Surveillance and Privacy

The laws for surveillance in India and concerns over privacy

Context:

Amidst the controversy caused by Israeli spyware Pegasus, the Indian government has claimed that all interception in India takes place lawfully.

Probable Question:

1. There is a need for a comprehensive data protection      law to address the gaps in existing frameworks for surveillance in India.      Critically Discuss.

Key Points:

● Communication surveillance in India takes place primarily under two laws — the Telegraph Act, 1885 and the Information Technology(IT) Act, 2000.

● While the Telegraph Act deals with interception of calls, the IT Act was enacted to deal with surveillance of all electronic communication, following the Supreme Court’s intervention in 1996.

About Telegraph Act,1885:

● Under Section 5(2) of the Telegraph Act, the government can intercept calls only in certain situations — the interests of the sovereignty and integrity of India, the security of the state, friendly relations with foreign states or public order, or for preventing incitement to the commission of an offence.

● At present,  a Secretary to the Government of India in the Ministry of Home Affairs can pass orders of interception in the case of the Centre, and a secretary-level officer who is in charge of the Home Department can issue such directives in the case of a state government.

About IT Act, 2000:

● Under the IT Act, all electronic transmission of data can be intercepted.

● Apart from the restrictions provided in Section 5(2) of the Telegraph Act and Article 19(2) of the Constitution, Section 69 of the IT Act adds another aspect that makes it broader — interception, monitoring and decryption of digital information “for the investigation of an offence”.

Need for safeguards in existing frameworks for surveillance in India:

● In 2012, the Planning Commission and the Group of Experts on Privacy Issues headed by former Delhi High Court Chief Justice A P Shah were tasked with identifying the gaps in laws affecting privacy.

➢ On surveillance, the committee pointed out divergence in laws on permitted grounds, “type of interception”, “what can be intercepted”, the degree of assistance from service providers, and the “destruction and retention” of intercepted material.

● Although the grounds of selecting a person for surveillance and the extent of information gathering has to be recorded in writing, the wide reach of these laws has not been tested in court against the cornerstone of fundamental rights.

● India does not have comprehensive privacy legislation. Limited data protection standards can be found under section 43A and associated Rules in the Information Technology Act 2000.

● International obligations: India has ratified the International Covenant on Civil and Political Rights (‘ICCPR’).

➢ Article 17 of the ICCPR provides that “no one shall be subjected to arbitrary or unlawful interference with his privacy, family, home or correspondence, nor to unlawful attacks on his honour and reputation”.

● There is absence of judicial authorisation for surveillance orders. In India, neither the Telegraph Act nor the Information Technology Act provides for judicial authorisation or oversight of surveillance.

● India currently lacks a mechanism for comprehensive and independent oversightof state surveillance.

Conclusion:

India should adopt and enforce a comprehensive data protection legal framework that meets international standards and establish an independent data protection authority as envisaged in the Personal Data Protection Bill 2019 and in recommendations of the Justice Srikrishna Committee.