These are the grey areas which remain unanswered under the present order of the Home Ministry. This lacuna or rather the arbitrariness of the language of the order cannot be overlooked, especially when the Supreme Court has laid down privacy as a fundamental right. These are valid legal grounds for such executive orders to be struck down.
It must be stated in unequivocal terms that we live in an era where the Supreme Court bench of nine judges has laid down that privacy is fundamental right all pervasive under part 3 of the Constitution. This means that privacy flows as an amorphous concept in all fundamental rights especially Right to life (Article 21) and Right to Equality (Article 14).
The state can restrict privacy or infringe upon the privacy of an individual in a reasonable and proportionate manner. There cannot be sweeping infringement of privacy without due reason and caution which the present order of the government seems to be doing.
The world’s largest democracy doesn’t have data protection regime to safeguard our information and data floating online. In the absence of any statute, it’s only the Supreme Court judgments that would be the final law. The privacy judgment of the Supreme Court will have to be considered by any government when they frame laws, statutes or issue executive orders not just for data protection but whenever government decisions are made which touch upon the citizens’ rights and privacy.
Every law, especially the interpretation of the existing laws like the IT Act, 2000 and the relevant rules have to be in resonance with the Supreme Court ruling.
The interpretation in the form of present order of the MHA is even under basic legal principles of reasonableness and proportion is bad in law. To argue that the 2009 rules were framed by the UPA might be a political argument but has no legal soundness. The top court’s judgments on Aadhaar and the case of Shreya Singhal (2015) (when the Supreme Court struck down the Section 66A of the IT Act) are the key precedents in this matter.