RIGHT TO PRIVACY WITH SPECIAL REFERENCE TO ELECTRONIC MEDIA

Submitted By: TUSHITA SINGH

Roll No.: 182060450165

Submitted under the guidance of Mr. ASTBHUJA TIWARI

This Dissertation is submitted in partial fulfilment of the degree of LL.B. (Hons.)

Faculty of Law,
CITY ACADEMY LAW COLLEGE, LUCKNOW
 CITY ACADEMY LAW COLLEGE
(AFFILIATED TO LUCKNOW
UNIVERSITY) LUCKNOW

Session-2021-2022
NAME OF SUBJECT: SEMINAR 1
NAME OF THE TOPIC: LAW OF INTERNATIONAL
ORGANISATIONS
NAME OF THE SUB TOPIC: “RIGHT TO PRIVACY
WITH SPECIAL REFERENCE TO ELECTRONIC
MEDIA”

NAME OF THE SUPERVISOR SUBMITTED BY

Mr. ASTABHUJA TIWARI TUSHITA SINGH
ROLL NO. 182060450165
 CERTIFICATE

This is to certify that the research work entitled “RIGHT TO PRIVACY WITH SPECIAL
REFERENCE TO ELECTRONIC MEDIA” is the work done by Tushita Singh under my
guidance and supervision for the partial fullfilment of the requirement B.A.LL.B. degree at
“CITY ACADEMY LAW COLLEGE, LUCKNOW”.

Signature and name of the supervisor: Mr. Astbhuja Tiwari

Date:
 DECLARATION

I, TUSHITA SINGH, ROLL NO.182060450165 pursuing LL.B. from LUCKNOW

UNIVERSITY confirms that this dissertation work, “Right to Privacy with special reference to
electronic media” submitted for assessment is my own and is expressed in my own words. Any uses
made within it of the works of any other author or authors in any form (e.g. ideas, equations, figures,
text, tables and programme) are properly acknowledged at the point of their use. A full list of the
references employed has been included.

Date: __

TUSHITA SINGH
Place: LUCKNOW
ROLL NO. 182060450165
 ACKNOWLEDGEMENT

I would take this opportunity to express my deep sense of gratitude towards, Dr. Azad
Dwivedi (Head of Department) who has tendered untiring support to me to complete
the present study, failing which the study would not have been successfully completed.

I express my deep sense of gratitude to Mr. ASTABHUJA TIWARI the uphill task of
completing this paper would not have been possible, out his able supervision and
timely guidance.

I thank our librarian and the other entire person who have helped me in making this
dissertation a success. I wish to extend my sincere thanks to all the people who have
helped and guided me in exploring my talent in bringing out this project work as a
successful one.

TUSHITA SINGH
ROLL NO. 182060450165
 PREFACE
Privacy is a fundamental human right and a cornerstone of a democratic society. It lays at
the foundation of the rule of law, the secret ballot, doctor - patient confidentiality, lawyer-
client privilege, the notion of private property, and the value our society places on the
autonomy of the individual. The instant scheme of the dissertation will follow in the form
mentioned below to cover all aspects of the privacy as a right:

The first chapter of Introduction gives the general overview about the privacy at
political and socio- cultural level and further gives an brief overview on as to how
modern technological developments have become a medium of invading privacy of the
individuals in today’s world.

The second chapter introduces the concept and evolution of privacy and shall also
throw light upon the definitions given by various renowned jurists and scholars. It shall
also deliberate upon the historical framework of privacy in India which owes its origin
from Article 21 of the Constitution.

The third chapter makes an attempt to trace out the statutory protection provided
to right to privacy under various statutes in India which includes Indian Penal Code,
1860, Right to Information Act, 2005, Indecent Representation of Women (Prohibition)
Act (1987), The Easements Act, 1882, The Indian Evidence Act 1872.

The fourth chapter shall provide an insight into the genesis of Data Protection and right to
privacy with main emphasis on the position in UK, USA, India, European Union and OECD
Guidelines on the data protection.

The fifth chapter provides an insight on as to how the globalization and the
growth of electronic technologies have challenged the ability of states to ensure the
Informational
 TABLE OF CONTENTS

CETTIFICATE…………………………………………………………………………….I
DECLARATION................................................................................................................. II
ACKNOWLEDGEMENT.................................................................................................. III
TABLE OF CONTENT……………………………………………………………………IV
TABLE OF CASES………………………………………………………………………..V
TABLE OF ABBREVIATION……………………………………………………………VI
SYNOPSIS........................................................................................................................ VII
PREFACE........................................................................................................................ VIII

CHAPTER - 1 Introduction
1.1 Description...................................................................................................................... 8
1.1.1 Privacy at Political Level...................................................................................... 8
1.1.2 Privacy at the Socio-Cultural Level.....................................................................9

CHAPTER - 2 Conceptual Framework of Privacy

2.3.1 Historical Framework of Privacy in India...........................................................12
2.3.2 Historical Background........................................................................................12
2.3.3 Privacy in Ancient India.....................................................................................13
2.3.4 Privacy in Grihya Sutras...................................................................................... 13
2.3.5 Privacy in Arthashastra........................................................................................ 14
2.1 Privacy: A Zero-Relationship....................................................................................... 17
2.2 Land Mark Cases.......................................................................................................... 17

CHAPTER - 3 Statutory protection of Right to Privacy in India

3.1 Privacy as under Easements Act, 1882.........................................................................18
3.2 Privacy and Indecent Representation of Women (Prohibition) Act, 1987...................19
3.3 Privacy as under Indian Penal Code 1860....................................................................19
3.4 Privacy as under Right to Information Act, 2005.........................................................21
3.5 Land Mark Cases...............................................................................................................23
CHAPTER – 4 Data Protection & Privacy
4.1. Meaning of Data................................................................................................................24
4.2. Need Regulation of Data Protection……………….....................………………………….25

4.3.Regulation of Data Protection....................................................................................... 26

4.3.1. OECD Guidelines and Data Protection................................................................26

4.3.2.European Union and Data Protection......................................................................31
4.3.3.United Kingdom and Data Protection..............................................................................32
4.3.4.United States of America and Data Protection................................................................33
4.3.5.Asia Pacific and Data Protection.....................................................................................34
4.3.6.India and Data Protection..................................................................................................34

CHAPTER – 5 Informational & Workplace Privacy

5.1 Information Privacy - Legal Approaches to its Protection.......................................................39
5.2. Privacy at Workplace...............................................................................................................45
5.3. Analysis & Interpretation.......................................................................................................47

CHAPTER – 6 Telephone Tapping-An Invasion of Privacy

6.1. Law relating to Telephone tapping in India..........................................................48
6.2. Law relating to Telephone Tapping in England..........................................................51
6.3.Land Mark Cases................................................................................................... 55

CHAPTER - 7 Sting Operations - An Invasion of Privacy

7.1.Scope and Purpose........................................................................................................ 56
7.2.A mode of Invasion of Privacy.....................................................................................57

CHAPTER- 8 Conclusion & Proposed Suggestions…………………………………..59-61

BIBLIOGRAPHY............................................................................................................... 63
 TABLE OF CASES

1. Boyd v. United States. 116 U.S. 616 (1965)....................................................................1

2. Griswold v. Connecticut, 381 U.S. 479 (1965)................................................................2
3. Bowers v. Hardwink 478 U.S. 113 (1973)......................................................................3
4. Kharak Singh v. State of UP A.I.R. (1963) S.C. 1295....................................................4
5. Govind v. State of M.P A.I.R. (1975) S.C. 1378.............................................................5
6. State of Maharashtra v. Madhukar Narayan A.I.R. (1991) S.C. 207................................6
7. R.Rajagopal v. State of Tamil Nadu A.I.R. (1995) S.C. 264........................................7
8. PUCL v. Union of India A.I.R. (1997) S.C. 568...........................................................8
9. Roe v. Wade 410 U.S. 113, 152-55(1973)....................................................................9
10. Queen v. Hicklin Cockburn 1868 L.R. 3 Q.B. 360.....................................................10
11. Ranjit .D. Udeshi v State of Maharashtra AIR 1965 SC 881......................................11
12. Pawan Kumar v State of Haryana 1996 (4) SCC 480.................................................12
13. Mr X v Hospital Z (1998) 8 SCC 296.........................................................................13
14. Gokal Prasad v Radho ILR 10 All (1888) 358............................................................14
15. Tika Ram Joshi v. Ramlal Shah, AIR 1935 All 754 at 756..............................................15
16. Chinthala Krishnamurthy v. Uppala AIR 1980 A.P. 69 at 73.....................................16
17. U.O.I v Association for Democratic Reforms (2002) 5 SCC 361...............................17
18. R v Sang [1979] 2 All ER 1222................................................................................... 18
19. Malone v UK (1984) 7 EHRR 14................................................................................19
20. Kesavananda Bharati v State of Kerala (1973) 4 SCC 225..........................................20
21. ADM Jabalpur v Shivakant Shukla (1976) 2 SCC 521, 754........................................21
22. Jolly George Varghese v Bank of Cochin (1980) 2 SCC 360......................................22
23. Maneka Gandhi v Union of India (1978) 1 SCC 248..................................................23
24. R.M.Malkani v. State of Maharastra AIR 1973 SC 157..............................................24
 TABLE OF ABBREVIATIONS

SYNOPSIS

STATEMENT OF THE PROBLEM

The researcher will review and analyses various issues faced in the telecommunication law.
Further, the shortfall and disadvantages in the law will be analysed to understand the change that
needs to the brought about to ensure safety of all individuals, their privacy, their rights and how
to protect them.

SURVEY OF THE EXISTING LITERATURE

1. Ian Walden, Telecommunications Law and Regulation

Since the last edition of the book was published, there have been a number of important
developments in the telecommunications industry. Telecommunications Law and
Regulation takes these changes into account, including an examination of the EU New
Regulatory Framework, as well as the establishment of the Body of European Regulators
for Electronic Communications (BEREC).
There are also new chapters on spectrum management (radio frequencies), and consumer
protection rules. The access and interconnection chapter addresses the issues surrounding
the high capacity broadband widely provided by Next Generation Networks.
The chapter on licensing and authorisation has been refocused to reflect the increasing
regulatory focus on the mobile sector. The chapter on regulating content has also been
significantly restructured and revised to reflect the changes in how we consume content.
Written by leading experts, it is essential reading for legal practitioners and academics
involved in the telecommunications industry.
2. Rakesh Chandra, Right to Privacy in India with Reference to Information
Technology Era:
The right to Privacy and the right to have access to information collected by
Government-bodies and public authorities are the two essential human rights of a citizen.
Right to privacy is even implicit under Article 21 of the Constitution of India which deals
with right to personal liberty. Right to Information Act strikes a balance between
transparency and individual right to privacy. Right to Information Act 2005 enunciates
that the citizens shall have right to secure access to the information under the control of
the Public Authorities to promote transparency of information which is vital in the
functioning of the Public.

Authorities to contain corruption to hold government and their instrumentalities

accountable to the governed and thereby develop participatory governance. The book has
very elaborately dealt with both the aspect of human rights and the balancing
mechanism. The author has discussed the rights of privacy prevalent and recognised in
 India and in other countries in a lucid manner. Since the conflicting and complementary
nature of both the rights insists upon creating a balancing mechanism by virtue of which
neither of the two equal human rights take precedence the author has touched the aspect
effectively. Besides this, keeping in view the extension of damage of Information
Technology to the right of privacy and the insidious transmission of information to
government bodies the author has emphasized for the need of national privacy policy to
protect individual right in the automated information communication age.
The discussion with regard to safeguards to prevent data thefts, hacking and other
criminal activities is an important aspect of the book. The author Rakesh Chandra
deserves appreciation and congratulations in his endeavour in presenting this book as a
treasure gift to the system which will be useful to the students, research scholars as well
as to the law enforcement agencies.

3. Susan Tyler, Electronic Media: Programming Strategies and Practices Current, relevant
and student-friendly, ELECTRONIC MEDIA: PROGRAMMING STRATEGIES AND
PRACTICES, delivers the most accurate and up-to-the-minute coverage of the
techniques and strategies used in the programming industry today.

Reflecting the latest developments from real-world practice, this market-leading text
covers all aspects of media programming for broadcast and cable television, radio and
the Internet with clear illustrations and examples to which you can relate. It offers in-
depth coverage of emerging trends, including media concentration, digitalization, the
"cluster selling" of programming and the impact of new technologies. It explains how
programs (units of content) are selected (or not selected), arranged, evaluated and
promoted with the need to consider pressures from technology, financing, regulations,
policies and marketing.
4. Legis Orbis, Life, Liberty & Privacy:
The Indian Jurisprudence on Individual's Data Privacy Life, Liberty & Privacy - The
Indian Jurisprudence on Individual’s Data Privacy is a compilation of research articles on
the subject of 'right to privacy' in digital India. The book contains foreword of Hon'ble
Justice KG Bal Krishnan, Former Chief Justice of India, Hon'ble Justice Kurian Joseph,
Former Judge, Supreme Court of India, Hon'ble Justice AK Sikri, Former Judge,
Supreme Court of India & presently International Judge, Singapore International
Commercial Court and Prof. Dr. R Venkata Rao, Former Vice Chancellor, National Law
School of India University, Bengaluru.
 CHAPTER- 1
INTRODUCTION

1.1 Description

Describing the conceptual vacuum surrounding the notion of privacy, Parker has rightly
observed that currently, there is no consensus in the legal and philosophical literature on
a definition of privacy. For some, privacy is a psychological state, a condition of “being-
1
apart-from-others” closely related to alienation. For others privacy is a form of power,
2
“the control we have over information about ourselves”, or “the condition under which
3
there is control over acquaintance with one’s personal affairs by the one enjoying it” or
4
“the individual’s ability to control the circulation of information relating to him.”

Most definitions of privacy agree on a core concept: that privacy is the claim of an
individual to determine what information about himself or herself should be known to
5
others. This also involves when such information will be communicated or obtained and
others will make what uses of it. In addition, many definitions of privacy would add a
claim to privacy by social groups and associations, and also a limited (largely temporary)
right of privacy for government bodies.

1.1.1. Privacy at Political Level

Privacy as a social issue has a political aspect and a psychological aspect. The former being
defined as the social issues element and the latter being defined as the behavioral element.
The importance of privacy with regards to social interaction and the need for it to sustain
normal everyday life among different cultures and even species is explained. The need for
privacy is established but is mainly considered socially rather than behaviorally.

1. Michael A Weinstein, “The Uses Privacy in the Good Life, 94, NOMOS, XIII (1971).
2. Ruth Gavison,” Privacy and limits of Law”, 425 Yale Law Journal 89(1980).
3. Gross,” The Concept of Privacy”, 42N.Y.U.L.Review 34, 35-37 (1967).
4. Arthur R.Miller,” The Assault on Privacy”, 169 Bookman Publishing 40(1972).
5.Westin. A.F. (Ed.) (1971). Information Technology in a democracy, Cambridge, MA: Harvard
University Press
 At the political level, every society sets a distinctive balance between the private sphere
and the public order, on the basis of the political philosophy of the state. In authoritarian
societies, where public life is celebrated as the highest good and the fulfillment of the
individual's purpose on earth, the concept of legally or socially protected privacy for
6
individuals, families, social groups, and private associations is rejected as immoral. It is

also seen as politically dangerous to the regime. Thus authoritarian governments keep
extensive records on people and create procedures to watch and listen secretly to elite
groups.

The public order, government, is seen as a useful and necessary mechanism for providing
services and protection. But constitutional machinery is expressly barred by bills of rights
and other guarantees of civil liberty from interfering with the citizen's private beliefs,
associations, and acts, except in extraordinary situations and then only through tightly
7
controlled procedures.

1.1.2. Privacy at the Socio-Cultural Level

This political balance is the framework for a second level of privacy the socio-cultural
level. Environmental factors, such as crowded cities, and class factors of wealth and race
shape the real opportunities people have to claim freedom from the observation of others.
In this sense, privacy is frequently determined by the individual's power and social status.
The rich can withdraw from society when they wish; the lower classes cannot. The
affluent do not need to obtain subsidizing support from government by revealing
sensitive information to authorities, while those in economic or social need must disclose
8
or go without. (Ironically, though, the rich, the famous, and the politically powerful are

also the people whose efforts at privacy are the most assaulted by the media, political
rivals, government investigators, etc. And, in an age of virtually universal record-keeping
and credentials review, even the wealthy and powerful become enmeshed in the all-
pervasive data-collection processes of an information-driven society.)

6. Source Link w w w . p r i v a c y e x c h a n g e . o r g / j a p a n / p r i v a c y g u i d e 0 4 . p d f . , last visited on 20.03.2016.

7. Ibid.
8. Ibid
 At the socio-cultural level, privacy is closely related to social legitimacy. When a society
considers a given mode of personal behavior to be socially acceptable-whether it is
hairstyle, dress, sexual preference, political or religious belief, having an abortion, or
other lifestyle choice - it labels such conduct as a private, rather than a public, matter.
This generally means that such matters should not be inquired into for the purpose of
denying someone access to the desirable benefits, rights, and opportunities controlled by
9
government or private organizations. When society does not accept certain personal

conduct, but considers it socially dangerous, society is saying this is not a matter of
“private choice” and does not allow the claim of privacy to be exerted for it in settings
where benefits, rights, and opportunities are being distributed. Thus, debates over privacy
are never-ending; for they are tied to changes in the changing norms of society as to what
kinds of personal conduct are regarded as beneficial, neutral, or harmful to the public
good. This makes some struggles over privacy unfold in moral, religious, and ideological
confrontations, with powerful interest-group competition.

In short, privacy is an arena of democratic politics; it raises fundamental debates about the
proper goals and roles of government; the degree of autonomy to afford sectors such as
business, science, education, and the professions; and the role of privacy claims in struggles
over related personal or group rights, such as equality, due process, and consumerism.

We can identify four psychological conditions or states of individual privacy. Sometimes

the individual wants to be completely alone, out of the sight and hearing of anyone else.
This state of solitude is the most complete and relaxed condition of privacy. Solitude
provides the opportunity for repossession of self, for thinking, healing, resting,
regrouping, and preparing for re-entry and re-engagement in social life.

In a second situation, the individual does not want to be alone but seeks the intimacy of
connections with confidants. We seek valued and trusted relationships with family,

9. Ibid
friends, or associates, with whom we need to share sensitive ideas and emotions, receive
10
help and feedback, and deepen bonds of mutual self-revelation and connection.

A third state of privacy involves defining some things that individuals do not want to
share fully with persons with whom they are in contact, and involves the creation of
11
reserve. Either by personal explanation or by social convention, the individual
indicates that he or she does not wish certain sensitive personal aspects to be discussed or
noticed, at least at that particular moment. When those around a person respect that
claim, the individual achieves the state of reserve.

Hence the industrial revolution has brought about its own set of laws regulating not only
business and commercial activity but also the governance of post industrial society.
Modern technological developments and in particular, the so called convergence of
computer and telecommunication technology created an environment in which there is
inexpensive and ready excess to an ever growing pool of personal information. Further
the interoperability of modern systems has made it possible to collect and analyze
detailed information about individuals almost anywhere in the world. Today the scenario
is that it is not only possible but also commercially attractive for businessmen to conduct
survey on large scale as they discover there are more new ways in which they can use
personal information to gain advantage in the market place.

Today, one can only surmise where technological progress will take us in the years
hence. Nonetheless, some trends regarding the Internet are already very discernible; its
multimedia potential makes it a unique information dissemination and exchange medium;
it is being far more invasive and personal than any technology in the past, it is changing
the paradigms of business, it is largely unregulated and in short it is largely changing the
way we live, often in ways we do not even realize.

10. Ibid
11. Ibid
 CHAPTER - 2
Conceptual Framework of Privacy

2.1 Historical Framework of Privacy in India

2.1.1 Historical Background

The recognition of privacy is deeply rooted in our history. There is recognition of privacy
in the Quran and in the sayings of Mohammed. The Bible has numerous references to
privacy. Jewish law has long recognized the concept of being free from being watched.
12
There were also protections in classical Greece and ancient China.

Legal protections for privacy of an individual have existed in Western countries for
hundreds of years. In 1361, the Justices of the Peace Act in England provided for the
arrest of peeping toms and eavesdroppers. In 1765, British Lord Camden, striking down a
warrant to enter a house and seize papers wrote, "We can safely say there is no law in this
country to justify the defendants in what they have done; if there was, it would destroy all
13
the comforts of society, for papers are often the dearest property any man can have”.

Parliamentarian William Pitt wrote, "The poorest man may in his cottage bid defiance to
all the force of the Crown. It may be frail; its roof may shake; the wind may blow through
it; the storms may enter; the rain may enter - but the King of England cannot enter; all his
14
forces dare not cross the threshold of the ruined tenement."

Various countries developed specific protections for privacy in the centuries that
followed. In 1776, the Swedish Parliament enacted the Access to Public Records Act that
required that all government-held information be used for legitimate purposes. France
prohibited the publication of private facts and set stiff fines for violators in 1858. The

12. Raman Mittal Neelotpal Deka, Cyber Privacy

13. Eiftick v. Camngton, 1558-1774 All ER Rep. 45.
14.William Pitt, Speech on the Excise Bill, 1763, quoted in, Privacy and Human Rights (2002), available
at the link: http://www.epic.org as last visited on 20.03.2016.
Norwegian Criminal Code prohibited the publication of information relating to "personal
15
or domestic affairs" in 1889.

2.1.2 Privacy in Ancient India

There are several legends which establish it beyond doubt that disturbing a meditating
sage was considered a wrong of the highest order in the ancient Indian society, Lord
Shiva, while, in meditation, is said to have been disturbed by Kamdeva, the god of love
and sex in the Indian mythology, who was burnt as punishment thereof when Lord Shiva
opened his third eye. Next example is when Lord Shiva himself was not permitted by
Lamboder to enter in his own house when Goddess Parvati was taking bath with an
intention to protect privacy. In matters of religious and spiritual pursuits interference or
disturbance of any kind was prohibited. So was the case with the study of the Vedas.

2.1.3 Privacy in Grihya Sutras

‘Weber maintains that the Grihya sutras are of much importance to us in as much as it is
16
in them that we have to look for the drawn of our legal literature. The Grihya Sutras
contain elaborate rules for the construction of a house.

The house generally comprised a bed-room (Sayaniya), a storeroom, a kitchen (Bhakta-

17
Sarana), a hall or drawing room (Sabha) and compound. Dr. Apte also supports the

above view and maintains that a bed-room, a drawing room, provision room and a
nursery used to be the parts of a house. The main door of a house was not supposed to
face the door of another house and used to be so constructed that the house-holder should
not be seen by unholy persons while performing religious rites while dining in his house
and passers-by should not be able to see the valuables in the house. Even in the selection
of site for a dwelling house, one of the main considerations was to avoid the sight of
persons or things that formed impediments to the study of the Vedas.

15.Juris Jon Bing, “Data Protection in Norway” (1996), available at the link:
http://www.jus.uio.no/iri/rettsinfo/lib/papers/dp_Norway/dp_norway.html.
16. Weber , History of Indian Literature , pp 16-20
17. Mishra G, Right To Privacy in India, 48, 151 (Preeti Publications, Ist Ed) (1994) cites Dr. Ram Gopal,
India of Vedic Kalpasutras,
In the above regulations and prohibitions lies the awareness and concern of the society to
exclude possible sight of a stranger, to preserve the sanctity of the house, to respect one’s
privacy in performance of religious rites, for the study of the Vedas and for dining
purposes.

2.1.4 Privacy in Arthashastra

The rules regulating the construction of houses as found in the Arthashastra run as under:

The owner of houses may construct their houses in any other way they collectively like,
but they shall avoid whatever is injurious. With a view to ward off the evil consequences
of rain, the top of the roof shall be covered over with a broad mat, not blow able by the
wind. Neither shall the roof to be such as will easily bend or break. Violation of this rule
shall be punished with the first amercement. The same punishment shall be meted out for
causing annoyance by constructing door or windows facing those of others’ houses,
18
except when these houses are separated by the king’s road or the high road.

With the exception of private rooms and parlous (angana) all other open parts of houses
as well as apartments where fire is ever kindled for worship or a mortar is situated shall
be thrown open for common use.

It is clear from the above extracts that the houses used to be divided into two main parts,
(a) private rooms and parlous meant for exclusive use of the ladies and (b) the rest of the
house used to be open for common purposes. Here the word “common” must be
understood in a sense implying common-use for the family members alone. The sanctity
of the family house was secured by prohibiting persons to enter another’s house, without
the owner’s consent, either during the day or night. The punishment prescribed for
violation of such prohibition was the first amercement and the middle most amercement
respectively. Further, any one, who used to construct doors and windows facing others
houses causing annoyance to his neighbors, was to be punished. One of the factors
causing annoyance was the exposure of private-rooms and parlous meant for exclusive

18. Ibid
use of ladies, for they were not supposed to be seen by a male-stranger or to stir out of
their houses.

At international level the right to privacy has been codified to some extent, in some Human
19
Rights Instruments. For example Art.12 of the Universal Declaration of Human Rights

adopted by the General Assembly of the United Nations on 10 December 1948 and Art. 17 of
International Covenant on Civil and Political Rights 1966 have references recognizing the
20
right to privacy as human rights and protecting the same. At the regional level also, Art. 8

of European Convention on Human Rights speak about the right to privacy.

Historically, the right to privacy as an independent, distinct concept originated in the field
or Tort Law. Under the Tort law, for any unlawful invasion of privacy, a new cause of
action for damages was recognized. Since privacy primarily concerns with the individual,
the right to privacy has two dimensions:

1. The general law of privacy which gives rise to tortuous liability for damages when
one’s privacy is unlawfully invaded and
2. The Constitutional recognition given to the right to privacy, which protects personal
privacy against unlawful government invasion.

Out of these two, there is nothing new about the first one, namely the development of
right to privacy under tort law. What is fascinating is the second aspect of the right to
privacy, i.e. the right to privacy acquiring the Constitutional status.

19. UDHR adopted and proclaimed by General Assembly resolution 217A (III) of December 10, 1948,
available at the link: http://www.un.org/overview/right.html, last visited on 18.03.2016.
20. Article 8 of European Convention on Human Rights: (1) Everyone has the right to respect for his
private and family life, his home and his correspondence.
(2) There shall be no interference by a public authority with the exercise of this right except as in
accordance with the law-and is necessary in a democratic society in interest of national security,
public safely or the economic well being of the country, for the prevention of disorder or crime, for
the protection of health or morals, or for the protection of the rights and freedoms of others.
The U.S. Supreme Court has held that the right of privacy even though not explicitly
mentioned in the Constitution of USA can be discerned from the First, Third, Fourth,
21
Fifth and the Ninth Amendments. In fact it has been held that the right of privacy in
the marital relation is older than the Bill of Rights and is protected by the due process
22
clause of the Fourteenth Amendment of the US Constitution. The court further
expanded the right of privacy by saying that if the right to privacy means anything, it is
the right of the individual, married or single to be free from unwarranted governmental
23
intrusion into matters so fundamentally affecting person .

The constitution does not explicitly mention any right of privacy. In a line of decisions,
however the court has recognized that a right of personal privacy or a guarantee of
24
certain areas or zones of privacy do exist under the constitution .

In Bowers v. Hardwink it was held that the state can make homo-sexualism and sodomy
criminal offences without violating the right of privacy A cursory look at the case law of
USA reveals that the right to privacy and its protection are mainly derived from the
substantive due process clause of Fourteenth Amendment and the ambit of the privacy
right is so expanded that it includes privacy in family life as well as in individual life
25
protecting the personhood, based on the concept respect of private life.

The Indian courts have seized the opportunities whenever they came and tried successfully to
bring the privacy right within the purview of fundamental rights. Even though right to
privacy is not enumerated as a fundamental right in our Constitution it has been inferred from
Art.21. This note traces down the evolution and development of right to privacy as a
fundamental right flowing from the other fundamental rights guaranteed under Part 3 of our
Constitution, highlighting development in law in the post constitutional period in India.

21. Boyd v. United States. 116 U.S. 616 , 630 ; Griswold v. Connecticut, 381 U.S. 479 (1965)
22. Justice Douglas who delivered the opinion of the court in Griswold case, p. 485
23. Ibid .
24. Ibid.
25. 478 U.S. 113 9 (1973)
2.2 Privacy: A Zero-Relationship

Privacy is a “zero relationship” between two persons or two groups or between a group
26
and a person. It is a “zero-relationship” in the sense that it is constituted by the absence

of interaction or communication or perception within contexts in which such interaction,

communication or perception with contexts in which such interaction, communication or
perception is practicable- i.e. within a common ecological situation such as that arising
from spatial contiguity, or membership in a single embracing collectively such as that a
family, a working group, and ultimately a whole society. Privacy may be the privacy of a
single individual, it may be the privacy of the individuals, or it may be the privacy of
three or more numerous individuals. But it is always the privacy of those persons, single
or plural, vis a vis other persons.

The phenomenon of privacy exists only in contexts in which interaction, communication

or perception is physically practicable and within the range of what can be expected of
human beings. The situation must, therefore be one in which the abrogation of privacy by
intrusion from the outside or by renunciation from the inside is practically possible.
Privacy presupposes the prior existence of a system of interaction among persons in a
common space, it might be face-to-face interaction within a household, a neighborhood,
or village, or a unit within a unit in a corporate body such as a firm, an army or a
congregation, the presupposed system of interaction might be one in which there is
ordinarily no face-to-face interaction between authority and subject within a corporate
body like a large church, a large firm, a large firm, a large army, or the state, and in
which the interaction or perception is initiated by an agent of authority with the intention
of intruding on the privacy of the subject.

2.3 Land Mark Cases

The origin of right to privacy as a constitutional right can be traced back to Kharak Singh
27
v. State of UP. In this case, all the majority of the judges of the Special Bench

26. Edward Shils, "Privacy: Its Constitution and Vicissitudes", 2 Law and Contemporary Problems
31 (Spring 1966).
27. A.I.R. (1963) S.C. 1295
 CHAPTER-3
Statutory protection of Right to Privacy in India

3.1 Privacy as under Easements Act, 1882

The origin of the custom of privacy must be ascribed to a period anterior to the age of the
Kautilya’s Arthashastra. Later, this customary right of privacy got its statutory
recognition as well in the Indian Easements Act, 1882. Section 18 of the Act provides
that an easement may be acquired in virtue of local customs, which are called customary
easement. Illustration (b) to the above section more or less settles the contents of the
customary right of privacy. It lays down:

By the custom of a certain town, no owner or occupier of a house can open a new
window therein so as to substantially to invade his neighbor’s privacy.

Illustration (b) A builds a house in the town near B’s house. A thereupon acquires an
easement that B shall not open new window in his house so as to command a view of the
portions of A’s house which are ordinarily excluded from observation, and B acquires a
like easement with respect of A’s house.

3.2 Privacy and Indecent Representation of Women (Prohibition) Act,

1987

The arena of obscenity does not recognize any “gender discrimination” and it covers both
the genders. There is, however, a disturbing trend of harassing the “female gender” by
unreasonably and illegally violating their privacy. It must be appreciated that a nation,
which does not respect its women, cannot be described as a civilized nation at all. Such a
nation cannot grow and develop and will ultimately perish due to its own rudimentary
39
and tyrannical dogma Thus; every attempt should be made to eliminate the menace of

obscenity from the society. The societal interest requires preserving genuine artistic
39. See the link:
h t t p : / / w w w . n a a v i . o r g / p r a v e e n _ d a l a l / w h a t i s _ o b s c e n i t y _ f e b 0 3 . h t m # _ f t n 2 as last
visited on 23.03.2016.
works and arts on the one hand and to weed out the wild, obscene and pornographic
works on the other hand.

The term “obscenity” is, however, not capable of a precise definition and it keeps on
changing as per the norms and ideologies of the contemporary society. That takes us to
the “tests” of obscenity. The tendency of the matter charged as obscene must be to
deprave and corrupt those, whose minds are open to such immoral influences and into
40
whose hands a publication of the sort may fall is the right test.

Under the Indecent Representation of Women (Prohibition) Act, 1987 if an individual

harasses another with books, photographs, paintings, films, pamphlets, packages, etc.
containing "indecent representation of women"; they are liable for a minimum sentence
of 2 years. Further section 7 (Offences by Companies) holds companies where there has
been "indecent representation of women" (such as the display of pornography) on the
premises guilty of offenses under this act, with a minimum sentence of 2 years.

Anara Gupta too was booked under the Indecent Representation of Women (Prohibition)
Act, apparently for representing herself in poor light. Then the forensic lab in Hyderabad
gives her a clean chit, she gets off the hook. But by then, the websites have posted
thousands of hits, and every second PC in India has the video. Maybe someone should
bring the media to book, for publicizing that it was her in the video. Provisions of the
Indian Penal Code, 1860:

3.3 Privacy as under Indian Penal Code 1860

In cases where the accused sexually harasses or insults the modesty of a woman by way
of either- obscene acts or songs or- by means of words, gesture, or acts intended to insult
the modesty of a woman, he shall be punished under Sections.293, 294, 209, 354 and 509
respectively of the Indian Penal Code, 1860.

Section 293 also specifies, in clear terms, the law against Sale etc. of obscene objects to
minors. As per the Indian Penal Code, 1860:

40. Cockburn, C.J.in Queen v. Hicklin 1868 L.R. 3 Q.B. 360.

Section 293: "Sale, etc. of obscene objects to young persons”
Whoever sells, lets to hire, distributes, exhibits or circulates to any person under the age
of twenty years any such obscene object, as is referred to in IPC Section 292 (definition
given below), or offers of attempts so to do, shall be punished (on first conviction with
imprisonment or either description for a term which may extend to three years, and which
fine which may extend to two thousand rupees, and, in the event of a second or
subsequent conviction, with imprisonment of either description for a term which may
extend to seven years, and also with fine which may extend to five thousand rupees)"

For the purposes of sub-section (2), a book, pamphlet, paper, writing, drawing, painting
representation, figure or any other object, shall be deemed to be obscene if it is lascivious
or appeals to the prurient interest or if its effect, or (where it comprises two or more
distinct items) the effect of any one of its items, is, if taken as a whole, such as to tend to
deprave and corrupt persons who are likely, having regard to all relevant circumstances,
to read, see or hear the matter contained or embodied in it.].

41
In Ranjit .D. Udeshi v State of Maharashtra the appellant, a bookseller, sold a copy of

the unexpurgated edition of "Lady Chatterley's Lover". He was convicted under section
292, Indian Penal Code. On an appeal the Supreme Court observed: “The section
embodies a reasonable restriction upon the freedom of speech and expression guaranteed
by Art.19 and does not fall outside the limits of restriction permitted by cl. (2) of the
Article. The section seeks no more than the promotion of public decency and morality,
which are the words of that clause. The book must be declared obscene within the
meaning of section 292, Indian Penal Code. The word "obscene” in the section is not
limited to writings, pictures etc. intended to arouse sexual desire. At the same time the
mere treating with sex and nudity in art and literature is not per se evidence of obscenity.
Though the work as a whole must be considered, the obscene matter must be considered
by itself and separately to find out whether it is so gross and its obscenity so decided that
it is likely to deprave and corrupt those whose minds are open to influences of this sort.
In this connection the interests of contemporary society and particularly the influence of

41. AIR 1965 SC 881

the impugned book on it must not be overlooked. The section does not make the
bookseller's knowledge of obscenity an ingredient of the offence and the prosecution
need not establish it. Absence of knowledge may be taken in mitigation but does not take
the case out of the section. But the prosecution must prove the ordinary mens rea in the
second part of the guilty act and it must be proved that he had actually sold or kept for
sale the offending article. Such mens rea may be established by circumstantial evidence”.
This shows that the element of “guilty intention” is fulfilled the moment the offending act
of obscenity or pornography is committed.

Sec.294 of IPC, the obscene act or song must cause annoyance. Though annoyance is an
important ingredient of this offence, it being associated with the mental condition, has often
to be inferred from proved facts. However, another important ingredient of this offence is that
the obscene acts or songs must be committed or sung in or near any public place.

42
In Pawan kumar v State of Haryana The Supreme Court observed: “In order to secure

a conviction the provision (Section 294, I.P.C) requires two particulars to be proved by
the prosecution, i.e. (i) the offender has done any obscene act in any public place or has
sung, recited or uttered any obscene songs or words in or near any public place; and (ii)
has so caused annoyance to others. If the act complained of is not obscene, or is not done
in any public place, or the song recited or uttered is not obscene, or is not sung, recited or
uttered in or near any public place, or that it causes no annoyance to others, the offence is
not committed” These decisions of the Supreme Court have direct relevance under the
Information Technology Act, particularly regarding the liability of the web site owners
and the “Internet service providers” (ISPs). For instance, the former case may make the
web site owners and ISPs liable for any “offensive material” posted on their web site
even if they have not posted it on the site. This may happen when the web site owner/ISP
has been made aware about the contents of the same and he fails to remove the offensive
material. Similarly, the second case equally make them liable because a web site or/and a
server owned and controlled by an ISP are undoubtedly “public places” where the public
has virtually unlimited access. Thus, if despite bringing to the notice of a web site owner

42. 1996 (4) SCC 480.

Supreme Court held that it was open to the hospital authorities or the doctor concerned to
reveal such information to the persons related to the girl whom he intended to marry and
she had a right to know about the HIV Positive status of the appellant.

3.4.2 Right to know about the information under the control of a public authority: In
our present democratic framework, free flow of the information for the citizens suffers
from several bottlenecks including the existing legal framework, lack of infrastructure at
the grass root levels and an attitude and tendency of maintaining secrecy in the day to day
governmental functioning. To remove these unreasonable restrictions the Freedom of
Information Act, 2002 has been enacted by the Parliament. The Act provides for freedom
to every citizen to secure access to information under the control of public authorities
consistent with public interest, in order to promote openness, transparency and
accountability in administration and in relations to matters connected therewith or
incidental thereto. The Act is in accord with both Article 19 of the constitution as well as
Article 19 of the Universal Declaration of Human Rights, 1948.The act will enable the
citizens to have an access to information on a statutory basis. With a view to further this
objective, Section 3 of the Act specifies that subject to the provisions of this Act, every
citizen shall have the right to freedom of information. Obligation is cast upon every
public authority u/s 4 to provide information and to maintain all records consistent with
its operational requirements duly cataloged, indexed and published at such intervals as
may be prescribed by the appropriate government or the competent authority. Information
relating to certain matters is exempted from disclosure u/s 8 of the Act. Further, Section 9
specifies the grounds for refusal to access in certain cases. It must be noted that right to
receive information from public authorities, which includes judiciary, is not an absolute
right but is subject to statutory and constitutional restrictions.

3.4.3 Right to information and Electronic governance: Digital technologies and new
communication systems have made dramatic changes in our lives. Business transactions
are being made with the help of computers. Information stored in electronic form is
cheaper and easier to store. Thus, keeping in view the urgent need to bring suitable
amendments in the existing laws to facilitate electronic commerce and electronic
governance, the Information Technology Act, 2000 was enacted by the Parliament. The
aim of the e-governance is to make the interaction of the citizens with the government offices
hassle free and to share information in a free and transparent manner. It further makes the
right to information a meaningful reality. In a democracy, people govern themselves and they
cannot govern themselves properly unless they are aware of social, political, economic and
other issues confronting them. To enable them to make a proper judgment on those issues,
they must have the benefit of a range of opinions on those issues. This plurality of opinions,
views and ideas is indispensable for enabling them to make an informed judgment on those
issues, to know what is their true interest, to make them responsible citizens, to safeguard
their rights as also the interests of society and State. All the constitutional courts of leading
democracies have recognized and reiterated this aspect.

Every citizen has a right to impart and receive information as part of his right to
information. The State is not only under an obligation to respect this right of the citizen,
but equally under an obligation to ensure conditions under which this right can be
meaningfully and effectively enjoyed by one and all. Right to information is basic to and
indivisible from a democratic polity. This right includes right to acquire information and
to disseminate it. Right to information is necessary for self-expression, which is an
important means of free conscience and self-fulfillment. It enables people to contribute
on social and moral issues. It is the best way to find a truest model of anything, since it is
only through it that the widest possible range of ideas can be circulated.

3.5 Land Mark Cases

45
In 1888, the case of Gokal Prasad v Radho (hereinafter referred to as Gokal Prasad

Case) came before a Division Bench of Allahabad High Court for decision. The plaintiff
alleged that the defendant had wrongfully built a new house in such a way that certain
eaves of that new house projected over the plaintiff’s land and that a verandah and certain
doors of the house interfered with the privacy of those portions of the plaintiff’s house
and premises which were occupied and used by the females of the plaintiff’s family.
Accordingly he claimed to have the eaves, in question, and the verandah removed and the

45 ILR 10 All (1888) 358

 CHAPTER - 4
DATA PROTECTION & PRIVACY

4.1 Meaning of Data

51
The Oxford English Dictionary defines the term “data ” to connote things given or

granted; things known or assumed as facts and made the basis of reasoning or
calculation; facts collected together for reference or information; quantities, characters
or symbols on which operations are performed by computers and other automatic
equipment, and which may be stored and transmitted in the form of electrical signals,
records on magnetic, optical or mechanical recording media, etc.

52
Further, the term “data” has been defined in a number of legislations worldwide , which
signifies its importance in today's day and age. It may be relevant to look at some of these
53
definitions. The United Kingdom Data Protection Act, 1998 (UK Act) defines data as
information which:

1. is being processed by means of equipment operating automatically in response to

instructions given for that purpose,
2. is recorded with the intention that it should be processed by means of such equipment,
3. is recorded as part of a relevant filing system or with the intention that it should form
part of a relevant filing system, or
4. does not fall within paragraph (a), (b) or (c) but forms part of an accessible record as
defined by section 68.

54
The UK Act further defines “personal data ” as data, which relates to a living
individual who can be identified:

51. The Oxford English reference Dictionary, Judy Pearsall and Bill Trumble (edited by them), 2nd
Edition, 1996, Oxford University Press.
52. Section 1(a) of the Data Protection Act, 1988(UK Act), Section 2(o) of the Information Technology
Act, 2000
53. Section 1(a) of the Data Protection Act, 1988.
54. Section 1(e) of the Data Protection Act, 1998.
 1. from the data, or
2. from the data and other information which is in the possession of, or is likely to
come into the possession of, the data controller,
3. and includes any expression of opinion about the individual and any indication of the
intentions of the data controller or any other person in respect of the individual.

In view of the information revolution, which has resulted from the coupling of computer
techniques, telecommunications, multimedia and the lightning development of the
Internet, the legislations have also therefore laid stress and emphasis on the computer-
55
processed and computer stored forms of data.

4.2 Need Regulation of Data Protection

It is well understood that the free flow of information has contributed to the globalization and
virtualization of society and thus had raised concerns about security, respect of fundamental
rights and privacy. The keeping of records on individuals for various purposes and the risks of
infringement of privacy, by both public and private sectors, have never been easier than today,
through the use of new technologies and the convergence of their application. One example of
such infringement of privacy is often reflected in a number of unidentified calls received by
consumers today by number of companies selling its products on telephone and e-mails on the
basis of the data collected by them through sources that are not disclosed to consumers.
Therefore, an active policy and awareness by and on behalf of citizens is constantly a necessity.
The privacy of an individual’s home or routine conduct of business in an organization is now
interrupted by telephone calls from tele marketing executives on behalf of the banks, financial
institutions, mobile phone companies etc. with various offers. Clearly there is a violation of
56
personal privacy by such calls. Recently a recipient filed a public interest writ petition before

the Supreme Court against several banks and mobile phone service providers alleging, inter
alia, that the respondents were in violation of petitioner’s privacy.

55. Note: Legislations laying stress and emphasis on the computer processed and computer stored
forms of data, Data Protection Act, 1988, Information Technology Act, 2000, OECD guidelines on
data protection (1980.)
56. Source Link: www.manupatra.com/downloads/2005-data/TelePIL.pdf.
A core problem in this respect concerns what forms of regulation actually benefits
citizens and how their interests can be determined. Further, as data protection is in the
interest of the citizen this regulation must, as a starting point is acceptable. However,
there are several conflicting interests that are active within this field and it is a constant
battle to ensure that these interests are balanced and that those of citizens are sufficiently
protected. In view of this, it is further important to look at the efforts made for regulation
and protection of data internationally.

4.3 Regulation of Data Protection

4.3.1 OECD Guidelines and Data Protection

It was in the year 1980 that an international team of experts convened by the
Organization of Economic Co-operation and Development (OECD), developed a set of
privacy guidelines, consisting of a total of eight "privacy principles" and enforcement
approaches. The OECD Guidelines were intended to offer harmonized protection of
individual privacy rights while simultaneously being flexible enough to apply across a
variety of social, legal, and economic circumstances.

4.3.1.1 Basis for the OECD Guidelines

There has been an increasingly widespread trans-jurisdictional flow of personal data

across international frontiers in the past few decades owing to the rapid advancement in
data transmission technology and technological processes and leading to emerging issues
in the areas of unlawful storage of personal data, storage of inaccurate personal data and
the unauthorized disclosure or onward transmission of such data leading to the abuse of
57
personal data privacy .

A need to protect personal data privacy has been recognized by various countries in the

form of legislations, regulations and policy guidelines formulated by them in this regard

57. OECD Guidelines on data protection (1980) – Guidelines Governing the Protection of Privacy
and Transborder Flows of Personal Data, adopted 23.9.1980; available at
http://europa.eu.int/comm/internal_market/privacy/instruments/ocdeguideline_en.htm
however there has also been a parallel recognition in as much as that any disparities in
such sometimes diverging legislations, regulations and policy guidelines across countries
could disrupt the free trans border flow of necessary personal data and further that such
disruptions could impart serious damage to critical sectors of the economy such as
banking and insurance.

Recognizing the above issues, the OECD member countries decided that it would be
imperative to formulate comprehensive guidelines to harmonize the various national privacy
legislations, regulations and policy guidelines in order to develop a dual framework of
upholding privacy protection of personal data as well preventing interruptions in the trans
border flow of such data. The OECD Guidelines on the Protection of Privacy and Trans
Border Flows of Personal Data (Guidelines) were framed as a result of the above recognition
in the form of recommendations made by the Council. The Guidelines were formally adopted
with effect from September 23, 1980 and represent a consensus on basic principles that can
either be built into existing national legislations, regulations and policy guidelines of member
countries or in the alternative, serve as a basis for legislations in member countries that do
not have the same in the form and manner set out as follows:

1. Member countries take into account in their domestic legislations the principles
concerning the protection of privacy and individual liberties set forth in the Guidelines;
2. Member countries endeavor to remove (if created) or avoid creating unjustified
obstacles to trans border flows of personal data in the name of privacy protection;
3. Member countries co-operate with one another towards the comprehensive
implementation of the Guidelines; and
4. Member countries agree at the earliest on specific procedures of consultation and co-
operation for the application of the Guidelines.

4.3.1.2 Scope of the OECD Guidelines

The broad scope of the Guidelines is as follows:

1. The Guidelines permit the application of different measures of data protection to
different categories of personal data on the basis of the nature and the context in
which such categories of data are collected, stored, processed or disseminated;
2. The Guidelines cover personal data that does not purportedly contain any risk to privacy or
individual liberties i.e. simple and factual data if used in a context where the same may
become offensive to the subject of such data shall be included in the scope. However, data
collections of an obviously innocent nature such as personal notebooks are excluded;

3. The Guidelines in their application extend to both forms of processing of personal data
i.e. the automated form of processing personal data and the non-automated form;
4. The Guidelines permit the exceptions contained therein including those relating to
national sovereignty, national security and public policy subject to such exceptions
being restricted to as few as possible and further subject to the same being made
known to the public at large;
5. The Guidelines permit their comprehensive observance in the particular context of
federal country jurisdictions to be affected by the division of powers in such
jurisdictions; and
6. The Guidelines purport to be construed as minimum standards that are flexible to and
capable of being supplemented by any additional measures adopted for the protection
of privacy and individual liberties.

4.3.1.3 OECD Guidelines: Basic Principles of National Application

The Guidelines are primarily an embodiment of eight comprehensive principles relating

to Data Protection.

The Principles are set out herein below as follows:

1. Collection Limitation Principle: This principle deals with the basic issue that it is
desirable to recognize the categories of data, which could be per se sensitive, and
58
therefore the collection of such sensitive data should be restricted or even prohibited.

58. Principle 7 of the OECD Guidelines on data protection (1980).

 □ within a reasonable time;
□ at a charge, if any, which is not excessive;
□ in a reasonable manner; and
□ in a form that is readily intelligible to him;

c) To be given reasons if a request made under subparagraphs (a) and (b) is

denied, and to be able to challenge such denial; and

d) To challenge data relating to him and, if the challenge is successful to have the
63
data erased, rectified, completed or amended.

The right of individuals to access and challenge personal data is generally regarded as the
most important privacy protection safeguard. The right to access should be part of the day-
to-day activities of the data controller or his representative and should not involve any
legal process or such similar measures.

In some cases it may be appropriate to provide for intermediate access to data; for
example, in the medical field, a medical practitioner can serve as a go-between. In some
countries supervisory organs, such as data inspection authorities, may provide similar
services. Further, the requirement that data be communicated within reasonable time may
be satisfied in different ways. For instance, a data controller who provides information to
data subjects at regular intervals may be exempted from obligations to respond at once to
individual requests.

Communication of such data "in a reasonable manner" is construed to mean that

problems of geographical distance should be given due attention. Moreover, if intervals
are prescribed between the times when requests for access must be met, such intervals
should be reasonable. The extent to which data subjects should be able to obtain copies of
data relating to them is a matter of implementation, which as per the interpretation of this
principle must be left to the decision of each member country.

63. Ibid
The right to be given reasons is narrow in the sense that it is limited to situations where
requests for information have been refused. The right to challenge in (c) and (d) purports
to be broad in scope and includes first instance challenges to data controllers as well as
subsequent challenges in courts, administrative bodies, professional organs or other
institutions according to domestic rules of procedure. The right to challenge also does not
imply that the data subject can decide what remedy or relief is available (rectification,
annotation that data are in dispute, etc.). Such matters are the subject of domestic law and
legal procedures. Thus an individual should have the possibility to consent specifically to
the use of his data, which are not strictly necessary for the payment or should at least be
64
given the possibility to oppose such a use .

8. Accountability Principle: A data controller should be accountable for

65
complying with measures that give effect to the principles stated above.

This principle is structured on the premise that since the data controller takes decisions
in respect of both data and data processing activities; it is for his benefit that the
processing of data is carried out. Accordingly, it becomes essential that accountability
for complying with privacy protection rules and decisions should be placed onto the data
controller irrespective of the processing of data being carried out by another party such
as a service bureau. On the other hand however, the Guidelines do not prevent service
bureau personnel, "dependent users" and others from also being held accountable. For
instance, sanctions against breaches of confidentiality obligations may be directed
against all parties entrusted with the handling of personal information. Accountability
refers to accountability supported by legal sanctions, as well as to accountability
established by codes of conduct, for instance.

64. See articles 7 and 14 of the EU directive 95/46/EC on the protection of individuals with regard to
the processing of personal data and on the free movement of such data adopted on the 24th October
1995 (hereinafter-directive 95/46/EC).
65. Ibid
The data protection principles and legislations in general have thus been founded upon
the Guidelines on the Protection of Privacy and Trans border Flows of Personal Data
issued in 1980 by the OECD. The OECD Guidelines will be studied in greater detail in
the next chapter.

4.3.2 European Union and Data Protection

In the European Union (EU), the protection, of personal information became widespread
after the Second World War. The explosion of information power brought about by
computing established fears that the usage of the new machines might weaken or
undermine individual human rights surfaced quite early in mainland Europe. Europe had
only established its Human Rights Commission in the 1950s after the European
Convention for the Protection of Rights and Fundamental Freedoms was adopted in
1950. The suggestion that data movements might be curtailed or controlled on human
rights grounds gave rise, in its turn, to reservations of a different kind; such as trade
being fettered if information could not flow freely. The development of standards for the
use and dissemination of personal data, or data protection standards, proved to be the
response to these apprehensions. The standards laid by the European Union are seen
embodied in enforceable laws throughout Europe and in many other parts of the world.

66
4.3.2.1 EC Directive
67
68
In 1995, the EU adopted its data protection directive (95/46/EC) , and established a detailed
privacy regulatory structure for prospective and intended adoption into national law by EU
member states. The directive adopted the OECD concepts on data protection in its directive.
However, the directive made several important changes or additions to the OECD Guidelines
69
such as the creation of a "legitimacy" principle , which prohibits any data to

66. EC Directive on data protection (1995) – Directive 95/46/EC of the European Parliament and of the
Council of 24 October 1995 on the protection of individuals with regard to the processing of personal
data and on the free movement of such data (OJ No L 281(1995), 31).
67. Ibid
68. Directive 95/46/EC on the Protection of Individuals with Regard to the Processing of Personal Data and
on the Free Movement of such Data (O.J.No L 281(1995) p. 31 et seq.).
69. Note: This principle prohibits any data to be processed, which does not have any legitimate purpose.
be processed that does not have a legitimate purpose. It further interpreted the openness
70
principle to require national registration of databases and data controllers and promoted

the free flow of information only between and amongst the EU member states. The cross
border transfer to other countries was prohibited unless the other country provided an
"adequate" level of protection, although the same was made subject to certain exceptions.
Lastly the directive specifically stated that the member states should encourage the use of
codes of conduct thereby providing a means to limit the possible discretionary exercise of
authority and also obtaining flexible means to update national interpretations.

The EU member states have a tradition of industry- government dialogue and the use of
industry codes of conduct. The EU directive explicitly encourages the use of such "self-
regulatory" measures; thereby making the impact of the directive less burdensome. In
other words, these codes allow regulatory measures to be flexible in order to keep pace
with technological developments and with evolving industry practices. These codes
further assist in avoiding unnecessary regulatory barriers and limiting the discretionary
exercise of regulatory authority.

This directive was thus an important initiative to protect personal information by

prohibiting the transfer of such personal data to those countries, which did not conform to
71
the privacy protection requirements of the EU.

4.3.3 United Kingdom and Data Protection

UK enacted the UK Data Protection Act, 1984 as amended by the UK Data Protection
Act, 1998 (DPA). The 1984 Act drew on both the OECD and Council of Europe
principles. It set out eight principles for data handling, largely drawn from the two
72
international instruments and state that the personal data should be:

1. lawfully processed;

70. Principle 12 of the OECD Guidelines on data protection (1980).

71. Source Link : http://www.legalsitecheck.com/dataprotection.html.
72. Section 4(4) of the Data Protection Act 1998, Paul Marett,” Information Law in Practice”, 2nd edition,
(Ashgate Publishing Limited, 2002), Ian Lloyd,”Legal aspects of Information Society”, (Butterworths,
London, 2000).
2. lawfully obtained;
3. adequate and relevant;
4. accurate and up to date;
5. stored for a specific purpose and a reasonable duration;
6. processed in accordance with the rights of the owners of such data;
7. appropriate technical and organizational measures should protect against
unauthorized use of such data and provide overall protection; and
8. transborder flow of information between countries with similar levels of
protection.

The DPA provides a fairly detailed route map wherein various measures of protecting
personal information / individual privacy is set out. These eight principles provide legal,
technical and contractual protection to personal data and further also state the parameters
within which personal data is to be processed, obtained, stored and used in the public
domain. These principles also govern data exchange beyond the national level to protect
information crossing the local borders. Indeed a comprehensive protection is put forth
within these principles for personal data. Any contravention of the rights of the
individual owning personal data is subject to compensation for the extent of damage.

4.3.4 United States of America and Data Protection

In the United States however, privacy protection is implanted in a much longer historical
development path as the same was developed in a fragmented manner commencing from
the basic principles of tort law and as a by- product of industry-specific legislation, such
as the Fair Credit Reporting Act of 1970.

The US currently has no legislation specific to consumer data privacy protection, relying
instead upon the industry self-regulation approach to the OECD Guidelines. Having stated
that however, due to immense pressure to strengthen consumer data protection owing to the
looming threat of the requirements of the EU data directive, the Federal Trade Commission
(FTC) has taken a more proactive approach in protecting consumer data,
acting pursuant to its authority to prevent unfair and deceptive trade practices in
accordance with the FTC Act.

4.3.5 Asia Pacific and Data Protection

In November 2004, the Asia-Pacific Economic Cooperation (APEC), a forum established

in 1989 for facilitating economic growth, co-operation, trade and investment in the Asia
Pacific Region endorsed a privacy framework based in principle structure and import
upon the core fundamentals of the OECD Guidelines. The same recognizes “reasonable
expectation” of privacy and imparts due emphasis to the benefits of participation in a
global information economy. It specifically endorses “proportionality” in terms of
national regulation so that regulation and remedy are proportional to the likelihood and
significance of causing harm to an individual subject. The framework further focuses
upon the “core fundamentals” of the OECD Guidelines and on the use of the Internet to
provide notice, consent, and control.

It may be noted that like the OECD, the APEC is only a inter governmental grouping and
operates on the basis of non-binding commitments, open dialogue and equal respect for
the views of all participants

4.3.6 India and Data Protection

India is today viewed as one of the information technology majors. The increasing number of
technology related crimes in India recently reflects the growth of Information Technology
Industry.73 It has been India has a ‘robust data protection lan d ’ in the shape IT Act, 2000 which
. w
does not prescribe any rules relating to crucial aspects of data protection such as the processing
of personal data, the conditions under which the

73. Recent examples are the case of the attempted sale of a pornographic video clipping that resulted in
the dismissal of the CEOof bazee.com, an auction portal owned by e-bay Inc, and the case of
multimedia clipping transmitted via mobile handsets where the naked body of woman was morphed
with a famous bollywood actress.(Issues of Data protection in the context of Outsourcing from
Switzerland and the EU to India, Dr. Ursula Widmer, Bern and Latha R Nair , CRi January 1st , 2006 ,
p 18-23)
74. See Na. Vijayshankar “India has a robust data protection law” 24th June 2005, as last visited on
15.03.2016, available at the link: http://www.naavi.org/cl_editorial_05/edit_june_24_05_01.htm.
data may be collected from an individual, the precautions to be taken while collecting
data, confidentiality and security of processing of the data collected.

The (Indian) Information Technology Act, 2000 (Act) defines "data" to mean a
representation of information, knowledge, facts, concepts or instructions which are being
prepared or have been prepared in a formalized manner, and is intended to be processed,
is being processed or has been processed in a computer system or computer network, and
may be in any form (including computer printouts, magnetic or optical storage media,
75
punched cards, punched tapes) or stored internally in the memory of the computer.

Currently there are no “data protection” specific laws in India. However, in the absence
of specific laws, the Indian judicial system offers a few stand-in laws and other indirect
safeguards e.g. Information Technology Act, 2000 and the Indian Penal Code, 1860 Now
for the most comprehensive regulatory statute on technology available in India - the
Information Technology Act, 2000. This statute provides an environment for various
aspects of commerce in the information society.

76
Section 1(2) read with Section 75: Long Arm Jurisdiction

Sec.1 (2) read with Sec.75 of the Act provides for an extra-territorial application of the
provisions of the Information Technology Act.

77
Section 43: Access without permission

If a person without the permission of the person in-charge of the computer system,
accesses, downloads any data, introduces virus or causes denial of access, will be liable
for a penalty of up to Rs. 10,000,000. Section 43 of the Information Technology Act is
proposed to be amended to say, if any body corporate, that owns or handles sensitive
personal data or information in a computer resource that it owns or operates, is found to
have been negligent in implementing and maintaining reasonable security practices and
procedures, it shall be liable to pay damages by way of compensation not exceeding Rs.

75. Section 2(o) of the Information Technology Act, 2000.

76. Information Technology Act, 2000.
77. Ibid
10,000,000 to the person so affected. Reasonable security practices and procedures have
been defined as such security practices and procedures as appropriate to the nature of the
information to protect that information from unauthorized access, damage, use,
modification, disclosure or impairment, as may be prescribed by the Central Government
in consultation with the self-regulatory bodies of the industry, if any.

78
Chapter X

Creation of a Cyber Appellate Tribunal is envisaged to oversee adjudication of cyber-

crimes such as damage to computer systems (Section 43) and breach of
confidentiality (Section 72).

79
Section 65 and 66: Tampering with Computer Source Code and Hacking

Section 65 deals with the issue of tampering with computer source documents.
According to Section 65, anyone who deliberately or purposely hides, destroys or alters
any computer source code or induces someone else to do so shall be punishable with
imprisonment up to 3 years, or with fine, which may go up to Rs. 200,000, or with both.

According to Section 66, hacking is committed if some one, with the intention of causing
wrongful loss or damage (or with the knowledge that such damage or loss is likely to
result) to the public / any person, destroys /deletes / alters any information residing in a
computer resource, diminishes its value or utility, or affects it injuriously by any means.
If a person commits hacking, he/she is liable to be punished with imprisonment up to 3
years, or with a fine, which may go up to Rs. 200,000, or with both.

Section 66 of the Information Technology Act while making unauthorized access of a

computer system an offence also makes unauthorized downloading/ extraction of data
also an offence. Though this provision does not deal with privacy directly it can be used
in cases where personal information has been obtained through unauthorized access.

80
Section 69: Intercepting Informatio
n

78. Ibid.
79. Ibid
This Section gives tremendous powers to Controller of Certifying Authorities (CCA) to
direct interception of any information transmitted through any computer resource. This
direction is only to be given if the CCA is satisfied that it is necessary or expedient so to
do in the interests of the following:

1. the sovereignty or integrity of India,

2. the security of the state,
3. friendly relations with foreign states,
4. public order, or
5. for preventing incitement to the commission of any cognizable offence.

This Section requires that users disclose encryption keys or face a jail sentence up to
7 years.

1
y
Section 72: Breach of Confidentiality and Privac

Section 72 relates to the disclosure of certain information by any person who has
gained access to such information in pursuance of a power granted under Act. In case a
person who has secured access to any electronic record, book, register,
correspondence, information, document, or other material discloses any of these to any
other person, he will be punished with imprisonment for a term, which may extend to 2
years, or with a fine, which may go to Rs. 100,000 or with both. The above provision
does not apply to the disclosure of personal information regarding a person in a
website or by his email service provider, etc.

Under the proposed amendments to Section 72, if any intermediary who by virtue of any
subscriber availing his services has secured access to any material or other information
relating to such subscriber, discloses such information or material to any other person,
without the consent of such subscriber and with intent to cause injury to him, such
intermediary shall be liable to pay damages by way of compensation not exceeding Rs.

80. Ibid
81. Ibid
2,500,000 to the subscriber so affected. Further the amendments to Section 72 also
propose to make video voyeurism an offence under the Act.

However, recognizing the need for data protection in the technological environment, the
Central Government has taken several initiatives for the furtherance of data protection.
Some of the initiatives taken by the Ministry of Information Technology in India may be
mentioned:

➢➢
Standardization, Testing and Quality Certification (STQC) Directorate Due to

the international demand that Indian firms should have an international security standard
accreditation, the Indian government has set up the Standardization, Testing and Quality
Certification (STQC) Directorate (under the Department of Information Technology (DIT)).
The Directorate has been able to launch an independent third-party certification scheme for
the Information Security Management System, as per BS 7799 Part 2, and has achieved
international recognition in the form of accreditation from the RvA, Netherlands.

➢➢
Computer Emergency Response Team (CERT) The Indian Computer
Emergency Response Team (CERT) was established by the DIT to be a part of the
international CERT community. CERT was set up to protect India's IT assets against
viruses and other security threats.

➢➢
Information Security Technology' Development Council (ISTDC) The Ministry
has recently set up the Information Security Technology Development Council (ISTDC).
The main objective of this program is to facilitate, coordinate and promote technological
advancements, and trespond to information security incidents, threats and attacks at the
82
national level.

The whole issue of data protection in the digital context probably hinges on the contention of
the interests of the individual versus the state, market and technology developments.
Organizations require to look now at how they collect, store and use personal data and
comply with existing laws and in absence of such laws, ask themselves whether they are

82. NASSCOM: Regulations in India available at the link - http://www.nasscom.org as last visited on
20.03.2016.
 CHAPTER – 5
INFORMATIONAL & WORKPLACE PRIVACY

5.1 Information Privacy - Legal Approaches to its Protection

The concept of informational privacy is distinct from other aspects of privacy such as
physical intrusion and surveillance. Information privacy means the claim of individuals to
determine for themselves when, how and to what extent information about them is or may be
83
communicated to others. It may also be defined as the individual's ability to control the
84
circulation of information relating to him or her. Many people are unaware that when they
go online, they leave an electronic record of their movements and unwittingly provide
personal information to people and organizations that track such data.

Globalization and the growth of electronic technologies have challenged the ability of
states to ensure the privacy rights of their citizens. Information privacy initially emerged
as a value that could not be taken or misused by government without due process of law.
This concept was later developed into a set of best practice principles, both in the US and
in the European Union for ensuring fair processing, minimal intrusion and limited
purposes in respect of the use of personal data.

Information privacy was most profoundly affected by the rapid developments in

information technology such as the increased use of computers and the setting up of
national databanks wherein the choice of the individual is seen as central to the concept
of privacy both in allowing physical intrusion and the sharing of information. It is almost
ironic that privacy is being threatened over Internet, as initially, Internet was perceived as
a technology that would afford its users a considerable level of anonymity and also
provide a forum to which would encourage and foster freedom of individual expression.

There are various different legal approaches in respect of the protection of information
privacy such as the Nordic, Civil and Common law approaches. The Nordic approach for

83. Adam Carlyle Breckenridge, The Right to Privacy, 1971, quoted in, Madhavi Divan, "The Right
to Privacy in the Age of Information and Communications" (4) SCC 12-23(2002).
84. Ibid
instance is defined as a combination of legal remedy available to the individual through
85
rights of access and the administrative regulation of computerized records. This
approach pioneered information legislation.

The Civil law approach differs from the Nordic approach in as much as it relies upon
statements of general principle. Its clear influence has been seen on two significant
doctrines in the development of privacy law namely, the US Constitution to protect
certain types of behavior including a right to privacy from government surveillance into
an area where a person had a 'reasonable expectation of privacy and matters relating to
marriage, procreation, child-rearing and education. The second significant doctrine was
developed through the European Convention of Human Rights (ECHR), a codification of
86
international human rights law.

The Common law approach seeks to apply privacy protection principles through the
medium of individual cases. In the UK for instance, the emphasis had been on particular
legal remedies against particular infringements. Judges often developed such rights
without reference to Parliament. However, following the implementation of the first Data
Protection Act in 1984, this trend has been somewhat eclipsed, with the UK establishing
87
a supervisory body to police the legislation.

5.1.1 Indian Scenario

In the Indian context, the rapidly growing services sector has resulted in both Indian and
trans-national corporate entities building up vast, exhaustive and detailed customer
databases with a view to providing personalized services such as insurance, personal
banking, credit cards etc. These databases contain confidential personal information and

85. Bing, “Data protection, jurisdiction and the choice of law “, 6 Privacy Law Policy Reporter 92-98 (1999).
86. Article 8 of the Convention: Right to respect for private and family life
1. Everyone has the right to respect for his private and family life, his home and his correspondence.
2. There shall be no interference by a public authority with the exercise of this right except such as is in
accordance with the law and is necessary in a democratic society in the interests of national
security, public safety or the economic well-being of the country, for the prevention of disorder or
crime, for the protection of health or morals, or for the protection of the rights and freedoms of
others”
87. Source Link: http://www.twobirds.com/engkish/publications/articles/control_informationby_law.cfm as
last visited on 20.03.2016.
may be used by corporate for their own purposes or for that of its affiliates. Also, these
databases form a valuable corporate asset, which finds many takers in the market for
individual information.

In this regard, any use, disclosure and retention of such information need to be strictly
regulated, through an established privacy enforcement regime. Any prospective Indian
privacy law would need to incorporate several facets of the above model, which,
comprehensively deals with the collection, and use of personal information. With the
emergence of an increasingly uniform set of norms governing commercial legal issues
across the globe, it becomes imperative for Indian lawmakers and the legislature to take
note of the void that prevails in the critical area of individual privacy protection.

5.1.2 Judicial trends in India relating to the Concept of Informational Privacy

In the Indian context, although there is no statutory enactment expressly guaranteeing a

general right of privacy to individuals in India, Indian courts recognize elements of this
right, as traditionally contained in the common law and in criminal law. These include the
principles of nuisance, trespass, harassment, defamation, malicious falsehood and breach
of confidence.

Under the Indian Constitution, Article 21 of the Indian Constitution is a fairly innocuous
88
provision in itself where it states. Unfortunately, India has no statute on privacy laws
except for certain provisions of the Constitution of India, which have been interpreted by
the courts to effect that the right to privacy is enshrined in the provisions of the
89
Constitution. However, the above provision has been deemed to include within its
90
ambit, inter-alia, the Right to Privacy – “The Right to be left alone”.

5.1.2.1 Privacy in Tort Law

88. Article 21,"No person shall be deprived of his life or personal liberty except according to procedure
established by law".
89. Mr. X v. Hospital Z (1998) 8 SCC 296 where the court pointed out that the right to privacy is enshrined
in Article 21 of the Constitution of India.
90. Thomas M. Cooley, Torts 91 (2nd Ed.) 1888.
The Right to Privacy is further encompassed in the field of Torts. The tort of defamation
involves the right of every person to have his reputation preserved inviolate. It protects an
individual's estimation in the view of the society and its defenses are 'truth' and
'privilege', which protect the competing right of freedom of speech. Essentially, under the
law of torts, defamation involves a balance of competing interests. In 1960,another
scholar Prosser, having analyzed the concept in several decision concluded that the law of
privacy comprises four district kinds of invasion of four different interests of the plaintiff,
which are tied together by the common name, but otherwise have almost nothing in
common except that each violate the right of the plaintiff in the phrase coined by Judge
91
Cooley, ‘to be let alone” . These four torts may be described as follows:

1. Intrusion upon the plaintiff’s seclusion or solitude, or into his private affairs
2. Public disclosure of embarrassing private facts about the plaintiff
3. Publicity, which places the plaintiff in a false light in the public eye
92
4. Appropriation, for the defendant’s advantage, of the plaintiff’s name or likeness

5.1.2.2 Privacy under Contract Law and E-Commerce

There exist certain other means by which parties may agree to regulate the collating and
use of personal information gathered, viz. by means of a “privacy clause” or through a
“confidentiality clause” Accordingly, parties to a contract may agree to the use or
disclosure of an individual's personal information, with the due permission and consent of
the individual, in an agreed manner and/or for agreed purposes. Under Indian laws, the
governing legislation for contractual terms and agreements is the Indian Contract Act.
Therefore, in a contract which includes a "confidentiality clause" i.e. where an
organization/company agrees to maintain the confidentiality of information relating to an
individual, any unauthorized disclosure of information, against the express terms of the
agreement would amount to a breach of contract inviting an action for damages as a
consequence of any default in observance of the terms of the contract.

91. Ibid
92. Ibid
For example in the case of an insurance contract, globally, contracts of Insurance are
contracts of "Utmost good faith" (Uberrimae Fidei) and the contract is voidable where all
material facts are not disclosed. However, the duty of utmost good faith is reciprocal and
the insurance company has a corresponding duty to disclose clearly the terms of its offer
and duly abide by them. Therefore an insurance proposal, which contains a
confidentiality clause regarding personal information provided by the customer, cannot
be disclosed without his prior consent. Any breach of such term would invite an action
for breach of contractual terms by the insurer-customer.

In regard to a customer- insurance company relationship, an insurance company may,

solicit personal information about an individual wherein details could be sought, relating
to an individual's family, cultural background, ethnic origin, caste, childhood, education,
medical history, information regarding one's immediate family, their age, profession etc.
or, in case of data processing companies, there may be queries with regard to an
individuals' professional pursuits, income, investment decisions, preferences, spending
patterns and so on. Despite an express authorization from their customers, with regard to
sharing of personal information by corporate entities, there may still be instances where
disclosure of certain sensitive and embarrassing information could invite legal action
from an individual, claiming that the actions of a company which made an unauthorized
disclosure resulted in causing such mental agony, anguish, and social stigma, which he
93
would not have otherwise had to bear or face.

Internet as an important medium has also helped in increasing the trade and commerce
throughout the globe. Reason being simple as the Internet promises reduced costs, higher
margins, more efficient operations and higher profits, and all of this at a comparatively much
higher speed, as it would take in the real world. It is useful to both producers and consumers
in developed and developing countries as it helps them overcome the traditional barriers of
distance from markets and lack of information about market opportunities. Producers and
traders no longer need to maintain physical establishments requiring large capital outlays.
Increased advertising possibilities worldwide may help small and medium

93.Awasthi Saurabh,” Privacy laws in India: Big Brother’s Watching You” CLJ 3 (2002), available at the
link - http://www.mondaq.com/article.asp? articleid=15723 as last visited on 23.03.2016.
industries and businesses in developing countries that traditionally find it difficult to
reach the customer abroad. It may also enable such firms to eliminate middlemen while
trying to sell their products abroad.

European technology has always kept pace with the change. The E.U. member states are
required to legislate national laws to implement directives on data protection and e-
94
commerce. One of such European Directive on E- commerce is 2000/31/EC , which was

enacted with a view to inter alia; contribute to the proper functioning of the internal market
by ensuring the free movement of information society services among the member states.
The E- Commerce Directive specifically excludes from its purview issues relating to
95
information society services already covered by the Data Protection Directive.

Implicit in the use of this medium for trade and commerce is the enormous amount of
data flowing through it and everyday more data is being generated. A substantial portion
of this data is not for public use or viewing. This type of data includes personal
information of the individuals residing in any country, confidential and privileged
information of the business houses, confidential government information.

Privacy issues have drawn a considerable attention amongst the discipline of law.
However, developing countries and many developed countries still lack literature on
privacy concerns related to the cyber space. When we talk about dealing with Internet
privacy, it implies 'information privacy'. Invasion in the privacy occurs when the
information of a consumer is not used for the purpose it was procured. This may be in the
form of circulation of information without authorization to do the same, to use the
information for purposes other than for which it was obtained, modification of
information without knowledge of the consumer etc. The main privacy concern is that a
consumer is prompted to enter personal information like e-mail address, and this
information can be packaged into a cookie and sent to the consumer's hard drive, which
stores it for later identification.

94. European Directive 2000/31/EC (“the E- Commerce Directive”).

95. See Article 1(5) of Directive 2000/31/EC.

5
5.2 Privacy at Workplace

The Information age has radically altered the traditional legal and organizational
framework of work by blurring the once clear boundaries between an employee's
personal and professional lives. Employees experience increase autonomy and flexibility
both at work and at home with the increase in telecommuting and "mobile" working.
These advances are aptly facilitated by appropriate information systems and tools
supplied by employers. However, these same systems and tools facilitate the intrusion of
professional life into personal sphere, and sometimes the intrusion of the employer into
the private lives of its employees.

Workers of the world are exposed to many types of privacy-invasive monitoring while
earning a living. These include drug testing, closed-circuit video monitoring, Internet
monitoring and filtering, E-mail monitoring, instant message monitoring, phone
monitoring, location monitoring, personality and psychological testing, and keystroke
96
logging . Employers do have an interest in monitoring in order to address security risks,
sexual harassment, and to ensure the acceptable performance of employees. However,
these activities may diminish employee morale and dignity, and significantly erode
97
employees' privacy rights.

The term electronic monitoring encompasses three different concepts. First, it includes an
employer's use of electronic devices to review and evaluate the performance of employee. For
example, an employer may use a computer to retrieve and review an employee's mail messages
sent to and from customers in order to evaluate the employee's performance as a customer service
98
representative. Second, it includes "electronic surveillance" in the form of an employer's use of
electronic device to observe the action of the employees, while employees are not directly
performing the work task, or for a reason other than to measure their

96. Source Link: http://www.privacyrights.org as last visited on 19.03.2016.

97. Ibid
98. A full discussion of these concepts is provided in the Workplace Privacy: A Consultation Paper, June
1992,Part 2, pp23-37, also available at the link: http://www.ipc.on.ca/userfiles/page_attachments/safnet-
e.pdf as last visited on 11.03.2016.
 99
work performance. For example, an employer may electronically review an employee's

email messages as part of an investigation of a sexual harassment complaint. Electronic

surveillance by an employer also includes compliance with a government search warrant
seeking an employee's voice mail or email communications on the employer's system.
Third, electronic monitoring includes an employer's use of computer forencics, the
recovery and reconstruction of electronic data after deletion, concealment, or attempted
destruction of the data. For example, an employer may use specialized software to
retrieve email messages related to an investigation of alleged theft of its trade secrets by
100
retrieving email messages sent by an employee to someone outside the company.

Advancing technologies enhance employer capability to monitor employee use of

computer networks and the Internet within the workplace. Software enables employers to
secretly, and in real time, monitors employees' use of networked computers including
individual monitoring of each connected computer. Software enables employers to
capture the images from an employee's computer screen at random intervals and then
compress those images to provide documentation of all computer work software may also
reveal the online activities off all employee's, including web sites visited, the length of
the employees visits, and whether those sites are productive or unproductive.

These electronic monitoring practices have significantly eroded employee privacy rights
however employers assert there are many good business reasons to electronically monitor
employees in the workplace, including (a) to monitor employee productivity in the
workplace (b) to maximize productive use of the employer's computer system when
employees use computers on job (c) to monitor employee compliance with employer
workplace policies related to use of its computer systems, email systems, and internet
access (d) to investigate complaints of employees misconduct, including harassment and
discrimination complaints.(e) to prevent or detect industrial espionage, such as theft of
trade secrets and other proprietary information, copyright infringement, patent
101
infringement, or trademark infringement by employees and third parties.

99. Ibid
100. Ibid
101. Gail Lasprogata, NancyJ.King and Sukanya Pillay, “ Regulation of Electronic Employee
Monitoring: Identifying Fundamental Principles of Employee Privacy through a comparative study of
Data Privacy
The privacy directive has a direct and immediate effect on the human resource operations
of employers many employment records involve processing personal data covered by the
directive, including application forms and work references; payroll and tax information;
social benefits information; sickness records; annual leave records; unpaid leave/special
leave records; annual appraisal/assessment records; records relating to promotions,
transfers, training, and disciplinary matters; and records related to workplace accidents.
Such data can be very sensitive, as can be the manner in which the employer processes it.

102
5.2.1 EU privacy Directive

The EU privacy directive is an important foundation for workplace privacy in Europe. The
directive applies to the processing of personal data wholly or in part by automatic means. It
establishes common rules for the EU to encourage freer flow of personal data within the union,
103
thus furthering a unified European market and protecting citizen’s right to privacy.
104
The privacy directive applies to the processing of "personal data" , defined as
information relating to an identified or identifiable natural person. An identifiable person
is "one who can be identified, directly or indirectly, in particular by reference to an
identification number or to one or more factors specific to his physical, physiological,
mental, economic, cultural or social identity.

The issue of maintaining privacy and consequent protection of such confidential information
of an individual was first set out under the Organization for Economic Cooperation and
105
Development (OECD) Guidelines. The guidelines concentrated on the issue of safe and

sound exchange of data traveling from one country to another has become very important as
more and more businesses rely on e-commerce. . This Directive was

legislation in European Union, U.S.A. and Canada, STANFORD TECHNOLOGY LAW REVIEW,
available at the link http://stlr.stanford.edu/STLR/Articles/index.htm as last visited on 20.03.2016.
102. 1995 OJL 281/31.
103. See Article 1 the Object of the Directive 95/46/EC
104. Ibid
105. OECD Guidelines on data protection (1980) – Guidelines Governing the Protection of
Privacy and Transborder Flows of Personal Data, adopted 23.9.1980; available at
http://europa.eu.int/comm/internal_market/privacy/instruments/ocdeguideline_en.htm
 CHAPTER –6
Telephone Tapping-An invasion of privacy

6.1 Law relating to Telephone tapping in India

The Indian Telegraph Act of 1885 was enacted to govern all aspects relating to the usage
of telephones and the telegraph system in the Country. The definition of telegraph now
108
includes telephony, facsimile, images and even data [as in computers]. Section 5 (2)

of the Indian Telegraph Act of 1885 enables the Central Government or a State Govt. to
intercept communications provided it is required in the interests of the security of the
State and to prevent incitement to the commission of an offence. This was the result of a
controversial amendment that was introduced by the legislature in 1971. The Act also
provides for safeguards against illegal and unwarranted for interference in the telephone
and telegraph mechanisms. Section 25 states that “any person intending to intercept or to
acquaint himself with the contents of any message damages, remove, tampers, with or
touches any battery, machinery, telegraph line, post or other thing whatever, being part of
or used in the working thereof shall be punished with imprisonment for a term which may
109
extend to three years or with a fine, or both”

Telephone tapping or wire-tapping is the monitoring of telephone conversations by a

third party, often by covert means. It received its name as historically, the monitoring
device was applied to the wires of the telephone line being monitored and tapped a small
110
amount of the electrical signal carrying the conversation.

There are a number of ways to monitor telephone conversations. One is by way of recording
the conversation through in-line recorders. An in-line recorder plug into any phone jack and
will record phone calls from any phone on that same line. If a tape-recorder has a re-mote
jack on it, this device will automatically start the tape-recorder each time a phone in the
house is picked up. Direct line tap is what state used does via the telephone exchange. But it

108. Section 3(1) of Indian Telegraph Act 1885.

109. Ibid
110. The Times of India, New Delhi, Monday, January 9, 2006
is also possible to tap physically outside the house through a parallel connection. The tap
can either involve a direct electrical connection to the line, or an induction coil.

An induction coil is usually placed underneath the base of a telephone or on the back of a
telephone handset to pick up the signal inductively. With a direct connection, there will be
some drop in signal levels because of the loss power from the line, and it may generate noise
on the line. The new digital cell phones can be tapped if you have the right equipment, but it
takes fairly sophisticated and expensive technology that is highly illegal. Methods to prevent
tapping involve the use of debugging instrument and scramblers.

Phone tapping in India is regulated under the Telegraph Act of 1885. As per the law, only
the CBI or intelligence agencies such as IB or RAW or state police departments should be
allowed to eavesdrop on telephone lines. Only the Union home secretary, or his
111
counterpart in the'" states, can issue an order for a tap. The government is also

required to show that the information sought cannot be obtained through any other means.
Under any other circumstance, phone tapping is an offence. The IT Act, 2000 also lays
down unauthorized surveillance of data is an offence. But there continues to be a gap
between the law and its enforcement and very often it is misused by people in positions of
authority it is felt that this is due to the absence of strict privacy laws in India.

Some recent events culminating in the allegations of phone-tapping made first by Amar
Singh and then by a number of other public figures including the Tamil Nadu Chief
Minister Jayalalithaa make Ogden Nash's little poem relevant in a rather round about
112
way. What we have been seeing is sting operations involving Members of Parliament

and then these allegations of phone-tapping have a bizarre resemblance to the operation
described by Nash; the tactics involved are based on the fact that the victims are unaware
of just what is happening and thereby provide the predator or the operator with just what
he or she was looking for - sometimes even more. Except that the argument that this is a

111. Section 4&5 of Indian Telegraph Act, 1885

112. Bhaskar Ghose, “Privacy: The Next Frontier”, FRONTLINE, Volume 23 - Issue 02, Jan. 28 - Feb.
10, 2006. Also available at the link: http://www.flonnet.com/fl2302/stories/20060210002508900.htm
as last visited on 25.03.2016.
blatant and unforgivable invasion of privacy falls on its face in the context of what the
113
`victim' reveals, knowingly or unknowingly .

Sting operations and phone tappings are really a very small part of the whole story.
Satellite, remote control cameras and high fidelity sound equipment that can pick up
conversations in a room from outside can now spy upon an individual. In other words, a
person does not really have any privacy that he can be sure of. He can have his words
114
recorded, his actions filmed and his writing copied. As a general principle it is indeed
true that any violation of an individual's privacy is the violation of his fundamental rights;
but that becomes a menace only if it is used for ends that are not in the national interest,
and if there is indeed something that can be so used. If a person has nothing to hide, has
done nothing he wishes to keep secret, it is still a violation of his individual rights if his
privacy is invaded; but then that violation will stand out as a perfidious act, and the
agency guilty of it will suffer a great deal of humiliation and public contempt, if nothing
115
else. Technology makes our privacy very fragile indeed; it is all the more necessary
116
for the state to understand this and be very careful when it decides to break into it.

Listening into telephone conversations by third parties is as old as telephony itself. The
contentious issue of telephone tapping has remained with us for a very long time, and has
been the topic of a never-ending debate between law enforcement officials and civil
liberties activists. Indian Courts have examined the ethical aspect of telephone tapping
while attempting to evolve suitable guidelines in relation to the vexed question of
admissibility of evidence obtained through this method. Though our legal system has
been witness to a slew of telephone tapping cases, no clear trend has emerged so far. The
issue resurfaced during the proceedings of the Parliament attack case but the High Court
and the Supreme Court examined it from different standpoints. Telephone tapping in
India has gained notoriety; thanks in part to numerous political scandals that have
emerged over the past few decades- the latest being the Ajit Jogi telephone tapping
incident in December 2003 and Amar Singh telephone tapping in Jan 2006, which

113. Ibid
114. Ibid
115. Rajinder Sachar, “Telephone tapping an invasion of individual’s privacy”PUCL Bulletin, 2006
116. Ibid
attracted tremendous media attention. All this also brings into focus the right to privacy-
a term that seems to hold very little meaning in our modern world of hidden cameras,
electronic bugging of homes, telephone-tapping and increased surveillance of e-mail and
117
the Internet.

The State machinery is of the opinion that telephone tapping is a method of preventing
crime while also serving as a means for obtaining vital information that can be used to
further the interests of national security. Besides, phone taps have also proven successful
in checking the organized crime syndicates and the drug mafia, since it aids the police in
making preventive arrests and in taking necessary precautionary measures. Human rights
activists on the other hand, state that it constitutes a blatant invasion of a person’s right to
118
privacy and the right to live his life in a peaceful and humane manner . They further

point out that telephone tapping has been used more to delve into the financial aspects
and the intimate relationships of a certain individuals, than to unearth a crime ring or to
prevent a terrorist attack. In India today, every second politician, bureaucrat and
journalist alleges that the Government taps his or her telephone. Notwithstanding all of
these concerns, I would like to examine the legal object behind telephone tapping and the
usefulness of the information gleaned from it in Courts. Another aspect that needs to be
examined is- how do we determine where the line is to be drawn between improperly
119
obtained evidence that is admissible and that which is deemed to inadmissible .

6.2 Law relating to Telephone Tapping in England

English law has evolved considerably since the blanket endorsement of any and all
methods to obtain evidence-a method propounded in the Leatham case, though one might
120
be inclined to disbelieve this statement in the light of an observation in R v Sang ,
where it was stated that there was "no discretion to refuse to admit relevant admissible
evidence on the ground that it was obtained by improper or unfair means. The court is not
concerned with how it was obtained. For the moment, this statement must be placed in

117. See the link: (http://www.legalservicesindia.com/articles /mom1.htm) as last visited on

15.03.2016.
118. Ibid
119. Ibid
120. [1979] 2 All ER 1222
the background, in order be state that as the law stands now it is not illegal for the police to
bug someone's phone but it is forbidden to use the information gleaned in a court of law.
However, changes in the law have been mooted and the many feel that phone taps would be a
useful tool against organized criminals as well as terrorists. In Britain, evidence from wall
bugs and other covert devices is admissible but not from phone taps. Section 78 of the Police
and Criminal Evidence Act 1984 (PACE) judicial discretion can be quoted in relation to the
admissibility of evidence. In relation to this paper and the basis for the evidence being
deemed inadmissible, the section provides that the court should reach its decision, "having
regard to all the circumstances, including the circumstances in which the evidence was
obtained” and the usage of the evidence "would have such an adverse effect on the fairness of
the proceedings, that its exclusion is justified.

Prior to the Regulation of Investigatory Powers Act [RIP] 2000, interception of

communications in the UK was governed by the Interception of Communications Act 1985
(IOCA). The IOCA put in place a statutory framework for interception of communications in
order to meet the criticisms leveled at the UK in 1984 by the European Court of Human
121
Rights in the case Malone v UK . In this case the European Court of Human Rights noted

that in the absence of a proper legislative framework in the UK, the practice of telephonic
interception was insufficiently grounded in law to allow it to be justified under Article 8(2) of
the European Convention on Human Rights. Prior to the Regulation of Investigatory Powers
Act [RIP] 2000, interception of communications in the UK was governed by the Interception
of Communications Act 1985 (IOCA). The IOCA put in place a statutory framework for
interception of communications in order to meet the criticisms leveled at the UK in 1984 by
122
the European Court of Human Rights in the case Malone v UK . During a criminal trial

the defendant, Mr. Malone, alleged that the police had intercepted his telephone calls. On his
acquittal of the criminal charges, he brought a civil action against the police claiming that the
interception of his phone calls had been unlawful on the grounds that it constituted a breach
of confidence, a trespass, and an unlawful interference with his privacy. The UK courts
dismissed all his claims.

121. (1984) 7 EHRR 14

122. Ibid
Malone then brought an action against the UK Government alleging a breach of Article 8
123
(the right to a private life) of the European Convention of Human Rights (ECHR) .

However, interference with a Convention right should only occur under legal regulation.
In Mr. Malone’s case, the only regulation of the practice of phone tapping was a police
internal code of guidance, which was not made public. The European Court of Human
Rights held that Mr. Malone could therefore neither assess whether or not his telephone
would be tapped nor determine the basis in law for the surveillance. In the absence of a
legislative framework, and with the UK courts unwilling to provide a judicial remedy it
concluded that the English practice of interception was insufficiently grounded in law to
allow it to be justified under Article 8(2).

It is an offence for any person intentionally, and without lawful authority, to intercept any
communication in the course of its transmission through a public telecommunication
system and - except in specified circumstances - through a private telecommunication
system. This offence is established under the Regulation of Investigatory Powers Act
124
2000 (RIPA 2000). This makes private telephone tapping an offence.

The qualification of private is added because RIPA 2000 perpetuates the system for the
interception of telephone calls by appropriate authorities - e.g. security service, secret
intelligence service, NCIS, GCHQ, Police or Customs - under authorization by the Home
Secretary. Such authorization is provided under an Interception Warrant. This must name
or describe either one person as the Interception Subject, or a single set of premises
where the interception is to take place. However, in limited circumstances the Home
Secretary may issue a certified Interception Warrant which can disapply some of the
requirements of a normal warrant and, in particular, the requirement to specify a person
or premises. These certified warrants normally should only be issued in relation to

123. ‘Everyone has the right to respect for his private and family life, his home and his correspondence’,
but this is subject to Article 8(2) ECHR which contains a number of limitations and exceptions,
including "the interests of national security, public safety or the economic well-being of the country,
for the prevention of disorder or crime, for the protection of health or morals, or for the protection
of the rights and freedoms of others"
124. Note: Under RIP Act 2000.
external communications sent or received outside the UK. This could cover interception
125
of communications channeled through a foreign Internet Service Provider .

An Interception Warrant can only be issued if the Home Secretary believes that it is
necessary for a reason relating to national security, serious crime or the economic well-
being of the UK and the use of an Interception Warrant is proportionate. The Home
Secretary must consider whether the information sought could reasonably be obtained by
126
Other means .

An Interception Warrant is normally only valid for three months, but may be renewed for
127
6 months. Where it is found that an Interception Warrant has been improperly issued,
the Tribunal has power to order compensation and the destruction of the recorded
material. If the interception took place without a warrant the only sanction is a criminal
prosecution - to which the Director of Public Prosecutions must consent.

6.2.1 Procedure for obtaining Interception Warrant

The procedure to be followed and the information to be provided when seeking an

interception warrant from the Home Secretary are set out in ‘The Interception of
Communications Code of Practice’. An interception warrant can only be issued if the
Home Secretary believes that it is necessary for a reason relating to national security,
serious crime or the economic well-being of the UK (the ‘stated reasons’) and it is
proportionate in the circumstances. As well as balancing the intrusiveness of the
interception against the operational need for it, the Home Secretary must consider
whether the information sought could reasonably be obtained by other means. The Code
of Practice also includes special rules regarding ‘collateral infringement of privacy’.
Tapping a telephone does not only infringe the privacy of the person who owns the
telephone, the interception subject – it also affects anyone who calls or is called by that
person. If communications relating to medical, religious, journalistic or legally privileged
material are likely to be involved, the application for an interception warrant should draw

125. See sections 6 to 11of RIP Act 2000 (which define interception warrants and associated powers)
126. Section 8 of RIP Act 2000
127. Section 9 of RIP Act 2000.
attention to this as it will give rise to an unusual degree of collateral infringement of
privacy. This is to be taken into account by the Home Secretary when considering the
application. RIPA imposes duties on communication service providers to provide
assistance to effect an interception authorized by an interception warrant. A statutory
duty of confidentiality is imposed on the police, civil servants, postal and
telecommunication workers to keep secret the contents of any interception warrant, the
details of its issue and implementation, and everything in the intercepted material. It is an
offence to give disclosure of any of this secret material, subject to specific defences
128
including disclosure to legal advisers.

6.3 Land Mark Cases

In 1996 in the case of People’s Union for Civil Liberties (PUCL) v Union of India &
129
Another Supreme Court decision ruled that phone tapping is a "serious invasion of an
individual's privacy." The court recognized the fact that the right of privacy is an integral
part of the Fundamental Right to Life as per Article 21 of the Constitution. Following a
Central Bureau of Investigation report highlighting incidents of telephone-tapping by the
Government, the petitioner (a voluntary organization) filed a writ petition challenging the
constitutional validity of s 5(2) of the Indian Telegraph Act 1885. Section 5(2) authorizes
the Government, in the event of the ‘occurrence of any public emergency, or in the
interest of the public safety’; to intercept messages in five enumerated situations if
‘satisfied that it is necessary or expedient so to do’. The petitioner’s primary contention
was that sufficient procedural safeguards to rule out the arbitrary exercise of power under
the Act should be read in to sec 5(2). Although sec 7(2) (b) of the Act empowers the
Government to prescribe rules providing for ‘the precautions to be taken for preventing
the improper interception or disclosure of messages’, no such rules had been framed by
the Government. The petition also raised the question of whether telephone tapping by
the Government constituted an infringement of the constitutional right to freedom of
speech and expression (Art 19(1) (a)) and to life and personal liberty (Art 21).

128. Section 15 of RIP Act

2000. 129. (1997) 1 SCC 301
 CHAPTER- 7
Sting Operations - An Invasion of Privacy

7.1 Scope and Purpose

In society today sting operations have become the order of the day. A sting operation is a
well-planned scheme used by law enforcement agencies to entrap a criminal. It usually
143
involves a lot of undercover work. Satellite, remote control cameras and high fidelity
sound equipment that can pick up conversations in a room from outside can now spy
upon an individual. In other words, a person does not really have any privacy that he can
144
be sure of. The Sting operations carried out by so-called private spying agencies are
blatant violation of an individual's privacy. In fact, this technological terrorism has
become order of the day, which has scant respect for private confines of human
145
beings. The advent of miniaturized audio and video technology, specially the pinhole
camera technology, enables one to clandestinely make a video/audio recording of a
conversation and actions of individuals. There are various ways of hiding the camera
inside a briefcase, or a pager or a cigarette lighter or a cellular telephone or a fountain pen
or a smoke detector or in the nose frame of sunglasses or other spectacles etc. Most of
these gadgets have either a self-activation mechanism or a mechanism, which has to be
activated manually. Watergate is a famous example of a President leaving office in
disgrace and his lieutenants being jailed for trying to have recording equipment
clandestinely fixed inside the office of a political adversary.

The only exceptions to this in the US are the law enforcement agencies and police-
licensed private detectives, who are allowed to use them under certain circumstances
under carefully controlled conditions. Licensed private detectives can use them for the

143. Financial Daily by The Hindu, Govt mulls controls on sting operations, Nithya
Subramanian Tuesday, Apr 19, 2005.
144. See the link: http://www.flonnet.com/fl2302/stories/20060210002508900.htm(as last visited on
15.03.2016).
145. See the link: http://refresh.blog.co.uk/2006/02/21/respect_privacy~580935(as last visited on
18.03.2016).
collection of evidence, but not in a sting operation. Only the FBI can mount a sting
operation. No private individual, not even a journalist, can.
The purpose of a sting operation is to catch the corrupt and spy on those involved in illicit
or anti-national activities. The miniature audio-video technologies’ including pinhole
cameras makes it easy for any one to clandestinely make a recording of a conversation or
some dubious action. There are several ways in which a camera can be concealed-inside
briefcases, pagers, cigarette lighters, cell phones, fountain pens, smoke detectors, or even
146
spectacle frames.

Faced with disquiet among the media-watchers over "sting operations" using hidden
cameras, the Union Information and Broadcasting Ministry is considering a regulatory
mechanism to protect the privacy of individuals. A section of the media views "sting
operations" as a legitimate way of showing the truth, but the Ministry plans to make a
clear distinction between stories that amount to an "invasion of privacy" and those which
147
expose corruption or have political implications.

The view gaining currency is that "invasion of privacy" cannot be condoned and the
Government ought to have some mechanism to address such cases. TV channel recently
entrapped actor Shakti Kapoor in conversation with a reporter posing as a girl seeking a
role in a film. There may be truth in the Shakti Kapoor episode but such operations are
148
definitely an invasion of privacy. Seeking favours is common.

7.2 A mode of Invasion of Privacy

Privacy is a human right as well as a legal right. What is public life and what is private
are two separate entities, even though there could be borderline instances. It is a well
known fact that many demands are made by film directors when young girls approach
them for certain roles in films. The media has no business to expose what transpires

146. Source Link:

http://www.dailypioneer.com/columnist1.asp?main_variable=Columnist&file_name=JOGINDER62 (as
last visited on 20.03.2016)
147. The Hindu, "Sting operations" regulation under study, Anita Joshua, Thursday, Apr 21, 2005,
148. Deccan Herald,” T.V.Trap”, Aniruddha Sudhir, 28th March, 2005 avaialable at the link:
http://www.deccanherald.com/deccanherald/mar282005/forumasp.(as last visited on 19.03.2016)
behind closed doors between consenting adults, even if the adults happen to be public
figures. The link between the media and one’s right to privacy is important. A sting
operation of this kind is definitely not only an intrusion on privacy but also indecent and
149
disgusting. Indian democracy has much to learn from the Tehelka episode. Indian
governance is wrapped up in corruption, which has not spared even issues relating to
150
national security. But the more stinging truth is that it is virtually impossible to
discover the real state of affairs through any normal methods of investigation.

There have been huge debates on whether the Tehelka style `stings' are ethical in terms of
invasion of privacy, the breach of normal methods, the use of women as part of the sting
and the unorthodox interviews. To argue that stings can never be done overstates the case
against the `sting' as a legitimate weapon of investigative journalism. Drawing sustenance
from the American concept of public exposure in defamation cases, the Supreme Court in
the Auto Shankar case (1994) rightly reminds public persons that they should have
nothing to hide from the public, which is entitled to know the truth.

India TV’s sting operation - coupled with the publication of what a Mumbai tabloid claimed
were photographs of Kareena Kapoor and Shahid Kapur sharing intimate moments
- has added to the demand for a more defined right to privacy in the country. In India, sting
operations were made popular by Tehelka, which claimed to expose corruption in defence
deals. The ‘sting’ on the casting couch syndrome in Bollywood on India TV perhaps has once
again brought to the fore the debate on media ethics. There have been other exposes, both in
151
print and on TV screens. There have been other instances of provocative material

being transmitted through mobile phones and of course, several indecent proposals on the
net. The classification of private and public space is changing. The problem is compounded
by the fact that we do not have an adequate legal framework to tackle this change.

149. The Hindu, “The Tehelka Commission”, Rajeev Dhawan, Friday, 15th October, 2004, p-12, also
available at the link: http://www.hindu.com/2004/10/15/stories/2004101500821000.htm(as last visited
on 28.03.2016)
150. Ibid
151. See the link: http://www.business-standard.com/bsonline/storypage.php?autono=185352(as last
visited on 18.03.2016)
 CHAPTER- 8

Conclusion & Proposed Suggestions

As for sting operations a time has come when media organizations like the Press Council
of India should step forward and regulate this activity. In case they fail to do so, the job
of censorship or regulating TV channels will fall on Government which will be worse
than the original crime as it would give them power to introduce censorship through the
backdoor. In this entire debate one must keep in mind the fact that as new technologies
develop they will provide many new benefits but will also open doors for their misuse by
unscrupulous agencies in public as well as private sector.

The Government and media organizations must remain vigilant and deal with all such
activities before they get out of control. The possibilities of invading the privacy of
individuals have become very easy with new aids available so the temptations to use
them for short-term gains will remain strong unless the regulators are equally alert.
Heeding to a long demand from the industry to make privacy related laws more stringent;
the government will make circulating video or still pictures of a person without
158
permission a punishable offence.

The Department of Personnel and Training (“DoPT”) had prepared a draft bill on right to
privacy in the year 2011, the Right to Privacy Bill, 2011 (“Draft Bill 2011”). Although there
had been several discussions on the Draft Bill 2011, however the same has failed to
materialize into a comprehensive legislation on privacy. The need for stand-alone legislation
was felt in the wake of leak of the Nira Radia tapes in the year 2010, raising serious threats
and concerns over the privacy of individuals and its protection. The Draft Bill 2011
prescribes certain principles of Privacy. These principles have been drafted in line of the
provisions of the Information Technology Act, 2000. The privacy principles are intended to
be applicable to the collection, processing and use of personal information, through any mode
including interception, as well as audio and video recordings.

158. Source Link: http://www.siliconindia.com/shownewsdata.asp?newsno=29890&newscat=Technology (as

last visited on 25.03.2016)
The call for a comprehensive legislation for protection of an individual’s right of privacy
is a need of the hour, especially with the rampantly increasing number of internet users in
India year on year. As an inevitable consequence, there have also been an increase in the
number of registration of cases and arrests in cases of breach of confidentiality and
privacy under provisions of Section 72A of the IT Act.

The IT Standing Committee has recently expressed its desire that the Department of
Electronics and Information Technology in coordination with the DoPT, multi
disciplinary professional and experts, should come out with a comprehensive and people
friendly policy for protection of the privacy of citizens and which is also foolproof from
the security prospective.

The proposed bill will make TV Channels and publications liable for prosecution. One
consequence of the proposed amendments may be that sting operations will become difficult.
On the positive side, sleazy hotels recording unsuspecting couples in intimate moments will
face a stronger deterrent if the cabinet approves the bill. The amendments to the IT Act,
which have been submitted to the law ministry for approval, address issues never explored
before in Indian legal history. The issues of privacy, including the definition of what
constitutes a private moment and which are the private parts of a human body, have all been
dealt with in the version of the Act submitted to the law ministry.

The bill also recommends a compensation of Rs 25 lakh to the person whose privacy has
been infringed. The offender can also be jailed for one year with a fine of Rs 2 lakh. This
means that even television channels that carry images of MMS clips can be held liable
even though they may not have originally captured it. Financial transactions like purchase
and sale of visual images will entail imprisonment of two years for those circulating the
content. Under the proposed rules, no action will be taken till the person whose images
are captured registers a complaint.
Being part of a society often overrides the fact that we are individuals first. Each individual
needs his/her private space for whichever activity (assuming here that it shall be legal). The
state accordingly gives each individual that right to enjoy those private moments with those
whom they want to without the prying eyes of the rest of the world. The right of privacy of
not a right against the state, but against the world. The individual does not want to share his
thoughts with the world and this right will help protect his interests.

In this day and age, this right is becoming more essential as everyday passes. With all out
lives being splattered over the media be it through social networking sites or the spy
cameras, we need protection so that we can function in a way we want to and not think of
others before our actions. After all, the only ones we owe an explanation to is ourselves,
and not to the entire world.
 BIBLIOGRAPHY

PRIMARY SOURCES

I. BARE ACTS:-
Fair Credit Reporting Act, 1970
□ Indian Easements Act, 1882
□ Indian Penal Code, 1860
□ Information Technology Act, 2000
□ Indian Telegraph Act, 1885
□ Privacy and Indecent Representation of Women (Prohibition) Act, 1987
□ Regulation of Investigatory Powers Act, 2000
□ Right to Information Act 2005
□ United Kingdom Data Protection Act, 1998

SECONDARY SOURCES

I. BOOKS & JOURNALS:-

□ Arthur R.Miller, “The Assault on Privacy”, 169 Bookman Publishing 40(1972)

□ Edward Shils, "Privacy: Its Constitution and Vicissitudes", 2 Law and Contemporary Problems 31
(Spring 1966)
□ Gross,” The Concept of Privacy”, 42N.Y.U.L.Review 34, 35-37 (1967)
□ Hyman Gross, “Privacy and Autonomy, Privacy” 169 NOMOS XIII (1971)
□ Michael A Weinstein, “The Uses Privacy in the Good Life, 94, NOMOS, XIII (1971)
□ Mishra G, “Right To Privacy in India”, 48, 151 (Preeti Publications, Ist Ed) (1994)

□ Rajinder Sachar, “Telephone tapping an invasion of individual’s privacy” PUCL Bulletin,

2006
□ Raman Mittal Neelotpal Deka, “Cyber Privacy”
□ Richard B. Parker, “A Definition of Privacy”, 27 Rutgers L Review 275(1974)
□ Ruth Gavison,” Privacy and limits of Law”, 425 Yale Law Journal 89(1980)
□ Justice P.B. Sawant, Press Freedom, Legal Restrictions and National Interests, Mass Media in
Contemporary Society, Published by Capital Foundation Society
□ Samuel D. Warren and Louis Brandeis, “The Right to Privacy”, 4 Harvard Law Review,
193 (1890)

□ Thomas M. Cooley, Law of Torts 91 (2nd ed 1888)

□ Weber , History of Indian Literature , pp 16-20
□ Westin. A.F. (Ed.) (1971) “Information Technology in a democracy”, Cambridge, MA:
Harvard University Press
□ Thomas M. Cooley, Law of Torts 91 (2nd ed 1888)
□ Weber , History of Indian Literature , pp 16-20
□ Westin. A.F. (Ed.) (1971) “Information Technology in a democracy”, Cambridge, MA:
Harvard University Press