0

Supreme Court Upholds Privacy Rights: Landmark Ruling on ‘History Sheets’ and Protection of Innocent Family Members

Blog , , , ,

Case Name: Amanatullah Khan v. The Commissioner of Police, Delhi & Ors 

Case No.: SLP (Crl.) No.5719/2023 

Dated: May 07, 2024 

Quorum: Justice Surya Kant and Justice K V Viswanathan 

 

FACTS OF THE CASE: 

The appellant filed a writ suit in the Delhi High Court pursuant to Article 226 of the Indian Constitution read in conjunction with Section 482 of the Code of Criminal Procedure, 1973, seeking the annulment of the “History Sheet” that had been opened against him and the proposal to designate him as “Bad Character” by placing his name in the Surveillance “Register-X, Part II, Bundle A” at the Delhi Police Station.  

These proceedings have been initiated as a result of the Single Judge of the High Court dismissing the appellant’s writ petition, as evidenced by the contested judgement of 19.01.2023.  

Following notification, the Delhi Police made an appearance through seasoned senior attorney Mr. Sanjay Jain. He was informed of the disturbing details in the History Sheet regarding the appellant’s and his wife’s school-age children, for whom there didn’t seem to be any negative information that should have been included in the History Sheet.  

Subsequently, it was informed that the rule 23.8 and rule 23.9 of the Punjab Police Rules 1934 (also known as the “1934 Rules”), which were in effect in the National Capital Territory of Delhi, stipulated the format for the history sheeters. Despite the fact that Mr. Jain, the learned senior counsel for the respondents, fairly consented to revisit the antiquated regulations, it is important to protect the privacy, dignity, and self-respect of innocent individuals who just so happen to be a suspect’s family members.  

 

LEGAL PROVISIONS: 

  • Section 74 of the Juvenile Justice (Care and Protection of Children) Act, 2015. The name, address, school, or any other information that could identify a child in trouble with the law, a child in need of care and protection, a child victim or witness to a crime, involved in such matter, under any other law currently in effect, may not be disclosed in any newspaper, magazine, or other form of communication regarding any inquiry, investigation, or judicial procedure. Nor may the picture of any such child be published. As long as the Board or Committee conducting the inquiry determines that such disclosure is in the child’s best interest, it may approve it for reasons that must be documented in writing. 

 

CONTENTIONS OF THE APPELLANTS: 

Amanatullah Khan filed a writ petition in accordance with Section 482 of the Code of Criminal Procedure and Article 226 of the Indian Constitution. He asked for the “History Sheet” that had been opened against him to be quashed and for the idea to designate him as a “Bad Character” to be rejected. 

His name was entered into the Surveillance “Register-X, Part II, Bundle A” at Jamia Nagar Police Station in the South-East of Delhi District. The petitioner claimed that there were significant irregularities and improper behaviour on the part of the police officers, along with a dishonest and perverse behaviour. 

Further, the appellants argued that the amended Standing Order stipulated that, in the “relations and connections” column, the names of the criminal’s accomplices, abettors, and receivers, as well as their ability to pay for a history sheeter or bad character shelter in the event that the offender is wanted by the police or is fleeing the scene, must be included.  

No information on any minor relatives—son, daughter, or siblings—should be included anywhere in the History Sheet unless there is proof that the minor has provided the offender with refuge in the past, as stated in the modified Standing Order. 

 

COURT’S ANALYSIS AND JUDGMENT: 

The revised Standing Order makes it even clearer that the “History Sheet” is an internal police record and not a report that is available to the general public. It has advised police officers to exercise caution in ensuring that the identities of just those minor relatives be recorded in the History Sheet where there is proof that the minor previously provided the offender with sanctuary when he was evading the authorities. 

The court observed that the modified Standing Order also makes recommendations for the protection of personal information such as phone numbers, Aadhar cards, EPIC numbers, email addresses, social media accounts, and so on. 

The court’s primary motive was to instruct law enforcement officials to implement the modified Standing Order of March 21, 2024, starting immediately in the appellant’s case as well. Additionally, the court ordered the Delhi Commissioner of Police to appoint a senior police officer, at least the rank of Joint Commissioner of Police, to audit and review the information contained in the History Sheets on a regular basis.  

The court also observed that the person will also be responsible for maintaining confidentiality and granting permission to remove the names of any adults, juveniles, or minors who are found not guilty during an investigation and whose records should be removed from the category of “relations and connections” in those sheets.  

Apart from the National Capital Territory of Delhi, the court was aware that no States or Union Territories were in front of them. They haven’t received any attention. Therefore, it is not possible to issue them with a positive mandamus. Additionally, the court is ignorant of the Standing Orders or current Rules/Policies that are in effect in various States and Union Territories.  

Thus, in order to ensure that the court’s observations are implemented in full, the court decided it was appropriate at that point to order all States and Union Territories to review their policy regimes and determine whether any appropriate modifications based on the “Delhi Model” were necessary. 

 

“PRIME LEGAL is a full-service law firm that has won a National Award and has more than 20 years of experience in an array of sectors and practice areas. Prime legal fall into a category of best law firm, best lawyer, best family lawyer, best divorce lawyer, best divorce law firm, best criminal lawyer, best criminal law firm, best consumer lawyer, best civil lawyer.” 

 

Judgment reviewed by Riddhi S Bhora. 

Click to view judgment.

 

0

DATA PRIVACY LAWS AND THEIR IMPACT ON BUSINESS OPERATIONS

Articles , , ,

Appropriate risk governance management in the fields of digital data privacy and security in the business world requires not only understanding of applicable laws and regulations, but also at least a reasonable awareness of modern techniques and the activities of the organization or other organization that are accumulating or using private information or controlling behaviour. The Data Protection Act (DPA) regulates the gathering and use of private information. ‘Personal data’ refers to information that may be used to identify any living individual or that, when combined with other information stored by you, can be used to identify any person.

The term ‘processing’ of personal data refers to the act of acquiring, collecting, or storing information. Because you will be managing the private information of your workforce, suppliers, and/or customers as a company, it is probable that your actions will fall under the purview of the DPA. If you are a ‘data controller’ under the Act and fail to tell the Information Commissioner about your organization, your directors may face criminal prosecution. A system administrator is an individual or organization that determines why personal data is handled. Private data must be protected under the DPA.

 Personal information according to the DPA must be:

  1. fairly and legally processed;
  2. processed for reasons; adequate, meaningful, and not unnecessary; Personal information must be:
  3. fairly and legally processed;
  4. processed for reasons;
  5. adequate, meaningful, and not unnecessary;
  6. accurate and, where required, updated regularly;
  7. not kept for longer than needed;
  8. processed in accordance with the person’s freedom;
  9. kept safe; and
  10. not transferred to countries outside the EEA unless the information is adequately protected.

Failure to comply can lead to an enforcement letter prohibiting your company from analysing information, thus shutting down numerous firms, as well as severe fines may be imposed. Furthermore, a company’s officials, managers, and directors could be held personally criminally accountable for the violation. Laws governing information privacy, data privacy, or data protection establish a legal framework for obtaining, using, and storing personal data.

 The different laws throughout the globe define natural individuals’ rights to regulate who uses their information. This often involves the right to obtain information about which information is held, for what purpose, and to seek deletion if the objective is no longer specified.

Personal Data Protection Bill (PDP)

The PDP Bill (Personal Data Protection Bill) was proposed and passed in India to protect the current data protection system of India.  Currently governed under the Information Technology Act 2000. The Personal Data Protection Bill provides rules for notice and previous approval for the use of personal information, constraints on the reasons for which organizations can handle data, and limitations to guarantee that only information needed to provide a service to the person concerned is gathered.

 It also contains criteria for data localization and the designation of data protection administrators inside enterprises. This precise data protection regulation has not yet been established in India. The Indian legislature did, nevertheless, alter the Information Technology Act (2000) to add Sections 43A and 72A, which provide for reimbursement for wrongful personal data. Rules governing the acquisition and sharing of private information.

Under Article 43A of the IT Act, the Indian federal government later enacted the Information Technology Rules. The Regulations place extra duties on corporate and commercial enterprises in India for the acquisition and disclosure of sensitive private and confidential information, which are comparable to the GDPR and the Data Protection Regulations. Organizations in regulated industries, such as financial services and telecommunications, are subordinate to confidentiality obligations under sectoral laws that force them to keep customers’ data kept private and use it only for recommended purposes or in the sort of way agreed upon with the customer.

PDP will be introduced in stages. The Indian government and a Joint Parliamentary Council have submitted the original PDP Bill on data protection, which would be India’s first legislation on the protection of personal information and therefore will abolish Section 43A of the IT Act. Nevertheless, yet after approval, the law is likely to be adopted in stages. There is currently no available information concerning the deployment timeframe.

Furthermore, India lacks a national regulatory authority for personal data protection. The Ministry of Electronics and Information Technology oversees overseeing the IT Act and making regulations and other adjustments under the IT Act. The Personal Data Protection Bill proposes the establishment of a Data Protection Authority of India, which would be accountable for safeguarding data principals’ rights, prohibiting the exploitation of personal information, and enforcing compliance with the new legislation.

WhatsApp clashes with the Indian government Regarding Privacy Rules 

Recently WhatsApp filed a suit in Delhi against the Indian Government to block the rules which may be coming into force. Experts suggested that would compel Facebooks messaging application to break the privacy and protection. The appeal seeks the Delhi High Court to determine since one of the new IT rules violates India’s constitution’s right to privacy by requiring social media websites to identify the “original source of data” when officials seek so. WhatsApp claims that since conversations are secured end-to-end, it would have to decrypt messages for both message recipients and senders in order to keep up with the changes in the new legislation.

When asked to elaborate on the court case, WhatsApp said in a statement, “Mandating text messaging applications to detect chats is the equivalent of having others to maintain an information of every particular message sent through WhatsApp, which might dissolve end-to-end encryption and profoundly diminish anyone’s privacy rights.” The court determined that privacy should be protected unless legality, need, and proportionality all counted against this. WhatsApp says that the new legislation breaches all those requirements, beginning with a lack of clear legislative support.

Data Protection Act and its Impact on Small Businesses

The Data Protection Act of 1998 safeguards personal data held by corporations and governments by setting restrictions on the transmission of such data and information. The Legislation contains various provisions that should be followed while acquiring and providing data. These guidelines, or Data Protection Policies, are issued by the Information Committees Office, which oversees determining how businesses utilize personal information and if they are accountable enough while collecting and distributing such data. Every day, many enterprises, especially huge ones, manage massive amounts of data. Therefore, they must devise methods for auditing enormous amounts of redundant or outmoded data. Previous Information is already out of date as well as prone to mistakes like transmitting incorrect information.

 Records having past data are harder to verify than those carrying recent data. It is difficult to uncover private information among a slew of worthless data. Given all these factors, it becomes critical for businesses, whether big or small, to maintain and update on a regular basis and discard older data that might create errors in sharing information, as well as safeguard confidential material from ending up in the hands of a rival

Conclusion

Data protection regulations have become more important not only in our country but then also throughout the globe. Because more and more technologies are used in their daily lives, users’ security must be safeguarded because they are surrendering it with each usage. Nowadays, practically every element of our interaction and privacy is controlled by a third person. The dimensions of the current virtual era are such that practically every single transaction that persons engage in includes some type of information transmission or another.

This might also raise concerns about the “data protection expectations” which have been established as a significant foundation in the scope of Data Protection Legislation. While the information may be put to good use, the uncontrolled and random use of data worldwide has generated concerns among people about their security and liberty. In addition, the Apex Court issued a historic decision on the subject topic, which resulted in the implementation of the right to privacy and freedom of expression as a fundamental right. 

 

“PRIME LEGAL is a full-service law firm that has won a National Award and has more than 20 years of experience in an array of sectors and practice areas. Prime legal fall into a category of best law firm, best lawyer, best family lawyer, best divorce lawyer, best divorce law firm, best criminal lawyer, best criminal law firm, best consumer lawyer, best civil lawyer.”

References:

Petrescu, M., & Krishen, A. S. Analysing the analytics: Data privacy concerns

–   Journal  of   Marketing  Analytics. Retrieved         from

https://link.springer.com/article/10.1057/s412700180034x

Martin, K. D., Borah, A., & Palma tier, R. Data Privacy: Effects on Customer and firm performance. Retrieved from

https://www.researchgate.net/publication/305822708_Data_Privacy_Effects_on_Customer_a nd_Firm_Performance

LLP, P. What is the Data Protection Act, and how does it affect my business? Retrieved from https://www.bdbpitmans.com/insights/whatisthedataprotectionactandhowdoesitaffectmybusiness/

Data     Protection        Act      1998.          Retrieved from https://en.wikipedia.org/wiki/Data_Protection_Act_1998

What      is      a      Data      Subject?      Experian      Business.    (n.d.).          Retrieved       from

https://www.experian.co.uk/business/glossary/datasubject/index

Data       Protection       /       Privacy       Policy       –       DCD.      (n.d.).                Retrieved    from

https://www.datacenterdynamics.com/en/dataprotectionprivacypolicy/

Johnson, K.Council Post: The Impact of Data Privacy on Your Business. Retrieved from https://www.forbes.com/sites/forbestechcouncil/2018/09/14/theimpactofdataprivacyonyourbusiness/?sh=54fb2fe0196c

Written by- Anushka Satwani

0

A Public information officer is not liable to disclose personal information if it warrants a clear breach of privacy of the individual: Gujarat High Court

Blog , , ,

High Court Of Gujarat vs Gujarat Information Commission on 17 January, 2023

Bench: Honourable Justice Biren Vaishnav

R/SPECIAL CIVIL APPLICATION NO. 18152 of 2016

FACTS

The respondent no: 2 who is a Judicial Officer submitted an application seeking information in reference to

  • Details of Home town, place of practice, personal data form, relation with any Judicial Officer/Advocate
  • Decisions of Hon’ble High Court of Gujarat on the representations for transfer submitted by the judicial officers of his batch
  • Certified copy of representations for transfer submitted by the judicial officers of his batch

Among other things.

The application along with the money order was received by the Public Information Officer. Thereafter, the Public Information Officer initiated a correspondence with the concerned department for collecting the information as sought for by the respondent that involved a considerable time. He provided all the information requested by respondent no: 2 except the above mentioned information sought by the respondent. Aggrieved by the action of the Public Information Officer, the respondent filed First Appeal No.37 of  2014  on  11.04.2014 before the Appellate Authority. He contended  that information with regard to certain items viz. items had not been provided. On hearing the parties, the Public Information Officer addressed a reply to the respondent providing the details of the information sought by him. In reference to some of the points for which the information was not provided, the public information officer stated that the information was highly personal and hence he could not provide it.

The Appellate Authority after examining the case rejected the appeal of the respondent. While rejecting  the appeal the Appellate Authority observed that since some of the information was personal in nature, it could not be provided

Aggrieved by the order of the First Appellate Authority, the respondent no: 2 filed an appeal before the respondent no.1. By the impugned order dated  23.06.2014, the Appellate Authority has passed a judgement directing  the Public Information Officer to provide the remaining information available to the respondent no.2 within 15 days from the receipt of the order. It is on this ground that the petition has been filed.

The advocate for the petitioner submitted that the Information Commission could not direct the respondent to  provide the information which it itself could not provide as it pertained to third party and in view of the embargo imposed in Section 8(1)(j) of the Act, it was rightly not provided. Section 8(1) (j) of the RTI Act, 2005 encapsulates that information which relates to personal information the disclosure of which has no relationship to any public activity or interest, or which would cause unwarranted invasion of the privacy of the individual, unless the CPIO or SPIO or the Appellate Authority is satisfied that the larger public interest justifies the disclosure of such information should be exempted from disclosure

Judgement

The Gujarat High Court after considering representation from both the parties held that the above mentioned information sought by respondent no: 2 was evidently personal and the appellate authority rightly rejected such information under section 8(1)(j) of the RTI Act.

The Honourable judge also held that any information between the employer and employee solely governed by the service rules and falls within the ambit of ‘personal information’ and the disclosure of which would cause unwarranted intrusion of privacy need not be disclosed.

The Court held that since the above mentioned information is highly personal and warrants a clear breach of privacy, it is not liable to be disclosed.

JUDGEMENT REVIEWED BY AMIT ARAVIND

click here to view judgement

“PRIME LEGAL is a full-service law firm that has won a National Award and has more than 20 years of experience in an array of sectors and practice areas. Prime legal fall into a category of best law firm, best lawyer, best family lawyer, best divorce lawyer, best divorce law firm, best criminal lawyer, best criminal law firm, best consumer lawyer, best civil lawyer.”