Mentors Comments:
1. Introduce with the K S Puttaswamy judgement
2. Why it remains unfulfilled – what are the challenges
3. What is the way ahead for privacy in India

The right to privacy in India has developed through a series of decisions over the past 60 years. The Supreme Court of India (SCI) verdict in Justice K.S. Puttaswamy (Retd) vs Union of India is a resounding victory for privacy. The right to privacy is protected as an intrinsic part of the right to life and personal liberty under Article 21 and as a part of the freedoms guaranteed by Part III of the Constitution.

The debate around privacy tends to resurface time and again. Despite, two years on, the judgment in ‘K.S. Puttaswamy’, Privacy has become the quintessential issue of our times, but it continues to be violated every day. 
 As things stand today, where the Government of India is taking a stand that the right to privacy is not a fundamental right and at the same time the government is promoting digitalisation, enacting policies and regulations permitting surveillance in cyberspace, telephones, email, personal messages etc through multiple agencies under the grab of national security, implementing national programmes like Unique Identification Number etc, it is imperative for India to enact stringent privacy laws.
 Evidentially, there has been a rampant use of technology by the masses on daily basis and as a result, the internet giants like Google, Apple, Facebook, WhatsApp and Microsoft have vast information about us, through malware, covert eavesdropping, and the unwarranted permissions we voluntarily grant social media sites and apps. 
 The current laws on privacy are not at par with the growing developments in technology in India. The Information Technology Act, 2000 (IT Act) and the rules made there under, do entail certain provisions pertaining to data protection, however as privacy is not a right per se under any law in force, these provisions appear inadequate in addressing issues relating to sharing of, disclosure and retention of data and leave room for potential abuse.
 Despite, the recommendation of the Expert Committee, the Privacy Act has not been enacted.
 The government is uncontrollably enacting policies and regulations for surveillance through systems like the Centralised Monitoring System, NITRA, NATGRID (for collecting data from across databases) in the interest of National Security and linking citizens and databases across the unique identity number in Aadhaar.
 Arbitrary choice of authorized agencies: Agencies such as the Delhi Police, the CBI, and the Directorate of Revenue Intelligence cannot be strictly termed as organisations concerned with homeland security.
 Lack of review: Decisions about surveillance are taken by the executive branch (including the review process), with no parliamentary or judicial supervision.
 Lack of safeguards: An individual will almost never know that she/he is being surveilled due to clandestine nature of the act, hence challenging it before a court is a near-impossibility.
 Opaque and liable to be misused: There is almost no information available about the bases on which surveillance decisions are taken, and how the legal standards are applied, turning it into a tool in the hands of politicians for misuse.
 Even though the Aadhaar Act was introduced post submission of the recommendations of the Shah Committee Report, the Aadhaar Act does not address some of the key principles enumerated under the Shah Committee Report.
 The UN Declaration of Human Rights (UDHR) and the International Covenant on Civil and Political Rights (ICCPR) are binding upon India, as India is a signatory to both of these conventions, however no consequent and explicit legislation has been passed by India in this regard. 

Way forward
 A specific privacy legislation is imperative and urgently required in order to safe guard the privacy of individuals
 It is important to strike a right balance between digital economy and privacy protection
 Robust data privacy laws are needed to allow citizens enjoy the right to privacy. The law should encompass all the aspects- data collection, processing and sharing practices.
 Privacy should not be used to undermine government transparency. Data protection law should be framed such that it does not make government opaque and unaccountable
 To formulate a robust data protection law, the best ideas and practices from both USA and EU’s GDPR should be adapted.

The lack of comprehensive legislation in relation to privacy endangers the privacy of individuals as the limited provisions under the existing laws are not enough to deal with the development of the information technology sector and the government initiatives to collect, intercept, decrypt and store data in the interest of national security. Further, there is a need to amend the current regime to provide for greater transparency, accountability and clarity on the scope, functions, and technical architecture in relation to India's surveillance framework.