Much of the outrage around the phone-tapping furore appears to focus on the fact that our executive safeguards around personal privacy haven't been able to protect against passive interception technology. While there is certainly some merit in finding a band-aid to deal with this particular problem, we must ask ourselves whether, in doing so, we are merely plugging a leak when, in fact, we need to change the plumbing.
India does not currently have a data protection legislation. We do not have laws that dictate how much intrusion into personal privacy is permitted and under what circumstances. We, arguably, do not even recognise, legislatively, the concept of personal privacy and the many dimensions of that right that is available to citizens of many other countries of the world.
The judiciary has derived a "right of privacy" from the rights available under Articles 19(1)(a) (the fundamental right to freedom of speech and expression) and 21 (the right to life and personal liberty) of the Constitution of India. Through a series of decisions, the Supreme Court held that, the right to privacy though not expressly enumerated as a fundamental right, could certainly be inferred from the other fundamental rights.
However, the problem with a privacy jurisprudence that has developed on a case-by-case basis is that the moment a new technology comes along, our legal system finds itself out of its depth. Hence our lamentable inability to proscribe passive interception, even though we are well armed with both precedent and procedure in the context of wiretapping. Had we enacted a privacy legislation that articulated the four corners of an individual's right to personal privacy, we would have been able to deal with such challenges no matter what technology was used to abuse it.
Yet there are many who question the need for privacy legislation in India. We are, they argue, after all, not a private people. Culturally, we have no hesitation in freely sharing personal information with friends and strangers alike. More often than not, we do so without thinking twice and, for the most part, face no repercussions for having done so. Public life in India is organised without much thought to safeguarding personal data.
There are many examples of the very public way in which we deal with personal information that might leave visitors to our country aghast. Trains publish detailed personal information (name, age and s*x) of all the passengers travelling on that route at every station. Examination results are available on websites and on publicly accessible notice boards with full details of the grades obtained by all students. Many service providers collect detailed personal information as a pre-requisite to registering customers and will deny you services if you do not disclose all the personal information that they request.
Some of the biggest culprits in this regard are government agencies. The NREGA currently publishes, with blatant disregard to privacy implications, complete details of job cards and money received by all who benefit from the scheme. The Election Commission lists its entire database online for all to see, with full information about all eligible citizens. Similarly, various other agencies and instrumentalities of the state collect and publish without regulation or restriction personal information of private citizens in a manner that is unheard of in many jurisdictions around the world. All these entities hold this personal data in huge and thinly protected databases that are open to public scrutiny in order to assure transparency.
So why should we be concerned about whether our personal information is in the public domain? Most of us think nothing of disclosing this information since, in our personal and collective experience, little harm has ever come of it. However, international experience indicates the contrary. As countries began to rely more and more on electronic records in their dealings with their citizens, the more those citizens were exposed to financial, reputational and other harm.
India has, relatively speaking, only just started down the road to digital dependence. Make no mistake, initial though these steps might be, they will lead, irrevocably, to the situation that the rest of the world currently finds itself in. It would, therefore, be short-sighted to assume that there is no need to protect data privacy based solely on India's cultural past.
In many ways, the phone-tapping scandal has broken at exactly the right time. It brings into focus the need for a legislative solution to the problem of privacy. If only we can rise above creating a quick-fix that deals with the immediate problem and instead work to finding a broader and more lasting solution we will be able to ensure that we have a technology-proof solution to future privacy violations.
