NEED TO RECOGNISE PRIVACY
Sri Lankan Law recognizes the Right to Privacy but it’s time for a full legislative enactment
Privacy is a concept we are all familiar with but a violation of privacy especially in cases of politicians, celebrities and famous people is nothing new. While violation of the privacy of the common man isn’t something that would hit news headlines, it still does occur especially on social media platforms. This occurs on a daily basis, yet there aren’t any concrete solutions to deal with the issue.
Article 12 of the Universal Declaration of Human Rights enunciates that “No one shall be subjected to arbitrary interference with his privacy, family, home or correspondence, nor to attack upon his honour and reputation. Everyone has the right to the protection of the law against such interference or attacks”. Many countries such as the US, UK, South Korea, Thailand and EU member states have recognised privacy as a fundamental right. The international criteria presently followed by Courts in many jurisdictions to assess if the right to privacy was violated in a given context is the four-part test created by William Prosser. These are:
Intrusion into a person’s private space, own affairs, or wish for solitude
Public disclosure of personal information about a person which could be embarrassing for them to have revealed Promoting access to information about a person which could lead the public to have incorrect beliefs about them Encroaching someone’s personality rights, and using their likeness to advance interests which are not their own
Building from this and other historical precedents, Daniel J. Solove presented another element that challenges privacy, including the collection of information which is already somewhat public, processing of information, sharing information, and invading personal space to get private information. These provided the background for privacy law. In certain countries, these elements are in the constitution and some, these are enshrined in an act. However, at present- the existing aspects of privacy law are threatened by the advent of social media.
Sri Lanka has no legislation to deal with the violation of privacy that occurs on the Internet and Social Media. Though social media like Facebook, Youtube, Twitter have their Community Guidelines, some acts that violate privacy aren’t stated therein
The idea of privacy is to facilitate everyone in this world to live with dignity, for their idiosyncrasies and personal data to be protected without being commented upon by anyone else.
Justice Louis Brandeis of the US Supreme Court articulated that the concept of privacy was the individual’s “right to be left alone”. Alan Westin, author of Privacy and Freedom defines privacy as “the desire of people to choose freely under what circumstances and to what extent they will expose themselves, their attitudes and their behaviour to others.”
Having a legal framework to protect confidential data and other aspects related to privacy is mandatory as it helps prevent violation of a person’s right to privacy and ensure legal action if it is violated. The importance is this eventually leads to creating a society that respects human dignity.
In the Sri Lankan constitution, the right has not been recognised as a Constitutional fundamental right although it is found in few acts and the common law of Sri Lanka. However, Privacy issues have arisen in Sri Lankan courts in several contexts, ranging from servitudes, criminal trespass, divorce and defamation to unlawful arrest, the court recognised a right to privacy in these instances.
The Supreme Court of Sri Lanka, A.M.K Azeez v W.T Senevirathne (SI Police), 69 NLR 209, at page 210 an appeal from a magistrate’s court, reduced the sentence of the appellant having taken into consideration the circumstance
Article 12 of the Universal Declaration of Human Rights enunciates that “No one shall be subjected to arbitrary interference with his privacy, family, home or correspondence, nor to attack upon his honour and reputation. Everyone has the right to the protection of the law against such interference or attacks”
The right to privacy forms an important part of the Common Law stemming from the Roman-dutch law principles. Hence on numerous occasions, Sri Lankan Courts have also struck a balance between the freedom of expression and the right to privacy. In a famous reported case, the Court of Appeal observed that the right to privacy should not be impinged hiding behind the constitutional right of expression and publication.
This observation of Justice Yapa, manifest that the remedy against a breach of individual privacy is found in the Roman-dutch Law (which is the common or residuary law of Sri Lanka) in the form of an action for injury under the actio injuriarum. The actio injuriarum may be termed as an action for damages under the Roman-dutch Law for loss of reputation and dignity according to jurist C. Amarasinghe, in his book Aspects of the Actio Injuriarum in Roman-dutch Law. Therefore there is a remedy a person may invoke against a breach of individual privacy in Sri Lanka.
In Sri Lanka Right to Information Act No. 12 of 2016 The Act has somewhat attempted to protect privacy rights through the Part of Denial of Access to Information. The limitations stipulated in the Act include that the denial to access information when personal information is concerned has no public activity or interest, as well as its limits providing medical records unless consented and permitted to by the person in question.
However, the advent of technology has threatened the existing aspects of privacy law anywhere in the World.
Sri Lanka has no legislation to deal with the violation of privacy that occurs on the Internet and Social Media. Though social media like Facebook, Youtube, Twitter have their Community Guidelines, some acts that violate privacy aren’t stated therein. In the US and EU also possesses legislation to deal with privacy violation by the Internet and on Social Media.
The Computer Crimes Act (CCA) also recognises the right to privacy The CCA is designed to protect against unauthorised access to a computer by making it an offence. However, section 18 of the Act confers the power to an expert or a police officer involved in an investigation under the Act to tap any “wire or electronic communication” or obtain any information from any service provider after obtaining a warrant from a magistrate for this purpose. However, this law does not stipulate the need for a warrant in a case of urgency.
These laws are in a similar vein in most jurisdictions. In the US, an exception is made in the Electronic Communications Privacy Act of 1986 (ECPA) for persons authorised by law to intercept wire, oral, or electronic communication or to conduct electronic surveillance. They should obtain judicial authorisation for intercepting such communication. A judge may issue a warrant authorising interception of communications upon a showing of probable cause that the interception will reveal evidence that an individual is committing, has committed, or is about to commit an offence.
The law has made these necessary exceptions because otherwise criminal investigations and surveillance for intelligence to protect the national security of the country and for prevention of crimes.
Nevertheless, in the light of recognition of individuals privacy, the information obtained have to be kept confidential and should be declassified (release to the public) only upon a judicial pronouncement that release of such information will contribute to a good cause and public interest.
It is clear from the privacy law principles, that a person’s conversations, visuals, thoughts, ideas, personal communication cannot be stored or communicated to a third party without that person’s consent. The recording of any personal conversation or action cannot be done without consent. Further, it cannot be leaked out to a third party for the sake of the public good unless there is a judicial pronouncement to that effect. So if anyone is recording a person’s conversations, visuals, thoughts, ideas etc and storing them or communicating to a third party without consent, that’s a violation of privacy. Even if a media organisation communicates such material to the public, it is a violation of privacy.
Many aren’t even aware that privacy law is recognised in Sri Lanka, that it exists in the common law. We live in a society where at home, family members barge into rooms without prior permission, people answer calls straight on speakerphones without informing the person at the other end that they are on the speaker, and neighbours try to eavesdrop on conversations or monitor what is happening around the neighbourhood. In such a society, the concept of privacy isn’t recognised.
Sri Lanka does not have a specific Data Protection Act. We haven’t seen the Bill at the time of writing this article. The meaning of privacy has already been dealt with above. Regarding Data one of the most comprehensive definitions of “data” is found in the Information Technology Act of India30 (in Section 2(o)), which provides the following definition: ...data means a representation of information, knowledge, facts, concepts or instructions which are being prepared or have been prepared in a formalised manner, and is intended to be processed, is being processed or has been processed in a computer system or computer network, and maybe in any form (including computer printouts magnetic or optical storage media, punched cards, punched tapes) or stored internally in the memory of the computer. Hence data protection means the protection of information that can be generated using computer systems, Privacy is generally said to have four aspects as defined by William Prosser mentioned above.
Hence it is clear that data protection is an aspect of privacy. Therefore a comprehensive data protection legal regime will protect the right to privacy as an important aspect of it. The importance of data protection law is because it provides guidance for organisations and the government on how to use personal data. The data protection laws in most countries are very thorough and cover rules around sharing of data, and data security. Data deals with information belonging to people so the law to protect that data will undoubtedly protect the privacy of those data belonging to those people. For a country like Sri Lanka, data protection law will only strengthen the privacy law by providing stronger protection for sensitive information like ethnic background, political opinions, religious beliefs, health, sexual life and criminal history.
The GDPR is one of the latest regulations we have seen upholding data protection and consequently guarding the privacy of people. If the GDPR is recognised in Sri Lanka, then there wouldn’t be any negative effects with regards to trade. If our Data Protection Bill is on par with the GDPR, it would strengthen the confidence for the EU to do business with Sri Lanka.
In the Sri Lankan constitution, the right has not been recognised as a Constitutional fundamental right although it is found in few acts and the common law of Sri Lanka. However, Privacy issues have arisen in Sri Lankan courts in several contexts, ranging from servitudes, criminal trespass, divorce and defamation to unlawful arrest, the court recognised a right to privacy in these instances.
Many aren’t aware of Sri Lanka’s privacy laws because there isn’t an Act or a Constitutional provision. If the concepts of privacy law can be introduced to the Constitution as an amendment being recognised as a fundamental right and if a separate Act is passed- there will be more awareness. Regarding privacy violation on social media, there is still much to be done. If legislation regarding the regulation of the digital domain is enacted, such as the US Digital Millennium Copyrights Act- privacy violations on the internet and social media can be tackled successfully and such issues will be minimised. Similarly, mainstream media too has a role to play in safeguarding privacy. Sadly, as seen in the recent past- the media keeps violating media ethics just to sensationalise stories with callous disregard to people’s privacy.
Privacy law has to be strengthened by recognising the current drawbacks and keeping in mind the technological advancement. The starting point should be Constitutional Provision recognition of Privacy as a Fundamental Right and preferably followed by an act.