A Case for a Customary Right to Privacy of an Individual: A Comparative Study on Indian and other State Practice

by Arvind Pillai, Raghav Kohli

(2017) Oxford U Comparative L Forum 3 at ouclf.law.ox.ac.uk | How to cite this article

Privacy as a concept has been hotly debated with regard to its role in an individual’s personal sphere since antiquity. The inception of international instruments such as the Universal Declaration of Human Rights and the International Covenant on Civil and Political Rights, along with institutions such as the United Nations, the Inter-American Commission on Human Rights and the Council of Europe, have made the codification of privacy a global concern. However, despite the inception of these institutions, several states have refused to codify and respect privacy as a fundamental right guaranteed to an individual. Thus, the need arises to highlight the development of a right to privacy as a customary right with the help of widespread state practice around the world. The most recent country to address the question of what status privacy holds in the legislative framework of that state is India. Here a unique identifying number is provided to each citizen based on biometric and demographic information. Known as the ‘Aadhaar’ scheme, this is giving rise to grave concerns about bodily integrity, informational self-determination, and decisional freedom. Indeed, a nine-judge Constitution Bench has just unanimously affirmed that the right to privacy is a fundamental right under the Constitution of India (Justice K S Puttaswamy (Retd.), and Anr v Union of India and Ors (2017) 10 SCC 1)
This article traces the evolution of the right to privacy in India, starting with an exploration of its conception in the Constituent Assembly Debates of the longest Constitution in the world. It attempts to ascertain the intent behind the exclusion of the right to privacy as a fundamental right from the Constitution, and analyses the contemporary position developed by the inconsistent jurisprudence of the Courts in India. Finally, by scrutinizing the practices of states from around the world, it argues that the right to privacy, and in particular data privacy, can be considered a binding principle of customary international law.

I. Introduction

A nine-judge Constitution bench of the Supreme Court headed by Chief Justice JS Khehar has been formed to hear arguments on the nature of the right to privacy under the Indian Constitution. Their collective wisdom will clarify whether the right to privacy of an individual is a fundamental right or not.[1] The position adopted will also help determine the fate of the contentious ‘Aadhaar Scheme’. This requires that a 12-digit unique identity number is issued to all Indian residents based on their biometric and demographic data. In 2012, a petition was filed before the Supreme Court by a retired High Court judge, challenging the decision to make Aadhaar enrolment mandatory for all citizens.[2] Since then, the hearings of the Court have seen concerns being raised about a lack of procedural safeguards, compulsory enrolment, and the fact that access to welfare schemes will be contingent on the Aadhaar scheme. While the petitioners argued that the scheme violates the right to privacy, the Government responded by contending that the Indian Constitution does not provide for a fundamental right to privacy. This has resulted in a larger public debate in India about whether the scheme enables the creation of a surveillance state under the garb of an identification requirement for accessing welfare services. Notwithstanding the final determination of the Court, the precedent will be preserved for posterity and predispose government and private corporations towards a particular stance on privacy. The matter assumes historic dimensions in today’s Indian society given the increasingly heavy reliance placed on information technology in our lives. Consequently, it is imperative for the Supreme Court to not only appreciate arguments relating to the nature of fundamental rights and judicial precedents on the right to privacy in India, but to also recognise global standards of privacy and the position of international law on the issue. Such an approach would be consistent with the practice of the Court of interpreting the Constitution in conformity with international commitments and the global human rights regime.[3] This would also assist the Court to ascertain reasonable restrictions on the right, and contribute to the evolution of an enduring standard of privacy in India. This article examines the evolution and contemporary legal position of a right to privacy in India. It argues that the right to privacy, and in particular the right to data privacy, can be considered a binding principle of customary international law, and needs to be recognised as such by the Supreme Court when determining how privacy should be balanced with other rights. The article also clarifies the pivotal relationship between the state and its citizens, which could have implications for the interplay of the Constitution’s Fundamental Rights and the Directive Principles of State Policy.

II. Evolution of the Right to Privacy in India

This part of the article examines the evolution of the right to privacy in India by investigating the intentions of the makers of the Constitution as evidenced by the Constituent Assembly Debates (A). It subsequently traces the jurisprudence of the Supreme Court with regard to the right to privacy and discusses the contemporary legal position on the issue (B).

A. The Constituent Assembly Debates on Privacy

Attorney-General K.K. Venugopal, appearing before the Supreme Court, reiterated the Central Government’s contention that the right to privacy is not a fundamental right under Articles 19(1)(d)[4] or 21[5] of the Constitution, which respectively set out the right to freedom to move freely throughout the territory of India and the right to life and personal liberty. Instead, he argued that the right to privacy was a ‘common law right’.[6] This assumes significance, as a common law right is horizontal in its operation, and does not provide a remedy for its violation by the state. He submitted, that ‘The founding fathers of the Constitution gave its citizens all kinds of Fundamental Rights, [but] the right to privacy was consciously avoided.’ This set the scene for the discussion about the extent of individual autonomy of the citizen in relation to the state, and consequently about the balance of public interest and private interest.

In 1947, The Constituent Assembly formed an Advisory Committee to formulate draft provisions on fundamental rights. The main committee was composed of five sub-committees, including the Fundamental Rights Sub-Committee. Eminent members of this committee like Dr. Ambedkar, K.M. Munshi, and Harman Singh staunchly advocated for the inclusion of a right to privacy as a fundamental right.[7] Harman Singh was inspired by the Czech Constitution in his note on Fundamental Rights, when he stated that ‘Every dwelling shall be inviolable’. Dr. Ambedkar, in his note, expounded on the right against unreasonable searches and seizures. The draft that was finally approved by the Sub-Committee guaranteed the right to the inviolability of one’s home, and the right to secrecy of correspondence. However, some members, including A.K. Ayyar, K.M. Panikkar, and Sir B.N. Rau, sent notes of dissent, citing problems of law enforcement and the absence of such a right even in the U.S. Constitution.[8] Finally, the Advisory Committee dropped both draft articles before submitting the report to the Constituent Assembly.[9] In the Constitutional Assembly Debates, not much more than passing reference was made to the right to privacy, with little meaningful debate on the subject. There were two primary conceptions of privacy: a right against unreasonable searches, and a right to privacy of correspondence. However, the matter was not adequately deliberated upon and a right to privacy was therefore never accepted as a fundamental right.

The first reference to the right to privacy in the Debates was made by R.K. Sidhwa in his remarks on the work of the Sub-Committee on Fundamental Rights. He said that it was wrong to say that the Sub-Committee did not consider the question of secrecy of correspondence, as it was in fact raised by them but rejected by the main Committee.[10] During the deliberations of the Assembly, Somnath Lahiri proposed an amendment, adding a new clause under ‘Rights to Freedom’, which read, ‘The privacy of correspondence shall be inviolable and may be infringed only in cases provided by law.’[11] However, this was never voted upon or even debated.

It was almost a year and a half later that another suggestion on privacy was considered. K.S. Karimuddin moved an amendment to add a sub-clause to Article 14, which provided for a right against unreasonable searches and seizures except upon probable cause, along with other safeguards.[12] He discussed the existence of similar provisions in the U.S., Irish, and German Constitutions, and highlighted the need for this fundamental right through personal anecdotes. Dr. B.R. Ambedkar noted that it was a useful provision, even though it was present in the Criminal Procedure Code as the law of the land. He observed ‘It is perfectly possible that the legislatures of the future may abrogate the provisions specified in his amendment, but they are so important so far as personal liberty is concerned that it is very desirable to place these provisions beyond the reach of the legislature…’.[13] The vote on the amendment was riddled with disorder and confusion, as there was a disagreement about whether it had been accepted or rejected in a voice vote. Even though the Vice-President put it to vote and declared it as accepted twice, T. T. Krishnamachari objected and contended that the voice vote favoured rejecting the amendment. Finally, Jawaharlal Nehru suggested a postponement of the vote, which was accepted by the House. The amendment was put to vote three days later with no debate, and rejected.[14] Consequently, no such principles on security against unreasonable search and seizure were included in the Constitution.

The next attempt at recognising privacy came from Pandit Thakur Das Bhargva. He moved an amendment to add a new article after Article 15, which included ‘No person shall be subjected to unnecessary restraints or to unreasonable search of person or property.’[15] He referred to the previous attempt of K.S Karimudin and Dr. Ambedkar to incorporate this principle into the Constitution. However, he was opposed by H.V. Kamnath. Kamnath contended that delineating an extensive procedure under which a person can be deprived of his liberty amounted to unnecessary intrusion into the Constitution as it should be reserved for future Parliaments to determine.[16] As a result of such reservations, a right to privacy was never included in the Constitution.

Much water has flown under the bridge since the deliberations of the Assembly, and our constitution makers could never have anticipated the need for privacy protections engendered by the IT revolution. Thus, in the humble opinion of the authors, the history of the debate on this issue before the Constituent Assembly should not preclude the Court from taking a more progressive position.

B. Jurisprudence of the Supreme Court

Not long after the deliberations of the Constituent Assembly, The Supreme Court dealt with the issue of privacy in relation to the power of search and seizure in M.P. Sharma v. Satish Chandra.[17] The eight-judge bench observed that ‘When the Constitution makers have thought fit not to subject such regulation to Constitutional limitations by recognition of a fundamental right to privacy, analogous to the American Fourth Amendment, we have no justification to import it, into a totally different fundamental right by some process of strained construction.’ This case has been widely relied upon to claim that the right to privacy is not a fundamental right. However, such reliance has been considered misplaced by some scholars. First, they argue that the word ‘privacy’ is used only once in the judgment when it makes a factual observation. Otherwise it is absent from the pleadings or the opinion of the Court. Therefore, the Court only recognised that the right to privacy is not listed under Part III of the Constitution. Second, they argue that the Court’s comment was limited to the ‘fundamental right to privacy, analogous to the American Fourth Amendment’, and not a fundamental right to privacy in general. Thus, it should not be taken to imply non-recognition of the broader fundamental right to privacy.

Similarly, in Kharak Singh v. State of U.P,[18] a six-judge bench of the Supreme Court confirmed that the right of privacy is not guaranteed in the Constitution and that therefore ascertaining the movements of an individual is not an infringement of a fundamental right guaranteed by Part III. Justice Subba Rao, writing for the minority, was of the opinion that the word ‘liberty’ in Article 21 was comprehensive enough to include privacy. He said that although the Constitution does not expressly provide for a right to privacy, it is still a quintessential ingredient of personal liberty. Observing that ‘a person’s house, where he lives with his family, is his castle’, he defined the right of personal liberty as a right of an individual to be free from restrictions or encroachments on his person.

In Gobind v. State of M.P.,[19] a three-judge bench recognised that while too broad a definition of privacy would raise serious questions about the propriety of judicial reliance on a right that is not explicit in the Constitution, many of the fundamental rights of citizens can be described as contributing to a right to privacy. The crux of the matter was touched upon when they observed that the right is not absolute and will necessarily have to go through a process of case-by-case development. These last two judgments started to mark a departure from the negative view taken by the Court towards the existence of a fundamental right to privacy.

In Maneka Gandhi v. Union of India,[20] it was held that no person can be deprived of the right to personal liberty except according to a procedure established by law. It was observed that ‘The procedure prescribed by law has to be fair, just and reasonable, not fanciful, oppressive or arbitrary.’ Even though the right to privacy was not discussed, this judgment contextually assumes significance because a two-judge bench of the Supreme Court in R. Rajagopal vs. State of Tamil Nadu[21] held that:

‘The right to privacy is implicit in the right to life and liberty guarantee to the citizens of this country by Article 21. It is a “right to be let alone”.’

This could help import the test of due process to be applied in the context of all cases concerning the right to privacy in the future.

An attempt to do exactly this was made in People’s Union for Civil Liberties v. Union of India,[22] whereby a two-judge bench of the court held that the unauthorised tapping of telephones by police personnel violated the ‘right to privacy’ as contemplated under Article 21. Such intrusive practices were construed as being permissible only if done under a proper legislative mandate that regulates their use. Following this case, in District Registrar and Collector, Hyderabad and another v. Canara Bank & others,[23] a two-judge bench explicitly recognised that a right to privacy has been developed by our Supreme Court from the provisions of Article 19(1)(a), Article 19(1)(d) and Article 21 in the absence of specific constitutional provisions. The Court also held that the right to privacy ‘deals with persons and not places’. Finally, in Selvi and others v. State of Karnataka & others,[24] a three-judge bench acknowledged a distinction between physical and mental privacy, and explored the nexus between the right to privacy and the right against self-incrimination. It was held that subjecting individuals to techniques such as narco-analysis and polygraph examination without their consent amounted to an unwarranted intrusion into personal liberty and mental privacy.

Thus, it can be safely concluded that the Supreme Court has in its jurisprudence recognised a right to privacy flowing from Article 19 and Article 21 of the Constitution as a condition precedent to the meaningful enjoyment of other rights and liberties. However, it should be noted that a nine-judge Constitution bench of the Supreme Court is not bound by any of the above-mentioned precedents.

III. Right to Privacy as a legally binding international custom

The Aadhaar Scheme in India is one of many schemes around the world that require data retention. However, these schemes often pose a danger of breaching individuals’ privacy, especially data privacy. To ensure safeguards against abuse, a majority of countries in the world have recognised the right to privacy as an intrinsic right of the individual. This part of the article aims to prove that the right to privacy is legally binding under customary international law by first examining the nature and formation of international customary law (A), and by then investigating whether the right to privacy can be contemplated as a customary right (B). Finally, it is argued that the right to data privacy in particular, as part of a broader right to privacy, can also be regarded today as an emerging norm of customary international law (C).

A. Determination of Customary International Law

International custom is considered to be an authoritative source of international law. This is illustrated by the inclusion of custom as a source of law under Article 38 of the Statute of the International Court of Justice (ICJ). This reads, ‘international custom, as evidence of a general practice accepted as law’.[25] To source a custom, one must ensure the existence of uniform practice, and the belief that such practice is obligatory i.e. opinio juris et necessitatis.[26] This has been noted by the ICJ in several cases.[27] It is important to note that the practice need not be completely uniform, and substantial uniformity is considered sufficient to constitute custom.[28] Customary international law is known to help in the creation of dynamic norms in response to the constantly changing wants of society.[29] In the Barcelona Traction case, the ICJ stated that due to their very nature, obligations derived from fundamental human rights will remain the concern of all states. In view of the importance of the rights involved, all states can be held to have a legal interest in their protection; they are obligations erga omnes.[30] Therefore, the threshold to prove opinio juris is not as high for globally recognised human rights such as privacy.[31] International law is only binding on a state if the state has expressly or implicitly consented to the law, or if the world community has universally consented to its applicability through practice.[32] This part of the article seeks refuge under the latter.

B. Right to Privacy as a Binding Custom

This section examines evidence, including the jurisprudence of different states, state legislation,[33] and the practice of international organisations[34] from different regions of the world, to demonstrate the existence of a customary right to privacy.

1. The Americas

The American Convention on Human Rights (ACHR) has been ratified by 25 states out of the 35 independent states which form the Organization of American States. It explicitly recognises the right to privacy in Article 11. This protects an individual against ‘arbitrary or abusive interference with his private life, his family, his home, or his correspondence, or of unlawful attacks on his honour or reputation.’[35] The case law of the Inter-American Court of Human Rights has recognised that the very aim of the right to privacy is to ensure that individuals enjoy a private sphere in their lives, protected from any sort of interference, knowledge, or disclosure by the State or by third parties.[36]

In addition to being parties to the ACHR, several member states have included provisions on privacy in their constitutions. In Brazil, the right to privacy is a constitutional right, found in Article 5, X, of the Constitution.[37] Article 5, LXXII also provides for the writ of Habeas Data. Further, there are specific statutory provisions for privacy in the Brazilian Civil Code. In Canada, every province has separate provincial privacy legislation.[38] However, federal legislation recognises the right as well. This applies not only federally but also provincially where a province does not have its own legislation. This includes the Privacy Act 1983, which pertains to the individual’s right to access personal information held by the federal government, and the Personal Information Protection and Electronic Documents Act 2000, which restricts the use by private organisations of third party information.[39]

In the United States of America (US), much like in India, there is no express inclusion of a right to privacy in the Constitution. However, the First Amendment (Privacy of Beliefs), Third Amendment (Privacy of the Home), Fourth Amendment (Privacy of the Person and Possessions), have all been interpreted as including a right to privacy, as seen in the case of Meyer v Nebraska.[40] Justice McReynolds held:

‘While this court has not attempted to define with exactness the liberty thus guaranteed, the term has received much consideration and some of the included things have been definitely stated. Without doubt, it denotes not merely freedom from bodily restraint but also the right of the individual to contract, to engage in any of the common occupations of life, to acquire useful knowledge, to marry, establish a home and bring up children, to worship God according to the dictates of his own conscience, and generally to enjoy those privileges long recognised at common law as essential to the orderly pursuit of happiness by free men.’[41]

Further, Justice Marshalls in the 1969 decision of Stanley v. Georgia said:

‘Whatever may be the justifications for other statutes regulating obscenity, we do not think they reach into the privacy of one’s own home. If the First Amendment means anything, it means that a State has no business telling a man, sitting alone in his own house, what books he may read or what films he may watch. Our whole constitutional heritage rebels at the thought of giving government the power to control men’s minds.’[42]

This position was finally cemented in Roe v. Wade[43] where the US Supreme Court held the right to privacy as ‘fundamental’ and any infringement by the state must be justified by public interest. This was further applied in the 2003 decision of Lawrence v. Texas,[44] which upheld the privacy of two gay men and struck down the Texan sodomy law. At present, the USA Rights Bill has been presented by Ron Wyden, Rand Paul and eleven other Senators to reform the NSA surveillance program – one of the most powerful forms of governmental surveillance programs.[45] This is meant to advance the civil liberties provided for in the American Constitution.

2. Europe

The European Court of Human Rights recognises the right to privacy as a human right as provided by Article 8 of the European Convention of Human Rights (ECHR).[46] Article 8(1) reads, ‘Everyone has the right to respect for his private and family life, his home and his correspondence.’[47] The ECHR currently holds 47 ratifications, which consists of all of the member states of the Council of Europe. This shows the consistency of practice in Europe in the protection of this right. When defining ‘private life’ in the case of Costello-Roberts v United Kingdom, the European Court of Human Rights was unable to reach a consensus other than to say that it was incapable of an exhaustive definition.[48] However the Court has provided protection to privacy including data privacy in many instances.[49]

If one were to delve into domestic jurisdictions, several states seem to have developed a right to privacy. The Belgian Supreme Court, for instance, ruled that protection of privacy is a legitimate restriction on the freedom of the press.[50] It has further been noted by Belgian case law that even public persons have the right to the protection of their privacy.[51] In the United Kingdom, the ECHR has been incorporated into domestic law through the Human Rights Act 1998. Further, in Douglas v. Hello, the Court of Appeal held ‘the courts have a duty to recognise and protect privacy rights.’[52] In France, the right to privacy is recognised by the civil and criminal law. Section 9 of the Civil Code reads ‘Everyone has the right to respect for his private life…’,[53] and Section 226-1 et. seq. of the French Criminal Code penalises ‘any wilful violation of the intimacy of the private life of other persons by resorting to any means of intercepting communication and taking of pictures without the consent of the person involved.’[54]

3. Asia

In Asia, apart from India, Japan has the Personal Information Protection Act 2003 to protect private personal information. Further, Singapore enacted a comprehensive Personal Data Protection Act (PDPA) in two stages in January and July 2014, which was inspired by European practice. This law has one of the largest fines attributed for a data privacy offence, reaching up to S$1 million (USD 800,000). In Azerbaijan, the Constitution protects the right to privacy under Article 32, which makes it unlawful to ‘gather, store, use or disseminate information about a person’s private life without his/her consent’, and protects secrecy of correspondence. [55] In Bahrain too, the right to privacy is recognised under Article 25 and 26 of the Constitution.[56]

4. Africa

In Africa, Nigeria constitutionally guarantees the individual a private life free from any interruption under Article 37 of its Constitution.[57] Similarly in Egypt, Article 36 of the Constitution, which deals with privacy, reads ‘Residences have their sanctity and they shall not be entered, searched or monitored except in the events stated by the law, after warning their residents, and by virtue of a justified order from the competent judge determining the place, purpose and time of search.’[58] Several other countries including Angola, Algeria and South Africa have also safeguarded privacy in their constitutions.[59]

5. International Covenants

International Declarations and Treaties show universal state practice or evidence of custom.[60] Article 3 of the Universal Declaration of Human Rights (UDHR) reads, ‘Everyone has the right to life, liberty and the security of one’s person’, and Article 12 states that ‘No one shall be subjected to arbitrary interference with his privacy, family, home or correspondence, nor to attacks upon his honor and reputation.’[61] Further, the International Covenant on Civil and Political Rights[62] also recognises a right to privacy under Article 17. Additionally, Article 16 of The Convention on the Rights of the Child[63] provides for the protection of children from unlawful interference with their privacy.

In conclusion, sufficient and uniform practice exists around the world which indicates a global recognition of the right to privacy as a human and fundamental right. This evidence strongly suggests that the right to privacy forms part of customary international law.

C. Data Privacy as an emerging norm of customary international law

Data privacy has recently become a global concern with the rapidly changing digital landscape. While it has not enjoyed sufficient time to crystallise into customary international law, the protection of an individual’s personal information through legislation and judicial decisions has seen considerable advances in recent years. Thus, even in the absence of uniform practice across the world, it is safe to characterise the right to data privacy as lex ferendi, or a powerful emerging norm. This section analyses the practices of some regions of the world on data privacy.

1. Europe

One of the most important landmark judgments on data privacy is Google Spain SL, Google Inc. v Agencia Española de Protección de Datos, Mario Costeja González,[64] in which the Court of Justice of the European Union (CJEU) took a fundamental step towards the stricter protection of personal data for citizens of the European Union (EU).[65] The Court observed that search engines such as Google are empowered to offer ‘a structured overview of the information relating to that individual that can be found on the Internet’; ‘information which potentially concerns a vast number of aspects of his private life’; and information ‘to establish more or less a detailed profile of him’.[66] Amongst other key issues, the Court defined certain limits in this regard. The CJEU linked search engines that offer structured information concerning data with potential interference to a person’s private life, and ruled that Google’s operator was a data controller under Article 2(d) of the EU Data Protection Directive 95/46 (DPD).[67]

It is also worth noting that in April 2014, the CJEU declared invalid the 2006 Data Retention Directive,[68] which had been introduced after the terrorist attacks in Madrid in 2004 and London in 2005.[69] This Directive was used to retain traffic and location data (metadata) in order to assist with the detection and prosecution of terrorism-related offences, initially without either judicial oversight or the need for suspicion of a crime. However, in Airey v. Ireland[70] the Court held that such extensive surveillance for counter-terrorism purposes ‘empties’ the right to privacy, rendering it illusory.

2. Americas

It was anticipated that EU Directive 95/46 would potentially hamper trade relations between the EU and the US. Therefore, a mid-way was required to accommodate both the U.S. self-regulatory mechanism and the EU’s strict approach towards data protection. This was finally found on 31 May 2000, when the US and EU reached an agreement known as the Safe Harbor Agreement. The US also has the Privacy Act 1974,[71] which was enacted to prevent misuse of personal information collected by the government. In Whalen v. Roe, the US Supreme Court held that there exists a right to information privacy and constitutional protection of the interest in avoiding disclosure of personal information.[72] Moreover, the General Assembly of the Organisation of American States has also underscored ‘the growing importance of privacy and the protection of personal data’.[73]

When understanding the practice of data protection for individuals in Latin America, the most essential concept is Habeas Data.[74] Habeas Data is a fundamental writ granted to individuals in many Latin American countries, and is probably the most important feature of the region’s data privacy law.[75] These actions are normally issued by the parties whose data has been leaked. The available remedy for a breach is an injunction, damages or both. Latin American countries with Habeas Data provisions in their law include Brazil, Argentina, Paraguay, Peru, Ecuador and Mexico.[76]

Other countries such as Japan, Canada, and South Africa have also enacted statutory laws to ensure data protection.[77]

3. International Organisations

The UN General Assembly has adopted Resolution 68/167 titled ‘The Right to Privacy in the digital age’, which recognises and urges states to protect the data of individuals, and states that any sort of misuse results in a violation of the ‘right of privacy.’[78] United Nations Special Rapporteur on the Protection and Promotion of the Right to Freedom of Opinion and Expression, and Special Rapporteur for Freedom of Expression of the Inter-American Commission on Human Rights noted that states ought to establish systems to protect personal data and to regulate and store them efficiently.[79] The UN has also recently appointed a Special Rapporteur on Privacy.

All of the above indicate that there is an emerging norm in relation to data privacy, with General Assembly Resolution 68/167 reflecting universal state practice. The Indian Supreme Court finds itself in a historic and defining period in international law on this issue. As the question of data privacy is central to the Aadhaar dispute, it is important for the Supreme Court to recognise the role it is going to play in determining the issue in that context.

IV. Conclusion

The judgment of the Supreme Court has critical ramifications for the future of privacy in India. Considerable insights have been gained from: examining the debates surrounding the Constituent Assembly’s decision not to include an explicit right to privacy in the Constitution; the jurisprudence of the apex Court in recognising an evolving right to privacy; and the existence of sufficient uniform practice globally to derive a legally binding customary international law protecting the right to privacy. This article also contributes to the growing body of literature that recognises the right to data privacy as an emerging norm. However, fundamental human rights are rarely absolute and usually entail reasonable restrictions for their meaningful enjoyment. In addition to confirming a fundamental right to privacy, the Court must endeavour to develop broad contours for determining how to balance the right with other rights. This will not only influence future policy and decision-making on important schemes like the Aadhaar, but it can also enhance India’s global image as a champion of personal liberty.

V. Endnotes

  1. The nine-judge Constitution Bench delivered its verdict on 24 August 2017, unanimously affirming that the right to privacy is a fundamental right under the Constitution of India in Justice K S Puttaswamy (Retd.), and Anr v Union of India and Ors (2017) 10 SCC 1. This draft preceded the judgment, and therefore does not include a discussion on it within the body of the draft. However, the main findings of the judgment may be summarised as follows: (i) The right to privacy was protected as an intrinsic part of the right to life and personal liberty under Article 21 and as a part of the freedoms guaranteed by Part III of the Constitution. (ii) The decisions of M.P. Sharma v Satish Chandra, which holds that the right to privacy is not protected by the Constitution, and Kharak Singh v State of Uttar Pradesh (to the extent that it holds that the right to privacy is not protected by the Constitution) were overruled. Both of these judgments are discussed subsequently in this draft. In reaching its conclusions, the Court observed that the right to privacy is a natural, primordial and inalienable right. It constitutes the basic, irreducible condition necessary for the exercise of personal liberty and other freedoms guaranteed by the Constitution. The Court noted that at least three connotations of privacy viz. spatial control, decisional autonomy and informational control, are essential for individual self-development, which lies at the heart of democracy, dignity and fraternity. It also considered comparative law and international instruments that codify the right to privacy, and observed that in the absence of any specific municipal prohibition, international law forms part of Indian law and must be read into or as part of our fundamental rights. However, the Court cautiously expressed the fact that the right is not of an absolute nature, and is subject to reasonable regulations made by the state to protect its legitimate interests. With the aid of both domestic and international law, the Court reaffirmed the place of an individual at the core of constitutional focus in India. While this judgment has been widely celebrated for its progressive take on civil liberties, the real outcome of this seminal verdict will only be apparent once the Court applies these abstract principles in practice. The question of the validity of the ‘Aadhaar’ scheme presents one such challenge, currently faced by the Court.
  2. Justice K S Puttaswamy (Retd.), and Anr v Union of India and Ors Writ Petition (Civil) No 494 of 2012 (Supreme Court of India).
  3. Bachan Singh v State of Punjab (1980) 2 SCC 684 (Supreme Court of India); Vishaka v State of Rajasthan (1997) 6 SCC 241 (Supreme Court of India); The Constitution of India 1950, art 51(c).
  4. The Constitution of India 1950, art 19(1)(d).
  5. The Constitution of India 1950, art 21.
  6. Indu Bhan, ‘Aadhaar card: Supreme Court hints it could plump for privacy’, Financial Express (India, 19 July 2017) <http://www.financialexpress.com/india-news/aadhaar-card-supreme-court-hints-it-could-plump-for-privacy/769137/> accessed 2 August 2017; The Hindu (India, 19 July 2017) <http://www.thehindu.com/todays-paper/tp-national/sc-to-decide-whether-privacy-is-a-basic-right/article19304683.ece> accessed 2 August 2017.
  7. B. Shiva Rao, The Framing of India’s Constitution A Study (1st edn, 1968) 211.
  8. ibid, 212-213.
  9. ibid, 215-217.
  10. CA Deb 29 April 1947, vol III, Statement by R.K. Sidhwa (Constituent Assembly of India).
  11. CA Deb 30 April 1947, vol III, Statement by Somnath Lahiri (Constituent Assembly of India).
  12. CA Deb 12 March 1948, vol VII, Statement by Kazi Syed Karimuddin (Constituent Assembly of India).
  13. CA Deb 3 December 1948, vol VII, Statement by B.R. Ambedkar (Constituent Assembly of India).
  14. CA Deb 6 December 1948, vol VII, Statement by T.T. Krishnamachari (Constituent Assembly of India).
  15. CA Deb 15 September 1949, vol IX, Statement by Pandit Thakur Das Bhargva (Constituent Assembly of India).
  16. CA Deb 6 December 1948, vol VII, Statement by T.T. Krishnamachari (Constituent Assembly of India).
  17. M.P. Sharma v Satish Chandra [1954] SCR 1077 (Supreme Court of India).
  18. Kharak Singh v State of U.P [1963] AIR 1295 (Supreme Court of India).
  19. Gobind v State of M.P [1975] AIR 1378 (Supreme Court of India).
  20. Maneka Gandhi v Union of India [1978] 2 SCR 621 (Supreme Court of India).
  21. R. Rajagopal v State of Tamil Nadu [1994] 6 SCC 632 (Supreme Court of India).
  22. People’s Union for Civil Liberties v Union of India [1997] AIR 568 (Supreme Court of India).
  23. District Registrar and Collector, Hyderabad and another v Canara Bank & others [2005] AIR 186 (Supreme Court of India).
  24. Selvi and others v State of Karnataka & Ors [2010] 7 SCC 263 (Supreme Court of India).
  25. Statute of the International Court of Justice 1945, art 38.
  26. Lazare Kopelmanas, Custom as a Means of the Creation of International Law, (1937) 18 British Yearbook of International Law 129.
  27. Colombia v Peru [1950] ICJ Rep 276-7(International Court of Justice); France v United States [1952] ICJ Rep 200 (International Court of Justice); Liechtenstein v. Guatemala (Second Phase) [1955] ICJ Rep 30 (International Court of Justice); Portugal v India (Merits) [1960] ICJ Rep 40,43 (International Court of Justice); Nicaragua v United States of America [1986] ICJ Rep 98 (International Court of Justice).
  28. Ian Brownlie, Principles of Public International Law, 7 (6th edn, 1999); United Kingdom v Iceland [1951] 116 ICJ Rep 131.
  29. American Law Institute, Restatement of Foreign Relations of the United States, Third, 102 (1987).
  30. Case concerning Barcelona Traction, Light & Power Co., Ltd. (Belgium v Spain) [1970] ICJ 3, 32 (Second Phase) (International Court of Justice).
  31. Universal Declaration of Human Rights 1948, art 12; International Covenant on Civil and Political Rights 1966, art 17; European Convention on Human Rights 1953, art 8.
  32. Louis Henkin, International Law: Politics. Values, and Functions, 216 Recueil des Cours D’academie de Droit Int’l 9, 27 (1989); The Case of the S.S. “Lotus” (France v. Turkey) (1927) P.C.I.J., Ser. A, No. 10 at 18 (Permanent Court of Justice).
  33. Ian Brownlie, Principles of Public International Law, 6 (6th edn, 1999); United States of America v United Kingdom [1871] 81 U.S. 170 (Supreme Court of the United States).
  34. Reservations to the Convention on the Prevention and Punishment of the Crime of Genocide (Advisory Opinion) [1951] ICJ Rep 15, 25 (International Court of Justice).
  35. American Convention on Human Rights 1969, art 11.
  36. Fontevecchia y D’Amico v Argentina [2011] IACHR Series C No. 238, 48 (Inter-American Court of Human Rights); Inter-American Commission on Human Rights (Office of the Special Rapporteur for Freedom of Expression) ‘Freedom of Expression and the Internet’ (31 December 2013) OEA/Ser.L/V/II.
  37. Constitution of Brazil 1988, art 5.
  38. Personal Information Protection Act 2003(Alberta); Personal Information Protection Act 2003 (British Columbia); Act Respecting the Protection of Personal Information in the Private Sector 1993 (Quebec).
  39. Personal Information Protection and Electronic Documents Act 2000 (Canada).
  40. Meyer v Nebraska 262 U.S. 390 (1923).
  41. ibid 262.
  42. Stanley v Georgia 394 US 557 (1969).
  43. Roe v Wade 410 US 113 (1973).
  44. Lawrence v Texas 539 US 558 (2003).
  45. David Ruiz, ‘The USA Rights Act Protects Us From NSA Spying’, Electronic Frontier Foundation (USA, 24 October 2017) <https://www.eff.org/deeplinks/2017/10/usa-rights-act-protects-us-nsa-spying> accessed 3 November 2017.
  46. Convention for the Protection of Human Rights and Fundamental Freedoms (European Convention on Human Rights, as amended) (ECHR) 1950, art 3.
  47. ibid.
  48. Costello-Roberts v the United Kingdom [1993] 19 EHRR 112.
  49. Gaskin v the United Kingdom [1989] 12 EHRR 36; Murray v the United Kingdom [1996] 23 EHRR 313.
  50. Charles Glasser (ed), International Libel & Privacy Handbook (1st edn, Bloomberg Press 2006) 188.
  51. Re: Privacy of the Royal Family, 25 November 1981, J.T., 1982, 275 (Brussels Court of Appeal).
  52. Douglas v Hello [2007] UKHL 21.
  53. Code Civil 1804, art 9 (FR).
  54. Code Penal 1994, art 226-1 (FR).
  55. The Constitution of the Azerbaijan Republic 1995, arts 32, 33 (Azerbaijan).
  56. Constitution of the State of Bahrain 2002, arts 25, 26 (Bahrain).
  57. The Constitution of the Federation of Nigeria 1999, art 37 (Nigeria).
  58. Constitution of the Arab Republic of Egypt 2014, art 36 (Egypt).
  59. Constitution of the People’s Democratic Republic of Algeria 1989, art 40 (Algeria); The Constitution of Angola 2010, art 44 (Angola); Constitution of the Republic of South Africa 1996, art14 (South Africa).
  60. American Law Institute, Restatement of Foreign Relations of the United States, Third, 102 (1987).
  61. Universal Declaration of Human Rights (adopted 10 December 1948) UNGA Res 217 A (III) (UDHR) arts 3, 12.
  62. International Covenant on Civil and Political Rights (adopted 16 December 1966, entered into force 23 March 1976) 999 UNTS 171 (ICCPR), art 17.
  63. United Nations Convention on the Rights of the Child (adopted 20 November 1989, entered into force 2 September 1990) 1577 UNTS 3 (CRC), art 16.
  64. C-131/12, Google Spain SL, Google Inc. v Agencia Española de Protección de Datos, Mario Costeja González [2014] All ER (EC) 717.
  65. ibid.
  66. ibid para 80.
  67. Council Directive 95/46/EC of the European Parliament and of the Council of 24 October 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data [1995] OJ L281/31.
  68. Council Directive 2006/24/EC of the European Parliament and of the Council of 15 March 2006 on the retention of data generated or processed in connection with the provision of publicly available electronic communications services or of public communications networks and amending Directive 2002/58/EC [2006] OJ L105/54.
  69. C-293/12, Digital Rights Ireland and Seitlinger and Others [2014] All ER (D) 66.
  70. Airey v Ireland [1979] 2 EHRR 305.
  71. Privacy Act 1974, s. 552a (US).
  72. Whalen v Roe [1977]429 U.S. 589, 599.
  73. Organization of American States General Assembly, ‘Access to Public Information and Protection of Personal Data’ (6 June 2013) AG/RES. 2811 (XLIII-O/13).
  74. Andres Guadamuz, ‘Habeas Data: The Latin-American Response to Data Protection’ [2000] (2) JILT <https://www2.warwick.ac.uk/fac/soc/law/elj/jilt/2000_2/guadamuz> accessed 2 August 2017.
  75. Alexander Rengel, Privacy in the 21st Century (1st edn, Martinus Nijhoff Publishers 2013) 150.
  76. Soo-Jeong Ahn, ‘International Lawyer Summer 2009 Regional and Comparative Law Asia/Pacific’ (2009) 43 Int‘l Law. 1007, 1043.
  77. Personal Information Protection and Electronic Documents Act (PIPEDA) 2004 (Canada); Personal Information Protection Law 2003 (Japan); Regulation of Interception of Communications Act 2002 (South Africa).
  78. UNGA Res 68/167 (18 December 2013) UN Doc A/RES/68/167.
  79. UNGA, ‘Report of the Special Rapporteur on the promotion and protection of the right to freedom of opinion and expression, Frank La Rue’ (2011) UN Doc A/HRC/17/27.