‘…there are no detailed guidelines and legislation for CCTV surveillance in India.’
This bothers me. At present, for example, I am sitting in a hospital that bans the use of mobile image recording devices (cameras) to purportedly protect patient privacy while themselves flooding almost every nook and cranny of their hospital with CCTV cameras. Their registration form, which is now in an app, requires as mandatory information about my addresses (physical and electronic), blood group, my father’s name, my PAN and Aadhaar, my income, a photo, details of vehicles owned, if I am employed, and if so, where and for how long, and many other details that are, while being publicly accessible to others (because I share them myself on my blogs and social media), completely unnecessary for my hospital to know as a matter of registration.
I do not know how these records are stored, who has access to them, and whether this access is need-based. I do not know if this is covered in the doctor-patient privilege or if this falls out of its ambit, if this is part of the hospital’s privacy policy, if they have an alternate system to register me if I refuse to give unnecessary information, or if they are allowed to deny me services because I refused to part with my income details, as an example.
And this is not limited to this hospital. Hundreds of businesses I deal with, housing societies I visit, clubs I frequent, offices I meet my professional contacts in, hotels & restaurants I patronise, galleries & museums I go to, along with thousands of road crossings and red lights, have my images. Many have my signature, and some even my thumbprint. Quite a few have my personal details, where I go, who I meet, how I am dressed, what I eat/drink, how much I spend, what I buy, which times I am in which places, and so on. Very few need this information, even on a short-term basis. And even fewer need this information on an ongoing basis. I doubt literally any one of these has a proper privacy protection policy or secure methods of storage and retrieval, or even authorisation processes for accessing it. I am more or less sure a dangerously large proportion of that data is in China, floating around looking for buyers online, in criminal hands, and/or simply lost or forgotten.
What recourse do I have if I do not consent to having my privacy intruded? How can I get my data (particularly that which has no further utility to the purpose for which I had shared it) erased? I do not think the ‘Right to be forgotten’ that’s being discussed right now in India covers this. Nor does the wishy-washy Right to Privacy under Article 21. We need to look at a thorough, detailed, and exhaustive law to cover all aspects of this (RtP), dip into the best practices from across the world, create a public discussion around it, vet it from legal experts, pass it through Parliament, and sensitise our law & order mechanism as well as corporate suits to implement this. Are we doing anything like that? Nopes.
Does this not worry anyone at all? Does it not worry the opposition? Even the bureaucracy? The corporate world? The press? The judiciary? The consumer protection agencies and organisations? Does it not worry you? Frankly, I am surprised by the silence around this issue.
We urgently need legislation addressing this. Before it is too late. Unless, as I suspect, it already is.