Book Review/Summary — Privacy 3.0, Unlocking Our Data-Driven Future By Rahul Matthan

Piyush Jain
17 min readAug 1, 2020


India sees an unlimited use of Aadhar card in every sphere of life. Credit card, passport, traveling, accounts, and what not?

The book is an attempt to provide some explanation for how we have to come to our current notions of personal space and individual privacy starting from early human rights in whose egalitarian social structures privacy was all. Still, non-existent down to our data-driven presents where it seems there is a little what we can do to consider our thoughts and actions from those around us.


The author Rahul Matthan is a Partner with Trilegal, a law firm in Bangalore, and an eminent attorney in the field of technology, media, and telecommunications law in India. He has beautifully taken us on the privacy journey from the prehistoric period to the way we are here and now. He has stated cases, incidents, business scenarios, historical facts, and technology evolutions, which gave us our current form.

Our internal struggles, our aspiration to be a better society, our zest for equality, and respect for personal freedom are all stated in the book in detail. This is a fact-filled book with a lot of intricate details and legal language, which I have tried to condense in the few pages with the final results for the interest of the readers. This summary is in no way a substitute for the book, as it carries a detailed analysis of the topics, in chronological order, and substantial food for thought. I hope I can ignite the interest in the readers to get the book, and they read the same to enjoy the hard work of the author.

Privacy has passed through the three distinct phases of evolution.

In the first stage of privacy, we developed, for the first time, the idea of a person’s place in the private space. We evolve with laws to protect information that we disclose to others in confidence, allowing us to recourse against those who betray our trust. As technology developed, this approach was not sufficient to protect our privacy. We need protection from those beyond our immediate Circle of Trust as Technology made it possible for the stranger to invade our personal space.

Privacy 2.0 elevating the status of the right that could be exercised against anyone who infringed upon the privacy without getting our consent. This was from the start of keeping the files in a physical form to the advent of the internet.

Privacy 3.0 is much above the consent story. There were unlimited mind-boggling possibilities of using your data for different purposes.

Chapter 1: Naturally Private?

The author states in Jungle how the animals move in herds to take advantage of each other’s observations and survive in the condition of a constant threat. When some animals sleep, others are on guard. They become eyes and ears for each other. The weak, tender, and needing support got cover from the other healthy animals around the herd.

Solitude was a luxury to the animal at the top of the food chain. As such, privacy is an alien concept to nature. The question arises why did humans so strongly cleave to it, accept it as a fundamental notion of humanity, and make laws to enforce it?

Chapter 2: In The Fish Bowl

It was not only animals who followed the herd mentality. Humans, too, lived in herds. Earlier, they lived in herds and hunted for a living. Slowly when they started domesticating the animals and growing their crops, they settled down in villages. The concept of privacy was still completely off. It was, in fact, a completely open society. Each person knew the other’s strengths, weaknesses and adequately supported or took support from them. Even after dwelling came into the picture, walls and curtains were to bring protection from the natural conditions like sunshine, rain, wind, etc.

Any deviation from this was seen as dangerous and suspicious. Movement out of this dwelling alone could be fatal. If they are together, they are safe; else, they were vulnerable to attacks by another man or animal.

Each person was under the surveillance of the other people in that herd. This kept the person in security as well under pressure to behave appropriately.

As the herd grew, this pressure rose, and people wanted to get rid of this pressure. Sometimes then maybe, did a concept of privacy creep in the lives of the people. Technology also crept into people’s life. They could now get a new perspective on privacy and build a boundary around themselves. The individual could identify himself uniquely from the community and hide if he wanted to.

Chapter 3:What Walls Did

As the homes started building substantial walls, humans could isolate themselves from the outside world. The outside world also could not determine what is going inside. This new way of living helped humans develop new ways of thinking, behaving, release them from the mental pressure of being watched. This also gave birth to split personalities. One would be a particular character in privacy and another one in a public eye.

Surrounding culture also played an important role. For example, Greeks had houses built in a manner that people could not see inside. High windows on the first floor (ground floor in India), doors opening to a wall, so that no one could peek inside when the door opens. In contrast, the Romans had an entirely different perspective. The influential and wealthy Romans had big visible lawns and huge windows where other people could see their lavish lifestyle. The poor Romans live in whatever they could get and aspired to live in a mansion like that of the rich.

When one has aspirations or witnesses any deeds of fellow citizens, all sorts of thoughts may come to them. Religion was another factor that influenced privacy. Christianity even suggested that forget doing wrong deeds, but even thinking of doing so is evil. This norm gave rise to monks who used to live in seclusion so that they do not encounter evil thoughts. The Church even suggested that people can confess their wrongdoings or evil thoughts to the priest in the Church. There was a shift of responsibility for moral governance from the community to an individual if one wanted to achieve salvation.

Chapter 4: A Creature of Technology

Seclusion promoted the development of technology. Technology-enabled privacy, but it was also its darkest enemy. Technology helped humanity in communicating in many ways. Humans found ways to breach privacy using these technologies. Be it Press, Photography, Telephony, they helped reach out to more humans, but also infringed the privacy of many people. Despite all this, technology kept thriving, and society taught itself to adjust to the new challenges and keep up with their privacy. Any study of privacy is based on some of the other contexts with technology areas.

Chapter 5: Confidences

Confidentiality was an important factor when one built houses for getting a private space for oneself. William Blackstone first mentioned this in 1765 in his “Commentaries on the Law of England” Page 223. The concept of confidentiality was understood and used now, but it took a long time for “Privacy” to appear in law as a standalone concept.

When one of the biggest technological inventions took place, i.e. the printing press, it displayed how people not even under contract can be impacted by the privacy breach. Be it a celebrated writer, or even the royal family of England.

Edmund Curll was one such businessman. He deployed all techniques of selling his publication to all possible. He used cheap paper to keep the cost low. Authors who would publish any stuff without hesitation that would entertain his audience. He copied stuff from wherever possible. He even posted the writings like “Gulliver travels” of famous writers like Jonathan Swift without permission. There was another famous poet. He employed Joseph Gay and got his poems published with the name of J.Gay. People enjoyed it in the name of John Gay. Edmund Curll was so aggressive in his approach that the publication world came up with the term “ Curllism “ for literary indecency.

An interesting anecdote sequence is when Alexander Pope tried to kill Edmund Curll using sedatives (emetic) in his drink when Edmund published his poems without his permission. Curll survived, and he went ahead for more vehement revenge. He declared and published all Pope’s work without his consent. Curll surpassed all boundaries as he got hold of Pope’s letter in one-to-one communication with Jonathan Swift. He published five volumes of these letters. Pope took him to court, and it was underplayed by saying that how can change the mundane things as letters could lie in the ambit of copyright? Pope won the case after much deliberation.

William Strange, an art dealer, could get his hands on the personal paintings of Queen Victoria and her husband, Albert. He etched them in copper and wanted to do a public exhibition. He did not have permission from the Queen (the owner) of this art. The court ruled against it. Strange had to withhold the exhibition. Court additionally stated that “In the present case, where privacy is the right invaded, the postponing of the injunction would be equivalent to denying it altogether.”

Any communication which is/should be confidential between 2 parties should be in the ambit of privacy. Be it husband-wife, trading partners, doctor-patient, Attorney-client, all come under these.

Chapter 6: The Right

As technology further advances and long-distance communication is available in around the 1880s, the news was available for the local newspapers to fill it in. In the meantime, George Eastman invented a portable Camera. This invention further fueled the satire of 8 million readers in the United States. With Portable Camera in people’s hands, the celebrities had no place to hide. Their snaps were taken and sold to local newspapers with exciting news. The media published the photographs with a story without any further approval of the people. Even POTUS Grover Cleveland’s wife Frances could not escape the camera’s eyes. The press used her photograph in product advertisements across the country without her permission. Courts had to intervene and stop the newspapers from doing so.

Now enters the real heroes of Privacy laws. Louis Brandeis and Samuel D Warren, classmates at Harvard Law School, and graduated with first and second positions respectively in the class, formed a law firm Warren and Brandeis. This article is the most influential law review article of all and referred even to date under different names. In 2017, when the Supreme Court of India was discussing the fundamental right, this article played an important role.

Sam Warren was the eldest sibling in the family. His younger brother was sexually deviant (LGBTQ), and this was considered morally dangerous or a social disorder in the American Society. Sam was married to an influential family in the US. Press used to find reasons to have some news on him or his related people. On this, Sam articulated a robust legal basis with which he could defend his brother against the depredations of an aggressive press. This paper came out to be one of the most influential documents in the privacy law world, and people refer it to even after more than 100 years.

In the 1890s, the court accepted only those litigations on privacy, where there was proof that this has caused damage to property. On this, Justice Thomas Cooley calls for the right “to be left alone.” After the passing of this law, this inhibited the press from invading the private life of the people.

The author also states that there is a subtle difference between the intellectual value of the intangible product like writings & publications (under copyright law), and the domestic occurrence of personal activities. The 2nd one is the “inviolate personality,” where the person has the right to not getting exposed to his private discussion, writing, which he has not made public to come under the privacy law.

Further, in the other papers from Warren and Brandeis, they explain new situations.

The organizers of the Colombian Exposition in Chicago installed the Statue of Late Mrs. George Schuyler, without the consent of the family. The court states that even though she was a public figure, this was a privacy matter and should be discussed.

In another situation, a company prints thousands of portraits of a person, without her consent, for advertisement. The case statement said that it was the use of her property (her body) without her permission. Still, the jury went against the appeal by 4–3, as they said this is a mundane issue and would invite unnecessary cases like one’s looks, conducts, habits, etc. This judgment raised a big furor, and the people criticized the decision. This situation was the Aadhar moment for the US. Further, a law was enacted that led to the conclusion that the use of a person’s name, portrait, or likeness without consent would be a misdemeanor. Multiple states went ahead and enacted this law further.

As telephony started in 1928, Louis Brandeis stated his dissenting opinion that any tapping into the conversation would be a breach of the 4th and 5th amendment of the constitution. The 4th amendment noted that the constitution should protect the belief, thoughts, emotions, and sensations of the American people. They conferred against the Government for the right to be left alone, which is the most comprehensive of the rights and the right most valued by civilized men.

Chapter 7: The Currency of Information

As the population increased, communication increased. The most basic form of long-distance communication, “Snail Mail” (Post), was susceptible to privacy breach as the postal department could read the letters easily. The US passed a law against the same.

The people who did not have trust in the government concerning privacy were also because revelation like WikiLeaks and Edward Snowden was already out.

Population increase also started an issue of how could you trust the counterparty when you don’t know them. Maybe you are new, or they are new. The breach could happen from either side. Lewis Tappan formed a mercantile agency that started keeping the records for various trades and thus the credibility of the people. As his business grew and he grew interested in other areas, he passed his business to one of the clerks. His clerk gave it to his brother-in-law, Robert Graham Dun. Robert Dun merged with his competitor, Bradstreet, in 1933 and formed Dun & Bradstreet, which is famous for the credit rating to any instrument. Now loans, credits, transactions were done after confirming the credit rating of the counterparty. Now the credit rating agencies had become data collectors, and they could use their parameters to define the credit rating, which could be biased.

Thus came FIPPS and OECD for defining the rules for sharing data between the government and private sector. It also specified the rules for handling PII, which the data collectors should be following.

Chapter 8: Meanwhile, in India …

India, under British rule, never thought of privacy as it was an oppressed country. People never thought about these aspects before 1947. There were few instances where privacy was discussed in the courts but never became a public furor until Aadhar came into being. India set out to formulate its privacy policy now.

Chapter 9: Early Thoughts on Privacy

The author narrates the story of the Privacy aspect of the Indian constitution. Privacy was one of the essential elements explored, discussed, and debated. In Benegal Shiva Ra o (BS Rao)’s book “The Framing of India’s Constitution,” he states that Benegal Narsing Rau (BN Rau) wanted to borrow the 4th amendment of the US constitution and be implemented in the Indian constitution. After long debates and discussions, the constituent assembly decided that the “Right of Privacy” be dropped. The primary justification was that in want of a court order to search, interrogate, and investigate someone, the culprit might get time to tamper with the evidence and escape prosecution. It was assumed that the state would exercise this power in the interest of the nation and the greater good.

Somehow to arrive at the balance between the interest of the individual and the objectives of the state, B.N. Rau might have tipped the balance too far in the direction of the state.

It took 6 decades for the Indian judiciary to come up with a comprehensive formulation of an individual’s right to personal privacy.

Chapter 10: Privacy in the Indian Courts

Privacy issue came up in Indian courts in form of 3 prominent cases, 1) Kharak Singh Vs State of UP, 2) Govind Vs State of Madhya Pradesh and 3) Auto Shankar case

In the case of Kharak Singh, though Justice Subba Rao states that the sort of surveillance being imposed was a violation of the right to freedom of movement. Even though he had a strong opinion, he was in the minority and the bench decided to uphold that the constitution does not guarantee the right to privacy.

Concerning the case of Govind, Justice KK Mathew portrayed the issue in a different light. He ignored the inconsistency of the Kharak Singh judgment. He states that the founding fathers never wanted to have a police state. Since much has changed with time, courts should also interpret to fit with changing time. The concept of liberty overlaps with the idea of the right to privacy. Mere conviction in a criminal case does not require surveillance until the person is of grave danger to society. Over the next 40 years, the courts all over India used this justification in cases of a similar nature.

Inspector General of Prisons in TamilNadu warned a publication house of the consequences. Suppose they publish Auto Shankar’s biography in their publications. The editor went against the order in the court. The court ruling said that Article 21 allows the person to be left alone. Article 19 (l) (a) ensures the right of freedom to the press. The publication went ahead with the story.

Further, Rahul Matthan discusses cases on discords in marriages, medical records, the conduct of the bank for loans, where privacy of facts was essential to an individual, while the interest of the other party was at stake. Courts took different stances on situations.

Several cases concerning the media treating victims, the conduct of the companies offering services to individuals, sexual preferences of the individuals are discussed where one expects that the person’s privacy is respected.

All this boils down to how the data is handled and we need to see how Aadhar worked.

Chapter 11: Identity and Privacy

Do you know why there are so many cases of identity thefts in the US, while in India, you seldom hear anything like that? The reason for this is that our weakness has become our strength. No identity system is treated trustworthy alone. So if one goes to take some service, they ask for at least 2 ID cards. If you have a PAN, then a driving license, or passport or voter card, or ration card, or something else. Even the passport, which is staunch proof that you are a citizen of the country, is seen internally with suspicion. If someone forges one, he cannot forge the other one. The data is in silos, so they can’t talk to each other. This diversity has kept us safe from identity theft until now.

This also led to an issue of the government benefit, not reaching the target individuals. The UPA government came up with the Aadhar card concept under UIDAI and launched the program with Nandan Nilekani as it’s head. A lot of data had to be collected under this program, and Democratic Data Standards and Verification Committee governed this policy.

Chapter 12: A New Privacy Law

Even though the Aadhar card and UIDAI was a pet program of the government, it did not have a legal backing or the privacy law in place. Once the program rolls out to the public, then it will be a disaster waiting to happen. Rahul Mathaan, in conversation with Nandan, emphasized these points. Nandan took this up further and made PMO aware of the same.

Further DoPT contacts the author for initiating this. Rajeev Kapoor, Joint Secretary with DoPT, helps the author frame the privacy policy in the Indian context. Rajeev was aware of the local requirements. He further pushed this to other departments like the Ministry of Finance, Department of Information Technology, NATGRID, Department of Science and Technology, and MHA for deliberation. An interesting point was everybody had a counter-argument for every point stated. Any bureaucrat was only convinced with the law when it was said that even Pakistan had one.

Further, it was evaluated that if this concept would not be burdensome to the companies. National Data Controller Registry was proposed so that the companies could see what the directives for data handling with respect to their sector are.

Meity, in the meantime, released its guidelines for data protection. This was quite similar to or near a copy of what the author had proposed. While this is on the way to become a law, the scam struck India again. Niira Radia Tape controversy hit all associated. The Income Tax department took authorization from MHA to tap the phones of Niira Radia. Apart from the dark secrets of Government lobbying and corruption, it was understood that the Privacy of anyone is at stake. This aspect is also now added to the privacy bills after vouching additionally from NATGRID and Registrar General of India.

After all the hurdles, the government rolled out the Aadhar card and 27 Government benefit schemes based on it. However, NDA deplored Aadhar during election campaigns but wholeheartedly accepted it when in power. They started the Jan-Dhan scheme and opened more than 11.5 crore bank accounts for Direct Benefit Transfer. Soon under the NDA government, more than 1 billion Aadhar cards were made.

Chapter 13: The Puttaswamy Judgement

Nine judges of the Supreme Court bench passed a verdict on Privacy on 24th August 2017. It stated that Privacy is an integral part of the constitution of India. It was a part of the fundamental right and was implementable in various facets of life. Where Privacy has to be implemented has to undergo three tests.

  1. Legality — Is the demand for privacy legal?
  2. What is the need? — Does the demand for legality lie under the legitimate state aims?
  3. Proportionality — There should be rational nexus between the objects and ways to achieve the objectives.

Further, Rahul Mathaan goes ahead and discusses in details on issues like sexual orientation, euthanasia, abortion, various other topics.

Chapter 14: Striking the Balance

The author states that with the coming up of the Aadhar card system, we have to change our perspective on many things. Where the physical verification of a person used to cost an average of Rs.1000, would now cost Rs.60. Loans disbursal, which was earlier a subjective issue, could be treated objectively, depending on various parameters.

Now, as we have a lot of data, we should be using it innovatively while keeping the privacy aspect in mind. Data controllers, while having indemnity of any issue, will also be responsible that the data is used responsibly. Algorithms will be built to derive intelligence, but not at the cost of privacy.

Medical records are one such area where collecting the records in a single location and feeding it to the algorithms can generate a lot of intelligence for making the right strategic decisions.

India will have to keep learning from other countries as well as its own experience, to unlock the value of data while keeping privacy in mind.

Chapter 15: A New Framework for Privacy

The author narrates that the new privacy policy framework is more data-oriented. Consent based system is not of much use as nobody reads the T&C and goes ahead. It has to be the responsibility of the company holding the data and the data controller, who is working with the data.

Data is the new Oil. This data can be used in any manner. The output of the data can be used as input to extract more data further. Though the regulations are stringent where any breach of privacy has huge penalties, this should not stop data controllers from getting innovative and finding more usage of the data. They should keep in mind that if they are the data subject, then what the data subject would not like to see from the results, to make sure privacy concerns are handled. Any breach or negligence should be dealt with maximum possible punishment. The easiest way to implement new algorithms and technologies is to audit using the Data Protection Impact Assessment (DPIA), which can be a person/party other than the data controllers to assess the impact of the rollout.

Any benchmark similar to the credit rating system would be of great help as the company would get a better rating if they handled their data properly. They are thus building trust between their business and client. You would like to take services from the company whose rating is better.


Privacy is the derivative of technology and unique to humans. As the technology evolved, privacy took different forms. We now have all the options, to be completely closed, or be completely open. Like a village (now global), people may see the ones who keep interacting on various social media with trust and confidence, while the ones who are close will lack faith within their circles.

Originally published at on August 1, 2020.The amazon links intend to give commission to the author of the article on sale through them.



Piyush Jain

Piyush, a software professional, reads anything on AI, behavioural economics, strategy, macroeconomics, history, or anything good.