NEW RELEASE

PRIVACY CONCERNS AROUND THE CRIMINAL PROCEDURE (IDENTIFICATION) BILL, 2022

PRIVACY CONCERNS AROUND THE CRIMINAL PROCEDURE (IDENTIFICATION) BILL, 2022

Article by Tsaaro

7 min read

Table of Contents

PRIVACY CONCERNS AROUND THE CRIMINAL PROCEDURE (IDENTIFICATION) BILL, 2022

INTRODUCTION

Recently, the Criminal Procedure (Identification) Bill, 2022 (hereinafter “the Bill”), received a nod from both houses of the Indian Parliament. The Bill has repealed the Identification of Prisoners Act, 1920, which argued: “has become obsolete from the point of view of time and science”. The present Bill seeks to make criminal investigation “easier” and “increase conviction rates.”

Prominently, the Bill modifies the definition of “measurement” to allow the collection of photographs, palm-print impressions, retina scans, iris scans, and biological samples. Also, allows the analysis of biological samples, and the behavioral attributes such as handwriting and signatures. Furthermore, enlarges the scope for the persons from whom such data may be collected and the authority that may authorize such collection. Notably, it also provides for the store of data in NCRB’s database and can be stored for at least 75 years.

Analyzing the changes introduced in the bill, the present blog argues that the massive collection of “identifiable information” and the widened scope of “persons” fails the proportionality test. Consequently, the bill stands in violation of the right to privacy recognized in K.S. Puttaswamy v. Union of India (I).

THE CRIMINAL PROCEDURE (IDENTIFICATION) BILL, 2022

A TIMELINE

The Identification of Prisoners Act, 1920 allowed police officers to collect certain identifiable information (fingerprints and footprints) of persons including convicts and arrested persons. Also, a Magistrate may order measurements or photographs of a person to be taken to aid the investigation of an offense.  In case of acquittal or discharge of the person, all material must be destroyed.

  • In 1980, the Law Commission of India, while examining the 1920 Act, noted the need to revise it to bring it in line with modern trends in criminal investigation.
  • The Expert Committee on Reforms of the Criminal Justice System (Chaired by Dr. Justice V. S. Malimath) in March 2003, recommended amending the 1920 Act to empower the Magistrate to authorize the collection of data such as blood samples for DNA, hair, saliva, and semen.

BONE OF CONTENTION

The Bill expands the “set of persons” whose data may be collected to include persons convicted or arrested for any offense. In other words, data can be collected not just from convicted persons but also from persons arrested for any offense and from any other person to aid an investigation. For example, this would include someone arrested for rash and negligent driving, which carries a penalty of a maximum imprisonment of six months. Additionally, it also expands the power of the Magistrate to order collection from any person (earlier only from those arrested) to aid the investigation. Notably, this differs from the observation of the Law Commission (1980) that the 1920 Act is based on the principle that the less serious the offense, the more restricted should be the power to take coercive measures.

The major bone of contention in the Bill is the use of the term ‘measurement’ which is not limited to measurement but also the ‘analysis’ of the data collected. The Bill redefines ‘measurements’ to allow the police to take iris and retina scans, photographs, finger impressions, palm-print impressions, footprint impressions, behavioral attributes (signature, handwriting, and could include voice samples), physical and biological samples (not defined but could include blood, semen, saliva, etc.), and their analysis. Refusal to provide these measurements would be considered an offense under Section 186 (obstructing public servant in discharge of public functions) of the Indian Penal Code (IPC). Also, this can result in the conviction of people who are not the real culprits, as their biometric details can be misused. It is argued that this will lead to mass surveillance and an increase in bias towards a certain group of individuals.

The data collected does not need to have any relationship with the evidence required for the case. The Bill does not limit the measurements to those required for a specific investigation. For example, it permits taking the handwriting specimen of a person arrested for rash and negligent driving and also does not specifically prohibit taking DNA samples (which may contain information other than just for determining identity). Importantly, under Section 53 of the Code of Criminal Procedure, 1973, the collection of biological samples and their analysis may be done only if “there are reasonable grounds for believing that such examination will afford evidence as to the commission of an offence”.

The data is stored in a central database which can be accessed widely and not just in the case file. The National Crime Records Bureau of India (NCRB) will be in charge of storing and preserving the data, as well as sharing, disseminating, destroying, and disposing of records. Such information can be stored for at least 75 years (effectively, for life) in the NCRB’s database. The data would be deleted only on the final acquittal or discharge of a person arrested for an offense. Thus, it can lead to surveillance by the State of the Individual.

PRIVACY CONCERNS

The Constitution strives for the creation of a state where the interest of an individual with that of the state remains balanced. The loosely drafted provisions empower the state to exercise its discretionary power, and in turn violate the fundamental rights of the individual. Contextually, under the pretext of expanding the scope of the investigation, the Bill appears to encroach upon privacy, a fundamental right enshrined under Article 21 of the Indian Constitution.

PROPORTIONALITY TEST

Any law which restricts a fundamental right would need to pass the test of necessity and the doctrine of proportionality. The test stipulates that there must be a necessary state purpose linked to the proportionate invasion of an individual’s right. As elaborated going further, the Bill amounts to an infringement of the informational privacy of persons it covers; and, to be constitutional, it must satisfy the fourfold requirement of the doctrine of proportionality laid down in Justice KS Puttaswamy v Union of India (I).

  1. Legitimate aim:

The aim is achieved by ensuring that the goal is ‘of sufficient importance to warrant overriding a constitutionally protected right or freedom.’ While the Bill has the legitimate aim of improving the detection, investigation, and prevention of crimes, it fails to satisfy the other three prongs of proportionality.

  1. Suitability:

It implies a rational connection between means and ends. There is no demonstrated rational nexus between the increased likelihood of future or past offending and the class of persons included in the Bill (convicts of all offenses, detainees, arrestees, and those ordered to give security for maintaining peace and good behavior). Further, the bill (Clause 3&5) does not require that the measurements be taken from persons in circumstances that would show that such taking will aid in a specific investigative matter. Thus, given the lack of rational nexus between the provisions of the Bill and the legitimate aim advocated by it, the provisions of the Bill are not suitable for its legitimate aims.

  1. Necessity:

The necessity of means is judged; firstly, by identifying a range of possible alternatives to the measure employed by the State; Secondly, by examining the effectiveness of each of these measures in realizing the purpose in a ‘real and substantial manner;’ Thirdly, by examining the impact of each measure on the right at stake; and finally, by determining whether there exists a preferable alternative that realizes the aim in a real and substantial manner but is less intrusive on the right as compared to the State’s measure.

The Bill’s ‘coverage of persons who may be compelled to give measurements is overbroad’, as it covers persons without regard to the nature and severity of the offense and without regard to whether they are even persons of interest in an investigation. The Bill provides no timeframe for deletion of records of measurements for convicted persons, detainees, as well as those compelled (including juvenile offenders). Further, the Bill does not provide at all for the destruction of samples taken from any persons under the Bill, including for those who were arrested and subsequently acquitted. The Bill contains no procedural safeguards to minimize the infringement on the right to privacy, including specifying the purposes for which data may be used or shared, or the circumstances under which the Magistrate may decline the deletion of a person’s data. Together, these factors make the extent of infringement on privacy caused by the Bill unnecessary for achieving the State’s legitimate aim.

  1. Proportionality:

It implies conducting the ‘act of balancing’ based on some established rule or by creating a sound rule. The Bill provides for no purpose limitation, i.e., no indication of the purposes for which measurements and the records collected and stored can be used. Additionally, the Bill allows for the blanket collection, storage, processing, use, and sharing of measurements taken from convicts (possibly even ex-convicts), persons (Clause. 3 & 4) who have furnished security under Section 117 of the CrPC, been arrested for any offense, or detained under preventive detention laws. No deference has been kept to the severity of the offense, its nature, and whether the determination of guilt has taken place.

CONCLUSION

The Ministry of Digital Economy and Society has been preparing 29 laws linked with the PDPA over the past two years of the PDPA’s delay, with 10 being treated as a priority. The enforcement of the PDPA is scheduled to take place on 1st June 2022, while the Personal Data Protection Committee was finalized on 18th January 2022.

The Bill symbolizes a bona fide intention on the part of the government to confront the evasion of evidence in the age of technological advancement. However, in failing to sufficiently engage in informed deliberation and balancing the privacy rights of an individual, the government has grossly mischaracterized the response needed and the nature of the problem at hand.

If the government chooses to detract from the 1920 Bill, it must, at the very least, take action proportional to the aim of the Bill, particularly, it must pay due consideration to the potential invasion of privacy, and breach of data. Finally, it must ensure that its approach falls within statutory and constitutional bounds, lest it is exposed to wasteful and avoidable litigation.

Guidance towards a solution can be drawn from the recently presented The DNA Technology (Use and Application) Regulation Bill, 2019. The DNA bill provides an opportunity for the individuals to approach the government to remove their data from the data bank and, prescribes a guideline for the retention and removal of the data. Also, an arrested individual can exercise consent, before the collection of his bodily substance (except in the prescribed offenses) in accordance with the DNA bill. In case consent is not given, the investigating authority is mandated to approach a Magistrate and secure permission for the collection of bodily substances from the concerned person.

Leave a Reply

Your email address will not be published.

user

White Paper Personal Data Protection Law In this White Paper, we will enumerate and elucidate the various provisions of PDPL, …

user

In a world where data is the new oil, a threat to data is directly proportional to a threat to …

user

A moreprivate, open web accessible to everyone. IntroductionIn August 2019, Google announced a new initiative (known as Privacy Sandbox) to …

user

Introduction South Korea’s data protection watchdog recently imposed a hefty penalty on a startup for leaking a massive amount of …

user

DOMINOS INDIA DATA BREACH. Introduction Pizza delivery service Dominos India is the latest victim of a massive data breach that …

SHARE THIS POST

Would you like to read regular updates from Tsaaro.
Subscribe to our newsletter

Our Latest Blogs

Read what the latest hapennings in the cyber world are and learn what the
experts have to say about them