This Article pertaining to the core issue of modern digital economy. It is
undisputed fact that the constitution is a living document and so is the
environment we live in. with this note on, this is to submit here that:In
landmark verdict of Justice K. S. Puttaswamy (Retd.) and Anr. vs Union Of India
And Ors, it was held by 9 judge bench that Right to Privacy is a Fundamental
right under Article 21 to the constitution of India and the Hon’ble Supreme
Court set aside its earlier judgment of MP Sharma (8 Judge bench) and Kharak
Singh (6 Judge Bench). However, in Judgment of 547 Pages, it contains 6
different opinions of different judges on what exactly amount to privacy. It is
pertinent to note that by virtue of bare reading of this judgment, one can find
major obiter-dicta and few ratio-decidendi only. The Point where chandrachud J (Plural
judgment he gave on behalf of four including itself) whereupon Kaul J agreed,
amounts to binding Part of the judgment. i.e. Test of Infringement of Privacy.-
Law, Legality and Proportionality.
Further, it is noteworthy to mention here that the Privacy is a subjective
matter and like any other Fundamental right. the same is subject to certain
restrictions. The same restrictions are nothing but Test of Infringement of
Privacy as outlined in Puttsawamy Judgment.
1. There is existence of law
2. There is legitimate goal behind the act
3. There is nexus between the act and goal.
It is also important to note that State is also under constitutional mandate to
provide welfare state to its citizens under Article 38 to the constitution of
India. Thus, the State Surveillance over its citizen Privacy is majorly a
debatable issue of modern era.
Position of Present law on Data privacy is a weak law and not in consonance with
the Right to Privacy. The loopholes can be viewed under Information Technology
act, 2000 and rules made thereunder.
Presently the section 43A of IT Act which Provides compensation for Failure to
Protect data and (Reasonable security practices and procedures and sensitive
personal data or information) Rules, 2011 (SPD RULES) which deals with
obligation upon Intermediaries to manage, store and deal with sensitive personal
The Present law is not in line with Right to Privacy and so is observed
in Puttaswamy Judgment. Further, the Sri Krishna committee report on Data
Protection law has also observed the limitations and loopholes of present law on
data protection. Few issues are
1. Consent- The report pointed out that the consent cannot be same as of a
traditional approach under section 14 of Indian contract act, 1872 rather it
must be in line with modern digital economy. That is , consent must be specific,
free, informed, adequate, clear and explicit.
2. Right to be erasure and Right to be forgotten- The Present law allow the
intermediary to retain the data for period of 90 days even after the account is
deleted. Further, the right to be forgotten is not explicit under present law
and recently the Karnataka high Court in Sri Vasunathan vs The Registrar has
recognized right to be forgotten in India as underlying of western approach to
data privacy. It is pertinent to mention here that the Data Protection Bill 2018
which is yet to be tabled in Lower house is nothing but Indian version
of General Data Protection Regulations (GDPR).
3. Further, the Present law take away the consent mechanism if the data so
required by investigating agency. One legal argument in this regard is that it
is within the purview of Article 38 and for a greater social cause whereas the
counter argument is that Test of Proportionality is not complied here because
the State cannot completely surveillance over data on name of national security.
4. One Legal argument is that the Intermediary guidelines of 2011 whereby
which the intermediary can retain the data for period of 90 days and cannot be
made liable for data breach within purview of safe harbor rule under section 79
of Information Technology act,2000.
However, the counter argument Probably be
a) The existence law in itself in question and mere existence of law doesn’t
uphold privacy keeping in mind the test of proportionality.
b) The Present law on Data Protection is a weak law and same has duly observed
in Justice K. S. Puttaswamy (Retd.) and Anr. vs Union Of India And Ors and Sri
Krishna committee report on data protection.
c) Further, the Shreya Singhal v. Union of India has also observed that the
Rule 3(2) and Rule 3(4) of said guidelines are self-contradicting.
d) Further, the role of intermediary has duly questioned and efforts has been
made to cut down its immunity under safe harbor rule by introducing the concept
of active intermediary and passive intermediary in matter of Christian Louboutin
SAS v Nakul Bajaj & Ors CS (COMM) 344/2018.
Thus, we are living in era of Digital economy where the state has to strike the
balance between its actions to respect Fundamental rights of individuals and to
maintain the welfare state. Further, the Justification to infringe Privacy and
rule of proportionality cannot be overlooked upon and will depend on merits of
Written By: Shubham Budhiraja, The author is company secretary by qualification
and is undergoing its management trainee with a reputed corporate law firm.
Further, he is First Year Law student at faculty of law, University of Delhi. He
is also enrolled as Para Legal volunteer with Delhi State Legal Service
authority and also active Participant in Moot Court.