Professional Documents
Culture Documents
APPELLANT RESPONDENT
1. Mr. D C HAJELA THE GREAT RIVER
UNIVERSITY
2. Mr. P T PANCHOLA V.
Index of Authorities...II
Index of AbbreviationsVI
Statement of Jurisdiction....................................................................................VII
Statement of Facts..............................................................................................VIII
Issues to deal with..................................................................................................10
SUMMARY OF ARGUMENTS...........................................................................11
Arguments advanced.............................................................................................15
Prayer.....................................................................................................................37
Bibliography..
INDEX OF AUTHORITIES
STATUTES
CASE LAWS
1.
REPORTS
Books
ONLINE RESOURCES
http://supremecourtofindia.nic.in
http://www.manupatrafast.com
INDEX OF ABBREVIATIONS
s : Section
: Paragraph
: Paragraphs
Information.
Anr. : Another
Bom. : Bombay
Mad. : Madras
N. : Note
Ors. : Other
SC : Supreme Court
Sd/- : Signed
Supp. : Supplementary
V. : Versus
STATEMENT OF JURISDICTION
The appellant humbly submits this memorandum for appeal filed before this
Honourable Court, Under S.96 Read with Order 41, R.27 of Code of civil
procedure1908.
It sets forth the facts and the laws on which the claims are based.
STATEMENT OF FACTS
1
The Great River University, a State Private University was established in the
year 2000. The university boasts of high quality infrastructure. It also provides,
to its students, uninterrupted, broadband internet connection over the campus
wide WiFi, free of charge. Every year, the university admits students to various
undergraduate and post graduate programs from the diverse sections of the
society.
During the time of admission, the university gathers students data for
administrative purposes and stores them in digital form. The data includes
personal details, past academic performance, income of parents, demographic
information, students registration / fee details, semester wise course marks /
grades details, extracurricular activities etc.
3
The university periodically updates various examination schedules, seating
arrangements, results including entrance and semester end marks / grades,
admission lists, unfair means / punitive actions etc on its website. The
information displayed on the website is accessible to all the students across the
university.
4
One of the students named Roop Singh Hajelas father Mr. D.C. Hajela lodged a
complaint via email to the university authorities alleging violation of privacy of
his son by depicting his educational performance in a poor light, thereby
making him face ridicule amongst his class fellows and academia of the
University. The email further demanded a written apology from the university
and immediate removal of the comparative analytical data displayed on the
university website. The university authorities replied back, stating that they had
merely depicted a comparative statistical analysis in general without naming
any student in particular and refused to apologize.
7
Another girl student named Songam Thyangmu Pancholas elder brother Mr.
P.T. Panchola from Ladakh, also complained to the university authorities that
his sisters identity was revealed in poor light in the above mentioned data
analysis. As a consequence, she has gone into depression and is undergoing
psychological counseling and medical treatment. He demanded an unqualified
apology and immediate removal of the data from website. He further claimed
monetary compensation against mental harassment and depression related
medical treatment.
8
The authorities refused to entertain Mr. Pancholas complaint citing such
statistical analysis to be complying with the policies of the university and stated
that the display to be in harmony with administrative guidelines.
The university refused to remove the data displayed on the website. This
resulted in the continuous harassment of the minority community students. The
students being upset with the decision of the university sat on strike in the
campus which was led by Roop Singh.
9
The university authorized the proctorial board to conduct an inquiry into the
reason behind the strike and submit a report. The proctorial board conducted an
enquiry based on principles of natural justice. The proctorial board found that
Roop Singh Hajela was guilty for involvement in promoting enmity between
different groups on grounds of religion and recommended his expulsion from
the university. Roop Singh was expelled from the university. Unable to
withstand the defamation that he and his family suffered, he attempted to
commit suicide.
10
First stage of Petition
Mr. D.C. Hajela on behalf of his son Roop Singh Hajela filed a petition to the
district Court located at Sher Garh (Dinogro State Capital). The magistrate
dismissed Mr. Hajelas petition against The Great River University due to lack
of evidence and also held that the enquiry conducted by the university was fair
and just.
Mr. Hajela appealed to Dinogro State High Court located at Bahadur Nagar
citing violation of his son Roop Singh Hajela privacy by depicting his
educational performance in a negative manner along with defamation and harm
to his physical health.
Her privacy was violated by the university website analysis and showed her in
negative colour by putting her in a category not interested in studies and
ventures on online social media sites more as per data revealed by website
analysis.
She got ostracized by her peers, fellow students and academia due to unsuitable
non sensitive generalized of analysis making a stereotype out of her. Being
singled out due to her unique identity revealed she had to face consequence by
undergoing a severe depression and medical conditions.
Both the complainants cited the Ethical Legal and Privacy violations of their
wards by the university in revealing the students identities in a negative manner
causing them mental agony and suffering, social ostracization and consequent
depression. They further wanted the High Court to direct the university
authorities to immediately remove the said statistics from their website which
was still being displayed, apologize and compensate for the mental and
physical agony their wards are undergoing.
ISSUES TO DEAL WITH
Blacks Laws Dictionary, Privacy is defined as the right determines the non
intervention of secret surveillance and the protection of individuals
information. It is split into four categories i.e,
i) Physical: An imposition whereby another individual is restricted from
experiencing an individual on a situation,
ii) Decisional: The imposition of a restriction that is exclusive to an entity,
iii) Informational: The prevention of searching unknown information and
iv) Dispositional: The prevention of attempts made to get to know the state of
an individual.
LAW IN INDIA
There is no specific legislation on privacy and data protection in India.
However, the Information Technology Act, 2000 (the Act) contains specific
provisions intended to protect electronic data (including non-electronic records
or information that have been, are currently or are intended to be processed
electronically).
DEFINITIONS
Definition of personal data
The Privacy Rules define the term personal information as any
information that relates to a natural person, which either directly or
indirectly, in combination with other information that is available or likely
to be available to a corporate entity, is capable of identifying such
person.
password
sexual orientation
any of the information received under the above clauses for storing or
processing under lawful contract or otherwise.
Biometrics means the technologies that measure and analyse human body
characteristics, such as fingerprints, eye retinas and irises, voice patterns,
facial patterns, hand measurements and DNA for authentication purposes.
REGISTRATION
No requirements.
Under the Act, if a corporate entity that possesses, manages or handles any
sensitive personal information in a computer resource that it owns, controls
or operates, is negligent in implementing and maintaining compliance with
the Privacy Rules, and its negligence causes wrongful loss or wrongful gain
to any person, the corporate entity shall be liable for damages to the
person(s) affected.
The Privacy Rules state that any corporate entity or any person acting on its
behalf, which is collecting sensitive personal information, must obtain
written consent (through letter, email or fax) from the providers of that
information. However, the August 2011 Press Note issued by the IT
Ministry clarifies that consent may be given by any mode of electronic
communication.
The Privacy Rules also mandate that any corporate entity (or any person, who
on behalf of such entity) collects, receives, possess, stores, deals or handles
information, shall provide a privacy policy that discloses its practices regarding
the handling and disclosure of personal information including sensitive
personal information and ensure that the policy is available for view, including
on the website of the corporate entity (or the person acting on its behalf).
Specifically, the corporate entity must ensure that the person to whom the
information relates is notified of the following at the time of collection of
sensitive personal information or other personal information:
A corporate entity or any person acting on its behalf is obligated to enable the
providers of information to review the information they had so provided and
also to ensure that any personal information or sensitive personal information
that is found to be inaccurate or deficient is corrected upon request. Further, the
provider of information has to be provided a right to opt out (ie he/she will be
able to withdraw his/her consent) even after consent has been provided.
However, the corporate entity will not be held responsible for the authenticity
of the personal information or sensitive personal information given by the
provider of information to such corporate entity or any other person acting on
its behalf.
TRANSFER
The data collector must obtain the consent of the provider of the information
for any transfer of sensitive personal information to any other corporate entity
or person in India, or in any other country that ensures the same level of data
protection as provided for under the Privacy Rules. However, consent is not
necessary for the transfer, if it is required for the performance of a lawful
contract between the corporate entity (or any person acting on its behalf) and
the provider of information or as otherwise specified in the Act.
The contract regulating the data transfer should contain adequate indemnity
provisions for a third party breach, should clearly specify the end purposes of
the data processing (including who has access to such data) and should specify
a mode of transfer that is adequately secured and safe.
Further, under the Act, it is an offence for any person who has pursuant to a
contract gained access to any material containing personal information to
disclose that information without the consent of the person concerned, and
with the intent to cause or knowing that he is likely to cause wrongful loss or
wrongful gain.
SECURITY
A corporate entity possessing, dealing or handling any sensitive personal
information in a computer resource which it owns, controls or operates is
required to implement and maintain reasonable security practices and
procedures to secure the sensitive personal information. The reasonable
security practices and procedures may be specified in an agreement between
the parties.
Further, the Privacy Rules provide that in the absence of such agreement reasonable
security practices and procedures to be adopted by any corporate entity to secure sensitive
personal information are procedures that comply with the IS/ISO/IEC 27001
standard or with the codes of best practices for data protection as approved by
the Federal Government. Presently, no such codes of best practices have been
approved by the Federal Government.
ENFORCEMENT
Civil penalties of up to EUR 694,450 for failure to protect data including
sensitive personal information may be imposed by an Adjudicating Officer;
damages in a civil suit may exceed this amount.
Recently in exercise of the rule making power conferred by Clause (ob) of Subsection
(2) of Section 87 read with Section 43A of the Information Technology Act, 2000, the
Central Government promulgated the Information Technology (Reasonable Security
Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011.
These Rules cater to three groups Body Corporates, Information Providers (or Data
subjects) and the Government. These rules address the:
This article aims to analyse these rules in the background of the development of
privacy and information technology laws along with a discussion on its scope,
extent and utility.
Points to remember
By this time, the European Union enacted stringent data protection laws. EU, having the
worlds most restrictive law, stated that the member states must cease to send personal
data to any third country unless such country adhered to similar laws or had other
appropriate safeguards in place. A lack of such safeguards and data protection laws was
often the reason for preventing the movement of voice processing and BPO work to
India8. This made the Government of India realize the importance of having in place a
distinctive legal regime promoting data protection. A need was felt to create the
necessary confidence among investors and foreign companies.9Thus, an amendment
was made to the Information Technology Act, 2000 and the Information Technology
Amendment Act 2008 (ITAA), was enacted.
The ITAA, 2008 inserted Section 43A10, a vital beginning to the string of data protection
laws in the country. Section 43A provided for the payment of compensation, by a person
in possession, etc. of sensitive personal data, who is negligent in maintaining and
implementing reasonable security practices and procedures and thus resulted in any
wrongful loss or wrongful gain. The Central Government was empowered to prescribe,
by promulgation of Rules, the definition and content of sensitive personal data or
information. It is in the background of Section 43A that the Rules of 2011 were
promulgated, seeking to define the content of sensitive personal data or information and
reasonable security practices and procedures apart from enlisting collection,
disclosure and protective measures.
Furthermore, the Information Technology Rules (ITR), 200911, which was a precursor
to the current ITR, 2011, provided for a comprehensive and constitutionally sound
framework for the disclosure of information. Currently the ITR, 2011 has expanded its
reach to higher levels of privacy of personal security information.
With these Rules, India has taken big strides towards bringing about strict measures to
safeguard sensitive personal information or data and has attempted to strike a delicate
balance between private liberty and public need.
1. Password
2. Financial information such as Bank account or credit card or debit card or
other payment instrument details
3. Physical, physiological and mental health condition
4. Sexual orientation medical records and history
5. Biometric information
6. Any detail relating to the above clauses as provided to body corporate for providing
service and
7. Any of the information received under above clauses by body corporate for
processing, stored or processed under lawful contract or otherwise:
8. Any of the information received under above clauses by body corporate for
processing, stored or processed under lawful contract or otherwise.
It can be observed here that clauses (vii) and (viii) appear to be of a very broad
character. It can be interpreted to include, within its ambit, a wide array of information.
The importance of a precise definition of sensitive personal information is paramount as
clauses of such broad interpretation add to the ambiguity of the scope of not only these
rules but also of Section 43A. Thus, it seems to follow that, any ambiguity in the
definition, fails to serve the very purpose of the rules, to begin with, since the whole
enactment deals with the concept of processing of Sensitive Personal Data or
Information. In order for this clause to be clearer, the definition could be amended to
include inter alia, information which is capable of personally identifying a person,
individually or when aggregated12.
A need for distinction between Personal Data and Sensitive Personal Data
Broad clauses as such, include not only Sensitive Personal Data but also other
Personal Information. It, thus, strays away from the purpose of 43A, which only seeks
to protect Sensitive Personal information. Hence, a need is felt to make a distinction
between Personal data and Sensitive Personal Data13. An ephemeral distinction of the
two concepts has been brought out in Rule 2 (which has defined Personal Information,
although it remains silent about its constituents) and Rule 4 (which ensures that Body
Corporates should have a privacy policy for Personal Information including Sensitive
Personal Information). The absence of a distinction between the two concepts seems
to be an important point in illustration with respect to the difference between Indian Data
Privacy Laws and its UK counterpart, the Data Protection Act, 199814. The latter makes
a definite distinction between the two concepts and has prescribed separate rules for
handling the two different data. The Indian Rules, on the other hand, fails to recognize
different levels of stringency with regard to collection, transfer, disclosure and handling
of Personal Data and Sensitive Personal Data.
RETENTION OF DATA
Moving on, it is but reasonable to assume that the Rules should prescribe conditions
for a safe disposal of data, after it has been used for the purpose for which it was
collected. This is supported by the conditions listed out under Rule 5 of the said Rules.
With respect to retention of data, Rule 5 spells out that the information should not be
retained for a period longer than what is required to carry out the object for which it was
collected and the information should be kept secure. Although it states that the body
corporate cannot retain any information for longer than is required16it is essential for
the rules to include a retention period after which the data is to be destroyed. On a
prima facie reading of the rules, the interpreter is rightly under the impression that they
were formulated, primarily, for the data collected virtually vis a vis online as these
rules fall under the Information Technology Act. In line with this thought, the above
contention of including a retention period is justified because more often than not
websites hold archival data. Hence, it is imperative that the rules contain such
provisions that would also include a procedure to delete and destroy the data making
retrieval impossible.17
But, the rules fail to clearly distinguish between the provider of information and
individual to whom the data pertains which gives rise to a lot of uncertainty on a prima
facie reading of the rules.
In addition, Rule 5(3), falling in line with Article 619of the EU directive, says that the body
corporate or any person on its behalf shall take such steps as are, in the circumstances,
reasonable 20to ensure that the person concerned is aware of the fact that the
information is being collected, the purpose for which it is being collected, the recipients of
such information, etc.21The phrase in Rule 5(3) uses convoluted language instead of
using simple phrases like take reasonable steps reasonableness has generally been
interpreted by courts contextually.22The Supreme Court in Water Supply and Sewage
Board v. Unique Erectors (Guj)23has observed that in law, prima facie meaning of
reasonable in regard to those circumstances of which the actor, called upon to act
reasonably, knows or ought to know.
Disclosure of Information
Rule 6 states that prior permission of the provider of information has to be obtained
before disclosure is made to a third party and any third party receiving such information
It is essential to improve the definition of Rule 6 and make its provisions more
stringent. By stating that the disclosure of information requires prior consent from the
provider of such information, this rule seems to have left the ends open. In cases
where the consent is granted online, it cannot be clearly determined whether the
person granting the consent is the provider of information, the data subject himself or
some other third party.
If the information of a person is being transferred to a third party for a different purpose, it
looks to be right to be done only with the knowledge of the data subject. It does not
suffice if the provider of information, who may be a party other than the data subject, to
grant consent for the same. This may lead to a misuse of information in three party
cases. For example, A provides sensitive personal data of X to Company B, upon the
consent and knowledge of X, to carry out a particular transaction. Later, Company C
approaches A for the personal information of X, to process a separate transaction. In
such a situation, it seems unreasonable for A to give out personal information of X
without the consent of X. Thus, this rule should be modified to impress upon the consent
of the data subject himself. It is pertinent, here, to draw the readers attention to
Schedule 2 of the Data Protection Act, 1998. It specifies that the consent of the data
subject is essential for the transfer of information wherein the data subject has been
defined as an individual who is the subject of personal data. This concept must be
incorporated into these Rules in question.
government has to make a written request stating the purpose for seeking such
information26. Thus, the rule raises issues of personal privacy infringement.
At this point, it is pertinent to look at the interpretation of Right to Privacy by
various competent Judicial Institutions so that the importance of adopting
procedural safeguards against privacy infringement can be well established. .
In the landmark case of Kharak Singh v. State of UP27, the learned judges have
recognized the inclusion of Right to Privacy within the ambit of Article 21 of the
Constitution, viz. Right to Life. It has been stated that,
It is true our Constitution does not expressly declare a right to privacy as a fundamental
right, but the said right is an essential ingredient of personal liberty. The pregnant
words of the famous Judge, Frankfurter J., in Wolf v. Colorado28, pointing out the
importance of the security of ones privacy against arbitrary intrusion by the police, could
have no less application to an Indian home as to an American one.. Justice Frankfurter
said nothing is more deleterious to a mans physical happiness and health than a
calculated interference with his privacy.
Courts have repeatedly taken a persons and not places emphasis in interpreting
the right of privacy29, rejecting views that privacy is tied to property interests30. A
clear shift from person to place was enunciated in the American Supreme Court
case of Warden v. Heyden31)
In the Naz Foundation Case32, it was found that the State cannot invade the privacy of
citizens based solely on consideration of public morals. The court also said that the
right to privacy has thus been held to protect a private space in which man may become
and remain himself.33
With respect to information in public domain, the Supreme Court, in the case of
Rajagopal alias Gopal v. State of Tamil Nadu34held that there is no protection for
personal information in public records, and protection of privacy for persons who have
voluntarily placed themselves in the public eye is reduced. Vishwanathan35considers
that the Supreme Court in Rajagopal, for the first time, articulated the twin pillars of
privacy law in India.
From the above, it seems that most of the courts have acknowledged the
importance of Right to Privacy. Thus, it is vital that the rules provide for procedural
safeguards against unauthorized disclosure of information and maintenance of
constitutional levels of privacy even against the Government.
CONCLUSION
The object of any statute or rule is to prevent mischief and promote the object. The virtue
of a statute or rule is certainty and clarity as opposed to ambiguity and vagueness. The
quality of any statute or rule has to be judged on these yardsticks.
In an attempt to clarify some of the ambiguities arising out of the provisions of these
rules, the Indian Government issued a clarification which allays fears as to the
Jurisdiction and effect of the rules on companies outsourcing to India. The Ministry has
clarified that the Sensitive Personal Data Rules apply only to body corporates or persons
located within India. Furthermore, it has provided some clarity regarding the realm of
Rules 5 and 6 stating that any body corporate located in India, which provide services
relating to collection, storage, dealing or handling and processing sensitive personal data
or information under contractual obligation with any legal entity (located within or outside
India) is not subject to the requirement of the above rules36. While the Press Note
appears to resolve a few immediate concerns it leaves many questions regarding the
handling of sensitive personal information unanswered.37
Freedom of expression is guaranteed under Article 19(1) (a) of the Indian Constitution. Restrictions on
the exercise of the freedom of expression are found in Article 19(2) that can be enforced by the State
and are in the interests of sovereignty and integrity of the State, the security of the state, friendly
relations with foreign states, public order, decency or morality, or in relation to contempt of court,
defamation or incitement to an offense.1 When considering the right of freedom of expression and the
right to privacy, traditionally there has always been a fundamental question about the relative weight of
privacy and expression. An open democracy values a person's right to express opinions even when it
conflicts with another's right to privacy. For example, who donated to whose campaign to which
celebrity is getting married where. At the same time, restrictions like national security or public
interest can detract from both expression and privacy. The freedom of expression has been seen by
certain people as a counter to the right to privacy of the person whose information is being disclosed
(expressed) by the other party, it is interesting to note that the right to privacy was actually derived in
part from the right to freedom of speech. In the case of Kharak Singh v. The State of U.P.,2 the
Supreme
Court for the first time recognized that citizens of India had a fundamental right to privacy which was
part of the right to liberty in Article 21 as well as the right to freedom of speech and expression in
Article 19(1)(a), and also of the right of movement in Article 19(1)(d). This line of thought has recently
been approved again by the Supreme Court in District Registrar and Collector, Hyderabad and
another
v. Canara Bank and another.3
Broadly, the right to the freedom of expression impacts the right to privacy in negotiating:
1.) To what categories of data should the freedom of expression be limited in order to protect
privacy.
2.) In which context will freedom of expression impinge on privacy.
3.) In what circumstances is it necessary that an individual be provided the right to privacy in order
to protect the freedom of speech.
Violations of privacy that can result because of an expression are most commonly understood as
privacy torts and include: (a) intrusion into an individuals personal affairs including public disclosure
of a person's private life (b) publicity which places an individual in false light in public, and (c) use of
an individuals own name for commercial purposes commonly understood as the right to publicity.
Examples of circumstances in which the freedom of expression needs to be negotiated with the right to
privacy include:
a) Public Interest: In what circumstances does disclosure of information in the public interest
outweigh an individuals right to privacy. The term public interest however has deliberately
been left anomalous by the Courts in India although it has been described as something more
than mere idle curiosity.7 The fact that the term public interest has not been clearly and strictly
defined acts as a serious threat to the right to privacy since the bogey of public interest can be
raised anytime to attack this right. The Courts have however tried to find an optimal balance
between the two issues and by not defining the term public interest the Courts have eliminated
the need for frequent amendments to keep it in line with the changing norms and perceptions of
society.
b) Public Persons: In what circumstances should expression be limited in order to protect the
privacy of persons in the public sphere. In India this question has been partially defined by the
Right to Information Act under section 8, but the Act does not bring under its scope public
figures who are not government employees such as cricket stars, actors/actresses, and other
celebrities. Although the commercial exploitation of the images and celebrity of such public
persons can be protected to some extent under the existing intellectual property regime such as
trademark law as well as copyright law,8 the Delhi High Court has recognized that the right to
publicity has evolved from the right to privacy.9
ONLINE SPEECH
The above framework of privacy has mostly been developed in the
background of the real world
however this framework is being constantly challenged and tested in
the modern world with the high
pervasiveness of the internet and social networking websites. For
example, in what circumstances does
a comment online or a picture posted online violate the privacy of
another individual.
Today the internet has made privacy an integral part of realizing the
right to free expression. For
example, governments are putting in place censorship regimes that do
not only restrict online speech,
but also seek to identify the source of the speech. In this way, the right
to anonymous speech has
become a contested issue globally. The internet is also making the line
between speech expressed in the
private sphere vs. speech expressed in the public sphere more difficult
to define.
Some of the major issues that the internet throws up with regard to the
right to privacy are:
Right to be Forgotten: The internet never forgets! This single line encapsulates one of the
gravest concerns for privacy advocates vis--vis the internet and the online world. In what
circumstances can an individual require the deletion of information pertaining to them that
has been circulated in the public domain. Although the right to privacy in the non online
world has been described as the right to be left alone that may not exactly translate into a
right to be forgotten. In Spain there was a case where a person was arrested and the fact that
he had a criminal record was publicized on the internet as well. In this case the court ruled
that he had a right to be forgotten. The new draft EU Regulations have expressly talked
about the right to be forgotten by including a right to demand the deletion of data no longer
required for the purpose for which it was collected. However in India, the debate on data
retention and the right to privacy has not yet reached such a level and data retention and
verification requirements are still governed more by national security requirements rather
Calculation of Harm: Another issue regarding privacy and the online world is how do you
calculate harm being done by breach. If a slanderous comment is left on your facebook
page, assuming it is a public space, how would you calculate the harm done by such a
comment. If your data retained by a data controller is lost or leaked to some other party, can
this loss be quantified to be compensated in terms of money? Or does the person have to
wait till some financial loss is caused to him/her to file a claim against the data controller.
Verification and Quality
Any report or article that is of public interest and benefit, but that contains comments against a
citizen should be checked by the editor of the publication for factual accuracy. If inaccuracies are
found, they should be corrected by the editor. Any document that forms the basis of a news report,
should be preserved at least for six months in order to allow for facts to be checked. 20 Newspapers
should not publish anything that is manifestly defamatory or libelous unless the publication will be
for the public good21. Personal remarks which can be construed to be derogatory against a dead
person should not be published.22
Although these Norms provide for a number of guidelines, not all of them are followed by the media on
most occasions, for example the norms provide that particulars relating to the identity of rape victims
should not be revealed by the media. However in the gang rape case now popularly referred to as the
Nirbhay Rape Case the media revealed a large amount of personal details of the victim such as the
college she was studying in, her course, which semester she was in. Similarly in the rape case of an
NLSIU student in Bangalore, the media released details such as her nationality, her college, which year
she was studying in, etc. Such details are more than enough for any person acquainted with the women
in present or future to identify them which is clearly a violation of the Norms of Journalistic Conduct as
well as the intent of the laws protecting the identity of rape victims.
The guidelines impact both privacy and freedom of expression as on one hand the guidelines seek to
prohibit the posting of content including content that violates individual privacy, and at the same time
the guidelines require intermediaries to hand over information, including personal information, to law
enforcement agencies when requested. Since it makes intermediaries liable to hold information to help
law enforcement agencies after a takedown notice, it will encourage them to place restrictions on
anonymous and pseudonymous speech.
Among other content, individuals are not allowed to host, display, upload, modify, publish, transmit,
update or share information that:
1. Belongs to another person or to which the user does not have any rights; -This protects the
privacy of persons whose information may have been taken by a third party and uploaded
without the consent of the owner of the information.
2. Is harassing; defamatory or libellous; pornographic; pedophilic; invasive of another's
privacy; disparaging. This specifically prohibits sharing of information which is invasive
of someones privacy. On top of that defamatory or libellous acts have also been considered
by certain people as violations of the right to privacy.
3. Is deceptive or misleading; impersonates another;35 Information which impersonates
someone else can be seen to invade the privacy of the person who is being impersonated
since it is his/her identity which is being utilised without his/her consent.
R. Rajagopal v. State of T.N.15 (1975)
What remedies can a citizen of India claim in case of infringement of his right to privacy and
further if such writing amounts to defamation?
The right to privacy as an independent and distinctive concept originated in the field of Tort
law, under which a new cause of action for damages resulting from unlawful invasion of
privacy was recognised. This right has two aspects which are but two faces of the same coin (1)
the general law of privacy which affords a tort action for damages resulting from an unlawful
invasion of privacy and (2) the constitutional recognition given to the right to privacy which
protects personal privacy against unlawful governmental invasion. The first aspect of this right
must be said to have been violated where, for example, a persons name or likeness is used,
without his consent, for advertising or non-advertising purposes or for that matter, his life story
is written whether laudatory or otherwise and published without his consent as explained
hereinafter.
Although cases such as R. Rajagopal and others thereafter have clearly held that the constitutional
scheme of our country does not countenance a prior injunction on the basis of violation of the right to
privacy, they did not specifically address whether such an injunction could be granted under tort law,
however the fact that the Court in PHOOLAN DEVI V. SHEKHAR KAPOORAND Ors.(1994) case has
entertained and allowed the application for a prepublication injunction makes it clear that such an
injunction can be sustained in the realm of tort law.
Conclusion:
The freedom of expression and privacy in many ways support each other, as the right to express an
opinion or thought freely often is protected by providing the individual the privacy to do so. In the
context of the media, the right to privacy can be violated by press coverage both online and offline.
There are many new ways in which the right to privacy and the freedom of expression relate to each
other which have not been addressed strongly in Indian legislation, policy, or case law. For example the
taking of photographs by individuals (not the press) has not been addressed, the ability for individuals
to issue comments anonymously offline, and the right to be forgotten online and offline have not been
addressed. These issues are being addressed by many countries and at an international level. For
example, the EU has proposed an amendment to the EU directive that would require companies holding
data to allow users to withdraw the information from websites. The amendment, known as the Right to
be forgotten would give users the power to tell websites to permanently delete all personal data held
about them. Websites would be held legally accountable and would face sanctions if they did not
comply. Additionally, users would also have to explicitly opt-in before companies could use or
process their personal data.60 The right to anonymous speech is also being fought for at an international
level. Frank La Rue, special rappatuer to the UN, has issued a report on Freedom of Expression and
Privacy, where he specifically promotes the ability of individuals to speak anonymously online and
offline as a key to protecting the right to free expression and the right to privacy. In his report he points
out that when states do not allow anonymous speech and censor material online, the privacy of the
individual is often violated as the state not only want to take down the content that was posted, but
wants to identify the person that posted the content.61 Anonymous speech is clearly prohibited in India
in the context of online speech, but anonymous speech is not regulated in the media, as sources are
often not identified in news coverage.
PRAYER
In the light of arguments advanced and authorities cited, the counsel for
good conscience.
For This Act of Kindness, the Appellant Shall Duty Bound Forever
Pray.
Sd/-
TEAM CODE:
SLS026