Log in ....Tribune--Feature article

Monday, March 18, 2002		Article

Right to privacy in office still debatable
Ali Hasnain

In India there is no express statute or law that guarantees an individual's privacy. The Supreme Court has broadened the ambit of Article 21 of the Constitution, which talks about an individual's right to life and liberty so as to include the right to privacy.

The Honb'le Supreme Court in the case of Kharak Singh v State of UP and others took this position. Kharak Singh had lodged a complaint that the police made domiciliary visits to his place of dwelling at odd hours and as such harassed him and invaded his privacy. This was the first time that the court upheld an individual's right to privacy as a fundamental right.

In many cases involving general discrimination against AIDS patients in places of work the Supreme Court has opined that such persons have a right to privacy and even there doctors are under moral and ethical duty of not revealing such sensitive information.

The employee's right to privacy in the work place would probably find an answer in the law of torts. According to Halsbury's Law if interference with privacy is of such a nature as to amount to a recognised tort, resort to that tort action maybe taken to prevent interference.

The courts have also recognised that an obligation of confidence can arise out of a particular relationship other than a contract and breach of confidentiality can be prevented by restraining by injunction publication of confidential information to the detriment of the plaintiff. The European Convention on Human Rights spells out the right of privacy thus: "Everyone has the right to respect for his private and family life and his correspondence." The right is not absolute. The right can be taken away only in accordance with law for national security, public order etc.

The USA enacted the Electronic Communications Privacy Act of 1986 aimed at regulating the acts of private parties. The ECPA covers all form of electronic communications including personal e-mails. The act prohibits unauthorised interception and also governs unauthorized access to stored communications. The distinction between messages in transmission and stored messages is important as the former are afforded a much higher level of protection than stored communication.

In Steve Jackson Games v. United States Secret, the courts were of the opinion that stored e-mails, not yet accessed by the user is stored communication for the purpose of this Act.

The law provides for an exception known as the "ordinary cause" exception under which the employer may intercept an employee's e-mail under certain circumstances. Since the jurisdiction of the US Congress is limited to interstate commerce therefore a computer system, which does not cross state lines, may not be covered under the ECPA.

To take an Indian perspective, as per Section 43 of the Information Technology Act of 2000 if any person, without permission of the owner or any other who is in charge of a computer, computer system or computer network accesses or secures access to such computer, computer system or computer network shall be liable to pay damages by way of compensation not exceeding Rs 1 crore to the person affected.

In case of e-mails, it is a question yet to be decided in whose computer does the specific information contained in e-mails actually resides. A person who otherwise in possession of a computer legally belonging to him may access some one else's e-mail account.

The most reasonable solution to this issue would probably be to consider the e-mail server where all information resides as the original computer and any access through hacking or other deceptive means like key logging through any computer by a person other than who is authorised to access the e-mail may be penalised.

The Internet has made surveillance of individual habits and traits easier than ever before. The employer maybe within his rights to intercept e-mails of his employees, which deal with official matters. Whether the correspondence is official or not is a question of fact to be decided on the basis of available evidence. Although, broadly speaking any correspondence on an employee's official e-mail address may, under normal circumstances, be presumed to be of "official nature" and hence accessible to the employer.

The position would differ if the employer were to keep tabs on his employees' surfing habits and thereby violate their privacy. Such surveillance may reveal personal habits and traits of the employee, his likes and dislikes and so on and so forth.

The Supreme Court has opined that the freedom of speech and expression also includes the right to privacy. It held in the case of PUCL v. Union of India (1997) 1 SCC 301, that if any person is speaking on the telephone, he is exercising his or her right to freedom of speech and expression and any tapping of the phone will be a violation of this freedom. This right would therefore extend to all forms of communication and if the state exercises any undue interference with an individual's right to communicate through such medium then it would be a violation of the person's fundamental right to privacy.

So in effect this case would also cover e-mails. However it is to be noted that even fundamental rights are subject to some reasonable restrictions by the state. For example, the right to freedom of speech and expression does not mean that a person can propagate any hate speech or seditious statements etc. As such no right is absolute the same is the case with right to privacy.

It is quite clear that the available judicial position would cover an individual's right of privacy over the Net. The problem is that since the right to privacy has been equated with a fundamental right, an individual can only bring action against the State and not another private individual or organisation. This is because fundamental rights are guaranteed against the state.