New IT rules and right to privacy

What are new IT rules in India?

The Fundamental Rights are enshrined in Part III of the constitution from articles 12 to 35. The constitution provided Six Fundamental rights.

1.) Right to Equality ( Articles 14 – 18)

2.) Right to freedom ( Articles 19 – 22)

3.) Right Against ( Articles 23 – 24)

4.) Right to freedom of Religion ( Articles 25 – 28)

5.) Right to cultural and Educational Rights ( Articles 29 – 30)

6.) Right to constitutional remedies ( Article 32).

On 24 August 2017, the Supreme Court of India, in a historic judgment, declared the right to privacy as a fundamental right protected under the Indian Constitution. In announcing that this right stems from the fundamental right to life and liberty.

Several petitions were filed in the court that challenged the mandatory use of Aadhaar cards, assigning a unique 12-digit ID to every citizen. The Aadhaar database links iris scans and fingerprints to more than a billion people.

The government insists that Aadhaar should be made mandatory for all financial transactions to bring about transparency in dealings and to act as a tool to curb corruption. Also, the government feels that the data collected by the Unique Identification Authority of India (UIDAI) can help disseminate the benefits of the government welfare schemes to the deserving.

However, its landmark verdict unanimously passed by a nine-judge Bench on 24 August 2017 stated that privacy is a fundamental right that is intrinsic to life and liberty and thus comes under Article 21 of the Indian constitution.

Further, the ruling added that whether Aadhaar can be made mandatory, as the government insists for all financial transactions and benefits of welfare schemes, will be decided by a separate and smaller bench of the Supreme Court.

The Emergence of the Debate on Right to Privacy

The Privacy Bill was tabled in the Parliament in 2011, with the motive to provide for the right to privacy to citizens of India and to regulate the collection, maintenance, and dissemination of their personal information and for penalization for violation of such rights and matters connected in addition to that. However, the Bill has not been debated in Parliament and is lying pending with the government.

The debate regarding the right to privacy has been going on ever since the 1950s. Earlier, in 1954, a six judge bench had ruled that privacy is not a fundamental right. An eight-judge bench upheld the same decision in 1962. They said that privacy was a common law right that, when violated, can be compensated.

The ongoing constitutional challenge to the Aadhaar card scheme of the Union government was considered by a three-judge bench of the Supreme Court headed by Justice J Chelameswar in August 2015.

The Bench looked into the norms for and compilation of demographic biometric data by the government, which was being questioned that it violates the right to privacy.

Meanwhile, the attorney general for India observed that because the Indian Constitution does not explicitly protect the right to privacy, the very existence of a fundamental right of privacy was doubtful.

Hence, the three-judge Bench opinioned that to quell the controversy, the jurisprudential correctness of the right to privacy as a fundamental right should be authoritatively decided by a Bench of appropriate strength.

A Five-Judge Bench was constituted in October 2015, which recommended setting up a nine-judge as an eight-judge bench had previously ruled on it in 1962.

Finally, after more than two years, and after almost six years of filing the case by Justice KS Puttaswamy (retd) accompanied by some two dozen cases, on 18 July 2017, a nine-judge Constitution Bench was set up by the 44th Chief Justice Jagdish Singh Khehar.

The nine-judge Bench of the Supreme Court has ruled on 24 August 2017 that the right to privacy is protected as an intrinsic part of the right to life and personal liberty under Article 21 and as a part of the freedoms guaranteed by Part III of the constitution of India. 

Implications of the Supreme Court Ruling

The first and foremost implication is that it puts a question mark on the validity of the Aadhaarscheme because it violates citizens’ right to privacy.

However, the Union government has already issued an office memorandum on 31 July 2017, by which it has constituted a committee to “suggest a draft Data Protection Bill.”

The terms of reference defined for the above said committee pertain to the “study of various issues relating to data protection in India” and “to make specific suggestions for consideration of the central government on principles to be considered for dataprotection in India suggest a draft data protection bill.”

Besides the Aadhaar, criminalization of homosexuality under Section 377 will also become a matter of contention after this verdict. Moreover, the provision’s validity will raise further questions as the homosexual relationship between consenting adults will be seen under the purview of privacy.

Personal and National Security Concerns

The terms of reference of the committee committee set up by the government to “suggest a draft data protection bill” do not encompass all aspects of privacy and data protection in the era of e-commerce, drones, Google maps, Facebook, Twitter, smartphones, etc.

The Parliamentary Standing Committee on Information Technology that examined the work of the department of electronics and information technology has raised specific questions about personal and national security, like:

• India’s surveillance and interception of data sent through E-mails by the National Security Agency of the US, as brought out in the revelations by Edward Snowden, Chelsea Manning, and Wiki leaks, need to be scrutinized.
• The security ramifications of storing UID/Aadhaar data on insecure ‘cloud’ and the failure to enact a legal framework for the right to privacy.
• The government’s imposition of the obligation of disclosure of information and further linking it to bank accounts and mobile numbers makes it vulnerable to hacking.
• Installation of checks and balances/ measures against impersonation by specific individuals at the time of enrolment for the issue of unique identification numbers.
• Measures to prevent manipulation of biometric information.
• Security and privacy concerns owing to the UID data presently hosted in a private data center and not hosted in a government data center.
• Lastly, the proposal to converge the UID data with the electoral database and EVMs can make the secret ballot system vulnerable to hacking and has the potential of hijacking India’s democratic system.

New IT Rules 2021

The Government of India had framed the Information Technology (Guidelines for Intermediaries and Digital Media Ethics Code) Rules, 2021, in February this year. These rules require the social media intermediaries/ platforms to adhere to a vastly tighter set of rules within three months, which ended on 25 May.

Companies like Google, Facebook, WhatsApp, Telegram, Koo, Sharechat, and LinkedIn have shared details with MeitY as per the requirement of the new norms. On the other hand, Twitter sought an extension of the compliance window and called for constructive dialogue and a collaborative approach from the government to safeguard the public’s freedom of expression. 

WhatsApp also filed a case in the Delhi High Court against the government because the new rules violated customer privacy. The new Intermediary Guidelines and Digital Media Ethics Code have also been challenged by entities like The Wire, LiveLaw, and The Quint.

The IT Rules 2021 aim to empower ordinary users of social media platforms and OTT platforms with a mechanism for redressal and timely resolution of their grievance with the help of a Grievance Redressal Officer (GRO) who should be a resident in India. In addition, particular emphasis has been given to protecting women and children from sexual offences, fake news, and other misuses of social media.

Associated Issues With these new IT Rules

1. Rules Ultra-vires to the IT Act: 

1. It is of significant concern that the purview of the IT Act, 2000, has been expanded to bring digital news media under its regulatory ambit without legislative action.

• There has been criticism about bringing in many new rules that should be customarily triggered only via legislative action.

2. Depriving of Fair Recourse:

An intermediary is now supposed to take down content within 36 hours upon receiving orders from the government.

• This deprives the intermediary of fair recourse if it disagrees with the government’s order due to a strict timeline.

3. Undermining Free Speech

The rules place fetters upon free speech by fixing the government as the ultimate adjudicator of objectionable speech online.

4. Traceability Issue: 

Until now, social media platforms have the immunity that users received from end-to-end encryption because intermediaries did not have access to the contents of their messages.

• Imposing this mandatory requirement of traceability will break this immunity, thereby weakening the security of the privacy of these conversations.
• The threat here is not only one of privacy but to the extent of invasion and deprivation from a safe space.

5. Counterproductive in the absence of Data Privacy Law: 

It could prove ineffective in a country where the citizens still do not have a data privacy law to guard themselves against excesses committed by any party.

6. Compliance Burden:

The Rules create futile additional operational costs for intermediaries by requiring them to have Indian resident nodal officers, compliance officers, and grievance officers.

This may not favor many small digital entities and may open the floodgates for all kinds of interventions.

Positives of new IT Rules 2021

1.) Removal of non-consensual intimate pictures within 24 hours.

2.) Publication of compliance reports increasing transparency.

3.) Setting up a dispute resolution mechanism for content removal.

4.) Adding a label to information for users to know whether the content is advertised, owned, sponsored, or exclusively controlled.

Whatsapp Vs. The New IT rule 2021

Authorizing or enforcing the traceability on messaging apps ( Whatsapp, Facebook, Instagram, etc.) will encroach into user privacy:

A day before The IT Rule 2021- ( Intermediary Guidelines and digital media ethics codes) comes into force, Facebook WhatsApp owner Moved to the Delhi High Court against the rule, Specifically for one, i.e., “Significant social media intermediary providing services primarily in nature to identify the first originator of the message or data.

This will affect the Service Whatsapp messenger service as it will break the end-to-end encryption service that allows messages to read by the sender and the receiver only. This will violate the policy and also against the right to privacy.

The Ministry of Electronics and IT said They would use traceability only in a specific situation such as Purposes of prevention detection, investigation, prosecution, or offense related to sovereignty and integrity of India or Child Sexual Abuse which is punishable with Imprisonment. 

Restrictions on the Right to Privacy are necessary, including safeguards against abuse and national protection.

But at the same time government, under section 69(3) of the IT Act and Rules 17 & 13 of the 2009 surveillance Rules, can already Seek access to encrypted data. Moreover, the government has the technical ability to do so.

But enforcing traceability means without any safeguards and over Judicial sight, The Government agency can identify anyone on the ground. This compromises the Whistle-Blowers and Journalistic Sources.

Conclusion

In my opinion, the government needs to collect the data for more targeted dissemination of benefits of various government welfare schemes to the citizens who need it the most. Besides, it can play a vital role in controlling corruption and address the issues of illegal immigrants.

However, unless we can address the two conflicting requirements of collecting and using data ethically, and the need to create a robust mechanism to safeguard and secure the data so collected, as also ensure that it does not impinge upon the privacy of the citizens, the debate on the subject will continue to rage.

Plus, with the new IT rules, the positive points can be beneficial to The National Security and Sovereignty of The Republic of India. Still, at the same time, these rules should not be mishandled by The Government agency.