Anjani Kumar Srivastava and Ashit Kumar Srivastava
On 24th August 2017, the Indian Supreme Court shredded away the lethargic cloak of original(ism) and embraced privacy with both its hand. However, the functionality of privacy demands more than just an acceptance; there has to be an intricate surgery to imbibe criteria of applications; one such application will be of data protection law. The judgment of K.S Puttuswamy no doubt is a promising endeavour but which is capable of being undone by legislative (un) endeavours. In the majority opinion delivered by Justice Chandrachud, there were primarily three facets of privacy recognized by the Apex Court.
Informational privacy becomes the basis for data protection law. Interestingly, fast forward to 2018, the Central Government did appoint a committee under the chairmanship of Shri B.N Krishna to evaluate the present data regime in India. You come to realize that data protection is not only an important predicament for safeguarding informational privacy but the intricacies of informational privacy runs back to human dignity. Something which is quite eloquently portrayed in European Jurisprudence, where data protection law is regarded as a fundamental right due to its inalienable nature with human privacy.
There is clearly a difference between as to how human dignity, privacy and informational privacy are seen in the Indian and European context; in European Jurisprudence, the right to informational privacy or right to self-determination gives ample autonomy to an individual.
Interestingly, the India data protection provisions styled as Personal Data Protection Bill, 2018 still remains a bill. At present Indian data protection regime is suffering from a drought of its own creating. However, there might be a reply to India’s problem of data protection, if we rummage the K.S Puttuswamy judgment, under paragraph 169 (Majority opinion) we come to realize there is a passive acceptance of the test of ‘Reasonable Expectation of Privacy’. Now I am not claiming that the test would be a panacea to all the data-related issues but the test as evolved in the American jurisprudence helps in constructing certain spheres of privacy or rather zones of privacy, which no one can penetrate through.
A little brief history about the test would help us in better understanding the concept. The test was first given by Justice Taft in the case of Olmstead v. U.S (1928) (however, Olmstead case is still remembered for the dissenting opinion of Justice Brandeis), which was further augmented in the case of Katz v. U.S (1967). The basic premise of the test was revolving around the fourth amendment of the American Constitution; which says:
“The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no Warrants shall issue, but upon probable cause, supported by Oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized”
The amendment quite clearly becomes the basis for the famous English quote of ‘My Home is my castle’. However, going beyond one’s house, the question came in as to which other places can one claim for my privacy rights just like home. To answer this algorithmic question, the U.S Supreme Court through a series of case-laws ranging from Katz to Griswold to Maryland to Timothy Carpenter (all versus the U.S) evolved this test of ‘Reasonable Expectation of Privacy’.
The great benefit of having this test is it helps in drawing a subjective as well as objective contour of the sphere, where one can presume to have his/her privacy. The second important advantage this test brings in that it is completely judicial-dependent; that means you do not have to wait for the legislature to pass any intricate laws to deal with cases of data-manipulation or data protection but rather simply apply this test to know whether in a particular scenario, there should be privacy or not. So for that very matter let us take my laptop, I reasonably expect my laptop to be my secure area and if we apply the test of expectation, then most probably I will have the reasonable expectation that my laptop is secure place and any function performed by me under it will be private. The fact that a social media or search engine website uses my IP address and targets the sanctity of my laptop to manipulate my behaviour is a mere example as to how the sanctity of my home has been breached aka my spatial privacy. Similarly, this test can be applied in varied form in varied situations.
Therefore, I personally propose till the time we are not able to harness a fully functional data protection law, let us hand down the functioning of the intricacy of data protection to the Supreme Court of India who are better equipped to deal with the test of ‘Reasonable Expectation of Privacy’. This test surely can be ‘Buffer’ Legislation for us till the time we come up with a functional law on data protection.
The authors are a Practicing Advocate and Assistant Professor of Law.