By - King Stubb & Kasiva on March 14, 2023
Privacy is the state of being left alone and free from unauthorized observation and attention. Article 21 of the Constitution of India guarantees the ‘Right to Privacy’ as a part of the ‘Right to Life’. The right to privacy was acknowledged in the case of Govind v. State of Madhya Pradesh, as a part of the wider right guaranteed under Art. 19(a), (d), and 21. This case highlighted that the right to privacy is a fundamental right, but it must be subject to limitations based on compelling public interest.
Employees have the right to some degree of personal space as well as the right to keep personal information about themselves, concealed and the right to privacy about their work-related actions and personal information, but more frequently than expected, company policies override these rights. Employers can monitor a variety of workplace activities with technology. They may track the "digital footprints" of their workers using variety of technologies to learn more about how they behave. An employee's workplace conversations may be observed and read by the employer, save for the limitations as may be prescribed under applicable laws or rules of the organisation.
There are legislations controlling conditions of work, non-discrimination, maternity laws, payment of wages, etc., in terms of employee rights. However, the fact that there is no specific legislation governing the privacy rights of workers, necessitates that employers lay down specific guidelines in this regard.
The privacy rights of workers/employees in our country can be drawn from different legislations that either directly or indirectly, provide such protection in the absence of a specific data protection law for workplaces in India. The following are some of the laws that address the subject:
There are two main privacy issues through which Employee privacy is compromised, by employers –
According to Rule 5 of the IT Rules, no body corporate or person acting on its behalf may collect sensitive personal data or information unless;
To make the right to privacy meaningful, it is the duty of the state to put in place a data protection framework that, while protecting employees from dangers to informational privacy originating from company policies, serves the common good.
Increased efficiency and order in daily life are now largely owing to technological advancements like the wide variety of electronic communications, computer-based document generation and storage, and other countless futuristic breakthroughs. Employees are frequently expected to use electronic resources provided by their company in the contemporary office, including cell phones/laptops/email. In a time when GPS tracking is a reality, Companies have a strong commercial reason for keeping an eye on how their employees’ travel data and how they use corporate resources. This might involve gathering data from personal e-mail, chat, or social media accounts that employees have accessed while using company equipment or technology.
In the absence of a well-defined data protection law/policy, it is necessary that the companies lay down specific guidelines in compliance with applicable laws as tohow an employee's right to a reasonable expectation of privacy in their communications should be balanced with an employer's right to access such data, for whatever reason there might be.
A data protection law for employee privacy is the need of the hour. Even though there are specific laws for employee benefits, however, to protect their personal data and private space, it is important to have a defined/specific data protection law for workplaces.
Additionally, employee data privacy can be ensured through the following ways –
There is no specific law governing employee privacy rights in India. However, the privacy rights of workers/employees in our country can be drawn from different legislations that either directly or indirectly, provide such protection in the absence of a specific data protection law in India. For instance,
1. The IT act, 2000 protects the information of an organisation as well as an individual, be it an employee, and prescribes punishment for the offences with a hefty fine.
2. A comprehensive digital data protection law in India is being attempted with the Digital Personal Data Protection Bill, 2022 (DPDP Bill).
The employer must ensure to draft a well-documented employee policy in addition to taking prior and specific consent of the employee, before asking for personal and sensitive data. Additionally, the employer must ensure to use appropriate procedures to protect the employee’s information in every possible way.
Information related to passwords, financial information, such as bank account, credit card, debit card, or other payment instrument details, physical, physiological, and mental health conditions, sexual orientation, medical records and histories, and biometric information are specifically protected by the Information Technology (Reasonable security practices and procedures and sensitive personal data or information) Rules, 2011.
King Stubb & Kasiva,
Advocates & Attorneys
Click Here to Get in Touch
New Delhi | Mumbai | Bangalore | Chennai | Hyderabad | Mangalore | Pune | Kochi | Kolkata
Tel: +91 11 41032969 | Email: firstname.lastname@example.org