On October 16, the Group of Experts on Privacy, Chaired by Mr. A. P. Shah, submitted its Report to the Planning Commission.  The Expert Group was appointed to set out the principles that Indian privacy law should abide by.   Even though privacy has been held to be a fundamental right as long back as in 1962, India does not have a law that specifies safeguards to privacy.  Moreover, recent government initiatives, such as the UID, involve collection of personal information and storage in electronic form.  The absence of a law on privacy increases the risk to infringement of the fundamental right. In this blog we list the recommendations made by the expert group, discuss the status of the right to privacy in India, and why there is a need for an enactment. Recommendations of the Expert Group on Privacy

• The Expert Group recommended that the new legislation on privacy should ensure that safeguards are technology neutral.  This means that the enactment should provide protections that are applicable to information, regardless of the manner in which it is stored: digital or physical form.
• The new legislation should protect all types of privacy, such as bodily privacy (DNA and physical privacy); privacy against surveillance (unauthorised interception, audio and video surveillance); and data protection.
• The safeguards under the Bill should apply to both government and private sector entities.
• There should be an office of a ‘Privacy Commissioner’ at both the central and regional level.
• There should be Self-Regulating Organisations set up by the industry.  These organisations would develop a baseline legal framework that protects and enforces an individual’s right to privacy.  The standards developed by the organisations would have to be approved by the Commissioner.
• The legislation should ensure that entities that collect and process data would be accountable for these processes and the use to which the data is put.  This, according to the Group, would ensure that the privacy of the data subject is guaranteed.

Present status of the Right to Privacy While the Supreme Court has held privacy to be a fundamental right, it is restricted to certain aspects of a person’s life.  These aspects include the privacy of one’s home, family, marriage, motherhood, procreation and child-rearing.  Therefore, to claim privacy in any other aspect, individuals have to substantiate these are ‘private’ and should not be subjected to state or private interference.  For instance, in 1996 petitioners had to argue before the Court that the right to speak privately over the telephone was a fundamental right. Risks to privacy Government departments collect data under various legislations.  For instance, under the Passport Act, 1967 and the Motor Vehicles Act, 1988 persons have to give details of their address, date of birth etc.  These enactments do not provide safeguards against access and use of the information by third parties.  Similarly, information regarding ownership of property and taxes paid are publicly available on the MCD website. Furthermore, recent government initiatives may increase the risk to infringement of privacy as personal information, previously only available in physical form, will now be available electronically.  Initiatives such as the National e-Governance Plan, introduced in 2006 and Aadhaar would require maintenance of information in electronic form.  The Aadhaar initiative aims at setting up a system for identifying beneficiaries of government sponsored schemes.  Under the initiative, biometric details of the beneficiaries, such as retina scan and fingerprints, are collected and stored by the government.  The government has also introduced a Bill in Parliament creating a right to electronic service delivery.  As per news reports, a draft DNA Profiling Bill is also in the pipeline.