"Litigation will need to balance the need for discovery with the rights of individuals to keep their personal data confidential.”
You’ve had a stellar career in law, spanning over 40 years. What would you say are the pivotal moments that shaped your career?
The pivotal moments in my career have been defined by a combination of perseverance, adaptability, and a deep-rooted passion for law. My journey began in 1985 as a first-generation lawyer with no influential connections, relying solely on hard work and guidance from my first mentor, Mr. Satish Chandra Sharda. One of the earliest defining moments was in 1986, when I started my independent practise. With a modest financial boost from my father and the support of peers who recognized my potential, I set up my first chamber at the Tis Hazari Court. That step laid the foundation for my career.
A significant shift came during the early 1990s, when India’s economic liberalization under Mr. Manmohan Singh as Finance Minister opened the doors to commercial litigation. This allowed me to work with multinational corporations, which further broadened my scope. Winning a crucial rent dispute that led to acquiring my Jor Bagh office was also a pivotal moment, cementing my professional standing in Delhi’s legal circles.
Another major turning point was being designated a Senior Advocate by the Delhi High Court in 2005. This honour allowed me to focus on more complex litigation, including intellectual property, arbitration, and high-stakes family disputes. My appointment as Additional Solicitor General for the Delhi High Court in 2014, and later for the Supreme Court in 2019, brought new challenges and opportunities to serve the government in high-profile cases. I handled a range of matters, from constitutional and taxation cases to PILs and criminal appeals.
The 2G Scam case, in which I was appointed Special Public Prosecutor in 2022, was a career-defining experience, not only because of its complexity but also due to the Supreme Court’s direct involvement in monitoring the investigation. My role in the impeachment proceedings of a High Court judge was another rare and significant responsibility, underscoring the trust the government placed in my abilities.
After my tenure as ASG, I resumed my independent practise in 2023, enriched by decades of experience. Being awarded an Honorary Doctorate by Dr. K.N. Modi University was a proud moment that acknowledged my contributions to the legal field. Each of these milestones has been a step toward building a career grounded in resilience, integrity, and a steadfast commitment to upholding the rule of law.
We are living in the age of digitalization. As this technological evolution continues, what unique challenges do you foresee arising in the field of litigation?
The landscape of litigation in India has been traditionally characterized by paper-based physical filing and records, manual processes and physical court appearances which are deeply rooted in historical and cultural traditions. However, the Digital India Initiative, launched in 2015, has catalyzed a shift towards digital platforms, modernizing our legal practices and enhancing service delivery.
While promising, this evolution presents several unique challenges in the litigation field. Firstly, the sheer volume of digital data generated daily – from emails and social media posts to even cloud storage and IoT devices creates a daunting task for litigants. It is imperative for Courts to develop robust frameworks to manage this digital evidence, while ensuring its authenticity and integrity, especially, given the risks of data manipulation.
Litigation will need to balance the need for discovery with the rights of individuals to keep their personal data confidential.
As individuals’ data is increasingly stored and transmitted digitally, privacy and data protection become paramount concerns. Courts will face challenges in determining how to protect sensitive personal information.
Again, compliance with evolving IT laws and the newly enacted Data Protection Act 2023 adds another layer of complexity. Litigators will have to manoeuvre through a web of regulations while gathering and handling evidence, often facing issues with conflicting requirements across jurisdictions. The rise of artificial intelligence (AI), brings in additional challenges. Litigators will need to ensure the reliability and transparency of AI-generated evidence, while courts will face liability questions related to biased or erroneous AI outcomes.
Jurisdictional issues complicate matters further as digital transactions often span multiple countries, leading to conflicts in legal standards. This necessitates careful navigation of varying data protection laws.
Cybersecurity is increasingly crucial, as rising cyberattacks lead to more litigation over data breaches. Companies may further face negligence claims for inadequate data protection, and courts will need to assess the sufficiency of cybersecurity measures. Lastly, the emergence of digital contracts, particularly blockchain-based smart contracts, presents new legal challenges. Courts will need to interpret such self-executing agreements, which often involve complexities in understanding the intent behind the code.
How do you think legislators can re-define the concept of informed consent, especially when individuals may not fully understand the implications of their data being used?
The term ‘informed consent’ is not defined in either Digital Personal Data Protection Act (DPDP Act), Information Technology Act (IT Act) or IT Rules made thereunder or any other legislative enactment. Section 6 of DPDP Act provides that the consent given by the data principal should be ‘free, specific, informed, unconditional and unambiguous with a clear affirmative action’. A bare reading of the provision indicates the recognition of ‘informed consent’ but lacks detailed specifications regarding the same.
As the DPDP Act is yet to come into force, it would be too early for legislators to think of re-defining the concept of informed consent. It is suggested that the legislators should adopt a wait and watch approach and see how the courts interpret Section 6 of the Act before jumping to premature conclusions and considering re-defining informed consent.
Given the scanty legislative and judicial development regarding informed consent in India, defining the same would require a multifaceted approach on the part of legislators, to ensure individuals comprehend the impactions of their data usage.
Legislators can come up with a legal framework for informed consent which meets the legal requirements as well as fosters genuine understanding and trust among individuals regarding their data.
While not legislatively addressed, informed consent has been recognised by Indian courts, primarily in medical jurisdiction. The Hon’ble High Court of Delhi in Rohit Shekhar vs. Narayan Dutt Tiwari, 2012 (1) JCC 169 opined that the important components of informed consent require respect for legal incapacity, respect for personal autonomy, and completeness of the information furnished to the patient, setting the precedent for understanding informed consent in a broader context.
Recently you shared your views on the data privacy implications of the ‘Har Ghar Tiranga’ campaign. How do you see individual rights evolving in the context of increasing digitalization?
India is the largest open internet society without 600 million active internet users. The consumption of social networking apps in India has prompted the Government of India to implement the Information Technology (Social Media Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021, along with the Digital Personal Data Protection (DPDP Act to safeguard individual rights in an increasingly digital world.
The DPDP Act recognises the rights of data principals, and emphasizes the need to balance personal freedoms with societal demands driven by technology. The concept of data ownership is evolving, with individuals seeking control over their personal information and growing risks like surveillance and identity theft.
Digital platforms facilitate global expression and also raise concerns about misinformation and government regulations that may hamper free speech. The digital economy is reshaping labour rights, prompting demands for fair practises and transparency. As the access to technology becomes essential, ensuring equitable internet access for marginalised communities is crucial. Finally, the rise of surveillance technology also presents significant ethical dilemmas, as the challenge of balancing national security with individual freedom intensifies.
Given the extensive use of biometric data at present times, what are the most pressing privacy risks that individuals face today?
In today’s digital age, the significance of biometric data has grown beyond traditional personal information, raising considerable privacy concerns. Collecting and using biometric data requires clear, provable guarantees that it will be employed solely for approved purposes. However, the risks associated with its misuse are considerable.
One of the primary concerns is unauthorized access and data breaches since biometric data, unlike passwords, cannot be reset or replaced once compromised. Surveillance and tracking are other issues, particularly when technologies like facial recognition are used without consent. This leads to the erosion of privacy in public spaces and the risk of potential misuse. Additionally, there is also the risk of data being repurposed without an individual’s knowledge or consent, which dilutes their control over personal information. Even though biometric data is often considered more secure than traditional passwords, it is not foolproof. If an individual’s biometrics are replicated by a malicious actor, it can lead to identity theft, where fraudsters gain access to secure areas, accounts or sensitive information. If stolen, individuals have no recourse for revoking or replacing their biometric identifiers, which could lead to long-term privacy risks and identity theft.
Other critical issues include discrimination and bias in facial recognition systems, which can result in unfair treatment for certain groups. The commercialization of biometric data by third parties and cross-border data transfers raises the risk of misuse and heightens the risks that individuals face.
How should the legal definition of “reasonable expectation of privacy” evolve in terms of use of biometrics, and what precedents might this ultimately impact?
Privacy encompasses intimate matters where individuals have a reasonable expectation and right to be left alone. The Aadhaar Act differentiates between types of data, notably between demographic information, optional demographic information, core biometric information (fingerprints and iris scans) and biometric information such as photographs. Generally, all global ID cards contain photographs for identification along with address, date of birth, gender etc.
The Aadhaar Act only uses demographic information which are not sensitive and where no reasonable expectation of privacy exists, i.e., name, date of birth, address, gender, mobile number, and email address. As regards the core biometric information comprising fingerprints and iris scans, it is pertinent to note that the Aadhaar Act does not deal with the intimate or private sphere of the individual. As biometric data collection becomes more widespread, the Supreme Court has stressed that government and private entities must establish a “compelling legitimate purpose” for its use, considering its implications for individual privacy rights. The legal definition of “reasonable expectation of privacy” is critical in determining how privacy protections apply, particularly with the increasing use of biometrics.
The reasonable expectation of privacy should be adapted to account for the fact that biometrics are unique, immutable identifiers that are far more personal than other data types like passwords or location information. This creates a heightened need for consent and transparency.
The expectation of privacy should distinguish between biometrics willingly provided by an individual and those passively collected without consent. Legal definitions have to address the difference between consent-driven biometric use and surveillance-driven collection.
The legal framework should require explicit and informed consent before biometrics are collected or used, and this consent must be revocable. The concept of reasonable expectation of privacy should include the individual’s ability to control their biometric data, i.e. who collects it, how it is stored, and how it is used. Additionally, the idea that individuals have a lower expectation of privacy in public spaces needs reconsideration. With the increasing use of biometric surveillance in public areas such as facial recognition by law enforcement or businesses, the courts need to recognize that even in public, individuals do not expect to be subject to constant, individualized tracking. In spaces that blur the line between public and private space, such as airports, stadiums, or corporate offices—individuals may expect more privacy than traditionally assumed. It is for the Courts to recalibrate what counts as a reasonable expectation of privacy in such areas, especially when biometric surveillance is in use.
Treating biometric data as sensitive Personally Identifiable Information (PII) is also essential. The reasonable expectation of privacy in biometrics should reflect that these identifiers, unlike passwords or credit card numbers, cannot be changed if breached or misused. Laws may evolve to define biometrics more clearly as sensitive PII that requires enhanced protections, limiting how it can be shared, sold, or used without clear consent and legal justification.
Moreover, regulations must specify how biometric data can be stored and ensure individuals have the right to request deletion, reflecting principles found in the DPDP Act. Adequate safeguards should be set out for every step of the process, from collecting to retaining biometric data. At the time of collection, individuals must be informed about the collection procedure, the intended purpose of the collection, the reason why the data set is requested and who will have access to their data. Additionally, the retention period must be justified, and individuals must be given the right to access, correct, and delete their data at any point in time, a procedure that is familiar to the opt-out option.
Finally, given the sensitivity of biometric data, laws must impose strict security and encryption standards for its storage and transfer. A failure to ensure adequate protection of biometrics will violate the reasonable expectation of privacy if an individual assumes their unique identifiers are being properly safeguarded.
About Sanjay Jain:
Sanjay Jain is amongst the country’s leading lawyer with an impressive career spanning over 38 years. His journey began in 1985, initially focusing on civil litigation, before expanding to represent an impressive roster of multinational corporations, including American Express and GE Capital. Recognizing his expertise across various domains, the Delhi High Court designated Sanjay Jain as a Senior Advocate in 2005.
In July 2014, he reached a milestone when he was appointed as the Additional Solicitor General of India for the Delhi High Court, a principal seat of litigation for the Central Government. This position marked his exemplary tenure and led to his subsequent appointment as the Additional Solicitor General for the Supreme Court in January 2019, a role he served with distinction until June 2023.
Known as a lawyer in whom the government can blindly repose faith, Sanjay Jain enjoys enormous reputation as a counsel who has a rather distinct approach of assisting the Court with courtesy and fairness, the qualities which are also equally extended to his opposing counsels and clients.
Beyond law, Jain is also an avid art and music enthusiast. His diverse interests are reflected in his collection that captures the richness of life’s expressions. He is deeply committed to philanthropy, focusing on initiatives that empower the girl child and promote environmental sustainability in Uttarakhand. With a unique blend of legal prowess and social commitment, Sanjay Jain continues to make a lasting impact in both the legal field and his community.
