- News
- Columns
- Interviews
- Law Firms
- Apprentice Lawyer
- Legal Jobs
- हिंदी
- ಕನ್ನಡ
By Trishee Goyal
In the aftermath of the horrific Pradyuman Thakur case, that shook the entire country, the Central Board of Secondary Education directed affiliated schools to take a number of steps to enhance the safety of children on premises. One such measure, mentioned in its circular, was the installation of CCTV cameras at all “vulnerable areas / points in the school premises”. In 2019, the Delhi government took this directive one step forward and announced that it will livestream the CCTV footage of classroom proceedings to parents and guardians of students.
The Delhi government claims that livestreaming of classroom proceedings to parents will ensure safety of students and also transparency in the teaching system. In 2020, this livestreaming project was challenged in the Delhi High Court, interestingly enough, by the Delhi Parents’ Association and the Government School Teachers’ Association. A notice was issued by the High Court to the Delhi government in February, 2022 and the government was asked to file a reply by March, 2022. In March 2022, more time to file a reply was sought and the next hearing is slated in October, 2022.
Despite the fact that the case is pending, and no replies have been filed by the Delhi government, it is going ahead with its project. Now that the installation is complete, the project is at the brink of its operationalisation. Even though in its new avatar this project requires parental consent to be obtained before livestreaming classroom proceedings, basic and grave concerns remain with the livestreaming of the CCTV footage.
At the heart of this livestreaming lies the issue of children’s right to privacy. Just as adults, children also have a right to privacy. The Supreme Court in Puttaswamy observed that “privacy is a natural right and inheres in every human being by birth”. So it is not the case that a child gains the right to privacy only on reaching a particular age. When a parent consents to their child’s personal data processing, the parent consents on behalf of the child. The parent is vested with this authority for a number of reasons. First, children are unable to gauge deceptive practices that data processors employ to gain access to their data. Second, they may not be fully aware of the consequences that arise from personal data processing.
But this capacity to discern and the conception and expectation of their privacy evolves in children with age. For example, an adolescent / young adult’s expectation of privacy will be significantly different from a child’s. And this expectation of privacy arises not only against third parties, but against parents as well.
The proposal to livestream classroom proceedings violates this right to privacy. It puts children under constant surveillance. School going children spend a majority of their time in classrooms. Livestreaming will capture the minutest personal details of children throughout school hours and broadcast it to a number of viewers. The feed will comprise sensitive personal data such as their facial data, voice clippings, behavioural data and data related to their communications. The scope of data it allows to be captured is almost dystopian in nature.
Of course, the right to privacy is not absolute. As per Puttaswamy (I), the right to privacy can be infringed if (1) the infringing action has taken place under a law, (2) the infringing action has taken place to pursue a legitimate aim of the state, (3) the infringing action is necessary and proportionate to achieve the objective and (4) procedural safeguards are in place to prevent abuse by the state.
Ensuring a child’s safety is a legitimate aim of the state. But how does livestreaming fare on the other three tests?
(1) Infringing action is based on a law
As far as the existence of a valid law is concerned, the only document available in the public domain is a Department of Education, GNCTD circular No. F.1/Misq/CTB./CCTV/2018-19/1138 issued in 2019. It provides that “as decided, the view of live feed to CCTV Cameras in classrooms is to be provided to parents concerned”. In Puttaswamy (I), Chandrachud J. held that “there must be a law in existence to justify an encroachment on privacy”. The question at hand is – does the issuance of a circular suffice the requirement of law here? A previous attempt to regulate the use of CCTVs in Delhi was proposed through draft rules issued under the Delhi Police Act, 1978. Making rules under a legislation, as opposed to, issuance of circulars by way of executive fiat is definitely characterised by a process that imbibes greater accountability, representation and democratic heft.
The Delhi Government is vested with the authority to carry out measures that ensure safety of students in the school premises. But given that livestreaming of classroom proceedings would have significant implications on other fundamental rights, it may be argued that such a project should have been undertaken by making Rules under the relevant legislation rather than issuing circulars. Therefore, it is doubtful whether an official circular is “sufficient law” that passes the first test.
(2) Infringing action should be necessary and proportional to achieve the aim
The “necessary and proportionate” prong requires that the means adopted by the legislature should be proportional to the object sought to be fulfilled by law. It reduces arbitrariness of state action by requiring that the encroachment is not disproportionate to the state aim. In this case, the stated aims of the Delhi Government are to ensure student’s safety and ensure transparency in teaching. The question then is whether livestreaming of classroom proceedings is “necessary and proportionate” to achieve these aims.
Impact on a child’s autonomous development
Livestreaming has severe consequences on the development of a child. The school environment serves as a sanctuary in the developmental years of a child. It serves as a platform where a child is able to engage with new ideas, develop critical thinking skills, inculcate the spirit of camaraderie and really come into their own. If a child is apprehensive that raising certain questions in class or expressing certain points of view will lead him / her to be censured at home, it will fundamentally affect the child’s right to free speech and expression. This fear of being observed will significantly affect a child’s autonomous development. The anxiety of being observed by a number of persons (including, parents of other students) will have a chilling effect on the child’s behaviour. Additionally, it will also affect children in vulnerable and abusive situations adversely as they often rely on their school communities to seek support.
Impact on children’s safety
Moreover, even as the project is aimed towards improving the safety of children, it endangers their mental and physical safety to a considerable degree. Morphing of images, leaked footage of children in embarrassing or intimate situations and fake videos are some such harms. It will also incrementally expose the scope of stalking of children, especially girls and younger children. Even though the project reportedly provides for secure credentials to log in, in India, where mobile phones are often shared by multiple persons and digital literacy is very low, such unauthorised access cannot be ruled out. Similar concerns also apply to teachers’ privacy.
Reconsidering necessity of CCTVs in classrooms
The CBSE circular mentions that CCTVs should be put in place for “vulnerable / areas”. This reflects some rational nexus with the purpose of ensuring safety of children. The focus on livestreaming of classroom proceedings would ignore deployment of CCTVs in spots where children are more at risk.
On the question of transparency, is it the case of the government that performance of teachers will improve knowing that they are under constant surveillance? With a plethora of studies concluding that constant monitoring affects employee confidence and brings down quality of work, livestreaming classroom proceedings could end up having a negative impact on teachers’ performance. It will also lead to a diminished sense of loco parentis.
What the rollout of the project seems to want to do is to club two separate concerns – children’s safety and transparency in teaching – and provide a common solution. However, what it ends up doing is providing for a disproportionate measure, more importantly one that does not have rational nexus, with the aims sought to be achieved.
(3) Infringing action should have procedural safeguards
The last prong for the infringing action to be constitutional is for it to be accompanied with adequate procedural safeguards to reduce the scope of arbitrariness on part of the state. The current project lacks procedural safeguards, in toto. As mentioned above, the entire scheme is based on an official circular. In India, there is no data protection law that would fill in this gap. The only minimal data protection that is available is under the Information Technology (Reasonable Security Practices and Procedures and Personal and Sensitive Personal Data), 2011, but these are enforceable only against body corporates.
Inadequacy of consent
The current scheme requires parental consent for livestreaming. But is consent enough in this case? The short answer is no, and for four reasons. First, given the complex nature of personal data processing, parents may not have the capacity to understand the implications of the processing that they are consenting to on behalf of their children. Therefore, consent would not be informed.
Second, parents would consent to the livestreaming of their child’s footage to them. But do they have the capacity to consent to the child’s footage to third parties i.e. parents / guardians of other students? In recent years, the term “sharenting” has gained currency. Sharenting refers to the practice of parents sharing personal information about their children which the child would expect to keep it private. By consenting to livestream classroom proceedings, the footage of children is being made available to not just the parents but to all parents / guardians of the other students.
Third, even if it is supposed that parents understand the privacy policy, consent is defective because the school and parents of students are in an unequal bargaining position. Their children are dependent on the school for assessment of performance, availing scholarships and other material benefits. This dependency means that consent provided would often not be free. This more so because the school authorities would be incentivised to nudge parents towards providing consent given that they are required to put in place alternative arrangements for seating and instruction to students whose parents don’t consent.
Fourth, the current design completely excludes students from taking a part in consent. This is violative of India’s obligations under the UN Child Rights Convention. It is mandated that as children’s capacity and understanding increases, they should be involved in decisions affecting them. The current scheme subjects a 16 year old adolescent to the same kind of monitoring as a 5 year old child. It derides the former’s expectation of privacy against her / his parents. And this lack of endowing a child with incremental agency is not in keeping with other child welfare frameworks in India that recognise a child’s “evolving capacity”.
Apart from sub-par consent, the other problem is that the collection and processing of such sensitive personal data is happening with virtually no legal framework in place.
Unrestricted collection of personal data
First, there is no limitation on the kinds of data that may be collected. Livestreaming classroom proceedings, which has such sensitive personal data without any privacy assessment will lead to collection of indiscriminate amounts of data. CCTV footage being livestreamed would include sensitive personal information in the form of biometric data of children being collected.
No restrictions on the use of processed data
Second, there is no limitation on the kinds of purposes for which this personal data may be processed. While the deployment is purportedly for the safety of students, there seems to be no bar on the school / government to use it for other purposes. A common use case could be the use of footage to enforce discipline. More insidious use cases are possible if the government / school decides to share this data with third parties. There is nothing to stop this. Children are future consumers for some businesses and current consumers for others. Everybody would be interested. It would lead to profiling, tracking, behavioural monitoring and targeted advertising, towards children right from kindergarten to matriculation. And this will not stop at children. It will be used to target parents as well.
Moreover, there is no publicly available data on the kind of security protocols that will be employed to protect this data, the vetting of private firms that will be engaged to carry out this project, the centralisation of this data, the location of the server where this data will be stored and the duration for which it will be stored. This is highly problematic given that children’s data is increasingly being hacked / stolen be it from governmental databases such as CBSE or private databases of Unacademy and Vedantu. The lack of enforceable and swift penalties makes these databases a sitting duck. The inquiry in the CBSE data breach case that happened in 2019 has still not been concluded. Once data is unauthorisedly accessed, effective remedies are elusive.
To be fair, the problem is not limited to the current project. Private schools across the country have deployed CCTVs in their premises for quite some time now and there is no uniformity or clarity about what is done with the footage. Similarly, biometric based credentialing for attendance of both teachers and students is proliferating without the requisite framework of law.
In the present case, it is important to conduct a privacy impact assessment before operationalising the project. Data once breached / violated is very difficult to recover. Unregulated operationalisation puts children at grave risk. As such, there is a need to have in place a comprehensive framework that guards against data abuses. In the vacuum created by the delayed enactment of the Personal Data Protection Bill, 2019, it has now left to the states and individual governmental agencies to provide for data protection and management policies. The Delhi Government would do well to put in place its own sectoral framework for the protection and management of its children’s personal data.
(The author would like to thank Dhruv Somayajula for the edits).
Trishee Goyal is a project fellow at at the Centre for Applied Law and Technology Research, Vidhi Centre for Legal Policy.
Vidhispeaks is a column on law and policy curated by Vidhi. The views expressed are of the fellow and do not reflect the views of Vidhi or Bar & Bench.