Interpretation of Right to Privacy Laws in the Era of Surveillance Technologies

AUTHOR: ISHAS SAWALAKHIA, SYMBIOSIS LAW SCHOOL, NOIDA

Development of surveillance technologies across the world has immensely influenced privacy law's interpretation and implementation. This paper examines the changing legal frameworks governing the right to privacy in the digital era through an examination of challenges posed by technologies like face recognition, data mining, malware, and biometric monitoring. This article discusses crucial legal precedents, such as Carpenter v. United States and Puttaswamy v. Union of India, to prove how the judiciary strikes a balance between individual privacy rights and national security considerations. Comparative studies on international privacy legislation, such as the GDPR, the sectoral model used in the United States, and India's planned Personal Data Protection Bill, require stronger regulatory procedures. Through example studies like China's Social Credit System and the Pegasus spyware incident, the paper also evaluates practical consequences. Main policy proposal objectives are legislative protections that must be enhanced, judicial supervision fortified, and openness in methods of monitoring encouraged. Because technology advances faster than laws, there is a need to set a robust legal framework that would protect basic rights of privacy and yet tackle the concerns over security issues. This Article supports a fair and rights-based approach to regulation, adding to the continuing conversation on privacy in the era of digital surveillance.

The rapid development in the technology of surveillance has influenced the international concept and practice of privacy laws. The relevance of privacy laws, therefore, exists to protect the personal information of individuals from being misused or interfered with by governments and organizations. The evolution of such laws has been in comparative gears of time with the fast-changing world of technology and increased strength and emphasis upon the means of surveillance. Thus, today, surveillance technologies like spyware, face recognition software, CCTV cameras, and data mining are becoming common. Certainly, all these mentioned technologies are one with quite a few merits, including public safety, prevention of crimes, and security. However, they also pose grave threats to the civil liberties and privacy of individuals. Wherever surveillance technologies are immensely used, personal information may be collected, stored, and processed without prior approval, and often even without the subject's knowledge or consent.

The legal systems within many jurisdictions contain somewhat diversified laws relating to privacy and surveillance. The protection of privacy is viewed as a basic right at the United Nations and other international human rights standards. National laws have made their balancing between the right to privacy with the need to be assed about security and safety. While for example, the European Union's General Data Protection Regulation sets a high level of protection for personal data, the attitude and regulation of the United States toward privacy concerns have been described as "a patchwork system of federal and state legislation.". The challenge is how to balance individuals' right to privacy with the benefits of monitoring technology. This requires deep understanding, not only of the legal parameters that surround their use but also of their technological capabilities. Preserving private rights demands nothing less than sustained vigilance and proactive effort on the parts of legislators, regulators, and society as a whole as the monitoring technologies progress.

In this respect, an approach of research into the laws on privacy and technologies of surveillance is imperative, not to say indispensable. This text goes one step further in arguing how the letter of the law may change in the future so as to meet technological changes and protect this basic right of privacy against routine surveillance.

The concept of privacy has evolved over the centuries. Early laws on privacy were often related to physical privacy and property rights. The protection from arbitrary searches and seizures by the government against citizens under the Fourth Amendment of the United States Constitution, which was established in 1791, is among the earliest legal recognitions of privacy. It set the legal landscape for considering the view of privacy as a basic right. Samuel Warren and Louis Brandeis argued the legal validity of privacy as "the right to be let alone" in their seminal article "The Right to Privacy," published in the Harvard Law Review in 1890.

A number of landmark court cases have moulded the application and meaning of the rules of privacy. Of the most influential findings was the case of Griswold v. Connecticut (1965), which established a constitutional "right to privacy" implied by the Bill of Rights. The court invalidated a Connecticut law against the use of birth control, invoking a right of marital privacy. Another critical case is Roe v. Wade (1973); it further expanded the right to privacy, adding a woman's right to decide upon an abortion. The Supreme Court reasoned that the woman's right to choose to abort her pregnancy falls within the ambit of the right to privacy conferred on a woman by the Fourteenth Amendment. This decision has huge implications both for reproductive rights and for privacy. One of the most important cases of the digital era is Carpenter v. United States, 2018. The Supreme Court ruled that to obtain cell-site location data from past cell phones, the government needed to obtain a warrant. In doing so, this decision recognized Fourth Amendment sheltered digital information, which can reveal private information about an individual. This decision underlined how laws on privacy must catch up with reality and modern technology.

These landmark decisions bring out how legislation about privacy is evolving and how it has adapted with new issues raised by technological development. It points out the role played by the judiciary in interpreting and expanding the rights to privacy by attempting to confront modern-day problems.

Other developments in this field of privacy protection took place in the early years of the 20th century. One such major development toward regulating unfair or deceptive practices, especially those involving privacy, was the establishment of the Federal Trade Commission in 1914. Since then, the FTC has played a very active role in enforcing privacy laws and protecting consumer rights. The mid-1900s brought with them a chorus of articulating specifics about privacy laws. In 1948, the United Nations Universal Declaration of Human Rights included privacy as one of the basic human rights. Indeed, the declaration stated, "no one shall be subjected to arbitrary interference with his privacy, family, home, or correspondence" (Article 12). This international recognition put a stamp on the importance of privacy on the world stage.

The technologies of surveillance have immensely improved, providing a wide array of tools used both for the purpose of monitoring and collecting data. The following are some of the most common types.

1. CCTV- Closed Circuit Television:

   Description: These cameras send signals to a particular place on a small set of monitors using video cameras. Thus, CCTV systems are widely used for the purpose of security in public places, businesses, and homes.

   Impact: CCTV cameras discourage crime and are useful in investigations. On the other hand, knowing their presence everywhere sends a creepy feeling of being watched anywhere, anytime, and may lead to abuses of such.

   
   

2. Facial Recognition Technology:

   Description: FRT is a technology that uses pictures or videos to detect facial features and trace the identity of an individual. Applications range from the unlocking of smartphones to law enforcement.

   Impact: While the FRT has a positive impact on security and smooths processes, it also comes with considerable privacy risks. Misidentification and other biases within the facial recognition systems lead to wrongful arrests and discrimination.

   
   

3. Data Mining:

   Description: Data mining can be defined as an analysis of a large dataset in order to find patterns and relations. Data mining could be applied in market analysis by businesses or even governments for surveillance.

   Impact: There, data mining will lead to sensitive information about any individual and may further lead to the invasion of privacy. Aggregated data coming from different sources can generate detailed profiles relating to particular individuals without their consent.

   
   

4. Spyware:

   Description: Spyware is an information-gathering software that works in secret from the user of the device. It could be used by governments for surveillance or by malicious actors for espionage.

   Impact: Private data, messages, e-mails, or location information can be reached by spyware, and severe privacy threats may be posed. A number of high-profile attacks have shown the dangers of such technologies: Pegasus spyware scandal.

   
   

5. Biometric surveillance

   Description: These include technologies that apply physical features like fingerprints, scanning of the iris, and voice to identify living things.

   Impact: Biometric data is sensitive, and the possibility of it being compromised may lead to identity theft and other privacy violations. Thus, the application of biometric surveillance to public space raises a number of concerns both at the ethical and at the legal level.

Case Studies: 

1. Pegasus Spyware scandal

   Overview: The Pegasus-NSO malware is used to hack people's phones at the orders of governments and track down their activities. It is an Israeli spy software that can convert the smartphone into surveillance devices by invading all the data on the phone; it can even use the camera and microphone without the person realizing it.

   Impact: It put the misuse of surveillance technologies in the crosshairs of the world and raised a hue and cry for stricter regulations. It has underlined the fact that personal devices are heavily vulnerable to sophisticated spyware and have great potential for abuse by state actors.

   
   

2. China's Social Credit System:

   Overview: The social credit system is a Chinese method of monitoring, tracking, and rating the activity of its citizens through a combination of CCTVs, facial recognition, and data mining. It considers scores according to financial behavior, social interaction, and law compliance.

   Impact: Though the system is aimed at maintaining social order based on trust, it has been said that the initiative has been against privacy and human rights. The height of surveillance and data accumulation has provoked complaints against the interest of the State to control without transparency and accountability.

   
   

3. Carpenter v. United States:

   Overview: The case was landmark on government access to historical cell phone location data without a warrant. The U.S. Supreme Court held access to such data constitutes a search under the Fourth Amendment, which requires a warrant.

   Impact: Given the understanding that today's surveillance technologies can disclose intimate details about the lives of individuals, the decision will probably have significant implications for digital privacy. It merely emphasizes the fact that the law should move with the times, or rather technology.

   
   

4. Ring of Steel in London:

   Overview: London is virtually walled around something rather hauntingly termed the "Ring of Steel" and boasts one of the most comprehensive CCTV networks in the world. It's mainly used in relation to monitoring public spaces for the purpose of preventing crime, especially amidst terrorist attacks.

   Impact: Though effective in enhancing security, the system raised a number of debates on the balance between public safety and privacy. Critics argue that such consistent surveillance may come into the role of the proverbial 'surveillance state' in which 'people know they are always liable to be observed'.

   
   
   
   
   
   

International Privacy Laws and Human Rights Standards:

International human right law provides a robust framework for the protection of privacy. This right is enshrined in a number of key international documents. Article 12 of the Universal Declaration of Human Rights (UDHR) reads: "no one shall be subjected to arbitrary interference with his privacy, family, home or correspondence, nor to attacks upon his honour and reputation". Article 17 of the ICCPR similarly asserts the same and demands protection against illegal interference in privacy.The United Nations has been proactive to address the concern on privacy in the digital age. Since 2013, the UN General Assembly and the Human Rights Council have adopted several resolutions on the right to privacy. These resolutions emphasize the fact that the rights of people should be the same both online and offline by giving prominence to the right of privacy. The last resolution passed by the Human Rights Council in September 2019 reaffirms the three requirements of legality, necessity, and proportionality of interference of privacy.

Article 8 of the European Convention on Human Rights provides the right to respect for private and family life, home, and correspondence. The American Convention on Human Rights also provides protection for privacy under Article 116. The regional instruments provided complementary layers of protection, as well as led to the development of national legislation on privacy.

Comparative Analysis of Privacy Laws in Different Countries

They vary significantly from one country to another. They could vary significantly depending upon the legal traditions, cultural values, and levels of technological advancement of different countries. Below is a comparative study on privacy laws in some key jurisdictions:

1. European Union (EU):

   GDPR: GDPR is believed to be one of the most stringent data protection laws in the world. It affords an individual many rights with respect to his personal data. With this regulation, people have the right to access, rectify and erase their data. Organisations have to receive explicit consent before processing any data at all and, in case of a breach, they must notify the parties involved within 72 hours.

   
   

2. United States (US):

   Sectoral Approach: There is no all-inclusive federal privacy law in the US. The US follows the sectoral approach through laws such as the Health Insurance Portability and Accountability Act (HIPAA) regarding health-related data, the Children's Online Privacy Protection Act (COPPA) regarding children's data, and the California Consumer Privacy Act (CCPA) is one of the state laws with broader protection than the CCPA.

3. China:

   The Personal Information Protection Law: enacted in 2021, PIPL is China's first comprehensive data protection law. It controls the collection, use, and storage of personal data by highlighting consent and sensitive information protection. The law also prescribes provisions with respect to cross-border transfers of data.

   
   

4. India:

   Personal Data Protection Bill: India is currently engaged in the ratification of its Personal Data Protection Bill, which aims at setting a framework for data protection and privacy. The Bill contains provisions concerning data localization, consenting before the transfer of data, and set up of a Data Protection Authority.

   
   

Balancing National Security and Privacy

Government Justifications for Surveillance for National Security:

The chief justifications for the surveillance policies of the state in India are public order, national security, and crime prevention. The IT Act 2000 and the Indian Telegraph Act 1885 are the two landmark legislations that form the bedrock of the legal architecture of surveillance in India.

Indian Telegraph Act, 1885: Listening or interception is allowed in the Telegraph Act under the provisions of Section 5(2) if the issue of public importance arises relating to public order, amity with foreign states, sovereignty and integrity of India, or to prevent an incitement of crime. In the case of national security, this section has been quoted as the ground to justify the over-hearing of telephone calls and other letters.Information Technology Act, 2000: Section 69 of the IT Act gives power to the government for monitoring or interception of any information, generated, transmitted, received, or stored in any computer resource if such monitoring or interception is necessary for protection of defence of India, its sovereignty and integrity of India, friendly relations with foreign states, public order, or for preventing incitement to commit any offence which is cognizable under the Code. This provision gives quite a wide mandate to electronic monitoring, which includes internet communications.Government surveillance: One of the most recent examples of this can be seen in the Pegasus spyware incident, wherein a huge scandal came to light showing that the Indian government had used spyware to surveil journalists, activists, and political rivals. The government argued for its actions by emphasizing national security grounds and the need to combat terrorism and other serious threats. However, this incident instilled significant concern about lack of transparency and accountability towards the use of surveillance technologies.

Role of Courts in Balancing Privacy and National Security

The Indian judiciary is, thus, quite vital to maintaining that balance between protection of individual rights to privacy and the imperative need for national security. In this regard, the Indian Supreme Court has acted like a powerful interpretive authority in construing the legitimacy of surveillance measures and seeing to it that they are in conformity with legal norms and principles of human rights.In the landmark case of Puttaswamy v. Union of India (2017), the Indian Supreme Court held the right to privacy as one that is directly enshrined in the Indian Constitution. It emphasized that all invasion of privacy is required to meet three conditions: legality, necessity, and proportionality. Since each invasion into privacy needs to be justified by the government, this ruling impacts the nature of surveillance activities significantly.

Warrants and Judicial Review: It goes without saying that the judiciary should keep a watchful eye over all surveillance activities. Approval by some competent authority, usually the Union Home Secretary, of monitoring requests and periodic review thereof by a review committee have been conditions mandated by the Supreme Court5. This ensures that monitoring has a rationale and is done in a manner that respects the right of individuals to privacy.

The courts too have intervened, with the scrutiny and annulment of those surveillance programs that have been adjudged illegal. One such case is that of Manohar Lal Sharma v. Prime Minister of India, where courts have focused on transparency and accountability in surveillance operations and called for an inquiry into the use of Pegasus spyware.

Balancing Act: The role of the judiciary here has been to ensure that surveillance measures respect people's right to privacy but not at the cost of success in resolving matters of national security. For this purpose, it has used a delicate balancing act where the concepts of need and proportionality are employed to avoid arbitrary and disproportionate monitoring.

To address the privacy issues these emerging surveillance technologies will pose, several policy measures can be recommended especially for the Indian scenario:

1. Strengthening Legal Frameworks:

   Description: India does need comprehensive data protection legislation for the very reason that surveillance technologies pose particular risks to the nation. Therefore, the new bill on personal data protection needs to be passed in a way that encompasses transparency, accountability, and will of the user.

   Recommendation: The law shall mandate that data protection practice is to be strict data protection measures including data minimization, purpose limitation and right to access and rectify personal data. It shall be complemented with an independent Data Protection Authority in charge of the monitoring compliance and redress mechanism.

   
   

2. Strengthening Judicial Oversight:

   Description: The judiciary needs to oversee all courts effectively to prevent the misuse of technologies for surveillance. For this purpose, any surveillance request must be sent to a court for the pronouncement of whether the request is justified and proportionate.

   Proposal: Specialized courts or tribunals either at central or state level dealing with surveillance cases will ensure it is overseen timely and in an effective manner. Frequent audits and transparency reports must be met to ensure public trust is there.

   
   

3. Promoting Transparency and Accountability:

   Explanation: Government usage of surveillance technologies must be open in the public eye. Government agencies must offer clear accounts of their surveillance tool usage and data collection.

   Recommendation: The creation and publicizing of protocols restricting the use of surveillance technologies and data must be carried out. Accountability - Public disclosure, along with external audits, can go a long way in engendering trust.

   
   

4. Protection of Biometric Data:

   Description: Biometric data is sensitive, and securing it against misuse or breach requires strict measures.

   Recommendations: Biometric data should be put under higher levels of encryption and storage protection. Therefore, consent mechanisms must be strong enough to ensure that individuals are affirmatively informed if their biometric data are collected and used.

   
   
   
   
   
   

This is a complex and dynamic issue in the Indian context, as surveillance technology intersects with privacy regulations. Technological development in surveillance would bring major positives for public safety, criminal prevention, and national security. The basic right to privacy is equally protected in the Indian Constitution and international human rights norms; therefore, all these benefits must be balanced against it.A landmark development for privacy jurisprudence in India came through the Puttaswamy v. Union of India judgment in 2017, which recognized privacy as a fundamental right. This judgment drew attention to the significance of privacy in the age of cyber space and also delineated three criteria-called legality, necessity, and proportionality tests-for all incursions into private life. Hence, unless these tests are used to guide application and regulation, surveillance technologies shall not infringe individual rights.

Conclusion: In protecting the rights to privacy of its citizens in the digital era, control over surveillance technology has to be efficiently executed. Valid security concerns can be responded to while Indian can ensure protection of privacy of its citizens by ensuring an appropriate balance between the benefits of surveillance and robust legal protections and controls. The right to privacy calls for continued vigilant effort and adjustment owing to the development of the surveillance technology and legislation on privacy rights.

• U.S. Constitutional amendment IV.

  
  

• Samuel D. Warren & Louis D. Brandeis, The Right to Privacy, 4 Harv. L. Rev. 193 (1890).

  
  

• Griswold v. Connecticut, 381 U.S. 479 (1965).

• Roe v. Wade, 410 U.S. 113 (1973).

  
  

• Carpenter v. United States, 138 S. Ct. 2206 (2018).

  
  

• Federal Trade Commission Act of 1914, 15 U.S.C. §§ 41-58

  
  

• Universal Declaration of Human Rights, G.A. Res. 217A, U.N. Doc. A/810 at 71 (1948).

  
  

• G.D.P.R. and Video Surveillance: Privacy Considerations for CCTV Systems, GDPR Advisor, https://www.gdpr-advisor.com/gdpr-and-video-surveillance-privacy-considerations-for-cctv-systems/ (last visited Sept. 02, 2024)

  
  

• Role of CCTV Cameras: Public, Privacy and Protection, IFSEC Global, https://www.ifsecglobal.com/video-surveillance/role-cctv-cameras-public-privacy-protection/ (last visited Sept. 02, 2024).

  
  

• Facial Recognition Technology and the Privacy Risks, SpringerLink, https://link.springer.com/chapter/10.1007/978-981-97-0641-9_45 (last visited Sept. 02, 2024).

  
  

• How Does Data Mining Affect Privacy?, Box Blog, https://blog.box.com/how-does-data-mining-affect-privacy (last visited Sept. 04, 2024).