Wednesday, September 20, 2017

An analysis of Puttaswamy: the Supreme Court's privacy verdict

by Vrinda Bhandari, Amba Kak, Smriti Parsheera and Faiza Rahman.

Introduction

On 24th August 2017, a nine judge bench of the Supreme Court in Justice K.S. Puttaswamy vs Union of India passed a historic judgment affirming the constitutional right to privacy. It declared privacy to be an integral component of Part III of the Constitution of India, which lays down our fundamental rights, ranging from rights relating to equality (Articles 14 to 18); freedom of speech and expression (Article 19(1)(a)); freedom of movement (Article 19(1)(d)); protection of life and personal liberty (Article 21) and others. These fundamental rights cannot be given or taken away by law, and all laws and executive actions must abide by them.

The Supreme Court has, however, clarified that like most other fundamental rights, the right to privacy is not an "absolute right". Subject to the satisfaction of certain tests and benchmarks, a person's privacy interests can be overridden by competing state and individual interests. This post discusses the tests that have been laid down by the Supreme Court in the Puttaswamy case, against which privacy infringements will be evaluated going forward. Based on this analysis, the post argues that a majority of the judges in this decision have agreed that the European standard of proportionality shall be applied to test privacy infringements in the future. However, the rigour and technicality with which this doctrine is applied will depend on the nature of the competing interests in question and will evolve on a case by case basis. At the very least, any impugned action will continue to be tested on the "just, fair and reasonable" standard evolved under Article 21 of the Constitution. However, before we delve into the standards laid down by the Court, it is important to understand why the Supreme Court was called upon to decide if we have a fundamental right to privacy and how to read the decision it finally delivered.

Why was a nine judge bench constituted to decide upon the right to privacy?

The question of whether or not privacy is a fundamental right first arose in 2015 before a three judge bench of the Supreme Court considering the constitutional challenge to the Aadhaar framework. The Attorney General had then argued that although a number of Supreme Court decisions had recognised the right to privacy, Part III of the Constitution does not guarantee such a fundamental right since larger benches of the Court in M.P Sharma (8 judge bench) and Kharak Singh (6 judge bench), had refused to accept that the right to privacy was constitutionally protected. Consequently, this bench referred the matter to a five judge bench to ensure "institutional integrity and judicial discipline". Thereafter, the five judge bench referred the constitutional question to an even larger bench of nine judges to pronounce authoritatively on the status of the right to privacy.

How do we read the Puttaswamy judgment?

The judgment, spanning 547 pages, contains six opinions and a lot of interesting observations. At the outset, however, it is important to note that only the majority opinion in a judgment is binding on future cases. In this case, Chandrachud J. wrote the plurality opinion, on behalf of four judges (Kehar C.J., Agrawal J., Nazeer J., and himself), while the remaining five judges (Nariman J., Kaul J., Bobde J., Sapre J., and Chelameswar J.) wrote concurring opinions. Thus, while Justice Chandrachud's opinion is the "plurality" opinion, it does not constitute the majority, since it has not been signed by a total of five or more judges. Similarly, the concurring opinions too, are not binding, and do not constitute 'precedent' for future cases. Thus, the operative part of the judgment, i.e. the binding part, is only the order that has been signed by all nine judges, which holds:

  1. The eight judge bench decision in M P Sharma (1954), which held that the right to privacy is not protected by the Constitution stands over-ruled;
  2. The Court's subsequent decision in Kharak Singh (1962) also stands over-ruled to the extent that it holds that the right to privacy is not protected under the Constitution;
  3. The right to privacy is protected as an intrinsic part of the right to life and personal liberty under Article 21 and as a part of the freedoms guaranteed by Part III of the Constitution; and
  4. The body of case law that developed subsequent to Kharak Singh, recognising the right to privacy, enunciated the correct position of law.

It is a well settled legal principle that a case is only an authority for what it actually decides, not any observations made in the course of the judgment or any propositions that may logically follow from it. Hence, to determine what aspects of the judgment are binding, it is important to examine each opinion, and see the point of agreement amongst a majority of the nine judges. So, if any judge agrees with a view taken by Chandrachud J. on any proposition, that would result in a majority of five out of nine, and hence, be binding on smaller benches and other courts. For instance, since a majority of the judges agree that privacy is an inalienable, natural right, that forms part of the binding element of the case.

With this in mind, let us now examine each of the opinions in Puttaswamy to see what they hold, how they construe the right to privacy, and what standard of judicial review they apply.

The Court's (multiple) views on privacy

Writing the plurality opinion, Chandrachud J., holds that the right to privacy is not independent of the other freedoms guaranteed by Part III of the Constitution. It is an element of human dignity, and is an inalienable natural right. He focuses on the informational aspect of privacy, its connection with human dignity and autonomy, and rejects the argument that privacy is an elitist construct. During the course of his opinion, Chandrachud J. makes several observations about privacy in the digital economy, dangers of data mining, positive obligations on the State, and the need for a data protection law. He also raises an important point about the negative and positive elements of privacy. The former restricts the State from unfairly interfering in the privacy of individuals, while the latter obliges it to put in place a legislative framework to restrict others from doing so.

Chelameswar J. on the other hand, grounds the right to privacy, as comprising of three facets, namely repose (freedom from unwarranted stimuli), sanctuary (protection from intrusive observation) and intimate decision (autonomy to make personal life decisions). Nariman J. too, endorses Gary Bostwick's conceptual understanding of privacy as encompassing "repose, sanctuary and intimate decision". He gives further content to the right by classifying it into three categories: (1) that which involves invasion by the State into a person's physical body, (2) information privacy which captures unauthorised uses of personal information, and (3) privacy of choice, or "individual autonomy over fundamental personal choices".

For Bobde J., fundamental rights have two aspects - first, to restrict legislative powers and second, to provide the conditions for the development and dignity of individuals. Thus, similar to Chandrachud J., he recognises both the positive and negative aspects of enforcing fundamental rights, although he is clear that fundamental rights claims (as opposed to other laws) fall squarely on the State.

Kaul J., on the other hand, recognises the claims of privacy against the State and non-State actors. In respect of the State, he identifies concerns of surveillance and profiling, whereas in respect of non-State actors, he emphasizes on the impact of technology, in the form of pervasive data generation, collection, and use in a digital economy. Kaul J. also elaborates on the influence of big data, in particular, its impact on the actions of an individual and the resultant chilling effect it may have on free speech and expression. He thus observes the need to protect certain information from both the State as well as private actors. Finally, Sapre J. focuses his opinion on the importance of the Preamble to the Constitution, and the principles of liberty, dignity, and fraternity enshrined therein.

Given the Court's varying conceptions of privacy, it is easy to understand why the suggested standards for evaluating an infringement of the right also varied so widely. We turn to this in the next section.

Tests for infringement of privacy

After a bumpy start in the MP Singh and Kharak Singh cases referred to above, the Supreme Court's jurisprudence on privacy evolved to accept that privacy forms an integral part of ``personal liberty" under Article 21 of the Constitution, which cannot be denied except through a "procedure established by law". The Supreme Court has clarified this to mean that the procedure prescribed by law must necessarily be "just, fair and reasonable". How this, and other standards of judicial review, will apply in the case of intrusion by the State into the right privacy, was the subject matter of much discussion in the various opinions in Puttaswamy. This section discusses some of the key observations.

The judgment written by Chelameswar J. provides a good overview by highlighting that the requirement of reasonableness pervades throughout Part III, albeit operating slightly differently for different fundamental rights. Accordingly, he suggests a "menu" of tests that can be used in privacy cases, depending on the underlying rights that are affected. Thus, a violation of privacy in the context of an arbitrary State action would attract a "reasonableness" enquiry under Article 14; similarly, privacy invasions that implicate Article 19 freedoms would have to fall under the specified restrictions under this constitutional provision like public order, obscenity etc; and finally, intrusion into life or personal liberty under Article 21, which forms the "bedrock of the privacy guarantee", would have to be just, fair and reasonable. For instance, over-broad telephone-tapping regulations would implicate both a citizen's freedom of speech (Article 19(1)(a)) as well as her personal liberty (Article 21). Under the Courts analysis, such a law would have to be justifiable under one of the specific restrictions in Article 19(2), in addition to being "fair, just and reasonable" as required by Article 21, as was held in the PUCL case.

Notably, Justice Chelameswar also includes a fourth test for privacy claims which deserve the "highest standard of scrutiny" and can be justified only in case of a "compelling state interest". Borrowing the strict scrutiny standard, typically reserved for discrimination cases in the U.S., he notes that there exists a category of privacy claims which must satisfy not just the tests of being "just, fair and reasonable" under Article 21, but also a higher level of importance in terms of the government's interest in the privacy intrusion. While laying down this higher standard of scrutiny, Chelameswar J., however, stops short of illustrating what sort of actions could fall under this category, and what would be the trigger for the application of this test. These issues have been left open for future Courts to deal with.

Nariman J. adds to this analysis by giving several examples to emphasise that the restrictions on privacy will need to be tested based on the combination of rights being infringed. For example, if the violation is of Article 21 read with Article 14 (right to equality), then tests of arbitrariness and unreasonableness will apply; or under Article 21 read with Article 19(1) (a) (freedom of speech), then the impugned law/policy will have to relate to the reasonable restrictions specified in Article 19(2), as described in the wiretapping example above. Thus, Nariman J., rather than elucidating a test, only clarifies that the analysis will be case by case - based on existing jurisprudence under the relevant fundamental right that is invoked. In a similar vein, Bobde J. states that privacy infringements will have to answer the tests under those particular freedoms ``in addition to the one applicable to Article 21".

Borrowing vaguely from the restrictions on the right to privacy as specified under the European Convention on Human Rights (Article 8), Sapre J. brings in a slightly different perspective. He notes that the State can impose reasonable restrictions on the right to privacy "on the basis of social, moral and compelling public interest in accordance with law". If Sapre J. is indeed articulating a new test, it is unclear where its textual basis lies in the Indian Constitution, given that many fundamental rights, such as the freedom of speech and expression, do not recognise public interest as a valid restriction. Moreover, such an articulation lacks clarity on what standards will apply to judge the "social, moral, and compelling public interest" or how this would interact with Chelameshwar J's "compelling state interest" test. It may thus be better understood as a general articulation of the Article 19 standard for reasonable restrictions, which will apply differently based on the specific right that has been infringed.

Interestingly, two of the judgments (representing the views of five judges) provide more teeth in terms of how existing tests under Article 21 should be interpreted. Drawing from the concept of proportionality that is used to balance rights and competing interests under European law, Chandrachud J., notes that any invasion of life or personal liberty must meet the three requirements of (a) legality, i.e. there must be a law in existence; (b) legitimate aim, which he illustrates as including goals like national security, proper deployment of national resources, and protection of revenue; and (c) proportionality of the legitimate aims with the object sought to be achieved. Although Chandrachud J. has used the term "proportionality", he stops short of actually adopting the very technical European proportionality standard, with its focus on narrow tailoring and least restrictive means.

Kaul J.'s "proportionality" test differs slightly from Chandrachud J. It requires (a) legality, (b) necessity (narrow tailoring) and (c) proportionality, which is closer to the European standard. He adds to this a fourth element of (d) procedural safeguards against abuse of interference with rights, which echoes Article 21's central requirement of having a "procedure established by law".

How then do we read the majority opinion on the judicial review standard adopted in Puttaswamy? One way of reading the judgment could be through the proportionality standard espoused by Chandrachud J. and elaborated by Kaul J. According to this, the four elements of the judicial review standard are as follows, although it is relevant to note that the additional observations made by Kaul J. do not constitute part of the "majority view":

  1. Legality: The existence of a law.
  2. Legitimate goal: The law should seek to achieve a legitimate state aim (Chandrachud J.). The proposed action must be necessary in a democratic society for a legitimate aim (Kaul J.). Justice Kaul's opinion can be read to espouse the EU narrow tailoring test.
  3. Proportionality: There should be a rational nexus between the objects and the means adopted to achieve them (Chandrachud J.). Extent of interference must be proportionate to its need (Kaul J.).
  4. Procedural guarantees: To check against the abuse of State interference (Kaul J.)

There was unanimity amongst the nine judges that privacy is not an absolute right, although the basis for assessing violations is less clear. While the content and applicability of the aforesaid proportionality test will be determined by subsequent decisions, what is certain is that privacy claims will be tested against the existing standards applicable under the Constitution or developed by Courts for different categories of fundamental rights. At the very least, the impugned action should satisfy the test of "just, fair and reasonable" procedure under Article 21 of the Constitution.

Conclusion

The Court's broad interpretation of the right to privacy has paved the way for a wide range of claims. While the exact boundaries of the right will continue to develop on a case to case basis, it is clear that privacy claims will often have to be weighed against other competing interests. In the absence of a defined hierarchy among the various rights guaranteed under Part III of the Constitution, the decision in each case will vary based on facts at hand and the judicial interpretation. For instance, can the dignity of a married woman, which is central to her privacy and liberty, be infringed by a law on marital rape so as to shield the "private affairs" of the family? Does the efficiency of having a meta database of information on all citizens trump the autonomy of those who resist its adoption? Can an individual's "right to be forgotten" on the Internet override the open information needs of many others. In fact, just last week, a PIL was filed before the Delhi High Court that the restitution of conjugal rights provision in the Hindu Marriage Act and Special Marriage Act is violative of the right to privacy. The real test of privacy will lie in how subsequent Courts apply the Puttaswamy decision to determine these varied questions.

 

Vrinda Bhandari is a practicing advocate in Delhi. Amba Kak is a Mozilla Technology Policy Fellow. Smriti Parsheera and Faiza Rahman are researchers at the National Institute of Public Finance & Policy.

1 comment:

  1. "Does the efficiency of having a meta database of information on all citizens trump the autonomy of those who resist its adoption?"

    This needs to be applied to the Aadhaar imbroglios:

    1) Acquiring an Aadhaar Number:
    Legality: the Aadhaar Act (money bill) is not settled until the suit by Member of Parliament Jairam Ramesh is closed.
    Legitimate goal: The purpose of the Aadhaar Act says it is for subsidies/DBT. This makes the aadhaar acquisition optional for those who wish to participate in the DBT.

    2) Seeding one's PAN with the Aadhaar Number:
    Legality: the Aadhaar Act (money bill) is not settled until the suit by Member of Parliament Jairam Ramesh is closed. All Administrative Rules or Directives of Government made under the Aadhaar Act stand illegal accordingly.
    Legitimate goal: The purpose of the Administrative Rule is to deduplicate the PAN database created by the Ministry of Finance. There is no legitimate definition of a duplicate PAN.
    Proportionality: There is no rational nexus between the purported existence of duplicate PANs attributed to *some* tax payers and the requirement for all tax payers to produce an aadhaar. The interference is not proportional to the objective. Duplicate PANs must be investigated case by case and resolved legally by applying the Income Tax Act. The burden of proof of duplicates/illegality is on the issuer of PANs.
    Procedural guarantees: there is no guarantee whatsoever instituted by the Ministry of Finance that the seeding of the Aadhaar Number with the PANs will not be combined with the other databases owned by the Consolidated Fund of India (such as that of Bank Accounts, Mobile Number, Properties, etc), which combination would interfere with the right to privacy.


    3) Seeding one's Bank Account and/or SIM account with the Aadhaar Number:
    Legality: the Aadhaar Act (money bill) is not settled until the suit by Member of Parliament Jairam Ramesh is closed. All Administrative Rules or Directives of Government made under the Aadhaar Act stand illegal accordingly.
    Legitimate goal: The purpose of the Administrative Rule is KYC for new customers, and of all customers for the SIM. There is no clear and legitimate definition of what constitutes KYC of a mobile subscriber.
    Proportionality: There is no rational nexus between the KYC needs and the requirement for long-running existing customers to produce an aadhaar. Inadequately known customers must be investigated case by case by the concerned bank and resolved via relevant commercial laws. The burden of proving a long running customer is a criminal of some sort rests with the bank, and by extension its regulator the RBI. Use of SIMs and Phones for illegal actions (such as bombing, harassment of people, blackmailing, etc) cannot be prevented by the enforcement of having an aadhaar number linked to the SIM.
    Procedural guarantees: there is no guarantee whatsoever instituted by the Ministries of Home, and of E&IT that the seeding of the Aadhaar Number with the SIM issued by private companies will remain private and confined to the respective Ministries, in fact it is impossible to provide for such security when the SIM is owned by private companies.

    ReplyDelete

Please note: Comments are moderated. Only civilised conversation is permitted on this blog. Criticism is perfectly okay; uncivilised language is not. We delete any comment which is spam, has personal attacks against anyone, or uses foul language. We delete any comment which does not contribute to the intellectual discussion about the blog article in question.

LaTeX mathematics works. This means that if you want to say $10 you have to say \$10.