The data protection law would also have allowed those who have had their phones targeted, by the surveillance malware, to seek legal redressal, Justice Srikrishna said.
Former Supreme Court judge Justice B N Srikrishna
The government would have been as answerable as any private entity for the alleged breach of privacy of individuals by Israeli company NSO Group’s Pegasus spyware, had there been a data privacy law in place in India, former Supreme Court judge Justice B N Srikrishna told The Indian Express. The data protection law would also have allowed those who have had their phones targeted, by the surveillance malware, to seek legal redressal, he said.
“The law that was proposed applied to private companies as well as the government. A government department would be answerable if there was a data breach. The only way the government can access the data is by bringing a Parliamentary legislation, which empowers them to access data under certain circumstances,” Justice Srikrishna, who headed the government’s committee that drafted the original Personal Data Protection Bill, said.https://www.youtube.com/embed/D8sRbsGfMm8
Earlier this week, a global collaboration of 17 media outlets, including The Wire from India, started publishing reports that said some 50,000 telephone numbers could have been targeted for surveillance by government clients of NSO Group. The leaked global database was accessed by French non-profit Forbidden Stories and global human rights organisation Amnesty International, and shared with their media partners.https://images.indianexpress.com/2020/08/1×1.pngAlso read |Cost of putting Pegasus in phones runs into crores
The Indian list of 300 “verified” numbers includes those used by “ministers, opposition leaders, journalists, the legal community, businessmen, government officials, scientists, rights activists and others”, The Wire said. The Guardian, however, cautioned that the presence of a phone number in the database was not by itself confirmation of whether the corresponding device was infected with Pegasus, or was subjected to an attempted hack.
Justice Srikrishna said while a concrete data protection law would have allowed people whose names have surfaced in the Pegasus Project reports to take the government to court for breach of privacy, they could do so “even now”.Explained |The laws for surveillance in India, and the concerns over privacy
“If the law would have been there, they could have sued the government because this (the snooping) only the government can do, nobody else. I think it is possible even now. Anybody can move the Supreme Court under Article 32 and say my fundamental rights have been breached now as privacy is a fundamental right under Article 21. At least the issue will be public then,” he said. A nine-judge Bench of the Supreme Court recognised privacy as a fundamental right in a unanimous ruling in the landmark Justice K S Puttaswamy vs Union of India case in 2017.https://www.youtube.com/embed/Lun4CBY5ECo
The government has denied any role in the alleged hacking, and claimed the reports are an attempt by vested interests to derail the Monsoon Session of Parliament.
“The allegations regarding government surveillance on specific people has no concrete basis or truth associated with it whatsoever. In the past, similar claims were made regarding the use of Pegasus on WhatsApp by Indian state. Those reports also had no factual basis and were categorically denied by all parties, including WhatsApp in the Indian Supreme Court. This news report, thus, also appears to be a similar fishing expedition, based on conjectures and exaggerations to malign the Indian democracy and its institutions,” the government has said in a statement.Also read |2019 & now, Govt ducks key question: did it buy Pegasus?
Justice Srikrishna, however, said that the government should, like France, order a high-level probe, perhaps under the guidance of a judge of the Supreme Court.
The Indian Express had first reported in 2019 that Facebook-owned WhatsApp had confirmed the use of Pegasus to target journalists and human rights activists in India. WhatsApp had made the disclosure in a lawsuit filed in a court in San Francisco. It said that the spyware was used to target around 1,400 users of the messaging platform.