The problem with the right to privacy
The recently concluded Supreme Court hearings on Aadhaar and privacy pitted a quintessentially American idea of the “right to be left alone” against the long-standing demand of India’s poor for the “right to be acknowledged” by the state—which was the genesis of Aadhaar in the first place. Clearly, if the Supreme Court rules in favour of the petitioners, who contend that Aadhaar inherently violates the right to privacy, it could have serious implications for the ability of the government to effectively manage its massive public assistance programmes and to rein in fraud on several fronts.
Having said that, I find it intriguing that the government did not take a forceful stand against recognizing privacy as a fundamental right. Instead, it sought to stake out its authority to restrict that right when and where it deems appropriate. This could turn out to be a slippery slope.
First, as I understand it, fundamental rights recognized under the Constitution are not absolute rights and may be reasonably restricted in the interest of general welfare. However, such restrictions are subject to direct interventions by the Supreme Court. If privacy is ruled a fundamental right, it could open up a litany of legal challenges every time the government proposes to abridge that right for one reason or another. This would be a recipe for administrative paralysis, especially given an activist court that has a history of interceding in matters that are traditionally the purview of the executive.
Second, the government’s plan to make Aadhaar mandatory for most day-to-day transactions, going beyond just welfare schemes, hardly seems to fit the bill as a reasonable restriction on the right to privacy. Unless the court is inclined to grant a broad one-time exception, one should fully expect its continuing involvement in the details of Aadhaar implementation, case by agonizing case, as it has in the past. Any ruling favourable to the petitioners could also open the door for citizens to demand government subsidies and services without a reciprocal obligation to present their Aadhaar credentials. Carried to the extreme, a beneficiary could cite privacy rights to withhold even his or her full name, which arguably reveals much more about a person than a 12-digit random number!
Third, once privacy is ruled a fundamental right, it will inexorably roll back many of the gains made under the ambit of the right to information, which is not a fundamental right, but a statutory right under the Right to Information Act, 2005. Such a ruling could also run afoul of access to information such as voters’ lists, National Rural Employment Guarantee Act muster rolls, etc., which we now take for granted in the name of transparency. Moving forward, every instance of public access to such citizen databases may have to be re-litigated, either by the government or by rights advocates. It would be a pity if the petitioners, many of whom are presumably staunch supporters of RTI, end up playing into the hands of an entrenched bureaucracy that has made no secret of wanting to dilute that landmark legislation.
I have an even more fundamental problem with the current debate: We are trying to decide whether or not privacy is a fundamental right before we have had any meaningful national dialogue on what personal privacy ought to mean in the Indian context.
True, the Aadhaar Act of 2016 was a major step towards concretizing the notion of privacy, but that was only in the narrow context of Aadhaar. The ground reality today is that there is very little understanding of personal privacy at all levels of society. Look around and you may see a bank employee sharing another customer’s file to explain how to complete a form, or a doctor pulling up another person’s medical record to explain a procedure, with nary a thought of patient confidentiality.
Surely, we have a lot of homework and public education ahead of us. As experts have often observed, balancing the conflicting interests of the public’s right to know and an individual’s right to privacy is the single most challenging part of any effort to legislate privacy rights. At the end of the day, any reasonable consensus can only emerge organically from our shared experiences, not by a court edict on an ill-defined and ill-understood concept.
So, it is gratifying to see that the government has finally convened a group of experts under retired Justice Srikrishna to develop a national data protection framework, which will hopefully also define the contours of personal privacy in a broader context beyond just data. The recommendations of the Justice Shah panel on privacy (2012) could be a useful starting point in this regard. Also, inviting the views of all the key stakeholders, including some of the recent petitioners and other rights advocates, will go a long way in crafting a robust legislation that can garner wide public support before it is taken up by Parliament.
It is unfortunate that India is lagging behind over 100 countries that already have some form of data protection law, especially at a time when technology is fast outpacing society’s ability to place checks and balances. But it makes no sense to lay our tardiness at the door of a successful project like Aadhaar, which is already making every effort to safeguard the privacy and security of our personal information.
I am of the view that elevating the fungible notion of personal privacy to the same status as other time-tested fundamental rights will lead us into unchartered waters and is not warranted at this time.
Raju Rajagopal led UIDAI’s civil society outreach efforts in its early years.
Comments are welcome at firstname.lastname@example.org