PIL TO BAN ZOOM APP: A CALL TO INTRODUCE PRIVACY LAWS IN INDIA

Aastha Singh

Aug. 07, 2020

What is guaranteed under the Right to Privacy? These are the questions which befuddle our minds. For understanding,‘Privacy’ is the freedom from scrutiny of unauthorized parties and ensures that the remote control to share our personal information with third parties is in our hands.So, is it guaranteed under the Constitution of India? Yes. Right to Privacy is a derived right guaranteed under Article 21 as an essential to Right to Life and Personal Liberty and Article 19 Freedom to Speech and Expression

We often hear “Right to Privacy” on a daily basis but what is the anatomy of this Privacy? What is guaranteed under the Right to Privacy? These are the questions which befuddle our minds. For understanding,‘Privacy’ is the freedom from scrutiny of unauthorized parties and ensures that the remote control to share our personal information with third parties is in our hands.So, is it guaranteed under the Constitution of India? Yes. Right to Privacy is a derived right guaranteed under Article 21 as an essential to Right to Life and Personal Liberty and Article 19 Freedom to Speech and Expression. But the journey to succeed in obtaining this right was protracted by hurdles and wasarduous.The landmark judgment in the case of K.S Puttaswamy v. UOI overruled Kharak Singh v. State of U.P to uphold Right to Privacy as a Fundamental Right enshrined in article 21. But the battle isn’t over, it was observed in the case of KhushwantSingh AndAnr. vsManeka Gandhi that right to privacy couldnot be invoked against private party.It can be concluded that right to privacy is not patently granted by the Constitution but has to be read with other fundamental rights which are subjected to reasonable restrictions granted by the state. But it leaves us with the question that whether this right protects our privacy online? International Human Rights recognizesPrivacy as an essential part of Human Rights at international levelin different dimensions as
Privacy of person
Privacy of personal behaviour
Privacy of personal communication
Privacy of personal data

Today, a major part of our life has been shifted online. Success of business depends on technological adaptation and this has led to sharing of our personal data to these websites or businesses. The information provided by the user must only be used for the purpose which it has been collected for and otherwise, but the information collected is used, processed, exploited and sent to various other authorities or organization without the permission of the user. However, there are some proxy legislatures which serve the purpose of cyber protection laws in India such as IT Act 2000, Indian Telegraph Act of 1885 (amended in 2017), Indian Copyright Act of 1957, but in the absence of any specific data privacy law in India, the gap between online protection and lack of comprehensive law dedicated to identify and comprehend sensitive private data from public data and lack of guidelines that must be followed in storing and processing data to ensure Data Transparency leaves us susceptible to cybercrime and misuse of sensitive data online.
In this era of virtual reality such lacuna in the laws leaves us vulnerable to cyber bullying and this has been witnessed recently through the rise of video conferences on the Zoom. During this pandemic ZOOM, a US based application, has become a source of virtual workspace to a number of sectors including education, official working of High Courts and private sectors. However, recently Harsh Chug, a private tutor, filed a PIL in the Court to ban ZOOM app for its non-compliance to data protection standards and leaking information and videos online.

The Petitioner in her 41 pages long PIL has contended that the policy of ZOOM app is in violation of Right to Privacy guaranteed underarticle 21 of the Constitution and justified that the policy of data collection and storage without letting the users know violates the Fundamental Right. Furthermore, Zoom bombing, whereinstrangers join the meeting and behave inappropriately or hack the meeting to show indecent content has led to cyber bullying and harassment. In the light of the recent events, the Cyber Co-ordination Committee and the Indian Ministry of Home Affairs(MHA) issued a circulation enumerating as to how the app is a threat to privacy and unsafe for official purposes in public. The same has been confirmed by many international investigations such as Motherboard (Tech by Vice), Washington Post, Sixgill that the vaguely designed security of the app has led to leaking of videos, chats, e-mail addresses, passwords and private conversations of people online. The petitioner further annexed the true copy of a report that shows that the app sends the information of users to Facebook via the app's interaction with Facebook's Graph API. Elon Musk recognized the existence of the potential threat to privacy and security and prohibited the use of the app among his employees.

The flaws and bugs in the security operation of Zoom have also been confirmed by the CEO of Zoom app, Eric S Yuan, whohas publically apologized for the leak of some videos online. The Petitioner further stated that security issues have a pan-India effect and are of an urgent nature, addingthat owing to the lockdown a representation to this effect could not be made. In addition to violation of Fundamental Right, the app is also in intervention of a number of rules of Information Technology (Procedure and Safeguards for Interception, Monitoring and Decryption of Information) Rules, 2009. It directly tampers with Section 43 and Section 43A of Information Technology Act of 2000, which states that in cases where any person responsible for computer operation extracts the data or publishes the data intentionally without the knowledge of the user, is liable to pay damages and compensate for acting negligently in order to protect personal data which he/she is bound to protect.

Keeping in mind that the said provisions call for intervention of the Court on an urgent basis, in the view of growing popularity of the app during the lockdown and unawares of the users of such threats in daily life, the Supreme Court after the preliminary hearing of the PIL, issued a four week notice to the Centre to reply on plea.

The race to make India digitally smart and globalization has comprehensively changed the outlook of storing information and managing data. Data-matching and storing of data on cloud poses a threat not only to private persons but also togovernment offices. Development in technology has contributed to advancement in daily life, making the work easier through access to pool of information online, however, the of lack of any act solely dedicated to ensure privacy online is a major drawback of developing economy. More than 130 countries have a legislature for data protection and India being listed at 3rd place in the last count of countries with most reported cybercrime,is lagging behind in terms of advancement in laws. However, the government took some steps towards framing laws for data protection and privacy and introduced Data Protection Bill in 2019 on the basis of the recommendation given by the committee led by Justice B. N. Srikrishna and Personal data Protection Bill of 2018. Unfortunately the bill has yet to be passed by the Parliament to gain assent of the President. This was not the first attempt to draft a law in order to introduce Privacy laws in Indian legislation. In 2014,the Standing Committee on Information Technologyreleased a report on Cyber Crime, Cyber Security and Right to Privacy, under the chairmanship of Mr. RaoInderjit Singhwhich highlighted the need and urgency for framing Privacy laws in India through establishment of National Critical Information Infrastructure Protection Centre and recommended amendments in the IT Act.However, the recommendations never came to daylight and remained dormant.

Reading the lines of the new Data Protection Bill of 2019, it appears to be a crude transcript of General Data Protection Regulation (GDPR). However, the bill is highly criticized for its authoritarian provisions and introducing government surveillance in the private lives of the citizens. Furthermore, the provisions fade into criticism for not differentiating between private and public data, leaving the provisions murky and intention of the government dubious. The Bill ultimately does not meet the needs and concerns of the citizens to protect their privacy from being infringed at the hands of big companies and further adds to the anxiety and bewilderment by enabling the government to access the information of private individuals at their will. Thusmaking the present scenario worse by occupying a leadership position in a democratic nation. The recent PIL filed provides an opportunity to the government to look into the fallacies of the current data privacy laws and to make requisite amendments in the Data Protection Bill, 2019, regarding the access and usage of data of private individuals by the government or any organization.