Delivering the historic judgment while decriminalising homosexuality, the Delhi high court had observed that criminalisation of consensual sexual acts of adults in private is in violation of Articles 21, 14 and 15 of the constitution. It upheld that the section 377 of IPC is against the spirit of fundamental right to life, fundamental right to equality and prohibition of discrimination on grounds of religion, race, caste, sex or place of birth.

Despite the judgment and the appeal pending in Supreme Court, the department of information technology (DIT) wants to invade your privacy and ask you your sexual preferences. The department in April 2011 notified rules under the clause (ob) of subsection (2) of section 87 read with section 43A of the Information Technology Act which authorises government to access to sensitive information.

The clause (ob) of section 87 of the IT amendment act is about reasonable security practices and procedures and sensitive personal data or information and section 43A is about penalty for damage to computer or network. Both sub-sections are aimed at protection of sensitive personal information and in no way authorise a government agency to access an individual’s sensitive personal information.

With the new rules the government can get sensitive personal information about users for asking from companies without a court’s order or the individual’s consent. The sensitive information as stated in the Information Technology (Reasonable security practices and procedures and sensitive personal data or information) Rules, 2011 includes passwords, financial information such as bank accounts or credit card details, his or her physiological and mental health condition, medical records and history, sexual orientation and biometric information.

In a clarification published last week the government clarified that the rules provide for inherent checks-and-balances in the form: (a) that the government agencies must have been mandated under the law to obtain such information for the purpose of verification of identity, or for prevention, detection, investigation including cyber incidents, prosecution and punishment of offences and (b) that any such agency receiving such information has to give an undertaking that the information so obtained shall not be published or shared with any other person.

However, the clarification fails to state why the government needs to know the physiological and mental health condition, medical records and history or for that matter sexual orientation of an individual. In its own submission the government has stated that the only checks it is adopting is that the agency seeking information has to make a request in writing stating reasons for the information and give an undertaking that the information will not be passed to a third party.

These rules are totally contradictory to the supreme court guidelines on privacy as stated in the matter of PUCL vs Union of India. There exist strict provisions for phone / internet tapping in the rules for Indian Telegraphs Act and IT Act respectively. Rules under these acts state that the tapping has to be authorised by the union or state home secretary. Even the proposed UID bill has strict privacy provisions wherein it requires court order or authorisation by a joint secretary level officer in central government to seek information from UID database.

However, in this case the government through the IT rules has legislated that the service provider will look into such sensitive information and provide it to government agencies. In a way the service provider will henceforth keep a tab on the information to share it with multiple government agencies.