![Sample our Politics & International Relations journals, sign in here to start your FREE access for 14 days]({"type":"image" , "src" : "/sda/5947/TOC-Subject-Sample-2021-Politics-International-Relations.jpg"})
ABSTRACT
This article is an attempt to examine the growing consolidation and harmonisation of privacy and surveillance laws in the major SAARC member nations, as well as to take stock of South Asia’s emerging privacy jurisprudence. Driven by reactions to increasingly frequent data collection and profiling attempts by the government, as well as the side effects of growing digital markets, the privacy discourse in South Asia is evolving with a heightened awareness of privacy as a core fundamental right. At the same time, some governments in the region are also keen to explore the benefits of the digital economy, and are increasingly developing economic policies that focus on the use of data as a ‘resource’ for the State and the industry. Apart from outlining these developments, the article delves into and identifies the source of privacy rights in these countries, whether derived from the constitutions of the respective countries or otherwise provided for through specific legislation. The article traces and examines the legal architectures of privacy and surveillance in the region, including national profiling databases. It then zooms out to pinpoint possible trends and influences.
Disclosure statement
No potential conflict of interest was reported by the author(s).
Notes on contributors
Smitha Krishna Prasad is a Director at the Centre for Communication Governance at National Law University, Delhi. At the Centre she leads the work of the Technology & Society team, which focuses on work related to law, policy and awareness / capacity building activities in the context of privacy and surveillance, freedom of speech and expression, and access to internet. Her research interests relate to international and domestic laws on privacy, data protection, and surveillance with a focus on sectors where the intersection of law, policy and technology have an increased impact on the right to privacy, among other things. Smitha holds an LL.M. degree in International Legal Studies from the New York University School of Law, as well as a B.A.LL.B. from Symbiosis Law School, Pune.
Sharngan Aravindakshan is a Programme Officer at the Centre for Communication Governance at National Law University, Delhi. He works on issues arising at the intersection of technology and national security, which besides surveillance and privacy also include international and domestic laws on cybersecurity and national security. Sharngan holds a B.A.LL.B. from Gujarat National Law University, Gandhinagar.
Notes
1 Malavika Jayaram, ‘Aadhaar Debate: Privacy is not An Elitist Concern – It's the Only Way to Secure Equality’, Scroll, August 15, 2015, https://scroll.in/article/748043/aadhaar-debate-privacy-is-not-an-elitist-concern-its-the-only-way-to-secure-equality.
2 Government of India, Ministry of Electronics & Information Technology, Digital India (Vision and Vision Areas), https://digitalindia.gov.in/content/vision-and-vision-areas.
3 Nilesh Christopher, ‘Security Experts Say Need to Secure Aadhaar Ecosystem, Warn about Third Party Leaks’, Economic Times, March 26, 2018, https://economictimes.indiatimes.com/news/politics-and-nation/there-is-a-need-to-secure-full-aadhaar-ecosystem-experts/articleshow/63459367.cms.
4 Anurag Kotoky, ‘India Quietly Expands Surveillance System to Tap Phone Calls, Email’, Livemint, June 27, 2013, https://www.livemint.com/Politics/J1jxvQ5Su9Su4pGLHDCepM/India-sets-up-new-surveillance-system-to-tap-phone-calls-em.html.x.
5 Satpathy and others, ‘Are India’s Laws On Surveillance A Threat To Privacy?’ The Hindu, December 28, 2018, https://www.thehindu.com/opinion/op-ed/are-indias-laws-on-surveillance-a-threat-to-privacy/article25844250.ece.
6 Article 28 of the Constitution of Nepal 2015 (2072).
7 Article 43 of the Constitution of the People’s Republic of Bangladesh, 1972.
8 Article 14(1) of The Constitution of the Islamic Republic of Pakistan, 1973.
9 Justice (Retd.) K. S Puttaswamy v. Union of India, 2017 (10) SCALE 1 (Supreme Court of India).
10 Staff Reporter, ‘Sri Lanka Supreme Court Petitioned on Invasion of Privacy, Central Database Profiling’, economynext, October 10, 2017, https://economynext.com/sri-lanka-supreme-court-petitioned-on-invasion-of-privacy-central-database-profiling-8526/.
11 Article 45 of the General Data Protection Regulation (2018).
12 The European Union’s country-wise share of trade in the region is 12.9% for India, 12.9% for Pakistan, 31% for Sri Lanka and 24% for Bangladesh. For more details on the economic relationship between the European Union and the listed countries, please see https://ec.europa.eu/trade/policy/countries-and-regions/. The European Union’s share of Nepal’s trade in the region is 13%. For more details on the economic relationship between the European Union and Nepal, please see https://mofa.gov.np/nepal-european-union-relations/.
13 Article 43 of the Constitution of the People’s Republic of Bangladesh.
14 Ibid.
15 Kharak Singh v. State of Uttar Pradesh, AIR 1963 SC 1295, ¶20 (Majority Judgement). Kharak Singh v. State of Uttar Pradesh was decided by a bench of five judges. The majority view (consisting of three judges) was that the right to privacy was not a constitutionally guaranteed right, however, the provision enabling domiciliary visits by the police, i.e. Regulation 236(b) of the Uttar Pradesh Police Regulations, was a violation of the right to personal liberty guaranteed under Article 21 of the Constitution. The minority view (consisting of two dissenting judges) stated instead that Regulation 236 in its entirety, (including secret picketing, domiciliary visits, periodical inquiries into repute, habits, etc., reporting and verification of movements and absence from home as well as collection and recording of all information bearing on conduct) was in violation of the right to personal liberty under Article 21 as well as the right to move freely within India under Article 19 of the Indian Constitution. The minority view also more or less recognised a right to privacy.
16 Ershad Karim, ‘Citizen’s Right to Privacy: Reflection in the International Instruments and National Laws’, Bangladesh Journal of Law 9, no. 1 and 2 (April 9, 2005): 43–44.
17 Graham Greenleaf, ‘Privacy in the Other Seven South Asian (SAARC) States’, in Asian Data Privacy Laws: Trade and Human Rights Perspectives (Oxford University Press, 2014), 11.
18 Ibid.
19 Section 686 of the Information and Communications Technology Act, 2006 (Bangladesh).
20 Section 5 of the Telegraph Act, 1885 (Bangladesh).
21 Section 7(1)(b) of the Telegraph Act, 1885 (Bangladesh).
22 Section 26 of the Telegraph Act, 1885 (Bangladesh).
23 Section 24 of the Telegraph Act, 1885 (Bangladesh); Section 23 of the Telegraph Act, 1885 (Bangladesh).
24 Muhammad Zahidul Islam, ‘Telecom Sector’s Revenue to Cross $5bn by 2023’, The Daily Star, December 15, 2019, https://ww.thedailystar.net/business/news/telecom-sectors-revenue-cross-5b-2023-1840516.
25 Section 67 of the Bangladesh Telecommunication Act, 2001.
26 Section 71 of the Bangladesh Telecommunication Act, 2001.
27 Section 96(1) of the Bangladesh Telecommunication Act, 2001; Section 96(2) of the Bangladesh Telecommunication Act, 2001.
28 Section 97 of the Bangladesh Telecommunication Act, 2001.
29 Preamble to the Digital Security Act, 2018 (Bangladesh).
30 Section 57 of the Bangladesh Information and Communications Technology Act, 2006.
31 Rahul Krishna, ‘How Dissent is Prosecuted in Bangladesh’, Observer Research Foundation, October 5, 2019, https://www.orfonline.org/expert-speak/how-dissent-prosecuted-in-bangladesh-56190/.
32 Ibid. See also ‘Bangladesh: Protect Freedom of Expression’, Human Rights Watch, May 9, 2018, https://www.hrw.org/news/2018/05/10/bangladesh-protect-freedom-expression.
33 Section 8(1) of the Digital Security Act, 2018 (Bangladesh).
34 Section 8(2) of the Digital Security Act, 2018 (Bangladesh).
35 Section 41 of the Digital Security Act, 2018 (Bangladesh).
36 Section 42 of the Digital Security Act, 2018 (Bangladesh).
37 Section 43 of the Digital Security Act, 2018 (Bangladesh).
38 Section 44 of the Digital Security Act, 2018 (Bangladesh).
39 Section 46 of the Digital Security Act, 2018 (Bangladesh).
40 Section 17 of the Digital Security Act, 2018 (Bangladesh).
41 Section 18 of the Digital Security Act, 2018 (Bangladesh).
42 Section 19 of the Digital Security Act, 2018 (Bangladesh).
43 Section 20 of the Digital Security Act, 2018 (Bangladesh).
44 Section 22 of the Digital Security Act, 2018 (Bangladesh).
45 Section 26 of the Digital Security Act, 2018 (Bangladesh).
46 Section 27 of the Digital Security Act, 2018 (Bangladesh).
47 Section 33 of the Digital Security Act, 2018 (Bangladesh).
48 Section 2(b) of the Right to Information Act, 2009 (Bangladesh).
49 Section 7(h) of the Right to Information Act, 2009 (Bangladesh).
50 Section 7(j) of the Right to Information Act, 2009 (Bangladesh).
51 Section 32(1) of the Right to Information Act, 2009 (Bangladesh).
52 Section 3 of the Digital Security Act, 2018 (Bangladesh).
53 Section 11 of the Right to Information Act, 2009 (Bangladesh).
54 Article 28 of the Interim Constitution of Nepal 2063 (2007).
55 Article 28 of the Constitution of Nepal 2015 (2072).
56 Ibid.
57 Sunil Babu Pant v. Government of Nepal, Writ No. 917 of the Year 2064 BS (2007 AD).
58 Advocate Sapana Pradhan Malla v. Prime-minister, Nepal Government and Office of the Council of Ministers and Ors., Writ No. 3561 of the year 2063 (2006 AD).
59 Rule 2(a) of the Procedural Guidelines for Protecting the Privacy of the Parties in the Proceedings of Special Types of Cases, 2064 (2007).
60 Rule 2(b) of the Procedural Guidelines for Protecting the Privacy of the Parties in the Proceedings of Special Types of Cases, 2064 (2007).
61 Rule 3 of the Procedural Guidelines for Protecting the Privacy of the Parties in the Proceedings of Special Types of Cases, 2064 (2007).
62 Rule 5 of the Procedural Guidelines for Protecting the Privacy of the Parties in the Proceedings of Special Types of Cases, 2064 (2007).
63 Rule 9 of the Procedural Guidelines for Protecting the Privacy of the Parties in the Proceedings of Special Types of Cases, 2064 (2007).
64 Chapters 2–8 of the Privacy Act 2075 (2018) (Nepal).
65 Section 2(c) of the Privacy Act 2075 (2018) (Nepal).
66 Section 12 of the Privacy Act 2075 (2018) (Nepal).
67 Section 12(3) of the Privacy Act 2075 (2018) (Nepal).
68 Section 12(4) of the Privacy Act 2075 (2018) (Nepal).
69 Section 30 of the Privacy Act 2075 (2018) (Nepal).
70 Section 3(1) of the Privacy Act 2075 (2018) (Nepal).
71 Section 6 of the Privacy Act 2075 (2018) (Nepal).
72 Section 4 of the Privacy Act 2075 (2018) (Nepal).
73 Section 5 of the Privacy Act 2075 (2018) (Nepal).
74 ‘Privacy in the Developing World: A Global Research Agenda’,Privacy International (blog), July 13, 2012, https://privacyinternational.org/blog/1456/privacy-developing-world-global-research-agenda.
75 Greenleaf, ‘Privacy in the Other Seven South Asian (SAARC) States’, 4.
76 Bhrikuti Rai, ‘Everything You Need to Know about the Nepal Government’s New IT Bill’, The Kathmandu Post, February 22, 2019, https://kathmandupost.com/2/2019/02/22/everything-you-need-to-know-about-the-governments-new-it-bill; Rojita Adhikari, ‘No Debate, No Democracy: Journalists in Nepal Fight New Threat to Press Freedom’, The Guardian, January 13, 2020, https://www.theguardian.com/global-development/2020/jan/13/journalists-in-nepal-fight-new-threat-to-press-freedom.
77 The authors have been unable to find an accessible English translation of the Information Technology Management Bill, and have relied on secondary sources of information for the purpose of this section of the article.
78 Bhrikuti Rai, ‘Everything You Need to Know about the Nepal Government’s New IT bill’, The Kathmandu Post, March 3, 2020, https://kathmandupost.com/national/2019/02/22/everything-you-need-to-know-about-the-governments-new-it-bill.
79 Section 44 of the Nepal Electronic Transactions Act, 2008.
80 Section 45 of the Nepal Electronic Transactions Act, 2008.
81 Section 48 of the Nepal Electronic Transactions Act, 2008.
82 Section 52 of the Nepal Electronic Transactions Act, 2008.
83 Section 55 of the Nepal Electronic Transactions Act, 2008.
84 Graham Greenleaf, ‘Nepal’s Unknown Data Privacy Law: No Shangri-La, But a First for South Asia’, International Data Privacy Law 3, no. 4 (2013): 1, https://papers.ssrn.com/sol3/papers.cfm?abstract_id=2326799.
85 Section 3(3)(c) of the Nepal Right to Information Act, 2064 (2007).
86 Section 35 of the Nepal Right to Information Act, 2064 (2007).
87 Section 31 of the Nepal Right to Information Act, 2064 (2007).
88 Section 28 of the Nepal Right to Information Act, 2064 (2007).
89 Section 33 of the Nepal Right to Information Act, 2064 (2007).
90 The authors have been unable to find an accessible English translation of the Criminal Code, and have relied on secondary sources of information for the purpose of this section of the article.
91 ‘Nepal: An Introduction to the Individual Privacy Act 2018’, OneTrust Data Guidance, January 2019, https://platform.dataguidance.com/opinion/nepal-introduction-individual-privacy-act-2018; ‘Introduction to the Privacy Act, 2018’, Neupane Law Associates, February 18, 2019, https://www.neupanelegal.com/news-detail/introduction-to-the-privacy-act-2018.html; Binod Ghimire, ‘15 Things in the New National Law Every Nepali Should Know about’, The Kathmandu Post, August 17, 2018, https://kathmandupost.com/national/2018/08/17/15-things-in-the-new-national-law-every-nepali-should-know-about.
92 Ibid.
93 Ibid.
94 Article 14(1) of the Constitution of the Islamic Republic of Pakistan, 1973.
95 Article 8 of the Constitution of the Islamic Republic of Pakistan, 1973.
96 Article 8(3) of the Constitution of the Islamic Republic of Pakistan, 1973.
97 ‘A Data Protection Law in Pakistan: Policy Recommendations by Digital Rights Foundation’ (Digital Rights Foundation, n.d.), 4, https://digitalrightsfoundation.pk/wp-content/uploads/2017/10/Policy-Brief-for-MOIT.pdf.
98 M. D. Tahir v. State Bank, 2004 CLC 1680 (Lahore High Court).
99 Staff Reporter, ‘Detailed Order in SPB Case’, Dawn, June 29, 2005, https://www.dawn.com/news/145614.
100 Ibid.
101 ‘State of Privacy Pakistan’ (Privacy International, January 2019), https://privacyinternational.org/state-privacy/1008/state-privacy-pakistan.
102 Government of Pakistan, Ministry of Information and Technology, ‘Digital Pakistan Policy 2017’, http://digitalrightsmonitor.pk/wp-content/uploads/2017/10/Digital-Pakistan-Policy-2017.pdf.
103 Jessica Fjeld, ‘Clinic Supports Pakistani NGO in Shaping New Data Protection Bill’, CyberLaw Clinic | Berkman Klein Center for Internet & Society (blog), July 13, 2018, https://clinic.cyber.harvard.edu/2018/07/13/clinic-supports-pakistani-ngo-in-shaping-new-data-protection-bill/.
104 Ibid.
105 Section 2(g) of the Personal Data Protection Bill, 2018 (Pakistan).
106 Ibid.
107 Section 2(n) of the Personal Data Protection Bill, 2018 (Pakistan).
108 Section 2(f) of the Personal Data Protection Bill, 2018 (Pakistan).
109 Section 2(d) of the Personal Data Protection Bill, 2018 (Pakistan).
110 Section 2(e) of the Personal Data Protection Bill, 2018 (Pakistan).
111 Section 3(5)(c) of the Personal Data Protection Bill, 2018 (Pakistan).
112 Ibid.
113 Ibid.
114 Section 5(1) of the Personal Data Protection Bill, 2018 (Pakistan).
115 Section 5(3) of the Personal Data Protection Bill, 2018 (Pakistan).
116 Section 5(2) of the Personal Data Protection Bill, 2018 (Pakistan).
117 Section 5(2)(d) of the Personal Data Protection Bill, 2018 (Pakistan).
118 Section 2(o) of the Personal Data Protection Bill, 2018 (Pakistan).
119 Section 7 of the Personal Data Protection Bill, 2018 (Pakistan).
120 Section 9 of the Personal Data Protection Bill, 2018 (Pakistan).
121 Section 10 of the Personal Data Protection Bill, 2018 (Pakistan).
122 Section 6 of the Personal Data Protection Bill, 2018 (Pakistan).
123 Section 22 of the Personal Data Protection Bill, 2018 (Pakistan).
124 Section 12 of the Personal Data Protection Bill, 2018 (Pakistan).
125 Section 13 of the Personal Data Protection Bill, 2018 (Pakistan).
126 Section 14 of the Personal Data Protection Bill, 2018 (Pakistan).
127 Section 17 of the Personal Data Protection Bill, 2018 (Pakistan).
128 Section 21 of the Personal Data Protection Bill, 2018 (Pakistan).
129 Section 25 of the Personal Data Protection Bill, 2018 (Pakistan).
130 Section 23 of the Personal Data Protection Bill, 2018 (Pakistan).
131 Section 20 of the Personal Data Protection Bill, 2018 (Indian).
132 Section 28(2)(a)(i) of the Personal Data Protection Bill, 2018 (Pakistan).
133 Section 28(2)(a)(ii) of the Personal Data Protection Bill, 2018 (Pakistan).
134 Section 28(e) of the Personal Data Protection Bill, 2018 (Pakistan).
135 Section 29 of the Personal Data Protection Bill, 2018 (Pakistan).
136 Section 30 of the Personal Data Protection Bill, 2018 (Pakistan); Section 31 of the Personal Data Protection Bill, 2018 (Pakistan).
137 Section 35 of the Personal Data Protection Bill, 2018 (Pakistan).
138 Section 36 of the Personal Data Protection Bill, 2018 (Pakistan).
139 Section 37 of the Personal Data Protection Bill, 2018 (Pakistan).
140 Staff Reporter, ‘Lahore Police Makes Hotel Eye Software Compulsory for All the Hotels’, More, September 10, 2016, https://www.morenews.pk/lahore-police-makes-hotel-eye-software-compulsory-hotels/.
141 ‘State of Privacy Pakistan’.
142 Preamble of the Pakistan Telecommunication (Re-organization) Act, 1996.
143 Section 54 of the Pakistan Telecommunication (Re-organization) Act, 1996.
144 Section 57(2)(ah) of the Pakistan Telecommunication (Re-organization) Act, 1996.
145 Staff Reporter, ‘Govt Asks Telecom Firms to Check Use of Encrypted VPN’, Dawn, September 5, 2011, https://www.dawn.com/news/656853/govt-asks-telecom-firms-to-check-use-of-encrypted-vpn.
146 Section 22 of the Investigation for Fair Trial Act, 2013 (Pakistan); Section 23 of the Investigation for Fair Trial Act, 2013 (Pakistan).
147 Section 16 of the Investigation for Fair Trial Act, 2013 (Pakistan).
148 Ibid.
149 Section 6 of the Investigation for a Fair Trial Act, 2013 (Pakistan).
150 Section 8 of the Investigation for a Fair Trial Act, 2013 (Pakistan).
151 Staff Reporter, ‘Fair Trial Act Signed into Law’, Dawn, February 20, 2013, https://www.dawn.com/news/787426.
152 Section 31 of the Prevention of Electronic Crimes Act, 2016 (Pakistan).
153 Section 33 of the Prevention of Electronic Crimes Act, 2016 (Pakistan).
154 Section 34 of the Prevention of Electronic Crimes Act, 2016 (Pakistan).
155 Section 37 of the Prevention of Electronic Crimes Act, 2016 (Pakistan).
156 Section 39 of the Prevention of Electronic Crimes Act, 2016 (Pakistan).
157 Section 42 of the Prevention of Electronic Crimes Act, 2016 (Pakistan).
158 ‘State of Privacy Pakistan’.
159 Ibid.
160 ‘Tipping the Scales: Security & Surveillance in Pakistan’, Special Report (Privacy International, July 2015), 6, https://privacyinternational.org/sites/default/files/201808/PAKISTAN%20REPORT%20HIGH%20RES%2020150721_0.pdf.
161 Glen Greenwald and Ewen MacAskill, ‘Boundless Informant: The NSA’s Secret Tool to Track Global Surveillance Data’, The Guardian, June 11, 2013, https://www.theguardian.com/world/2013/jun/08/nsa-boundless-informant-global-datamining.
162 ‘Tipping the Scales: Security & Surveillance in Pakistan’, 6.
163 ‘Country Report: Right to Information in Pakistan’ (Article 19, November 13, 2015), https://www.article19.org/resources/country-report-the-right-to-information-in-pakistan/.
164 Section 17 of the Freedom of Information Ordinance, 2002 (Pakistan).
165 Section 8(g) of the Freedom of Information Ordinance, 2002 (Pakistan).
166 Section 8(h) of the Freedom of Information Ordinance, 2002 (Pakistan).
167 Section 3 of the Electronic Transactions Ordinance, 2002 (Pakistan).
168 Section 21 of the Electronic Transactions Ordinance, 2002 (Pakistan).
169 Article 14(1)(a) of the Constitution of the Democratic Socialist Republic of Sri Lanka (as amended up to 2015).
170 Sinha Ratnatunga v. The State, [2001] 2 SLR 172 (Supreme Court of Sri Lanka).
171 Ibid, 212.
172 Ibid, 213.
173 Althaf Marsoof, ‘The Right to Privacy in the Information Era: A South Asian Perspective’, Scripted 5, no. 3 (December 2008): 559, https://script-ed.org/wp-content/uploads/2016/07/5-3-Marsoof.pdf.
174 Greenleaf, ‘Privacy in the Other Seven South Asian (SAARC) States’, 15.
175 Government of Sri Lanka, Ministry of Digital Infrastructure and Information Technology, ‘Data Protection Legislation finalized by Ministry of Digital Infrastructure and Information Technology’, Media Release, September 24, 2019, http://www.mdiit.gov.lk/index.php/en/news-and-eventss.
176 Ibid.
177 Section 46 of the Personal Data Protection Bill 2019 (Sri Lanka).
178 Ibid.
179 See note 159 above.
180 Section 5 of the Personal Data Protection Bill 2019 (Sri Lanka).
181 Section 6 of the Personal Data Protection Bill 2019 (Sri Lanka).
182 Section 9 of the Personal Data Protection Bill 2019 (Sri Lanka).
183 Section 13 of the Personal Data Protection Bill 2019 (Sri Lanka).
184 Section 14 of the Personal Data Protection Bill 2019 (Sri Lanka).
185 Section 15 of the Personal Data Protection Bill 2019 (Sri Lanka).
186 Section 16 of the Personal Data Protection Bill 2019 (Sri Lanka).
187 Section 23 of the Personal Data Protection Bill 2019 (Sri Lanka).
188 Section 27 of the Personal Data Protection Bill 2019 (Sri Lanka).
189 Section 26(1) of the Personal Data Protection Bill 2019 (Sri Lanka).
190 Sections 26(2),(3),(4), and (5) of the Personal Data Protection Bill 2019 (Sri Lanka).
191 Section 18(1) of the Computer Crimes Act No. 24 of 2007 (Sri Lanka).
192 Ibid.
193 Section 18(2) of the Computer Crimes Act No. 24 of 2007 (Sri Lanka).
194 Section 24(2) of the Computer Crimes Act No. 24 of 2007 (Sri Lanka).
195 Section 19 of the Computer Crimes Act No. 24 of 2007 (Sri Lanka).
196 Section 52 of the Sri Lanka Telecommunications Act, 1991.
197 Section 53 of the Sri Lanka Telecommunications Act, 1996.
198 Section 54 of the Sri Lanka Telecommunications Act, 1996.
199 Section 61 of the Sri Lanka Telecommunications Act, 1996.
200 Section 3(1)(b) of the Payment Devices Frauds Act, 2006 (Sri Lanka).
201 Section 3(1)(c) of the Payment Devices Frauds Act, 2006 (Sri Lanka).
202 Section 8(4)(c) of the Payment Devices Frauds Act, 2006 (Sri Lanka).
203 Section 8(4)(d) of the Payment Devices Frauds Act, 2006 (Sri Lanka).
204 Article 14A of the Constitution of the Democratic Socialist Republic of Sri Lanka (as amended up to 2015).
205 Ibid.
206 Right to Information Act No. 12 of 2016 (Sri Lanka).
207 Section 5(1)(a) of the Right to Information Act No. 12 of 2016 (Sri Lanka).
208 Section 5(1)(e) of the Right to Information Act No. 12 of 2016 (Sri Lanka).
209 Section 5(1)(g) of the Right to Information Act No. 12 of 2016 (Sri Lanka).
210 Section 5(1)(j) of the Right to Information Act No. 12 of 2016 (Sri Lanka).
211 Section 39 of the Right to Information Act No. 12 of 2016 (Sri Lanka).
212 Section 43 of the Right to Information Act No. 12 of 2016 (Sri Lanka).
213 Section 11 of the Right to Information Act No. 12 of 2016 (Sri Lanka); Section 14 of the Right to Information Act No. 12 of 2016 (Sri Lanka).
214 Section 2 of the Information and Communication Technology Act, 2003 (Sri Lanka).
215 Section 6 of the Information and Communication Technology Act, 2003 (Sri Lanka).
216 Section 2 of the Electronic Transactions Act No. 19 of 2006 (Sri Lanka).
217 Section 21 of the Electronic Transactions Act No. 19 of 2006 (Sri Lanka); Section 22 of the Electronic Transactions Act No. 19 of 2006 (Sri Lanka).
218 Section 4 of the Cyber Security Bill 2019 (Sri Lanka).
219 Section 3 of the Cyber Security Bill 2019 (Sri Lanka).
220 Section 18 of the Cyber Security Bill 2019 (Sri Lanka); Section 19 of the Cyber Security Bill 2019 (Sri Lanka).
221 First Amendment to the Constitution of the United States, 1787.
222 MP Sharma and Others v. Satish Chandra, 1954 AIR 300 (Supreme Court of India).
223 Ibid.
224 Kharak Singh v. State of Uttar Pradesh, 1964 SCR (1) 332 (Supreme Court of India)
225 Ibid.
226 Centre for Communication Governance, ‘The Indian Supreme Court on the Right to Privacy: 63 Years of Progress’, The CCG Blog (blog), August 13, 2017, https://ccgnludelhi.wordpress.com/2017/08/13/h/.
227 Govind v. State of Madhya Pradesh, 1975 AIR 1378 (Supreme Court of India).
228 R. Rajagopal v. State of Tamil Nadu, 1995 AIR 264 (Supreme Court of India).
229 People’s Union for Civil Liberties v. Union of India, AIR 1997 SC 568 (Supreme Court of India).
230 Ibid.
231 Selvi v. State of Karnataka, AIR 2010 SC 1974 (Supreme Court of India).
232 Ibid.
233 Centre for Communication Governance, ‘CCG on the Privacy Judgment’, The CCG Blog (blog), September 11, 2017, https://ccgnludelhi.wordpress.com/2017/09/11/ccg-on-the-privacy-judgment/.
234 The Supreme Court of India typically sits in benches of two or three judges to hear matters. When issues of constitutional importance are raised, a constitutional bench i.e. a bench of a minimum of five judges is set up to hear the matter. In this case, a nine judge bench decided on the question of whether the right to privacy is a fundamental right, the largest bench ever to decide on this subject. The nine judges in this case despite concurring with each other, authored several separate opinions.
235 Justice K.S. Puttaswamy and Ors. vs. Union of India and Ors., (2017) 10 SCC 1 (Supreme Court of India).
236 Ibid., 291.
237 The SCOI in Puttaswamy I only partially overruled the MP Sharma and Kharak Singh cases to the extent they ruled that privacy was not a fundamental right under the Indian Constititution.
238 Justice K.S. Puttaswamy and Ors. vs. Union of India and Ors., (2017) 10 SCC 1 (Supreme Court of India).
239 Resolution adopted by the United Nations General Assembly in the 51st session (1996–1997), UN Doc. NO. A/RES/51/162, Model Law on Electronic Commerce adopted by the United Nations Commission on International Trade Law.
240 Preamble, Information and Technology Act, 2000 (India).
241 The term ‘body corporate’ has been defined in Section 43A of the Information Technology Act, 2000, to mean a company and to include firms, sole proprietorships or other associations of individuals engaged in commercial or professional activities.
242 Rule 2(1)(i) of the Information Technology (Reasonable security practices and procedures and sensitive personal data or information) Rules, 2011.
243 Rule 3 of the Information Technology (Reasonable security practices and procedures and sensitive personal data or information) Rules, 2011.
244 Under the Information Technology (Reasonable security practices and procedures and sensitive personal data or information) Rules, 2011, certain provisions are applicable to personal information and some to SPDI. However, a clarification to the rules was issued by the State in 2011 itself, to iron out some of the issues raised in relation to compliance with these rules. This clarification provides that the rules will be applicable in relation to SPDI only. The validity of the clarification itself is in doubt, and therefore there is still some confusion on the correct applicability of the rules. For a discussion on this issue, see Smitha Krishna Prasad, ‘(Draft) Paper on Information Technology Act, 2000 and the Data Protection Rules’, SSRN Scholarly Paper (Rochester, NY: Social Science Research Network, December 30, 2017), https://papers.ssrn.com/abstract=3094792.
245 Rule 5(5) of the Information Technology (Reasonable security practices and procedures and sensitive personal data or information) Rules, 2011.
246 Rule 5(4) of the Information Technology (Reasonable security practices and procedures and sensitive personal data or information) Rules, 2011.
247 Rule 5(9) of the Information Technology (Reasonable security practices and procedures and sensitive personal data or information) Rules, 2011.
248 Rule 5(8) and 8 of the Information Technology (Reasonable security practices and procedures and sensitive personal data or information) Rules, 2011.
249 See Krishna Prasad, ‘(Draft) Paper on Information Technology Act, 2000 and the Data Protection Rules’.
250 Government of India, Planning Commission, ‘Report of the Group of Experts on Privacy’, December 29, 2017 http://planningcommission.nic.in/reports/genrep/rep_privacy.pdf.
251 Government of India, Planning Commission, Report of the Group of Experts on Privacy (Chaired by Justice AP Shah, Former Chief Justice, Delhi High Court), October 16, 2012, https://www.dsci.in/sites/default/files/documents/resource_centre/Report%20of%20the%20Group%20of%20Experts%20on%20Privacy%20constituted%20by%20Planning%20Commission%20of%20India.pdf.
252 Staff Reporter, ‘Justice Srikrishna Committee Submits Report on Data Protection. Here're its Top 10 Suggestions’, Economic Times, July 28, 2018, https://economictimes.indiatimes.com/news/politics-and-nation/justice-bn-srikrishna-committee-submits-report-on-data-protection-herere-the-highlights/articleshow/65164663.cms?from=mdr.
253 Trisha Jalan, ‘BJP's Meenakshi Lekhi appointed chair of Joint Committee for Personal Data Protection Bill’, MediaNama, December 13, 2019, https://www.medianama.com/2019/12/223-personal-data-protection-bill-joint-committee-members-rs-prasad/.
254 Clause 2 of the Personal Data Protection Bill, 2019 (Indian).
255 Clause 3(36) of the Personal Data Protection Bill, 2019 (Indian).
256 Clause 33(2) of the Personal Data Protection Bill, 2019 (Indian).
257 Chapters II, III, IV, V and VI of the Personal Data Protection Bill, 2019 (Indian).
258 Section 27 of the Personal Data Protection Bill, 2019 (Indian); Section 29 of the Personal Data Protection Bill, 2019 (Indian).
259 Clause 41 of the Personal Data Protection Bill, 2019 (Indian); Clause 49 of the Personal Data Protection Bill, 2019 (Indian).
260 Clause 35 of the Personal Data Protection Bill, 2019 (Indian); Clause 36 of the Personal Data Protection Bill, 2019 (Indian).
261 Clause 50 of the Personal Data Protection Bill, 2018 (Indian).
262 The Competition Act, 2002, s 9; The Lokpal and Lokayuktas Act, 2013, s. 4.
263 National Securities Depository Limited v. Securities and Exchange Board of India, (2017) 5 SCC 517.
264 Rojer Mathew v. South Bank India Ltd. & Ors, 2019 (15) SCALE 615.
265 Section 5(2) of the Indian Telegraph Act, 1885 (Indian).
266 PUCL v. Union of India (1997) 1 SCC 301 (Supreme Court of India); Chinmayi Arun, ‘Paper-thin Safeguards and Mass Surveillance in India’, National Law School of India Review 26 (2014): 105.
267 Section 69 of the Information Technology Act, 2000 (Indian).
268 Chaitanya Ramachandran, ‘PUCL v. Union of India Revisited: Why India’s Surveillance Law Must be Revised for the Digital Age’, NUJS Law Review 7, no. 2 (2014): 105.
269 See Arun, ‘Paper-thin Safeguards and Mass Surveillance in India’.
270 See Ibid.
271 Rishab Bailey et al., ‘Use of Personal Data by Intelligence and Law Enforcement Agencies’, Data Governance Network, August 1, 2018, http://datagovernance.org/files/research/BBPR2018-Use-of-personal-data.pdf.
272 Justice K.S. Puttaswamy and Ors. vs. Union of India and Ors., (2017) 10 SCC 1 (Supreme Court of India).
273 For a detailed examination of these tests, see Amber Sinha, Nehaa Chaudhari, and Smitha Krishna Prasad, ‘Reading “Necessity” in India’s New Data Protection Bill’, Digital Debates CyFy Journal, GP-ORF Series 5 (2018): 112, https://www.orfonline.org/wp-content/uploads/2018/10/Digital-Debates-Journal_v13.pdf.
274 Chinmayi Arun, ‘Three Problems with India’s Draft Data Protection Bill’, Council on Foreign Relations (blog), October 3, 2018, https://www.cfr.org/blog/three-problems-indias-draft-data-protection-bill; Aditi Agrawal, ‘Government’s Approach to Data is Dangerous, says Justice Srikrishna’, MediaNama, August 27, 2019, https://www.medianama.com/2019/08/223-srikrishna-on-privacy-data-collection-aadhaar/.
275 Clause 42 of the Personal Data Protection Bill 2018 (Indian).
276 Clause 43 of the Personal Data Protection Bill 2018 (Indian).
277 Clause 40 of the Personal Data Protection Bill, 2018 (Indian). See also Yuthika Bharagav, ‘Experts Pick Holes in Data Protection Bill’, The Hindu, July 28, 2018, https://www.thehindu.com/news/national/experts-pick-holes-in-data-protection-bill/article24542431.ece.
278 Clause 35 of the Personal Data Protection Bill 2019 (Indian).
279 Clause 42 of the Personal Data Protection Bill 2019 (Indian).
280 Internet Freedom Foundation v. Union of India, Writ Petition (C) No. 46/2019; also see https://internetfreedom.in/supreme-court-issues-notice-on-iffs-petition-for-survelliance-reform-saveourprivacy/.
281 Asmita Nandy, ‘Govt Knew NSO, Other Spyware Firms Operated in India: Ex-home Secy’, The Quint, November 1, 2019, https://www.thequint.com/news/india/whatsapp-pegasus-nso-spyware-former-home-secretary-gk-pillai.
282 Central Public Information Officer, Supreme Court of India v. Subhash Chandra Agarwal, 2019 Indlaw SC 1114.
283 Ibid.
284 Navtej Singh Johar v. Union of India 2018 (10) SCALE 386 (Supreme Court of India).
285 M.B. Subba, ‘BICMA Act 2006 to be Scrapped’, KUENSEL, November 19, 2016, https://kuenselonline.com/bicma-act-2006-to-be-scrapped/.
286 Graham Greenleaf, ‘Privacy in South Asian (SAARC) States: Reasons for Optimism’, Privacy Laws & Business International Report (2017): 3.
287 Section 464(76) of the Information, Communications and Media Act of Bhutan 2018. Section 464(89) of the of the Information, Communications and Media Act of Bhutan 2018 also defines sensitive personal data or information.
288 Section 179 of the Information, Communications and Media Act of Bhutan 2018.
289 Section 271 of the Information, Communications and Media Act of Bhutan 2018.
290 Section 376 of the Information, Communications and Media Act of Bhutan 2018.
291 Section 379 of the Information, Communications and Media Act of Bhutan 2018.
292 Article 24, Constitution of Maldives.
293 Greenleaf, p. 18 of 33.
294 Article 16(d) of the Constitution of Maldives.
295 Article 16(a) of the Constitution of Maldives.
296 See Greenleaf, 266 and Greenleaf, 70.
297 Article 37, Constitution of the Islamic Republic of Afghanistan (2004).
298 Ibid.
299 Ibid.
300 ‘Electronic Frontier Foundation’, Mandatory National IDs and Biometric Databases, n.d., https://www.eff.org/issues/national-ids.
301 ‘World Stumbling Zombie-like into a Digital Welfare Dystopia, Warns UN Human Rights Expert’, United Nations Human Rights Office of the High Commissioner, October 17, 2019, https://www.ohchr.org/EN/NewsEvents/Pages/DisplayNews.aspx?NewsID=25156.
302 16.9, Global indicator framework for the Sustainable Development Goals and targets of the 2030 Agenda for Sustainable Development, https://unstats.un.org/sdgs/indicators/Global%20Indicator%20Framework%20after%202019%20refinement_Eng.pdf.
303 Government of India, Planning Commission, Gazette Notification No. A-4301/02/2009-Admn.I, January 28, 2009, https://uidai.gov.in/images/notification_28_jan_2009.pdf.
304 The Aadhaar (Targeted Delivery Of Financial And Other Subsidies, Benefits And Services) Act, 2016.
305 Ibid.
306 PUCL Vs Union of India.
307 Ibid,
308 Section 14 of the Aadhaar and Other Laws (Amendment) Act, 2019 (Indian).
309 See note 252 above; also see Gopal Sathe, ‘What is the Aadhaar Judgment of the Supreme Court About?’ HuffPost, September 25, 2018, https://www.huffingtonpost.in/2018/09/25/what-is-the-aadhaar-judgement-of-the-supreme-court-about_a_23538865/.
310 ‘The Right to Privacy in the Islamic Republic of Pakistan’, Stakeholder Report (Privacy International, March 2017), 9, https://privacyinternational.org/sites/default/files/2017-11/UPR28_Pakistan.pdf.
311 Section 10 the National Database and Registration Authority Ordinance, 2000 (Pakistan).
312 Section 9 of the National Database and Registration Authority Ordinance, 2000 (Pakistan).
313 Section 19 of the National Database and Registration Authority Ordinance, 2000 (Pakistan); Responses to Information Requests, Immigration and Refugee Board of Canada, https://www.justice.gov/eoir/page/file/1130671/download.
314 Section 7(1)(a) of the National Database and Registration Authority Ordinance, 2000 (Pakistan).
315 Section 7(1)(b) of the National Database and Registration Authority Ordinance, 2000 (Pakistan).
316 Section 7(1)(c) of the National Database and Registration Authority Ordinance, 2000 (Pakistan).
317 Section 7(1)(i) of the National Database and Registration Authority Ordinance, 2000 (Pakistan).
318 Section 22 of the National Database and Registration Authority Ordinance, 2000 (Pakistan).
319 Staff Reporter, ‘NADRA’s innovative services’, The News, April 8, 2019, https://www.thenews.com.pk/print/455030-nadra-s-innovative-services.
320 Section 7(1)(j) of the National Database and Registration Authority Ordinance, 2000 (Pakistan).
321 Zainab Durrani, ‘DRF Condemns yet Another Breach of NADRA Database and Demands Strong Data Protection Legislation’, Digital Rights Foundation (blog), May 28, 2018, https://digitalrightsfoundation.pk/drf-condemns-yet-another-breach-of-nadra-database-and-demands-strong-data-protection-legislation/.
322 Ibid.
323 Staff Reporter, ‘Nadra Wins Sri Lanka ID Card Project’, The Nation, November 9, 2013, https://nation.com.pk.
324 Ibid.
325 Government of Sri Lanka, Department for Registration of Persons, https://www.drp.gov.lk/Templates/eNIC.english.Department-for-Registration-of-Persons.html.
326 Section 39A of the Registration of Persons Act, 1968 (Sri Lanka).
327 M. Ratnasabapathy, ‘Central Database for Citizen Information’, Daily News, November 1, 2018, https://www.dailynews.lk/2018/11/01/features/167152/central-database-citizen-information.
328 Staff Reporter, ‘Bangladesh Introduces “Smart” National Identity Cards’, GlobalVoicesAdvox, October 7, 2016, https://advox.globalvoices.org/2016/10/07/bangladesh-introduces-smart-national-identity-cards/.
329 ‘Review of National Identity Programs’, Focus Group Technical Report (International Telecommunication union, May 2016), https://www.itu.int/en/ITU-T/focusgroups/dfs/Documents/09_2016/Review%20of%20National%20Identity%20Programs.pdf.
330 Staff Reporter, ‘Bill Related to National ID Endorsed’, The Himalayan Times, August 28, 2019, https://thehimalayantimes.com/kathmandu/bill-related-to-national-id-card-endorsed/.
331 Ibid.
332 Indu Nepal, ‘ID-ing Nepal’, Nepali Times, April 2010, http://archive.nepalitimes.com/news.php?id=17017#.Xh7hWi2B0dU.
333 See note 18 above.
334 See note 18 above.
335 Alex Perala, ‘Maldives’ New Biometric ID Combines Passport, Driver License, Payment Card, and More’, FindBiometrics, October 12, 2017, https://findbiometrics.com/maldives-biometric-id-410121/.
336 Thad Rueter, ‘The Maldives Digital ID Drives Multi-application to the Next Level’, SecureID News, November 13, 2017, https://www.secureidnews.com/news-item/maldives-digital-id-drives-multi-application-next-level/.
337 Alex Perala, ‘Maldives’ New Biometric ID Combines Passport, Driver License, Payment Card, and More’, FindBiometrics, October 12, 2017, https://findbiometrics.com/maldives-biometric-id-410121/.
338 See note 18 above; Frud Bezhan, ‘Controversial ID Cards Expose Ethnic Divisions In Afghanistan’, Radio Free Europe Radio Liberty, December 18, 2013, https://www.rferl.org/a/afghanistan-id-cards-ethnic-divisions/25205181.html.
339 Sayed Salahuddin and Pamela Constable, ‘Afghanistan’s New National ID Card has Finally Debuted, and it’s Already Plagued by Problems’, The Washington Post, May 4, 2018, https://www.washingtonpost.com/world/asia_pacific/afghanistans-new-national-id-card-has-finally-debuted-and-its-already-plagued-by-problems/2018/05/03/b9449ba4-4ee8-11e8-85c1-9326c4511033_story.html.
340 ‘Literacy Rates Rise ffffrom One Generation to Next, But Challenges Remain in Region’, UNESCO, September 8, 2017, https://bangkok.unesco.org/content/literacy-rates-rise-one-generation-next-challenges-remain-region.
341 Government of Sri Lanka, Ministry of Digital Infrastructure and Information Technology (MDIIT), ‘Draft National Digital Policy for Sri Lanka 2020–2025’, http://www.mdiit.gov.lk/index.php/en/component/jdownloads/send/6-legislation/76-national-digital-policy.
342 Government of Pakistan, Ministry of Information and Technology, ‘Digital Pakistan Policy 2017’, http://digitalrightsmonitor.pk/wp-content/uploads/2017/10/Digital-Pakistan-Policy-2017.pdf.
343 Neha Alawadhi and Karan Choudhury, ‘Economic Survey Suggests Govt Can Monetise Citizen's Data as A Public Good’, Business Standard, July 4, 2019, https://www.business-standard.com/article/economy-policy/economic-survey-suggests-govt-can-monetise-citizen-s-data-as-a-public-good-119070401558_1.html.
344 Government of India, Ministry of Electronics and Information Technology, ‘A Free and Fair Digital Economy, Protecting Privacy, Empowering Indians (Committee of Experts under the Chairmanship of Justice B.N. Srikrishna)’, https://meity.gov.in/writereaddata/files/Data_Protection_Committee_Report.pdf.