgment delivered by Justices P. Sathasivam and H.L. Gokhale of
the Supreme Court reads:
"Right to privacy is an integral part of right to life. This is a cherished constitutional value, and it is important that human beings be allowed domains of freedom that are free of public scrutiny unless they act in an unlawful manner."
The Indian legal framework lacks a
comprehensive law for handling privacy issues such as the classification of
information into sensitive, public and private, determination of ownership of
information, or the issue of cross-country flow of information. It is even more
appalling that despite being a global power in IT, laws pertaining to Privacy
Rights and Data Protection in the Cyberspace are almost completely missing in
India. The IT Act in its 2008 amendment merely touches the issue of privacy
under Section 72 which talks about breach of confidentiality and privacy.
In
2011, the Department of Electronics and Information Technology notified the
Information Technology (Reasonable Security Practices and Procedures and
Sensitive Personal Data or Information) Rules, 2011. However, the
implementation of these rules is still shrouded in a veil of confusion. For instance, in a research exercise
conducted (by the author) to find out the extent to which the privacy policy of
social networking website, it was found that a substantial portion of LinkedIn
Privacy Policy does not conform with any of the provisions of the
Information Technology (Reasonable Security Practices And Procedures And
Sensitive Personal Data Or Information) Rules, 2011.
In his 1960 paper, Prosser who was a prominent
American jurist, defined the civil offence of “intrusion upon seclusion”, which
can be described as intentional or reckless conduct which result in the
invasion of private affairs or concerns of an individual, without lawful
justification and can reasonably be understood to cause distress, humiliation
or mental anguish to that individual.
While this principle has long been
recognized by the American legal system, the Common Law system existing in
India does not currently recognize “intrusion upon seclusion” as an unlawful
act. However, the courts in other common law jurisdictions such as Canada and
New Zealand have recently begun to recognize the invasion of privacy through
intrusion upon seclusion as a tortious action through their judicial pronouncements.
The Supreme Court, which is the apex
judicial body in India, by way of its aforementioned judgments not only
highlighted the significance of the right to privacy as part of one’s
fundamental right, but also lay upon the State, the responsibility of protecting
the privacy of its subjects from unlawful breach. In October 2012, as an
encouraging sign of things to come, the Justice A.P Shah Committee in its
report outlined nine National Privacy Principles and submitted its
recommendations to the Planning Commission, Government of India.
This, however,
is only the first step on the road to framing effective privacy laws and the
need for a set of unified Data protection Laws and Laws to enforce Privacy
Rights in India cannot be understated, which once enacted will have serious
implications for our daily lives as well as for the conduct of Indians in
cyberspace.
Kindly
consider the following well-known controversial examples of cyber-snooping.
Ad-supported web content providers such as Facebook and Google track users’
online activity and then present them with personalized advertisements.
Facebook, for instance, places
“cookies” on its users' computers that enable the company to track the users'
web activity even after they have logged out of the site, according to a 2012
US class action lawsuit. “Facebook maintains personal information pertaining to
each individual as well as monitors the individual online habits of their users
keeping track of websites they visit”, the complaint filed says.
Google, similarly, records each and
every letter you type in its search engine box irrespective of whether you’ve
actually hit the search button or not. Moreover, it builds a profile for you
based on their individual long term search history and uses these to improve
the specificity of the ads which are served to you.
The extremely rapid emergence and
extensive reach of social networks such as Facebook and Twitter have
unintentionally led to the rise of unethical practices such as cyber-stalking,
cyber-snooping and phishing which have till date gone unchecked in the Indian
legal framework. The question which ultimately arises with respect to the
internet age is: Can one protect the “right to be let alone”, as outlined by
Samuel Warren & Louis Brandeis in their 120 year old seminal paper[5] in the Harvard Law Review, in a
communal environment that thrives by bringing people together?
Can one virtual
entity assert invasion of privacy against another virtual presence in a real
court of law? The answer to these questions would also show us how the tort of
intrusion upon seclusion may be applicable to invasion of privacy in the
virtual world.
Author: Aastha Dhingra
Disclaimer: This blog or any post thereof
is not to be considered to be in any way associated with the official stand of
IIT kharagpur or RGSOIPL on the issues being discussed in the said post. The
opinions on the blog are the authors own and should not be considered as legal
advice.