tl;dr
In the last #PrivacyofthePeople post, we looked at the conflict between efficiency and privacy posed by the use of cookies that raise concerns about user privacy and data collection. In this post, we plan to examine whether the police can check your mobile phone devices even if you do not consent to it. Presently, there is no legal provision which would allow for such random checking of mobile phones. However, since the law is still trying to catch up to regulating new technology, old laws are being interpreted widely to allow police officials to gain access to our devices. Here, even the pending Data Protection Bill, 2021 (in its present form) fails to provide sufficient safeguards.
Why should you care?
The concept of privacy in India is gravely misunderstood, as most people believe that only those who have done something wrong and have something to hide want privacy. However, aren’t there details of your life which, though not illegal, you would want to keep to yourself? (Remember the cringe text message you sent to your crush or the many photographs you took of yourself in 2015 with the dog filter on Snapchat). This is where the right to privacy becomes important as it allows us to choose the extent to which we want to share ourselves with others and the world in general. In the Supreme Court decision which affirmed the right to privacy as a facet of the fundamental right to life, Justice Chandrachud stated that, “(p)rivacy, in its simplest sense, allows each human being to be left alone in a core which is inviolable” (Link to the Supreme Court’ decision in K.S. Puttaswamy v Union of India [2017] 10 SCC 1).
Today, our phones have become important extensions of ourselves, and contain information of various categories such as contacts, conversations, private photographs, social media accounts (some of which may be anonymous), bank details, calendars, travel plans etc. Some of us protect our phones by locking them with pins, gestures, fingerprints or even faces, so that nobody, even our family or friends, may access it without our consent. But what happens if the Police stops you on the road randomly and asks to check your phone? Here, if you consent to the checking, there is little that can be done other than an argument which can be made later about you being forced to consent. Here we also acknowledge that refusing to consent to any police action comes with its own dangers in India due to which most people end up providing consent, just to avoid being hassled or face any kind of backlash from the police. However, if you have refused to consent altogether, then what happens?
Background
Last year, there were multiple news reports that on and about October 27, 2021, the Hyderabad Police were indiscriminately and without any cause stopping pedestrians, motorcyclists, auto rickshaw drivers & riders, and bystanders, and asking them to provide the police with access to their mobile phones (Link to the News Minute report dated October 28, 2021). After gaining access, the police were reportedly searching the private messaging applications of these individuals for any messages with keywords “ganja”, “weed” and “stuff”. If any messages with these keywords were found the individuals were then being sent to the police station, however it remains unclear what further actions the police took against them and under which provisions.
Similar actions by the Bengaluru Police also came to light in March this year, wherein according to reports individuals were randomly stopped on the roads and asked to provide access to their mobile phone devices. Similar to Hyderabad, the Bengaluru Police was also searching the private messaging applications of these individuals for conversations on “drugs” (Link to the Newslaundry report dated March 29, 2022). Following the reports and public outcry, the Bengaluru Police Commissioner Kamal Pant clarified that the Bengaluru Police strictly prohibits such random and indiscriminate checking of phones by the police.
.@BlrCityPolice strictly prohibits any Policeman from checking mobile phone of any citizen under any pretext. If there is any such incident, please intimate 112 or inform the Commissioner of Police at 080-22942215.
— Kamal Pant, IPS. ಪೊಲೀಸ್ ಆಯುಕ್ತರು, ಬೆಂಗಳೂರು ನಗರ. (@CPBlr) April 4, 2022
(1/2)
Another initiative launched by the Valsad Police, termed as “Digital Combing”, is aimed to prevent sexual assault against minors by tracing people who share pornographic content through their mobile devices. For this, the police visit chawls & residential societies and ask the residents if they find any person's behaviour or movement “suspicious”. Upon receiving any information, the mobile phone devices of such “suspicious” people are checked for content and specifically for pornographic content (Link to the Times of India report dated March 29, 2022).
But wait… can the police check my phone randomly?
Since these actions by the police are already ongoing and may continue in the future, it becomes necessary to examine whether there is any legal framework which authorises the police to randomly check the mobile phone devices of individuals without due cause. This is because the existence of an underlying legal framework, or legality, is one of the three thresholds laid down by the Supreme Court in K.S. Puttaswamy v. Union of India [2017] 10 SCC 1, or the Right to Privacy judgement, that needs to be met to justify state intrusion into individual privacy, the other two thresholds being necessity and proportionality.
Further, any such random checking casts a presumption of criminality on a wide class of people. In the Supreme Court’s decision in K.S. Puttaswamy v. Union of India (2019) 1 SCC 1 or the Aadhaar judgement , the Hon’ble Supreme Court held that, "[u]nder the garb of prevention of money laundering or black money, there cannot be such a sweeping provision which targets every resident of the country as a suspicious person". While this statement was made in the context of rejecting the mandatory linkage of Aadhaar with bank accounts to counter money laundering, it clearly shows that the imposition of such a restriction by carrying out random checks of mobile phone devices would constitute a disproportionate response.
Will the Data Protection Bill, 2021 protect citizens from nonconsensual phone checking?
Under Clause 11 of the Draft Data Protection Bill, 2021 (DPB, 2021), valid consent of the data principal is necessary in order for any data processor to process personal data. However, Clause 14 of the DPB, 2021 provides for the processing of personal data without consent when processing is “necessary for such reasonable purposes” such as “prevention and detection of any unlawful activity”. Thus, even if the Data Protection Bill, 2021 in its present form is enacted, it might not act as a safeguard against such nonconsensual phone checking by the police.
Our suggestions
Any variation or exemption from the principle of consent must be made after the satisfaction of the thresholds laid down in the Right to Privacy judgement. The thresholds for justifying state intrusion into the privacy of individuals may be limited include necessity, a legitimate purpose, a proportionality evaluation and procedural safeguards as per the Right to Privacy Judgement. Therefore, it is essential that Clause 14, which allows for non-consensual processing for reasonable purposes be amended to ensure that it complies with the thresholds laid down by the Supreme Court.
To understand this issue better, we hosted Jeevika Shiv and Tara Narula from the Women in Criminal Law Association to provide us with their valuable insights:
Important documents:
- #DataProtectionTop10: Exceptions to Consent - A Torn Safety Net dated May 11, 2021 (link)
- Key Takeaways: The JPC Report and the Data Protection Bill, 2021 #SaveOurPrivacy dated December 16, 2021 (link)