The right to privacy and government surveillance for security are contradictory. The seed of right to privacy as a constitutional right vis a vis surveillance by the government was planted by the minority judgement given by Justice Subba Rao in the Kharak Singh case, wherein it was stated that privacy was within the purview of Article 21 which is the right to life and personal liberty. The government seeks to collect personal information of its citizens for the purposes of preserving the integrity and safety of the nation. This compromises data protection of citizens which is a constitutionally guaranteed right post the Puttaswamy judgement in 2017. From the Indian judicial perspective, this right has been derived from the constitutional provisions of right to be left alone as implicit under Article 21 and the tortious right to seek damages for wrongful violation of one’s privacy.
There is a lack of legislative clarity in terms of the manner in which the government may collect data, the reasonableness of the cause and the procedure to be followed. The source of balancing these conflicting issues have been derived from the judiciary through precedents since the courts have been forthcoming in recognizing privacy as a constitutional right.
With the development in technology, the devices can collect personal information with minimal human intervention which can be processed and used by the people in control of the software or device. Most government departments have their own websites that provides information to the public about the services they provide, notifications and procedure for compliance. This article examines the current developments in the policy requirements of prominent government websites regarding data protection and if they have been incorporated into the portal.
Privacy guidelines for government websites in India
The Personal Data Protection Bill, 2019 which is in the process of being enacted into law provides some clarity about collection of personal information by the government. Chapter 3 states grounds of processing the data without consent. It clearly states that the state can collect data if any service is being provided by the government to a person. This includes providing certification, licenses, enforcement of any law and decision by court or tribunal or providing medical services during an epidemic. Furthermore, according to chapter 8 of the bill regarding exemptions, it states that the central government can direct that the provisions of this act are inapplicable if it is required in the sovereign interests of the nation and to prevent the occurrence of a cognizable offence, by recording the reasons in writing. The exemption is also provided if the data is necessary for research or statistical purposes and anonymizing the data does not fulfil the objective of the research. Hence, the bill has provided ambiguous indemnity to the government for processing data in the national interest or even if services are provided which is invariably the purpose of every portal. It is questionable whether this is in consonance of the constitutional right to privacy and the developing international consensus on data protection. It is also pertinent to note that the approach of the bill towards data protection has provided exemptions and leeway for the government when compared with the guidelines.
The status of privacy compliance in prominent government websites
Some of the prominent Indian government websites have been explored to check whether they adhere to data protection norms. These portals are chosen based on the amount of traffic they attract and importance of the services in terms of targeting a large chunk of the population.
What are the issues?
Ayottaz can help you understand more about how to become Data Privacy-aware and become future-ready.