In one sense, the recent judgment of the Supreme Court on right to privacy is fairly straightforward. Just as it has interpreted our Fundamental Rights in the past to include the rights to education; to livelihood; to food, water, and shelter; against custodial violence; reproductive rights, among many others, it has now interpreted them to include a right to privacy.
As with any Fundamental Right, say free speech, lawyers and courts will interpret whether the right is infringed, and, if so, whether a limitation like “reasonable restrictions” or “procedure established by law” applies.
Simple enough so far, but the 547 pages and six judicial opinions raise several interesting law and policy questions. Some of these questions, which have not already been extensively discussed in the press are below (these are intended to provoke further thought, and not to be conclusive):
A Fundamental Right against private parties: Is the Right to Privacy only against the State?
Gonna get "you can't sue your wife/parents/boyfriend for invading your privacy because it's only enforceable against the State" tattooed
— Damsel in This Dress (@secondofhername) August 24, 2017
Granted, it may not be against your parents. But some have questioned whether the court was right to endorse the enforcement of the Right to Privacy against non-State (private) actors. But has it done this? Probably not. The different opinions do discuss at length people’s privacy rights vis-à-vis Internet companies (eg, justices Chandrachud and Kaul), and to a lesser extent, against publishers (eg, Justice Kaul). But while fundamental rights are no doubt enforceable against a State action, they can also be enforced with respect to private actions by asking the State to affirmatively act to uphold those rights. This happened in the famous Vishaka case of 1997 when the court noted a legislative vacuum on the subject of sexual harassment at workplace. This is also, for instance, what the petitioners seek in the pending Whatsapp case. Because they argue that the actions of Whatsapp infringe their privacy rights, they ask the State to protect their Fundamental Right to privacy by enacting a data protection law.
In the KS Puttaswamy and others vs Union of India and others case, the court seems to be reasoning on this basis. Justices Chandrachud’s and Kaul’s discussion of Internet company profiling of users is largely in the context of the recommendation of a data protection law, which, in other words, is a recommendation that the State needs to safeguard users’ Fundamental Right to Privacy vis-à-vis private companies. It is, therefore, likely not an endorsement that the right can be enforced against private companies. In other words, it is more a suggestion that we have a Fundamental Right to a data protection regime (like we have the Fundamental Right to a law against sexual harassment at the workplace).
Justice Kaul’s separate discussion of publicity rights (eg, “[e]very individual should have a right to be able to exercise control over his/her own life and image as portrayed to the world and to control commercial use of his/her identity”) is admittedly tricky, but it may not be very problematic because: (1) he is alone in that view on the bench, so it is not binding law; (2) on a close reading, it could be understood as a discussion of the common law of Right of Privacy (not the Fundamental Right). The common law of the right of privacy applies to private persons.
Former attorney general Mukul Rohatgi, who argued part of the case, has commented that the judgment is a case of judicial overreach. In his view, since the Constitution — after due deliberation — does not include a right to privacy, it is not the job of the courts to write it into the document. Only the Parliament can do that.
This is worth examining. The issue tends to come up every time the court interprets the Fundamental Rights broadly. But, as mentioned above, the Supreme Court has, over the years, read various unwritten rights into the specified Fundamental Rights. The principles that the Constitution is an evolving document and that the Fundamental Rights be interpreted broadly are well-settled.
The court has, therefore, only observed these principles and interpreted existing rights (such as the right to life and liberty, and to free speech and expression) to include a particular interest — privacy.
Justice Chandrachud was at pains to clarify that the judgment was not "an exercise in constitutional amendment brought about by judicial decision". So, unless the principle of evolving Fundamental Rights is questioned, the verdict does not appear to be a judicial overreach.
Having said this, there are observations of the court which makes one wonder if it is creating too much room for judicial discretion. Justices Chelameswar and Nariman both suggest that the court should look beyond the text of the Constitution (eg, “[t]he necessity of probing seriously and respectfully into the invisible portion of the Constitution cannot be ignored”).
But they too, do not do so to create a right without basis in the text of the Constitution. All of the judges eventually trace the right to privacy to the Fundamental Rights specified in the Constitution and the Preamble. In that sense, the exercise is one of judicial interpretation, not legislation.
Is consent outdated?
The Supreme Court has also been criticised for suggesting a consent-based privacy framework which may not be appropriate for modern, disruptive uses of data. But, except in one part of Justice Kaul’s individual judgment, the court does not seem to explicitly endorse a consent-based framework. In fact, Justice Chandrachud’s opinion cites Yvonne Mcdermott’s statement that “a solely consent-based model does not entirely ensure the protection of one’s data, especially when data collected for one purpose can be repurposed for another”, and says “it would be appropriate to leave the matter (of data protection) for expert determination”.
It would also be outside the terms of the reference for the court to be recommending a particular form of data protection framework. Rather, the court can be seen as recommending the adoption of a data protection framework, the mode of which is left to the executive. To that extent, if there are any suggestions on the mode of the data protection framework, they would not be binding.
But even assuming various mentions of consent in the judgment could be taken to be an endorsement of a consent-based data protection framework, we need to assess whether consent should be done away with completely. Even some proposed replacements of the traditional "I agree" frameworks such as where the data subject controls access to her information by third parties, are consent-based. What they do is shift the onus of consent so as to be more user-centric. Moving to a pure accountability framework, where the user entrusts the State with protecting their privacy preferences, might compromise the autonomy of sophisticated users. So, rather than dispensing with consent altogether, we might instead re-imagine it in a way that promotes innovation but also preserves autonomy.
Reading six judgments to find a majority
With six different judgments, one signed by four judges and the other five individual judgments, one immediately asks what parts of each judgment are actually binding. We shouldn’t forget that if an opinion is not agreed to a majority of the judges, it is not binding on future courts.
In the famous Kesavananda Bharati case, a landmark constitutional case known to every lawyer and law student, 13 judges gave 6 differently-hued opinions on Parliament’s power to amend the Constitution. As a result, some like senior advocate TR Andhyarujina even questioned whether its ultimate holding was a correct reflection of the different opinions. More recently, a related issue has also cropped up in the triple talaq case on Justice Nariman’s ruling on arbitrariness.
Fortunately, in the Right to Privacy case, the order of the Supreme Court, signed by all the nine judges, is fairly clear, and leads to the outcome mentioned in the beginning of this piece and reported widely.
But there are other questions on which there appears to be a divergence of opinion. One of these is whether the “reasonable expectation of privacy” test is appropriate for India. Justice Chandrachud’s opinion for four judges seems to adopt the test but Justice Nariman seems to reject it (due credit to my colleague Gowree Gokhale for pointing this out). Other issues where the approaches vary include the nature of privacy and the permissible limitations.
The only way to properly know on what matters the decision is binding is to create a comprehensive matrix of issues and mark the views of the six judgments on each of them. Where at least five judges agree on an issue, it will be a binding holding of the case. While this may seem obvious, courts have inadvertently relied on minority opinions in the past. To rely on Justice Chandrachud’s four-judge opinion (or to call it a majority opinion) without checking to see if at least one other judge agrees would be an error.
"Is every majority opinion binding? The discussion of ADM Jabalpur is interesting
This issue is related to the previous one, but it is a different analysis. Even with a majority, not everything in a judgment is a binding law. Only those parts of the discussion necessary for the ultimate decision are.
The court ultimately made four holdings — three of them commented on whether its past case law was correct, and the other confirmed that the Right to Privacy is protected as an intrinsic part of the Fundamental Rights. Some have argued that only the bare holdings themselves will be binding on future courts. But the court went through a great deal of reasoning to get to those holdings. According to the rule above, at least that part of the reasoning that was necessary to arrive at the holdings should be binding.
But what about some of the other discussions?
Overruling the infamous ADM Jabalpur case (the Emergency case that went against Fundamental Rights) was no doubt a welcome statement, but, legally speaking, was it necessary for the ultimate decision?
The court decided to overrule it so that there was no discord with its ultimate interpretation that Fundamental Rights evolve, that privacy is a part of them and that privacy is an inalienable right.
But was the verdict in the ADM Jabalpur case not superseded by a constitutional amendment and already implicitly overruled by the Supreme Court? Was the ADM Jabalpur case raised by the respondents’ counsel or a true roadblock to any of the court’s ultimate holdings? More seasoned lawyers than the writer will no doubt have views both ways. But this is only an example to illustrate the issue.
A lot of the other parts of the decision are likely necessary to arriving at the reasoned conclusion that the Right to Privacy is an intrinsic part of the Fundamental Rights, because of how broad that matter is. But a deeper analysis could find more in the judgment that was not necessary for the ultimate holding. Any such parts of the judgment will only be persuasive, not binding.
Jaideep Reddy is a technology lawyer at Nishith Desai Associates. Views are personal
Published Date: Aug 30, 2017 09:59 am | Updated Date: Aug 31, 2017 04:52 pm