On 24th August 2017, nine judges of the Indian Supreme Court, through six distinct but unanimous decisions in the case of Puttaswamy v Union of India, affirmed that privacy is a fundamental right. Privacy, the judges declared, is the core of human dignity and autonomy – values that are not bestowed on us through the largess of the state, rather which inhere in us by virtue of being human. This strong normative foundation helps, in Nariman J's words, to "recognize privacy interests when we see them".
There could be many ways to read a judgement. A straightforward legal reading would be to isolate the "operative parts" - what will be cited as the precedent laid down by a unanimous 9 judge bench, effectively binding on all Courts of the land for times to come.
Or, we might view this 500+ page judgement and responses to it as a sociological artifact, chronicling a moment in history, reflecting or referencing attitudes towards technology and society, citizen and state and so on. In this latter vein, I focus on the caselaw and examples that judges rely on to animate their concerns around privacy. This includes even musings, expressions of sentiment, excerpts of poetry (Kaul, J!) that might not survive as authoritative pronouncements, but inevitably colour our interpretation of these operative parts.
There is a story to tell here. Case law of the 'past' typically saw the Orwellian State intruding into the individual's private sphere in isolated incidents of overreach. In contrast, in the new data(based) world, these threats are increasingly decentralised, more pervasive, even routine. They lack the maliciousness that helped identify the early cases as clear instances of privacy violations. Sometimes we might even experience new threats to privacy as pleasures, efficiencies or "bargains" to be part of the new digital economy. This in itself does not make the intrusions less dangerous, but it does require some measure of fresh deliberation. I rely on the observations of the judges in Puttaswamy, particularly Kaul J and Chandrachud J, to tease out the different ways in which we can think about these new threats - and new remedies.
I. From Orwellian intrusions to a ‘routine’ loss of power
In previously decided cases, the narrative is often of the Orwellian State overstepping its boundaries to encroach into the personal lives of citizens. Many cases are on state surveillance – like challenges against phone tapping and domiciliary night visits. Other cases are concerned with state’s coercive power to subject individuals to invasive tests to determine paternity, mental health and lie-detector tests. More recently, privacy has been invoked in cases that involve a person’s freedom to make decisions about their own life –challenges against restrictions on termination of pregnancy, certain kinds of employment for women/young men, non-consensual disclosure of HIV status criminalization of sexual orientation. As Justice Chelameswar observes, nobody “would like to be told by the State as to what they should eat or how they should dress or whom they should be associated with either in their personal, social or political life”.
It is Justice Chandrachud and Justice Kaul, then, who dwell on the privacy threats that confront the future. Privacy matters not just in the same way it has for previous decades, but matters differently in this new tech-driven world.
These emerging privacy claims may be best understood in terms of power. Justice Kaul notes - “Knowledge about a person gives a power over that person. The personal data collected is capable of effecting representations, influencing decision making processes and shaping behaviour. ” In a similar vein, Justice Chandrachud opines - “The old adage that “knowledge is power” has stark implications for the position of the individual where data is ubiquitous, an all-encompassing presence.”
We need to look closer at the balance of power in routine interactions between the citizen and both state and private sector entities that permeate over lives and process our personal information – ranging from Aadhaar to social media apps. The judges also deliberate on how technology itself might govern in terms of how the internet and, specifically, search algorithms make “forgetting” so difficult, and in the process constrain individuals from starting afresh after past mistakes. Individuals are “entitled to reinvent themselves”, Justice Kaul declares, and “privacy should nurture this ability”.
These emerging threats do not fit comfortably with the kind of Orwellian intrusiveness, or maliciousness that seems to be evoked in cases of wiretapping or forced sterilization. Instead, it is the routine, mundane and decentralized transfer of information in the course of business, leisure, and everyday transactions that enables a new, and indeed a more sophisticated form of control. In fact, the goal of many of the entities that process personal data, like social media, insurance providers or e-commerce websites, may not primarily be social control at all but instead, profit. How to sell their products better, get more clicks – or as might be the case with news media, to push particular opinions or ideas. As Nandan Nilekani stated in a recent interview, we were a “data poor country because no one is on the grid” but he explains how this will entirely change in the next five years. Consumers themselves may be willing and even enthusiastic to get “on the grid” (although the validity of consent online is a continuing debate) – but it exposes them to a new range of threats.
Justice Chandrachud’s observations speak deftly to this apparent contradiction. These services can serve to enhance autonomy (he cites “opening up new universes for the bibliophile” and creating “efficient substitutes” to physical stores, among others), and yet requires that we surrender control over our information, in ways that makes us more vulnerable to profiling, manipulation and exclusion. He notes “In aggregation, they (information silos) disclose the nature of the personality: food habits, language, health, hobbies, sexual preferences, friendships, ways of dress and political affiliation”).
II. Beyond privacy
This ethical terrain is not peculiar to ‘privacy’ or data protection concerns, but is replicated in several other debates in internet policy. For example, when Facebook launched FreeBasics (free access to a limited section of web content, including their own), to try and “get the next billion online”, critics were quick to rebut the charitable claim of the mission. What does the company get out of it? The low-income, young demographic targeted by the service are predicted to be the “next billion” coming online. Understanding the consumption patterns and willingness to pay of this large demographic is becoming critical for businesses. And with their inclusion into the internet economy, these data profiles can be both a source of empowerment and disempowerment for the individuals they concern. Social media networks, for example, might be leveraged to create a creditworthiness profile of an individual who might otherwise be summarily dismissed by formal sector banks due to lack of credit history (Several startups are already mushrooming in this space - http://www.bbc.com/news/business-37224847). By the same token, however, social media profiles, if shared with third parties like health insurance or e-commerce, might provide unforeseen inferences to various entities that have the power to adversely affect quality of life.
Or take ‘personalisation’ of news – where algorithms are being deployed to manipulate the news, search results or advertisements the viewer sees with the aim of tailoring content to her interests or preferences. Here too, the practice is not easily vilified- particularly when it is based on demand. If I have an appetite for right-leaning content, algorithms that tailor my information environment accordingly, are merely giving me what I want – the argument goes. However, these practices also reinforce existing beliefs rather than providing me diversity of opinions. Is it not taking away from ‘real choice’ – affecting both personal freedom and democratic values?
III. Big brother to little brother(s)?
The contrast between past cases and present experiences is also stark because case law, by constitutional design, focuses on violations by the State. This design is that, generally, fundamental rights can only be asserted against the State. I say ‘generally’ because the issue of whether fundamental rights can be asserted against private actors, and relatedly, whether the “state” can be read more expansively – is subject to evolving and contested jurisprudence. This contestation reflects a larger concern around the increasing role, and power, of private actors on lives of individuals and the community – and finding a legal language to address this. Since the term state is defined in the constitution to include “other authorities”, a stream of cases interpret this as private bodies being equivalent to the state. While earlier case law suggested performing state-like functions might create this equivalence, more recent cases construe this more narrowly in terms of state “control”.
Interestingly, the 1994 press freedom case R. Rajagopal v. State of Tamil Nadu, stands out from other cases cited by the Court because it clarifies that the State itself has no right to privacy. The publication of the autobiography of a convict (called ‘Auto Shankar’) by a private publisher in a magazine had been restrained – apparently based on a request by the convict himself. The facts revealed however that the police had “forced” the convict using “third degree methods” to request the publishers not to publish his life story. While the judgment framed this as a case of the freedom of press of the publisher vis-a-vis the right to privacy of the citizen, the Court found that the citizen, Auto Shankar, “had not requested nor authorized” the prison officials to start proceedings to protect his right to privacy.
In contrast, several of the newer examples span across the private and public sector. Apart from the various private actors in the digital economy, Aadhaar is an example of a state programme that exemplifies this tension between claimed efficiencies and pleasures on one hand, and loss of control on the other. Its extensive use by the private sector also makes a clear public/private distinction illusory. So, even as the privacy challenges against the project may focus Aadhaar’s ability to strengthen and consolidate the surveillance capacity of the State, the experience of the ordinary citizen as s/he interfaces with Aadhaar may be more mundane – routine but nonetheless vital interactions with the State to obtain welfare services, or more recently, pay taxes and much more.
IV. Thinking ahead – privacy as power
The dispersed nature of perpetrators and harms in this new data(based) world stand apart from traditional privacy claims. If privacy can be, helpfully, understood as power, then the balance of power in these every day interactions will need to be scrutinized. Unlike cases of the past like unlawful wiretapping or lie detector tests, simply the restricting or retreating of the violating party may not be the ideal response to a loss of privacy. Instead, we will need nuanced positions that are able to grasp the value of these technologies in every day life – and put in place meaningful limits. As Daniel Solove notes “The problem with databases is not our being watched, controlled or inhibited…rather it is our inability to participate meaningfully in the collection and use of our personal information”.
Setting these limits will not be easy, it involves asking to what extent we are comfortable with interferences in what we read, what we are sold, and what we think. Opting in cannot be read as complete surrender, personal information must be processed in ways that enhance rather than restrict individual freedom – and as a guide to every analysis must be the dignity and autonomy of the individual.
 (R M Malkani v State of Maharashtra, 1973)
 (Kharak Singh v. Union of India, 1964)
 (Bhabani Prasad Jena v Orissa State Commission for Women 2010)
 (Maharashtra University of Health Sciences v Satchikitsa Prasarak Mandal 2010)
 (Selvi v. Union of India)
 (Suchita Srivastava v Chandigarh Administration 2009)
 (Anuj Garg v Hotel Association of India 2008)
 (Mr X v. Hospital Y),
 (Koushal v. Union of India, 2014)