This blog is written by Karuvi Raina and Kunal Yadav, 2nd year and 4th year students at Rajiv Gandhi National University of Law, Punjab.
INTRODUCTION
British Mathematician Clive Humbly very aptly stated that the data is the new oil. In the Life 4.0, characterised by panopticon like technologies, data has occupied an important epistemic value. As always has been, this has led open a pandora box related to ownership, rights and liabilities related to information and data. Such one major issue is the challenge posed by the conflict between the Societal Right to Information with Personal Right to Privacy. Even a slight imbalance between these two conflicting interests can result in gross injustice. This paper aims to explore the framework of both these rights and aspires to provide a harmonising pathwork in light of the comparative analysis and evolving legal framework.
In 2021, WhatsApp was served with a notice by the Ministråy of Electronics and IT (MeitY), which asked it to withdraw a controversial update to its privacy policy, claiming that it will pose a threat to Data Protection of Indians.[1] The main issue of this update was that users would no longer be able to stop WhatsApp from sharing their location and phone number with Facebook, as long as they don’t delete their accounts once and for all. Moreover, the Government propounded that the App discriminated between Indian and European users because the European users were provided with the option to opt out of this controversial update. Moreover, the case Karmanya Sareen v. Union of India[2] challenged the new privacy policy proposed by WhatsApp on the contention that India’s privacy protection standards are way below the standards being observed in European countries, amounting to sheer discrimination for Indian users.
Ever since this new privacy policy has been set by the messaging app, the term ‘Data Protection’ has become a widely debated issue. In simple terms, “data protection is the process of safeguarding important information from corruption, compromise or loss.”[3]
THEORETICAL FRAMEWORK
There is no doubt that data protection and right to information are both crucially fundamental concepts broadly related to the management and control of information, most of this information now being greatly accessible with the advent of internet and the rapidly progressing technology. One of the strongest reasons why these concepts are widely debated is the fact that they deal with personal data and government transparency, something that is extremely close to the hearts of the people and cannot be jeopardized whatsoever.
As has already been mentioned above, “Data protection refers to the principles, practices and regulations that govern the collection, storage, processing, and sharing of personal data, aiming to safeguard individual’s privacy and ensuring their rights are respected.”
Data protection has the following key components:
1. Data Privacy- It ensures that even with the increasing use of the internet and social media, the personal data of the individuals is not jeopardized and used for ulterior purposes.
2. Consent- As long as individuals provide informed consent to their personal data being used, it can be used for the specified purpose. However, if such a consent is not granted, no authority has the right to exploit the sensitive information of people.
3. Data Security- Organizations are bound to ensure that personal data is protected from unauthorized access or breaches, by implementing various modern methods to ensure that data security is ensured.
4. Data Minimization- Unnecessary or excessive data collection, beyond the need and requirement of the organization is seriously discouraged.
5. Data Subject Rights- Here, ‘Subject’ refers to the people whose data is collected by the organizations. These subjects have a right to access their data, rectify inaccuracies, and can request their data to be deleted under certain circumstances.
6. Data Transfer- When transferring data across borders, to countries with different data protection standards, the specific rules and safeguards should be strictly followed.[4]
“Right to information refers to the fundamental right, possessed by all people, that allows individuals to access information held by public authorities and institutions.”[5] This is an extremely important right as it helps to keep the entire working system of a country more transparent and citizen friendly. If the citizens are aggrieved by some decision or policy of the government, they can ask the centre to put forward the entire process through which it went and concluded in that particular result. Without such a right, people would have their rights, but would not really have the powers to exercise them. This right to information applies to both the public and private sector organizations, subject to the jurisdictional laws.
The key aspects of the right to information are:
1. Transparency & Accountability- It is important, especially in a democracy, for public institutions and the government bodies to be transparent in their operations, providing the citizens with the information that is in the public interest. These institutions are answerable in case any problem regarding the same arises.
2. Requests & Exemptions- Subject to certain procedures and timelines, the individuals can be a part of the mechanism, requesting for specific information. However, if the matter relates to national security or personal privacy, the public bodies have a right to withhold information. It will depend on the facts and circumstances of the case.
Both these concepts are typically paradoxical to each other, data protection dealing with safeguarding information, and right to information dealing with making data more accessible. Even with this contrast, both these concepts are undoubtedly interdependent.
LEGAL FRAMEWORK FOR DATA PROTECTION AND RIGHT TO INFORMATION
With the world changing at a rapid pace and the technology being upgraded to a level that nobody in the past could have imagined it could reach, it had become crucial for all countries to pull up their socks and come up with legal provisions regarding data protection and right to information, that would not let these concepts run into becoming non-implementable and extinct.
EXAMINATION OF RIGHT TO INFORMATION LAWS AND THEIR OBJECTIVES
In an attempt to keep the citizens of India a part of the democratic order of the country, the Government, introduced the ‘Right to Information Act (RTI), in the year 2005[6].
Taking inspiration from countries like Sweden, who was the first country to provide freedom of information to its citizens through the ‘Freedom of Press Act’ in 1766[7], and other countries like USA, France, Canada, New Zealand etc, India became the 48th country to enforce the Right to Information.
The main objective of this Act is to make the people of India into informed and responsible citizens of the country, empowering them and helping them move a step closer to realizing their dream of becoming residents of a real democracy, in word as in spirit.
Some of the important objectives are listed below-
1. Promoting transparency of information and an open administration
2. No more administrative arbitrariness
3. An accountable, answerable and responsive government
4. Reduced corruption[8]
JURISDICTION
The coverage of the Act is as below-
1. All the states of India
2. Centre, State and Local Governments, and the bodies that are connected with the government in some or the other aspect, either under control or financially dependent
3. Executive, Judiciary and Legislature
4. Private bodies that can be accessed by citizens under any law in force[9]
Undoubtedly, the citizens of India now definitely have an extensive number of rights and powers than what they had before the implementation of this Act. However, it should be kept in mind that if this Act is in force to protect the citizens from unnecessary exploitation, it needs to be made sure that even the people associated with the working of the country, like the government and the judiciary, are not unnecessarily exploited. If such exploitation starts, then it will just be a replacement of one wrong with another.
Therefore, there are certain situations in which the citizens can be denied their right to information, as have been listed below-
1. When the matter concerns the sovereignty, integrity and safety of India
2. Information that has been expressly forbidden by any court from being disclosed
3. Disclosure of this information might lead to a breach of privilege of the Parliament or the State Legislature
4. Information including commercial confidence or trade and intellectual property secrets, disclosure of which might cause a disadvantage to the trade and commerce of a third party
5. Information available in a fiduciary relationship
6. Confidential information received from foreign governments
7. Disclosure of this information might cause endangerment to the physical safety or the life of any individual
8. Information that would obstruct any ongoing investigation or prosecution of offenders
9. Cabinet papers and writings including deliberations of ministers, secretaries or other government officers
PRIVACY AND DATA PROTECTION
EXPLORATION OF THE RIGHT TO PRIVACY IN THE DIGITAL ERA
The concerns regarding right to privacy spiked higher than ever before especially with the increasing use of technology and the industrial age revolution. Article 12 of the Universal Declaration of Human Rights provides that “no one shall be subjected to arbitrary interference with his privacy, family, home or correspondence, nor to attacks upon his honour and reputation. Everyone has the right to the protection of the law against such interference or attacks.”[10] Not only this, but other authorities like the The International Covenant on Civil and Political Rights, to date ratified by 167 States, provides in article 17 that “no one shall be subjected to arbitrary or unlawful interference with his or her privacy, family, home or correspondence, nor to unlawful attacks on his or her honour and reputation. everyone has the right to the protection of the law against such interference or attacks.”[11] All these provisions making efforts to safeguard the right to privacy, at the domestic and the international level clearly concludes that the importance, and the enduring relevance of the right to privacy and the need pf it being safeguarded and rightly implemented is something that is universally recognised.
However, it should be noted that other rights that are closely associated with the right to privacy may also be affected by actions such as mass surveillance, interpretation of digital communications and the collection of personal data. Some of these rights are the right to freedom of opinion and expression, freedom of peaceful association, right to family life. All such rights are closely associated with the right to privacy and are being increasingly exercised through digital media.
There are reliable hints that digital technologies have been used to obtain information that has resulted in mistreatment and torture. According to reports, targets for deadly drone strikes have been located by analyzing metadata obtained from electronic surveillance.
Data surrounds us and is produced in nearly everything we do in this digital era. A very concerning technique that is being adopted by states is that of ‘Profiling’, which means “automated processing of personal data to evaluate. Certain personal aspects relating to a natural person, particularly used to analyze or predict aspects concerning that natural person’s performance at work, health, economic situation, personal preferences, behavior and location.” It is sad to say that profiling is as scary and creepy as it sounds and perhaps even much more than that because it ca result in discrimination between people, based on their religion, caste etc.
Of course there are two sides of every coin and profiling can definitely be used in furtherance of the national interest, by improving the national security, however in what way a technology will be used solely depends on the entity in whose hands is places, so as the government is the one who has the power to carry out actions like profiling, it is very important for the citizens to make a very conscious and informed choice while electing the next government during the elections.
The right to privacy has already been declared as a fundamental right in the case of Justice K.S. Puttaswamy v. Union of India[12], and there can be nothing more that confirms as to how important this right is to each and every individual. There have been no exclusive legislations on the right to privacy, however, the provisions that relate to it in some or the other respect is the ‘Information Technology Act 2000[13]’ and the ‘Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Information) Rules 2011/ IT Rules[14]. These IT Rules mainly concern themselves with imposing additional requirements on commercial and business entities in India.
A recent step in the furtherance of data protection in India is the ‘Personal Data Protection Bill 2019’[15], which was introduced in the Lok Sabha by the Ministry of Electronics and Information Technology. The purpose of this Bill is to establish a Data Protection Authority of India for the said purposes and matters relating to an individual's personal data in addition to providing for the protection of individuals' privacy with regard to their personal data.[16]
PRINCIPLES AND COMPONENTS OF DATA PROTECTION LAWS
Article 5[17] of the General Data Protection Regulation (GDPR) lays down certain key principles of data protection that form the core of the general data protection regime. The first step for controllers in ensuring that they fulfil their obligations under GDPR is compliance with these fundamental principles of data protection listed below-
1. Lawfulness. Fairness & Transparency- Processing of any kind of personal data should be lawful, fair, and transparent to all the individuals, especially those that are directly connected with the data being used. This information should be easily understandable and accessible.
2. Purpose Limitation- There needs to be mandatorily a specific, explicit and legitimate reason for the collection of personal data. It should never be pursued in a manner that is incompatible with the original aim of collecting the data in the first place. However, further processing for archiving purposes (following Art 89(1)[18]GDPR) is not considered as being incompatible with the initial purpose.
3. Data Minimization- Other means should be explored before personal data is processed, and it should be made sure that the purpose could not be reasonably fulfilled with the help of other means, before the processing of personal data is opted for. It should be ensured that the period for which personal data are stored is a limited to a strict minimum, it should not be kept unnecessarily for a long time when the needs does not arise.
4. Accuracy- It is mandatory for controllers to ensure that the personal data stored and processed is from reliable sources and is correct.
5. Storage Limitation- For as long as it is required to fulfil the purposes for which the personal data are processed, personal data should only be retained in a format that allows data subjects to be identified. There should be time limits set by the controller for periodic reviews or for erasure of personal data to make sure they are not kept longer than necessary.
6. Integrity & Confidentiality- The data should be ensured to be confidential against any third party unnecessary access and should be guarded against accidental loss, destruction etc.
7. Accountability- The controllers should be able to demonstrate their compliance with the above-mentioned principles and the applicable provisions of GDPR.[19]
EXAMINANTION OF INTERNATIONAL CONVENTIONS AND STANDARDS RELATED TO PRIVACY
The right to privacy has been universally recognized, and there are many well known declarations, international agreements and standards that highlight the same, as has been mentioned below-
1. Universal Declaration of Human Rights (UDHR): Article 12[20] states that “No one shall be subjected to arbitrary interference with his privacy, family, home, or correspondence…”
2. International Covenant on Civil and Political Rights (ICCPR): Article 17[21] states that “No one shall be subjected to arbitrary or unlawful interference with his privacy, family, home or correspondence, nor to unlawful attacks on his honour or reputation…”
3. European Convention on Human Rights (ECHR): Article 8[22] protects the right to respect for private and family life, home, and correspondence.
4. General Data Protection Regulation (GDPR): A rule imposed by the EU, the GDPR establishes guidelines for privacy and data security. Consent, data subject rights, and data breach notifications are among the topics covered by this legislation, which regulates the processing of personal data.
5. Convention 108 of the Council of Europe: In the realm of data protection, Convention 108[23] is the first legally binding international agreement. When it comes to the automatic processing of personal data, it offers guidelines and standards for human protection.
6. The Privacy Shield (EU-US Privacy Shield): This was the framework that controlled the flow of personal information from the European Union to the US. The Court of Justice of the European Union (CJEU) declared it invalid in 2020.
7. Asia-Pacific Economic Cooperation (APEC) Privacy Framework: A privacy framework that facilitates cross-border data flows and also protects individual privacy was developed by APEC.
8. Organization for Economic Co-operation and Development (OECD) Privacy Guidelines: A framework for the protection of personal data was established in 1980 by the Organization for Economic Co-operation and Development (OECD) through the publication of privacy guidelines.
9. United Nations Special Rapporteur on the Right to Privacy: The main role of this Rapporteur us to report on and promote protection of privacy rights worldwide, spreading awareness regarding its importance and rising need. 23
10. Convention on Cybercrime (Budapest Convention): Articles on cybercrime and the safeguarding of personal information during cybercrime investigations are included in this treaty, which was arranged by the Council of Europe.
11. Convention on the Rights of the Child: Article 16[24] recognizes the right to privacy of children, something that is increasingly required in the modern world but is not talked about much.
TRANSPARENCY AND RIGHT TO INFORMATION
UNDERDTANDING THE SIGNIFICANCE OF TRANSPARENCY IN GOVERNANCE
There are no two ways that if the administrative system of a country is opaque, such that its citizens are not informed about how the government is working, democracy in such a country will always be a distant dream, no matter how hard the government tries to improve other factors of its governance. As long as the citizens of a country are not made a part of the administrative system, there can never be democracy in the true sense.
For attaining this purpose, transparency is the first thing that every democratic government should aim for. In simple terms, “Transparency means that the decisions taken and their enforcement are done in a manner that follows rules and regulations. This information should also be freely available and directly accessible to those that will be affected by such decisions and their enforcement, primarily the citizens.”[25]
Transparency is the core principle of good governance. It needs to be made clear that the concept of ‘governance’ is broader than that of ‘government’. When talking about transparency, the entire governance should be transparent and accountable to the public. Governance is not limited to the government alone, but includes many stakeholders like the state government, local governments, private sector, non-governmental and community-based organizations (NGOs/ CBOs), the media, professional associations and other members of the civil society.
Having freely accessible information is a key element in promoting transparency, a concept that is widely known as ‘Right to Information.’ The fundamentality of freely accessible information in attaining the goal of transparency is clearly put forward in the famous quote given by James Madison, “A popular Government without popular information or the means of acquiring it is but a Prologue to a Farce or a Tragedy or perhaps both. Knowledge will forever govern ignorance, and a people who mean to be their own Governors, must arm themselves with the power knowledge gives.”
CASE STUDIES SHOWING THE ROLE OF TRANSPARENCY IN ACCOUNTABILITY
THE INDIAN PERSPECTIVE
· BALCO Employees’ Union v. Union of India[26]- It was held by the Supreme Court that, “Transparency does not mean the conducting of the government business while sitting at the crossroads in public. What it means is that the manner in which the decision is taken, is made known to the public.”
It was laid down that while complying with the requirement of transparency by a statutory body/ Regulator in its decision-making process, the term ‘transparency’ would include the following-
a) The public and the stakeholders should be made aware of the intention of a particular statutory body to make a regulation, or such other decision;
b) The stakeholders need to be allowed access to the facts, data and other relevant material that the decision-making body relies on, while making its decision;
c) The concerned authority should hold consultations with the stakeholders, allowing them to participate in the decision-making process, by way of expressing their views and counterviews to the issues raised by the decision-making body;
d) The statutory body should mandatorily take the decisions after taking the major views and counterviews into consideration and should address, document and reason the same. Global Energy Ltd. v. Central Electricity Regulatory Commission[27]- The significance and invaluableness of transparency in the functioning of statutory bodies was recognized by the Supreme Court. It emphasized on the role of transparency and openness in governance, holing that compliance with these principles would satisfy the requirements of Articles 14[28], 19[29], 21[30] of the Constitution of India. The Court in its judgement held that ,”All law-making, be it in the context of delegated legislation or primary legislation, has to conform to the fundamental tenets of transparency and openness on one hand and responsiveness and accountability on the other.”
· Reliance Petrochemicals Ltd. v. Indian Express Newspapers Bombay (P) Ltd[31]- The Supreme Court again emphasized on the importance of the ‘right to know’ by holding that, “Right to know is a basic right which citizens of a free country aspire in the broader horizon of the right to live in this age in our land under Article 21[32]of our Constitution. That right puts greater responsibility upon those who take upon themselves the responsibility to inform.”
· S.P. Gupta v. Union of India[33]- The Supreme Court held that, “Disclosure of information in regard to the functioning of Government must be the rule and secrecy an exception justified only where the strictest requirement of public interest so demands. The approach of the court must be to attenuate the area of secrecy as mush as possible, consistently with the requirement of public interest, bearing in mind that disclosure also serves an important aspect of public interest.”
· Chief Information Commr. v. State of Manipur[34]- The Supreme Court attempted to interpret the provisions of the Right to Information Act, 2005, and held that, “It is clear that the Parliament enacted the said Act keeping in mind the rights of an informed citizenry in which transparency of information is vital in curbing corruption and making the Government and its instrumentalities accountable. The Act is meant to harmonize the conflicting interests of the Government to preserve the confidentiality of sensitive information with the right of citizens to know the functioning of the governmental process in such a way as to preserve the paramountcy of the democratic ideal.”[35]
· Lalita Kumari v. Government of U.P.[36]- The importance of transparency and accountability in Indian criminal justice system was emphasized upon. The Supreme Court ruled that registering of First Information Reports (FIR) is mandatory in cases of cognizable offences.
· Subrata Roy v.SEBI[37]- The Supreme Court stressed on the importance of transparency in the financial markets and upheld the role of the Securities and Exchange Board of India (SEBI) in protecting the interests of investors and ensuring that there are transparent financial schemes.
TECHNOLOGY AND CHALLENGES
EMERGING TECHNOLOGIES AND THEIR IMPACT ON DATA PROTECTION AND TRANSPARENCY
The use of most of these emerging technologies is intricately intertwined with the processing of vast amounts of data and this can be seen in almost all devices that have built-in sensors, collecting and analysing data round-the-clock. From the perspective of information privacy, these pervasive integrations of data processing and its application by AI and IoT devices raise serious, far-reaching concerns. One such example that highlights the dangerous nature of this situation is that most of the data-processing in these devices in the modern times takes place in a ‘person-agnostic manner’, meaning that the technology does not differentiate between the person who has consented to the processing of his/her data and that person who does not consent to any such thing.[38] Undoubtedly, obtaining consent in such personal matters is of utmost importance, but if the technology itself is not capable enough to differentiate between those individuals who consented and those who did not, the efficiency of such a technology is put into serious jeopardy.
Moreover, there have been studies on how profiling itself is biased and exclusionary, adding to the direct impediments to information privacy. Some of the examples highlighting these discriminatory practices can be noted in AI applications used by credit loan industries, racial markers for recidivism etc. [39]
It will not be wrong to say that every one of us has atleast once in our lives accepted cookies without reading the terms and conditions, while we explore any website. This phenomenon of developing a tendency to simply accept privacy notices without reading, because of one reason or the other is known as ‘Consent Fatigue.’ This has also become one of the main reasons of the diminishing importance that is given to ‘notice-and consent’ practice and even after being provided with a notice, the users still choose to not read it, resulting in their crucial personal information being put at stake.[40]
CHALLENGES IN IMPLEMENTING EFFECTIVE DATA PROTECTING MEASURES IN THE DIGITAL AGE
1) Proliferation of Data- Data creation, collection, and distribution have increased dramatically in the digital age. People create enormous volumes of data every day as a result of social media, smart devices, and online transactions. Companies and governments frequently collect this abundance of data, raising questions about who has access to our private lives.
2) Lack of Awareness- The extent to which their data is being gathered and used is often unknown to the general public. Users may disclose sensitive information without realising it because of the complexities of data privacy policies and terms of service agreements, which can be very difficult to understand.
3) Data Breaches and Cyber Attacks: Prestigious data breaches have proliferated to the point where millions of people are at risk of financial fraud and identity theft. The ongoing struggle to keep data secure is highlighted by cybercriminals' inventive methods of exploiting weaknesses in digital systems.
4) Cross-Border Data Flow: Data frequently crosses international borders due to the global nature of the digital economy. Consistent data privacy standards are difficult to ensure, though, because different nations have different data protection laws and regulations.
5) Emerging Technologies- Businesses and everyday life are changing as a result of technologies like artificial intelligence (AI) and the Internet of Things (IoT). Notwithstanding the many advantages these innovations provide, questions concerning their effects on data privacy are also raised. Particularly when it comes to transparency and accountability, AI algorithms have the ability to make decisions based on personal data.
BALANCING PRIVACY AND TRANSPARENCY
In India, the approach of the court had been different in pre RTI and post RTI scenario. The pre RTI era saw the court leaning in favour of the protection of the personal data of individuals over transparency. But after the promulgation of the RTI Act, 2005, this pro privacy attitude altered in light of the rising activism in first decade of the 21st century. In cases such as Swarup Singh naik vs. State of Maharshtra, the Supreme Court of India went up to the extent to give primacy to the public rights over the individual rivacy rights of a third person.
At this conjecture it is pertinent to discuss the topology of privacy in context of personal data.
The above mentioned diagram reflects the dynamics involved in the spectrum of the right to privacy from the personal zone of extreme exclusivity till the public zone of inconspicuousness. This dynamics form the basis of differentiation of the data as exempted or non exempted.
Section 8 (1)(j) of the Right to Information Act, 2005 has been a contentious provision for quite a while as it has been used to refuse essential information to the applicants in guise of personal data exemption. The newly promulgated, Data Protection Act, 2023 amends this section to strengthen the exemption. Pre amendment section exempted the personal data which had no relation with the public activity or interest inter alia. Also, the proviso to the section stated it clearly that if an information can not be denied to the Parliament and the State Legislature, the same would not be denied to the applicant also.
The amended section would put an umbrella exemption on all kinds of personal data even if they are related to the public policy. Also the proviso which acted as a safeguard has been eliminated. The same has led to a severe criticism and apprehensions regarding the intent of the legislature.
Prima Facie this does not seem much problematic to a layman but is some light is shed on examples of how this amended section would work, the reason behind the apprehensions of the RTI activists would be become much clear. It is well known that data such as list of the NPAs, voter list during elections, name and addresses of beneficiaries under schemes like MGNERGS were accessible to third party citizens. As per the amendment this data would now fall under the exemption under the garb of personal data.
[1] “IT Ministry Directs WhatsApp to Withdraw New Privacy Policy: Government Sources” Times of India, May.19, 2021.
[2] 2017 SCC OnLine SC 1051.
[3] International Business Machines “What is Data Security?”, available at: https://www.ibm.com/topics/data-security (last visited on November 3, 2023).
[4] The World Bank “Data Protection and Privacy Laws”, available at: https://id4d.worldbank.org/guide/data-protection-and-privacy-laws (last visited on November 3, 2023).
[5] Deeksha et al. “Right to Information” Academike (2015).
[6] Right to Information Act,2005 (Act 22 of 2005).
[7] Lena Rydholm “China and the World’s First Freedom of Information Act: The Swedish Freedom of the Press Act of 1766”20 Javnost-The Public 48-52 (2013).
[8] Right to Information, available at: https://rti.gov.in/#:~:text=The%20basic%20object%20of%20the,to%20keep%20necessary%20vigil%20on (last visited on November 3, 2023).
[9] IndiaFilings “Right to Information Act (RTI)” available at: https://www.indiafilings.com/learn/right-to-information-act-rti/ (last visited on November 3, 2023).
[10] Universal Declaration of Human Rights, 1948 (General Assembly Resolution 217A(III) of 1948), art.12.
[11] International Covenant on Civil and Political Rights, 1966 (General Assembly Resolution 2200A(XXI) of 1966), art.17.
[12] AIR 2017 SC 4161.
[13] Information Technology Act, 2000 (Act 21 of 2000).
[14] Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules 2011, India, available at: https://cis-india.org/internet-governance/files/it-reasonable-security-practices-and-procedures-and-sensitive-personal-data-or-information-rules-2011.pdf (last visited on 3 November, 2023).
[15] The Personal Data Protection Bill, 2019 (Bill 373 of 2019).
[16] Anmol “Right to Privacy in Digital Era: A Study with Indian Context” available at: https://www.legalserviceindia.com/legal/article-5404-right-to-privacy-in-digital-era-a-study-with-indian-context.html (last visited on November 3, 2023).
[17] General Data Protection Regulation, 2016 (Regulation[EU]2016/679), art.5.
[18] General Data Protection Regulation, 2016 (Regulation[EU] 2016/679), art. 89(1).
[19] An Coimisiún um Chosaint Sonraí (Data Protection Comission) “Principles of Data Protection” available at: https://www.dataprotection.ie/en/individuals/data-protection-basics/principles-data-protection (last visited on November 3, 2023).
[20] Supra note 10, art.12.
[21] Supra note 11, art.17.
[22] European Convention on Human Rights 1950, EU, available at: https://www.echr.coe.int/documents/d/echr/convention_ENG (last visited on November 3, 2023).
[23] Council of Europe, Convention 108 (COE, France, 1981).
[24] United Nations, Article 16 of the Convention on the Rights of the Child (UN, Geneva, 1989).
[25] ICMA “Transparent Governance and Anti-Corruption”, available at:https://icma.org/page/transparent-governance-anti-corruption (last visited on November 3, 2023).
[26] AIR 2002 SC 350.
[27] AIR 2009 SC 3194.
[28] The Constitution of India, art.14.
[29] The Constitution of India, art.19.
[30] The Constitution of India, art.21.
[31] AIR 1989 SC 190.
[32] Supra note 31, art.21.
[33] AIR 1982 SC 149.
[34] AIR 2012 SC 864.
[35] Saket Singh “Transparency in Functioning of Statutory Bodies—Need for Legislative Intervention” available at: https://www.scconline.com/blog/post/2022/06/21/transparency-in-functioning-of-statutory-bodies-need-for-legislative-intervention/ (last visited on November 3, 2023).
[36] AIR 2014 SC 187.
[37] Rajeshwar Singh v. Subrata Roy Sahara (2013) 14 SCC 257.
[38] International Association of Business Analytics Certification “AI And Privacy: Balancing Innovation with Data Protection, available at: https://iabac.org/blog/ai-and-privacy-balancing-innovation-with-data-protection (last visited on November 4, 2023).
[39] Paul Titcher, Data Protection vs. Freedom of Information: Access and Personal Data (IT Governance Publishing, 2008).
[40] Dhruv Somayajula et al. “Privacy Concerns with Emerging Technology and their Redressal through PDP Bill” available at: https://www.barandbench.com/columns/privacy-concerns-emerging-technology-their-redressal-through-pdp-bill (Last visited on November 4, 2023).
Comments