Archive

Posts Tagged ‘fundamental rights’

Are we closer to a law on privacy?

October 19th, 2012 2 comments

On October 16, the Group of Experts on Privacy, Chaired by Mr. A. P. Shah, submitted its Report to the Planning Commission.  The Expert Group was appointed to set out the principles that Indian privacy law should abide by.   Even though privacy has been held to be a fundamental right as long back as in 1962, India does not have a law that specifies safeguards to privacy.  Moreover, recent government initiatives, such as the UID, involve collection of personal information and storage in electronic form.  The absence of a law on privacy increases the risk to infringement of the fundamental right.

In this blog we list the recommendations made by the expert group, discuss the status of the right to privacy in India, and why there is a need for an enactment.

Recommendations of the Expert Group on Privacy

  • The Expert Group recommended that the new legislation on privacy should ensure that safeguards are technology neutral.  This means that the enactment should provide protections that are applicable to information, regardless of the manner in which it is stored: digital or physical form.
  • The new legislation should protect all types of privacy, such as bodily privacy (DNA and physical privacy); privacy against surveillance (unauthorised interception, audio and video surveillance); and data protection.
  • The safeguards under the Bill should apply to both government and private sector entities.
  • There should be an office of a ‘Privacy Commissioner’ at both the central and regional level.
  • There should be Self-Regulating Organisations set up by the industry.  These organisations would develop a baseline legal framework that protects and enforces an individual’s right to privacy.  The standards developed by the organisations would have to be approved by the Commissioner.
  • The legislation should ensure that entities that collect and process data would be accountable for these processes and the use to which the data is put.  This, according to the Group, would ensure that the privacy of the data subject is guaranteed.

Present status of the Right to Privacy

While the Supreme Court has held privacy to be a fundamental right, it is restricted to certain aspects of a person’s life.  These aspects include the privacy of one’s home, family, marriage, motherhood, procreation and child-rearing.  Therefore, to claim privacy in any other aspect, individuals have to substantiate these are ‘private’ and should not be subjected to state or private interference.  For instance, in 1996 petitioners had to argue before the Court that the right to speak privately over the telephone was a fundamental right.

Risks to privacy

Government departments collect data under various legislations.  For instance, under the Passport Act, 1967 and the Motor Vehicles Act, 1988 persons have to give details of their address, date of birth etc.  These enactments do not provide safeguards against access and use of the information by third parties.  Similarly, information regarding ownership of property and taxes paid are publicly available on the MCD website.

Furthermore, recent government initiatives may increase the risk to infringement of privacy as personal information, previously only available in physical form, will now be available electronically.  Initiatives such as the National e-Governance Plan, introduced in 2006 and Aadhaar would require maintenance of information in electronic form.  The Aadhaar initiative aims at setting up a system for identifying beneficiaries of government sponsored schemes.  Under the initiative, biometric details of the beneficiaries, such as retina scan and fingerprints, are collected and stored by the government.  The government has also introduced a Bill in Parliament creating a right to electronic service delivery.  As per news reports, a draft DNA Profiling Bill is also in the pipeline.

 

NATGRID: Should Parliament have a role?

June 20th, 2011 1 comment

The Union government’s Cabinet Committee on Security recently gave clearance to the Home Ministry’s NATGRID project.  The project aims to allow investigation and law enforcement agencies to access real-time information from data stored with agencies such as the Income Tax Department, banks, insurance companies, Indian Railways, credit card transactions, and more.  NATGRID, like a number of other government initiatives (UIDAI), is being established through governmental notifications rather than legislation passed in Parliament.  The examination of this issue requires an assessment of the benefits of legislation vis-a-vis government notifications.

Government notifications can be issued either under a specific law, or independent of a parent law, provided that the department issuing such notification has the power to do so.  Rules, regulations which are notified have the advantage of flexibility since they can be changed without seeking Parliamentary approval.

This advantage of initiating projects or establishing institutions through government notifications is also potentially of detriment to the system of checks and balances that a democracy rests on.  For, while legislation takes a longer time to be enacted (it is discussed, modified and debated in Parliament before being put to vote), this also enables elected representatives to oversee various dimensions of such projects.  In the case of NATGRID, the process would provide Parliamentarians the opportunity to debate the conditions under which private individual information can be accessed, what information may be accessed, and for what purpose.  This time consuming process is in fact of valuable import to projects such as NATGRID which have a potential impact on fundamental rights.

Finally, because changing a law is itself a rigorous process, the conditions imposed on the access to personal information attain a degree of finality and cannot be ignored or deviated from.  Government rules and regulations on the other hand, can be changed by the concerned department as and when it deems necessary.  Though even governmental action can be challenged if it infringes fundamental rights, well-defined limits within laws passed by Parliament can help provide a comprehensive set of rules which would prevent their infringement in the first place.

The Parliamentary deliberative process in framing a law is thus even more important than the law itself.  This is especially so in cases of government initiatives affecting justiciable rights.  This deliberative process, or the potential scrutiny of government drafted legislation on the floor of Parliament ensures that limitations on government discretion are clearly laid down, and remedies to unauthorised acts are set in stone.  This also ensures that the authority seeking to implement the project is

The other issue pertains to the legal validity of the project itself.  Presently, certain departmental agencies maintain databases of personal information which helps them provide essential services, or maintain law and order.  The authority to maintain such databases flows from the laws which define their functions and obligations.  So the power of maintaining legal databases is implicit because of the nature of functions these agencies perform.  However, there is no implicit or explicit authorization to the convergence of these independent databases.

One may argue that the government is not legally prevented from interlinking databases.  However, the absence of a legal challenge to the creation of NATGRID does not take away from the importance of establishing such a body through constitutionally established deliberative processes.  Therefore, the question to be asked is not whether NATGRID is legally or constitutionally valid, but whether it is important for Parliament to oversee the establishment of NATGRID.

In October 2010, the Ministry of Personnel circulated an “Approach paper for a legislation on privacy”.  The paper states: “Data protection can only be ensured under a formal legal system that prescribes the rights of the individuals and the remedies available against the organization that breaches these rights. It is imperative, if the aim is to create a regime where data is protected in this country, that a clear legislation is drafted that spells out the nature of the rights available to individuals and the consequences that an organization will suffer if it breaches these rights.”

As the lines above exemplify, it is important for a robust democracy to codify rights and remedies when such rights may be potentially affected.  The European Union and the USA, along with a host of other countries have comprehensive privacy laws, which also lay down conditions for access to databases, and the limitations of such use.  The UIDAI was established as an executive authority, and still functions without statutory mandate.  However, a Bill seeking to establish the body statutorily has been introduced, and its contents are being debated in the Parliamentary Standing Committee on Finance and the Bill has also been deliberated on by civil society at large.

A similar approach is imperative in the case of NATGRID to uphold the sovereign electorate’s right to oversee institutions that may affect it in the future.

 

Legislative vacuum and the Bhopal Gas tragedy

June 10th, 2010 3 comments

Our Constitution provides protection against laws imposing criminal liability for actions committed prior to the enactment of the law. Article 20 (1) under the Part III (Fundamental Rights), reads:

20. (1) No person shall be convicted of any offence except for violation of a law in force at the time of the commission of the act charged as an offence, nor be subjected to a penalty greater than that which might have been inflicted under the law in force at the time of the commission of the offence.

Thus, the maximum penalty that can be imposed on an offender cannot exceed those specified by the laws at the time. In the context of the Bhopal Gas tragedy in 1984, the Indian Penal Code (IPC) was the only relevant law specifying criminal liability for such incidents. The CBI, acting on behalf of the victims, filed charges against the accused under section 304 of the IPC (See Note 1). Section 304 deals with punishment for culpable homicide and requires intention of causing death.

By a judgment dated September 13, 1996, the Supreme Court held that there was no material to show that “any of the accused had a knowledge that by operating the plant on that fateful night whereat such dangerous and highly volatile substance like MIC was stored they had the knowledge that by this very act itself they were likely to cause death of any human being.” The Supreme Court thus directed that the charges be re-framed under section 304A of the IPC (See Note 2). Section 304A deals with causing death by negligence and prescribes a maximum punishment of two years along with a fine.

Consequently, the criminal liability of the accused lay outlined by section 304A of the IPC and they were tried accordingly. Civil liability, on the other hand, was adjudged by the Courts and allocated to the victims by way of monetary compensation.

Soon after the Bhopal Gas tragedy, the Government proposed and passed a series of laws regulating the environment, prescribing safeguards and specifying penalties. These laws, among other things, filled the legislative lacunae that existed at the time of the incident.

Given the current provisions (See Note 3), a Bhopal like incident will be tried in the National Green Tribunal (once operationalized) and most likely, under the provisions of the the Environment (Protection) Act, 1986. The criminal liability provisions of the Act (See Note 4) prescribe a maximum penalty of five years along with a fine of one lakh rupees. Further, if an offence is committed by a company, every person directly in charge and responsible will be deemed guilty, unless he proves that the offence was committed without his knowledge or that he had exercised all due diligence to prevent the commission of such an offence.

The civil liability will continue to be adjudged by the Courts and in proportion to the extent of damage unless specified separately by an Act of Parliament.

Notes

1) IPC, Section 304. Punishment for culpable homicide not amounting to murder

Whoever commits culpable homicide not amounting to murder shall be punished with imprisonment for life, or imprisonment of either description for a term which may extend to ten years, and shall also be liable to fine, if the act by which the death is caused is done with the intention of causing death, or of causing such bodily injury as is likely to cause death,

Or with imprisonment of either description for a term which may extend to ten years, or with fine, or with both, if the act is done with the knowledge that it is likely to cause death, but without any intention to cause death, or to cause such bodily injury as is likely to cause death.

2) IPC, Section 304A. Causing death by negligence

Whoever causes the death of any person by doing any rash or negligent act not amounting to culpable homicide, shall be punished with imprisonment of either description for a term which may extend to two years, or with fine, or with both.

3) Major laws passed since 1984:

1986 – The Environment (Protection) Act authorized the central government to take measures to protect and improve environmental quality, set standards and inspect industrial units. It also laid down penalties for contravention of its provisions.

1991 – The Public Liability Insurance Act provided for public liability – insurance for the purpose of providing immediate relief to the persons affected by an accident while handling hazardous substances.

1997 – The National Environment Appellate Authority Act established to an appellate authority to hear appeals with respect to restriction of areas in which any industries, operations or processes are disallowed, subject to safeguards under the Environment (Protection) Act, 1986.

2009 – The National Green Tribunal Act, yet to be notified, provides for the establishment of a tribunal for expeditious disposal of cases relating to environmental protection and for giving relief and compensation for damages to persons and property. This Act also repeals the National Environment Appellate Authority Act, 1997.

4) Criminal liability provisions of the Environment Protection Act, 1986

Section 15. Penalty for contravention of the provisions of the Act

(1) Whoever fails to comply with or contravenes any of the provisions of this Act, or the rules made or orders or directions issued thereunder, shall, in respect of each such failure or contravention, be punishable with imprisonment for a term which may extend to five years with fine which may extend to one lakh rupees, or with both, and in case the failure or contravention continues, with additional fine which may extend to five thousand rupees for every day during which such failure or contravention continues after the conviction for the first such failure or contravention.

(2) If the failure or contravention referred to in sub-section (1) continues beyond a period of one year after the date of conviction, the offender shall be punishable with imprisonment for a term which may extend to seven years.

Section 16. Offences by Companies

(1) Where any offence under this Act has been committed by a company, every person who, at the time the offence was committed, was directly in charge of, and was responsible to, the company for the conduct of the business of the company, as well as the company, shall be deemed to be guilty of the offence and shall be liable to be proceeded against and punished accordingly:

Provided that nothing contained in this sub-section shall render any such person liable to any punishment provided in this Act, if he proves that the offence was committed without his knowledge or that he exercised all due diligence to prevent the commission of such offence.