ISSN (Online) - 2349-8846
-A A +A

Taking a Fresh Guard

Rethinking Data in Light of the Privacy Judgment

Agnidipto Tarafder (agnidipto.tarafder@gmail.com) teaches at the West Bengal National University of Juridical Sciences. Arindrajit Basu (basu.arindrajit@gmail.com) is an LLM candidate at the University of Cambridge and specialises in Public International Law.

The Supreme Court inK S Puttaswamy v Union of India has acknowledged the existence of a fundamental right to privacy. This judgment will have an impact on the protection of individual data, especially in the context of the constitutionality of the Aadhaar Act, currently under challenge before the apex court.A response is offered by conceptualising “data as property” and adopting a data protection law in line with international best practices. Also, its ramifications on cross-border data transfers and international diplomacy, a question of vital interest in an increasingly digitised world, are highlighted.

Since it was initially popularisedin William Gibson’s 1984 classic Neuromancer, the term “cyberspace” has come to define much more than an abstraction independent of the physical realities that shape it. It is now the chief determinant of financial transactions, physical transportation, economic disruption, and, in doing so, has come to define individual relationships and, ultimately, the individual itself. As India remains steadfast in its path towards digitising its economy and, consequently, society, we must develop robust norms on how this society perceives an individual’s data and, thus, shapes protocols for its adequate protection.

While there has been fragmented discourse on developing a cohesive set of norms, the judgment of the nine-judge bench of the Supreme Court inK S Puttaswamy v Union of India (2017), which held privacy to be a fundamental right, could jerk all relevant stakeholders into action and catalyse a stride towards a functioning digital society. The remainder of this year will see two crucial developments in this regard. The first is the decision of the Supreme Court in the constitutional challenge to Aadhaar in November. As we outline later in thisarticle, the verdict will be only as crucial as the guidelines and reasoning imposed in its support. The second is the report of the Justice B N Srikrishna Committee that has been tasked with framing a data protection law.

With this context in mind, we offer first theoretical justifications on the role of a data protection regime as a sound normative framework as imperative for the adequate enforcement of any regime. Conceptualising data as the property of the individual, and thus the information contained in the data as an extension of the individual, is a vital edifice. We then move on to identify certain guidelines that should underpin the regime and how this would have an impact on issues such as the Aadhaar debate, the individual’s interaction with the government, and the role technology companies, such as Google or Facebook (for the sake of clarity, we will refer to them collectively as “data controllers”), could play in this regime rejuvenated by the individual right to privacy.

Rethinking Data as Property

An individual’s interactions in society occur in two distinct spheres: public personality and private relations. The basic tenet of any privacy regime is the protection of this personal space, which serves as the bedrock for the individual’s identity. An unwarranted exposure of this identity, in part or whole, may cause irreparable harm to the individual’s standing in society. Thus, a person’s home, health, family, employment and the like ought to be protected against arbitrary intrusion. A breach of this private space may be justified only in cases of compelling public interest. International human rights documents have identified the need to preserve the sanctity of the private sphere, and several nations have attempted to address these concerns through legislative safeguards (UNGA 1948, 1966).

That data compares with oil as the bedrock of the modern economy cannot be overstated (Economist 2017). Data mining exercises by corporations assimilate large volumes of data, to which value is added through analysis and trend identification for targeted product placement and consumer behaviour mapping by the industry (Bilbao-Osorio et al 2014). This necessitates the collection of large volumes in data relating to individuals’ choices, preferences and conduct, from sources often left undisclosed (Jerome 2013). The regulation of such exercises through a clear policy is certainly the need of the hour. The challenges thrown up by information technology cannot be tackled by simply resorting to the traditional notion of legality and proportionality in an era when monetising data has become the fulcrum of modern industry.

The origins of the idea of data as property can be traced back to Justice Pierce Butler’s dissent in Olmstead v United States (1928: 487; Kerr 2005). Of course, it is Justice Louis Brandeis’s dissentadvocating a “reasonable expectation of privacy” (Warren and Brandeis 1890) that has stood the test of posterity and was used as the bedrock of JusticeJ M Harlan’s dissent in Katz v United States (1967), which kick-started the American privacy regime. Similarly, it is Brandeis’s dissent that was recognised by our Supreme Court in the recent judgment, while Butler was not even mentioned. We believe, however, that, particularly in the context of today’s digital age, Butler’s dissent needs to become more than an obscure footnote in history and be harmonised with the “reasonable expectation of privacy” doctrine that underscores the privacy regime today.

Justice Butler stated that:

The contracts between telephone companies and users contemplate the private use of the facilities employed in the service. The communications belong to the parties between whom they pass. (Olmstead v United States 1928: 487)

Therefore, it is not for the courts or the government to determine whether the individuals had a reasonable expectation of privacy in the data or communications they generate. Due to the fact that it is private property, it is assumed to be protected by the fundamental right to privacy unless the individual explicitly consents out of it. Reading this along with Justice Brandeis’s dictum leads to a useful conclusion. It is illegal for state or non-state actors to trespass onto private property not only because of the dignity inherent in the individual’s expectation of privacy, which also applies in public spaces, but because of the dignity inherent in protecting private property itself.

Scholars like Harvard Law Professor Lawrence Lessig (2002) have also endorsed this approach. When personal data is viewed as property, the individual exercises control over its use and dissemination. The right to exclusive use, enjoyment and alienation, which accrue from property, when applied in thisinstance, ensures that any intrusion, collection, transfer or analysis of individual data can only take place with the individual’s express consent. The ability of an individual to gain control over this valuable aspect of their private property can lead to a more equitable distribution of benefits and resources, helping remediate unjust invasion of the private sphere by the state and private players alike.

We believe that the idea behind data being protected as property provides a unique solution to the individual within an information society. The traditional remedies of trespass to property or unjust taking can be contextually applied when we consider data as part of the individual’s property, enabling them to assert their rights in the same manner as they would in the case of tangible or intangible property. Further, law enforcement authorities would have to apply the same standards for search and seizure with regard to physical property. This understanding of privacy helps us appreciate the myriad challenges posed by techno­logy, especially against the backdrop of the Supreme Court’s pronouncement, the ramifications of which shall surely be felt in subsequent cases before the apex court, most importantly, during the constitutional challenge to the Aadhaar (Targeted Delivery of Financial and Other Subsidies, Benefits and Services) Act, 2016.

In the Puttaswamy judgment, Justice S A Bobde cautions us against viewing property or places as the sole criterion for determining whether a right to privacy exists in a certain context. An individual whispering in a public space could signal an intent to keep the conversation private—and can be protected by the reasonable expectation of the privacy doctrine—while using a loudspeaker from within a private property could signal the opposite (K S Puttaswamy v Union of India 2017: para 44). Indeed, the crucial factor here is consent. An individual may consent to making private data public on social media much like he may invite guests over into his private property for a specific purpose, for a certain period of time. It does not, however, enable the guests to misappropriate artefacts within the property, take photographs of the property without consent, or overstay and misuse their welcome. Similarly, social media companies are not entitled to misuse information they acquire over the course of an individual’s online interactions without explicit and informed consent.

Cohesive Data Protection

As rightly recognised across the Putta­swamy judgment, informational self-determination must be underscored by the holy grail of informed consent. Constitutional scholar and advocate for the petitioners Gautam Bhatia (2017) offers a useful summary. Justice Rohinton Fali Nariman stated that “informationalprivacy … does not deal with a person’s body but deals with a person’s mind, and therefore recognises that an individual may have control over the dissemination of material that is personal to him. Unauthorised use of such information may, therefore lead to infringement of this right” (K S Puttaswamy vUnion of India 2017: para 81). JusticeS K Kaul further stated that “an aspect of privacy [is] the right to control dissemination of personal information. The boundaries that people establish from others in society are not only physical but also informational. There are different kinds of boundaries in respect to different relations. It is but essential that the individual knows as to what the data is being used for with the ability to correct and amend it” (K S Puttaswamy v Union of India 2017: para 53). 

Finally, the majority opinion penned by Justice D Y Chandrachud stated that

apart from safeguarding privacy, data protection regimes seek to protect the autonomy of the individual. This is evident from the emphasis in the European data protection regime on the centrality of consent. Related to the issue of consent is the requirement of transparency which requires a disclosure by the data recipient of information pertaining to data transfer and use. (K S Puttaswamy v Union of India 2017: para 177; EuropeanParliament and Council 1995)

Some experts have sought to question the centrality of consent in a data protection regime (Matthan 2017). This claim is underscored by the idea of “consent fatigue,” which claims that individuals generate data in complex, unenumerated ways and, therefore, it is not possible to fully understand the implications of signing standard form contracts with companies in a manner that would satisfy the threshold of informed consent. Therefore, data controllers should not be protected for the abuse of data by shielding themselves behind the veil of consent. This can only be done when a rights-based approach to data protection is adopted on the tenets of accountability, autonomy and security.

While the claim may be factually accurate, we do not see why the solution should lie in the dilution of informed consent by making it entirely irrelevant in the context of data protection. In fact, this approach has three fundamental flaws. First, it shifts the focus away from individual autonomy by reducing the incentive for social media companies to come up with standard form contracts that are more accessible. Instead of trying to obtain genuine informed consent from the consumer, they can now determine how to administer the prongs of the rights-based model using their discretion. Second, it reduces the element of trust, which exists in a digital society only as a consequence of individual autonomy. If an individual knows that their consent with regard to the use of their data is irrelevant, their confidence in revealing data to the public is automatically compromised. With their autonomy usurped by corporations or government institutions, individuals continue to live with uncertainty and fear. Third, at a theoretical level, it takes away from the full enjoyment of a right to privacy itself because an individual’s enjoyment of it is not being determined autonomously, but by external forces.

Therefore, consent should be seen as a necessary condition for the use of data by social media companies. It may not be a sufficient condition, as the data controllers also need to abide by the principles discussed in the rights-based model. Justice Chandrachud’s opinion cites the Report of the Group of Experts on Privacy led by Justice A P Shah. The first two principles espoused in this report are that of “notice,” which imposes an obligation on the data controller to provide a simple-to-understand notice of its data practices to all consumers, and “choice and consent,” which implies that data controllers must provide opt-in/opt-out choices to all consumers before collecting their data, and seek informed consent only after notice has been given.

Once informed consent has been acquired, the rights-based model kicks in to clearly prescribe what data controllers can do with the data so acquired. The most notable piece of legislation is the Organisation for Economic Co-operation and Development (OECD) Guidelines on the Protection of Privacy and Transborder Flows of Personal Data (OECD 1980). The drafting of these guidelines marked the first international attempt at grappling with the issue of data privacy, containing procedural safeguards on the collection, processing and dissemination of data in the case of all international transfers. The core principles in these guidelines include the following.

(i) Collection Limitation Principle, which stipulates that data should be obtained by fair and lawful means and usually with the consent of the data subject;

(ii) Data Quality Principle, which states that personal data being collected for a certain purpose must be relevant to that purpose and not be used in an arbitrary manner;

(iii) Purpose Specification Principle, which stipulates that the purposes for which personal data is to be collected must be specified no later than the time of data collection;

(iv) Use-Limitation Principle, which declares that personal data cannot be disclosed to a third party unless it is with the consent of the data subject or by the authority of law;

(v) Security Safeguards Principle, which stipulates that personal data must be protected by reasonable security safeguards against risks such as loss orunauthorised access;

(vi) Openness Principle, which stipulates that there should be a general policy of openness and transparency with regard to the practices and policies concerning personal data;

(vii) Individual Participation Principle, which essentially indicates that allindividuals should be able to inquire whether a data controller has information or data related to him and, in the absence of provisions of law to the contrary, ask for such data to be deleted; and

(viii) Accountability Principle, whichenvisages that all data controllers must be abiding by the remaining sevenprinciples. While the guidelines in themselves are non-binding, they have been used as the edifice for binding instruments such as the European Union Data Protection Directive (DPD), and its modern avatar, the General Data Protection Regulation (GDPR) (European Parliament and Council 2016).

We hope that along with the obligation to take free and informed consent, the principles mentioned in the OECD Guidelines and the Shah Committee Report be used not only while framing our data protection regime, but also while taking policy decisions on matters such asAadhaar.

Constitutional Future of Aadhaar

The most direct ramification of theSupreme Court’s judgment on privacy is likely to be in the case of the constitutional challenge to the Aadhaar act. This matter, to be heard by a five-judge bench of the Court, will entail a detailed analysis of the provisions of the act relating to collection, access, use and analysis of individual data in the dissemination of public benefits for the citizen. While the absence of legislation regarding data protection in India continues to be a problem, a predictable outcome of this case is a Court directive to the government to enact such a scheme, with proper safeguards that reflect international best practice.

Touted by successive governments as the solution to bureaucratic red-tapism and corruption in the public distribution system, the scheme was launched by the United Progressive Alliance–II government, and was zealously opposed and now championed by their successors in office (Tarafder and Sen 2016). The purported aim of the scheme was to ensure that direct cash transfers to citizen’s bank accounts would eliminate the middlemen, leading to greater transparencyin distribution of government benefits and subsidies for the citizen. While the objective was indeed laudable, the method employed was called in to question by commentators across the political spectrum. Enrolment for Aadhaar was made mandatory and included the compulsory collection of biometric information (though both governments maintained otherwise in their official stance), which would serve as unique verification para­meters for identifying individual recipients of governmental benefits. The concerns voiced in this regard were manifold (Ramanathan 2010), though central to these was the issue of privacy and data protection in the absence of a legislative policy in this regard, which could provide the individual with remedies in case of breach of database, loss or misuse of data, and related concerns.

Complicating the situation further was the government’s adamant position, in flagrant violation of the stay order imposed by the Supreme Court, in promoting Aadhaar as mandatory for availing a myriad of services, previously available to the citizen through other identitydocuments (India Today 2017). Linkages between citizen’s financial transaction details (Aadhaar–PAN) or internet and telephone services (Aadhaar–SIM) indicate a move towards a possible data aggregation regime, which in turn violates the aforementioned purpose specification and use limitation standards. Such denial of services upon non-enrolment, akin to coercion at the behest of the state necessitates the introduction of a policy to protect the citizen from such unlawful intrusion.

The data protection guidelines mentioned in the previous section become crucial in this context since the massive volumes of raw data collected via Aadhaar enrolments need to be stored and analysed in the future as well. The principles of collection limitation, use specification, and access restrictions will need to find a place within this structure to ensure that data loss or misuse can be tackled. Individuals’ data, when viewed as property, mandates clear protection from excesses by state and private players.

One of the fundamental grievances with Aadhaar is primarily that of trust. The government has done little to respond to the concerns of the anti-Aadhaar lobby and forge a regime that genuinely guarantees data security. The mistrust is compounded by the lack of adequate data security mechanisms. Agrawal et al (2017) state that Aadhaar may be compromised both by external and internal sources. Even a minor leak could expose all the data stored in the biometric aggregation network. A suggestion that could be considered is a shift towards a blockchain-based Aadhaar system (Bal 2017). The nodal consensus mechanism in the operation of a blockchain system makes it very difficult to hack as this would require the altering of an entire chain of blocks, which would not only require immense computing power, but also can be detected immediately. Questions of feasibility this late in the day and the technological capacity of India to generate a blockchain-powered database remain.

While commentators remain divided on the issue of the constitutionality of the act (Reddy 2017; Sudhir 2017), we are convinced that the legislation as a whole would survive judicial scrutiny, though some of its provisions—especially those reflecting the collection, use, storage and transfer of data—may be struck down, or will require to be amended in order to conform with the object of protecting such data. The right of the individual in cases of loss or misuse, or in correcting their individual records wherever needed, also need to be reflectedin the policy, which in its present stateis wholly unsatisfactory. It is important to remember that the data protection framework is essential not only forAadhaar, but each individual government and private scheme that seeks to utilise individual data. The necessity of a data protection regime, therefore, goes well beyond our present concerns or the scope of this one scheme.

Enforcement of Data Protection

As indicated before, the most prudent solution to the challenges raised by a digital society is to promote trust between corporations, government institutions and individuals. In the case of corporations, market incentives often converge to promote trust between the data controllers and individuals. Public consciousness towards securing individual privacy in the aftermath of the Snowden revelations in 2013 catapulted technology corporations into action. Apple challenged the Federal Bureau of Investigation’s (FBI) attempts to obtain the private data stored on a slain terrorist’s iPhone (Tarafder and Basu 2016). Microsoft fought and won a legal battle on attempts by the United States (US) government to access private data on servers in Ireland (Ellingsen 2016). We believe that the eloquent judicialexposition of the right to privacy by the Supreme Court could similarly galvanise public awareness in India and, thus, apply pressure on data controllers to build trust in their relationships with consumers and become a crucial stakeholder in privacy protection by devising and acting on stringent guidelines that prioritise the data possessed by an individual.

This co-regulatory environment, which co-opts private actors into the data protection fold, is crucial in a country like India that is plagued by severe judicial delays. Violations of the data protection regime will often need to be checked by extrajudicial mechanisms such as public pressure. In this context, the judgment acts as a crucial safeguard, in casegovernmental excess forces an Apple–FBI kind of tussle in India. This does not, of course, detract from the need to devise robust institutional mechanisms that can enforce this regime and adequatelyresolve disputes. The office of the Cyber Adjudication Authority established by Section 46 of the Information Technology Act is dormant in most states, with the notable exception of Maharashtra (Joshi 2014). This dormancy is largelya product of the lack of awarenessregarding the existing authority itself, both among individuals and the lawenforcement authorities. If utilised effectively, this mechanism could bypass the clogged court system and play acrucial role in ensuring a stable data protection regime.

Diplomacy and Data Sharing

A final issue worth discussing here is the geopolitics of the tussle between law enforcement agencies seeking data in the context of criminal investigations and technology companies that have stored this data on their servers, most of which are located in the US (Mohanty andSrikumar 2017). The procedure followed by American companies when responding to requests from foreign governments, including India, has evolved over time and largely carried out voluntarily by the companies subject to restrictions under the Stored Communications Act (SCA), the governing law on the issue. Through expansive interpretations read permissively, companies have provided non-content data voluntarily to foreign law enforcement agencies that protect the rule of law and human rights. However, data that reveals the actual content of communications can only be revealed through a Mutual Legal Assistance Treaty (MLAT) process.

In essence, MLATs are diplomatic agreements entered into between nations for exchanging evidence required for criminal investigations and prosecutions. While the Indo–US MLAT came into force in 2001 to enable both countries to exchange evidence required for grappling with the then newly emerging threat of global terrorism, the mechanism remains replete with loopholes (Mohanty and Srikumar 2017). Indian authorities lack the capacity to expeditiously review and generate MLATrequests. Further, there is inconsistency in the manner in which the regionaloffices of multinational corporations comply with MLAT requests and the legal standards used. The standards used by companies are often a haphazard combination of US law, domestic law, international law and company policy. Further, certain companies allow their regional offices in India to deal with the MLATrequest, while others require it to beprocessed in the US.

Due to the difficulty involved in obtaining timely information through this process, the US and the United Kingdom (UK) are currently negotiating a bilateral data-sharing agreement that allowslaw enforcement agencies in the UK to directly collect information from companies located in the US and vice versa. While cyber cooperation with the US could advance talks on a similar deal for India, there was little chance of it before the decision of the Supreme Court guaranteeing a fundamental right to privacy. On the whole, Indian laws stand scrutiny with respect to certain international standards followed in the US, while falling short with respect to others. We hope that the right to privacy will be a game changer in this scenario and enable our US counterparts in the negotiations to repose more faith in the Indian dataprotection regime.

Conclusions

When the history of our judiciary is written for future generations, the Supreme Court’s unanimous affirmation of privacy as a fundamental right shall certainly find a place of honour. While this decision is being hailed as an emphatic win for civil liberties in India, and justifiably so, it is important to remember that a right granted is only as good as the mechanism for its effective implementation.

The future of citizen’s data in this country remains uncertain in the absence of a legislation protecting it, despite the judgment. While it seems quite clear that the introduction of a data protection act is a necessary corollary, what shape and form it shall take remains to be seen. In cases where the state aggregates data in lieu of public utilities, principles of data protection should apply to ensure prevention of mischief. The data belonging to a citizen, we argue, is part of his intangible property, one that can be parted from him based only uponexpress and informed consent. To achieve this, the need for building a model of trust between the government and its subjects must be a precondition, and no action ought to be taken such that it compromises the citizen’s sense of dignity in society. Accumulation of data for purposes that go beyond those iterated is a legal wrong in most nations with robust data protection regimes, and when the state itself indulges in such acts, the citizen’s faith in the rule of law is tested. Thus, while we celebrate the Supreme Court on its progressive stand in favour of human dignity and individual autonomy, we must remember that this judgment is by no means an end, for “the wheel’s still in spin.” While we celebrate, we must remember that this is not the hour when we retire in repose. But, as a country and a society that is moving towards modernity, this is the hour for “taking a fresh guard.”

References

Agrawal, Shweta, Subhashis Banerjee and Subodh Sharma (2017): “Privacy and Security ofAadhaar: A Computer Science Perspective,” Economic & Political Weekly, Vol 52, No 37,pp 93–102.

Bal, Meghna (2017): “Leveraging Technology for Trust: A Blockchain-based Aadhar,” Observer Research Foundation, 13 September, viewed on 15 September 2017, http://www.orfonline.org/expert-speaks/leveraging-technology-for-trust-a....

Bhatia, Gautam (2017): “The Supreme Court’s Right to Privacy Judgment—IV: Privacy, Informational Self-Determination, and the Idea of Consent,” Indian Constitutional Law andPhilosophy, blog, 30 August, viewed on 15 September 2017, https://indconlawphil.wordpress.com/2017/08/30/the-supreme-courts-right-to-privacy-judgment-iv-privacy-informational-self-determination-and-the-idea-of-consent/.

Bilbao-Osorio, Beñat, Soumitra Dutta and Bruno Lanvin (eds) (2014): “The Global Information Technology Report: Rewards and Risks of Big Data,” World Economic Forum and INSEAD, viewed on 15 September 2017, http://www3.weforum.org/docs/WEF_GlobalInformationTechnology_Report_2014.pdf.

Economist (2017): “Data Is Giving Rise to a New Economy,” 6 May, https://www.economist.com/news/briefing/21721634-how-it-shaping-up-data-giving-rise-new-economy.

Ellingsen, Nora (2016): “The Microsoft-Ireland Case: A Brief Summary,” Lawfare, 15 July, viewed on 15 September 2017, https://www.lawfareblog.com/microsoft-ireland-case-brief-summary.

European Parliament and Council (1995): “Directive 95/46/EC of the European Parliament and of the Council on the Protection of Individuals with Regard to the Processing of Personal Data and on the Free Movement of Such Data,” 24 October, http://ec.europa.eu/justice/policies/privacy/docs/95-46-ce/dir1995-46_pa....

— (2016): “Regulation (EU) 2016/679 of the European Parliament and of the Council on the Protection of Natural Persons with Regard to the Processing of Personal Data and on the Free Movement of Such Data, and Repealing Directive 95/46/EC (General Data Protection Regulation),” 27 April, https://publications.europa.eu/en/publication-detail/-/publication/3e485...
11e6-ba9a-01aa75ed71a1.

India Today (2017): “Aadhaar Now Mandatory for Bank Accounts: Link It by Dec 31 or Lose Access to Banking,” 16 June, viewed on 15 September 2017, http://indiatoday.intoday.in/technology/story/aadhaar-made-mandatory-for-bank-accounts-existing-accounts-will-be-invalid-without-aadhar-linking/1/980312.html.

Jerome, Joseph (2013) “Buying and Selling Privacy: Big Data’s Different Burdens and Benefits,” Stanford Law Review, Vol 66, No 25, pp 47–53.

Joshi, Divij (2014): “A Review of the Functioning of the Cyber Apellate Authority and Adjudicatory Authorities under the IT Act,” Centre for Internet and Society, 16 June, viewed on 15 September 2017, https://cis-india.org/internet-governance/blog/review-of-functioning-of-....

K S Puttaswamy v Union of India (2017): Writ Petition (Civil) No 494 of 2012, Supreme Courtjudgment dated 24 August.

Katz v United States (1967): 389 US 347.

Kerr, Orin (2005): “Searches and Seizures in a Digital World,” Harvard Law Review, Vol 119, No 2,pp 531–53.

Lessig, Lawrence (2002): “Privacy as Property,”Social Research, Vol 69, No 1, pp 247–69.

Matthan, Rahul (2017): “A New Paradigm forPrivacy,” 12 April, viewed on 16 September 2017, https://rahul.matthan.com/a-new-para
digm-for-privacy-800c457a7ad9
.

Mohanty, Bedavyasa and Madhulika Srikumar (2017): “Hitting Refresh: Making US-India Data Sharing Work,” Observer Research Foundation Special Report, August, viewed on 15 September 2017, http://cf.orfonline.org/wp-content/uploads/2017/08/MLAT-Book.pdf.

OECD (1980): “OECD Guidelines Governing the Protection of Privacy and Transborder Flows of Personal Data,” Organisation for EconomicCo-operation and Development, 23 September, viewed on 10 September 2016, http://www.oecd.org/sti/ieconomy/oecdguidelinesontheprotectionofprivacyandtransborderflowsofpersonaldata.htm.

Olmstead v United States (1928): 277 US 438.

Ramanathan, Usha (2010): “A Unique Identification Bill,” Economic & Political Weekly, Vol 45, No 30, pp 10–14.

Reddy, Prashant (2017): “Will the Aadhaar Act Withstand a Constitutional Challenge?,” Wire, 29 August, viewed on 15 September 2017,https://thewire.in/171787/aadhaar-act-constitutional-change/.

Sudhir, Abhishek (2017): “Supreme Court Has Every Reason to Strike Down Aadhaar Act. Will It?,” Scroll.in, 2 May, viewed on 15 September 2017, https://scroll.in/article/836176/supreme-court-has-every-reason-to-strike-down-aadhaar-act-will-it.

Tarafder, Agnidipto and Shameek Sen (2016): “Wolf in Sheep’s Clothing?” Statesman, 24 March, viewed on 4 April 2016, http://epaper.thestatesman.com/m/758010/StatesmanDelhi/24-03-2016#issue/....

Tarafder, Agnidipto and Arindrajit Basu (2016): “A Small Battle for FBI, a Gigantic War for Privacy Rights,” Economic & Political Weekly, Vol 51,No 17, pp 13–17.

UNGA (1948): “Universal Declaration of Human Rights,” Resolution 217 A (III), United Nations General Assembly, 10 December. 

— (1966): “International Covenant on Civil and Political Rights,” 16 December, United Nations Treaty Series, Vol 999, United Nations General Assembly, p 171.

Warren, Samuel and Louis Brandeis (1890): “The Right to Privacy,” Harvard Law Review, Vol 4, No 5, pp 193–220.

Updated On : 9th Oct, 2017

Comments

(-) Hide

EPW looks forward to your comments. Please note that comments are moderated as per our comments policy. They may take some time to appear. A comment, if suitable, may be selected for publication in the Letters pages of EPW.

Back to Top