w w w . L a w y e r S e r v i c e s . i n



Suo Motu & Others v/s Travancore Devaswom Board, Represented by Its Secretary, Thiruvananthapuram & Others

    DBP. No. 13 of 2021 & WP(C) Nos. 21609 & 21812 of 2021

    Decided On, 22 April 2022

    At, High Court of Kerala

    By, THE HONOURABLE MR. JUSTICE ANIL K. NARENDRAN & THE HONOURABLE MR. JUSTICE P.G. AJITHKUMAR

    For the Petitioners: Abir Phukan, Mathew A. Kuzhalanadan, Kuriakose Varghese, V. Shyamohan, Sudeep Aravind Panicker, Sradhaxna Mudrika, K.R. Sunil, Aiswarya Venugopal, Krishna Suresh, V. Eashwary, Advocates. For the Respondents: G. Biju, SC, N. Manoj Kumar, State Attorney, N. Raghuraj (K/114/1986) (Amicus Curiae), V. Sajith Kumar, A.V. Vivek, Aparna Chandran, N.K. Remya Varma, P. Benny Thomas, D. Prem Kamath, Abel Tom Benny, Jyothish Krishna, Kurian Oommen Therakath, Sruthy J. Mampilly, Jaikrishnan.M. Pisharodi, Tom Thomas (Kakkuzhiyil), R. Krishna Raj, E.S. Soni, Sangeetha S. Nair, A. Resmi, S. Nidheesh, C.S. Manilal, S. Nideesh, Biju Balakrishnan, V.S. Rakhee, K.J. Gisha, P. Ajmal, Advocates.



Judgment Text

Anil K. Narendran, J.

1. The common issue involved in D.B.P.No.13 of 2021 and also W.P.(C)Nos.21609 and 21812 of 2021 relates to Virtual-Q system at Sabarimala Temple.

2. D.B.P.No.13 of 2021 has been registered suo motu based on the direction issued on 01.07.2021 by the Division Bench dealing with Devaswom matters. The Division Bench noticed that, based on S.M.Report No.3 of 2021 of the Special Commissioner, Sabarimala, regarding underutilisation of the permitted number of 5,000 pilgrims per day under Virtual-Q system, causing loss of opportunity to devotees desirous to undertake pilgrimage, this Court registered SSCR No.3 of 2021. On 05.03.2021, an order was passed in SSCR No.3 of 2021. Taking note of the report that Virtual-Q slots are being put through the website sabarimalaonline.org, which is an initiative of the Kerala Police, and the fact that despite the booking of all Virtual-Q slots within hours of opening of the site, almost all days, when the shrine remains open, only less than 50% of devotees thus registered are turning up for darshan, this Court suo motu impleaded the State Police Chief as additional 3rd respondent, who was directed by the order dated 05.03.2021, to file an affidavit as to whether such situations occur due to any deceitful action from the part of anyone. Thereafter, an affidavit was filed by an officer authorised by the State Police Chief, wherein it is stated that the aforesaid initiative of the Kerala Police is a successful tool to identify the pilgrims and to manage the crowd at Sabarimala during Mandala Makaravilakku Festival season. It was also stated that the restriction regarding the number of pilgrims is due to Covid-19 pandemic and that necessary probe will be done to find out whether there is any illegal activity by anyone for the shortage in the number of pilgrims turning up for darshan. Later, as per the order dated 12.03.2021 in SSCR No.3 of 2021, the number of pilgrims was enhanced from 5,000 to 10,000. The issue whether such shortage in the number of pilgrims occur due to any deceitful action on the part of anyone was not looked into while passing the said order. But, despite the increase of the number of pilgrims as above, there was considerable decrease in the number of pilgrims turning up for darshan, going by the information passed on by the Special Commissioner, Sabarimala. As per the order dated 12.03.2021, this Court permitted to insist for production of Covid-19 negative certificate after RT-PCR test taken within 48 hours of reaching Nilakkal, from NABL accredited ICMR approved laboratories and such other laboratories approved by the Government. This Court noticed that, each day, when the shrine remains open, about 10 hours are available for darshan. Taking note of the available space and the available facilities for crowd management there can be no difficulty at all for facilitating darshan for the devotees, even if the entire permitted number of pilgrims are turning up for darshan, in terms of the time slot allotted to each of them. Since Sabarimala pilgrimage is now permissible only with Covid-19 negative certificate obtained in the aforesaid manner, the risk matter is very minimal. Unlike the other temples in Kerala, Sabarimala shrine opens only for Mandala Makaravilakku Festival, masa poojas and on specific festive days.

2.1. In the direction issued on 01.07.2021, the Division Bench noticed that, in other temples in Kerala where darshan is permitted only after registration in Virtual-Q system, such systems are managed by the Devaswoms concerned. In the statement filed in SSCR No.3 of 2021 by the State Police Chief, though it was stated that necessary probe would be done to find out any illegal activity being done resulting in shortage in the number of pilgrims turning up for darshan, so far nothing by way of a report is forthcoming. Taking into account all such circumstances, the Division Bench noticed that, the question is whether the computer managed Virtual-Q system for Sabarimala pilgrimage be entrusted to the Travancore Devaswom Board (for brevity, ‘ the TDB’), as has been done in other Devaswoms, for regulating the number of pilgrims turning up for darshan and at the same time to ensure the maximum number of pilgrims, within the permissible number. No doubt that, even in case of such an arrangement, taking note of the fact that Sabarimala is a security vulnerable temple and that effective crowd management is required, the act of regulating the devotees turning up for darshan and the security aspects are to be retained with Police, as usual.

2.2. By the order dated 02.09.2021 in D.B.P.No.13 of 2021, we have directed the Special Commissioner, Sabarimala, to submit a comprehensive report on the functioning of Virtual-Q system at Sabarimala, along with his suggestions. Pursuant to the said order, a report dated 04.10.2021 of the Special Commissioner, Sabarimala, is placed on record. As per that report, in the home page of the web portal, i.e., sabarimalaonline.org, the emblem of the Kerala Police is exhibited on the top and the emblem of the TDB is exhibited below on the left-hand corner. When bookings are open, certain advertisements of ambulance services, ‘punyam poongavanam’ and a ghee company are seen published by the Kerala Police. The web application is hosted in the Amazon Web Services Cloud Server owned by Kerala Police. The advertisements in the web page are displayed as per the request of the Kerala Police. There is a discretionary quota of coupons which is managed by Kerala Police by communicating with the Tata Consultancy Services Ltd (for brevity, ‘the TCS Ltd.’). The Kerala Police has separate URL and login for the discretionary quota of coupons, which are used for Government guests, guests of TDB and VIPs. The Special Commissioner pointed out that the domain name, i.e., sabarimalaonline.org, which provides Virtual-Q booking facility to millions of devotees and the online web portal where advertisements are displayed are all intellectual properties of the minor deity, which are controlled by the Kerala Police and the TDB has no control over the same. The Kerala Police is rendering yeoman service to millions of devotees of lord Ayyappa by crowd control management and providing secure and orderly darshan to the devotees. However, the crowd control management functions discharged by the Kerala Police, as part of its duty as a Department of the State, will not confer it the right to own or exercise control over the property of the minor deity. Even without having control over the web portal, the Kerala Police can discharge crowd control functions by verifying the Virtual-Q coupons produced by the devotees at Nilakkal and Pamba, by getting the requisite data from the TCS Ltd. or the TDB. At Sabarimala, constant surveillance by police personnel and by using CCTV cameras in access points and routes is being done in the police control rooms, in order to eliminate security threats. The security threat at Sabarimala is not a valid reason for the Kerala Police to exercise control over the system, which is the intellectual property of the minor deity. The discretionary quota of Virtual-Q system has to be brought under the direct control of the TDB. The TDB may be directed to purchase online cloud storage server facility to host the online web portal/web application and the TCS Ltd. may be directed to operate the web portal/application for online booking of Virtual-Q system for Sabarimala darshan, as per the directions of the TDB. The TCS Ltd. and the TDB may be directed to share the requisite data of pilgrims, as required by the Kerala Police for effective crowd management and verification of Virtual-Q coupons. The TDB may be directed to take steps to register the trademark/obtain patent of the intellectual properties of the deity and Devaswom and to prevent its misuse and usurpation of revenue by third parties. Therefore, in the report, the Special Commissioner has prayed that the TDB may be entrusted with Virtual-Q System and the software developed by the TCS Ltd. and also the domain name, sabarimalaonline.org.

2.3. An affidavit dated 10.08.2021 has been filed on behalf of the 2nd respondent State and the Additional Director General of Police (Crime Branch) and the Chief Police Coordinator, Sabarimala, has sworn to an affidavit dated 17.07.2021 on behalf of the 3rd respondent State Police Chief, wherein it is stated that, for avoiding unexpected pilgrim inflow surges during festival seasons, which may lead to situations like stamped, Kerala Police had started Virtual-Q system during the year 2011, as per the directions of the State Government, using an in-house application developed by Kerala Police. In the next year, the application was refurbished with the help of the Kerala State Electronics Development Corporation (KELTRON) and shifted to Amazon Cloud Environment for improving performance and to ensure 100% application availability during maximum number of concurrent users. That system continued during 2012-13 to 2016-17. The Virtual-Q system provided by the Kerala Police as part of crowd management saved precious time of the pilgrims. This facility is provided absolutely free of cost to the pilgrims as it was funded by the revenue generated from advertisements, as permitted by the State Government. The Kerala Police has also launched a mobile application on 18.11.2016 for Virtual-Q booking, for knowing the status of the queue at Sannidhanam, availability of vehicle parking slots at various parking locations, weather at Pampa and Sannidhanam, etc. In the year 2019, with the help of the TCS Ltd., Hyderabad, Sabarimala Pilgrim Management System (for brevity “SPMS”) was introduced, with Devaswom functionalities like Appam/Aravana booking, Manjal, Kunkumam and Vibhoothi booking, as a separate module. Virtual-Q system is a successful tool to identify the pilgrims and to manage the crowd at Sabarimala during Mandala-Makaravilakku Festival season and monthly poojas. Till 2019-20 festival season, pilgrims could have their pilgrimage either through Virtual-Q system or through conventional queue without online booking. On account of Covid-19 pandemic situation, the number of pilgrims was restricted during 2020-21 festival season and monthly poojas. Entry to the temple was allowed only through Virtual-Q booking and that was approved by this Court as an effective way to regulate the number of pilgrims per day, according to the norms fixed. The booking requires Aadhaar card or election ID card number, photo and other details. Hence, no bogus bookings could be made. The Kerala Police operates Virtual-Q verification counters at Pamba and verifies online the genuinity of Virtual-Q coupons presented by the pilgrims and allows entry. Depending upon the crowd situation at Sannidhanam, pilgrim entry at Pamaba is regulated. A regulated entry with details of pilgrims is imperative for crowd management and for dealing with specific situations like the threat of Covid-19 and also for ensuring security for Sabarimala. Unlike other temples in Kerala, the Kerala Police is responsible for crowd management and maintenance of law and order in Sabarimala during pilgrimage season and monthly poojas. In temples like Guruvayur, where queue regulation is managed by the temple authorities, the online system can also be managed by them. However, in Sabarimala, crowd management during pilgrim seasons is a challenging task and regulated by the Kerala Police. Since Sabarimala is situated in a difficult forest terrain prone to natural disasters, it is imperative that the ownership of the Virtual-Q system is vested with the Kerala Police for better co-ordination on the field and for efficiency. For effecting crowd control during festival seasons, it is imperative to know the number of pilgrims expected to arrive and regulate their approximate distribution, so that, appropriate crowd control measures can be instituted. In SPMS, Virtual-Q system and the Devaswom functionalities like Appam/Aravana booking, etc. are separate modules, which are independently controlled by the TDB and payment for prasadham bookings, etc., are credited to the TDB account. In addition to the present stakeholders, viz., the Kerala Police and the TDB, the software architecture is capable of accommodating more stakeholders like the KSRTC and the Forest Department. New services like e-kanikka, e-sewa, eannadhanam, etc., can also be incorporated on demand from the TDB. The Kerala Police distributes booking slots in SPMS with the help of TCS Ltd., after getting confirmation from the Executive Officer, Sabarimala, regarding the temple opening and closing schedule. At present, the stakeholders, namely, the Kerala Police and the TDB jointly own SPMS and the TDB directly communicates with TCS Ltd. for making changes in the Devaswom functionalities like Appam/Aravana booking, etc. in SPMS. In Sabarimala, where the crowd management during festival season is a challenging task and regulated by the Kerala Police and the temple being situated in difficult forest terrain prone to natural disasters, it is imperative that the ownership of Virtual-Q system is vested with the Kerala Police for better co-ordination on the field and efficiency. Managing such huge crowd without access to the database and the ability to regulate the pilgrim flow would seriously hamper the efficiency of the Kerala Police in managing the crowd. When specific threat inputs have been received on Sabarimala Temple, preventive actions were initiated from the side of the Kerala Police. In case of any such threat inputs, the database has to be screened and verified and the Kerala Police has to take urgent preventive actions. This is possible only if the Kerala Police has the access and ownership of Virtual-Q booking system to act immediately to avert any adverse situation. The database of criminal records is available only with the Kerala Police in case any immediate verification has to be made or action to be taken. In cases of a high alert situation, if the situation warrants, Virtual-Q tickets can be issued after verifying the antecedents with the criminal database. This is possible only if the ownership of Virtual-Q is with the Kerala Police as the data base for criminal antecedents is available only with the Kerala Police and not with the TDB or other agencies. Taking away the ownership of Virtual-Q system from the Kerala Police would jeopardize the security of Sabarimala Temple. The Kerala Police is able to streamline the crowd at Sabarimala using Virtual-Q system. The database of pilgrims can be used for analytical purposes and for investigation/ evidence collection in cases of untoward incidents reported, the latter being more important considering the sensitivity of a pilgrim place like Sabarimala. In the future using Artificial Intelligence, offenders and extremist elements can be identified and culled out for the safety and security of pilgrims. Pursuant to the observations made by this Court, an enquiry was conducted by the Deputy Inspector General of Police, Police Headquarters, to find the reasons for the default by pilgrims for darshan after reserving Virtual-Q slots. In the enquiry, it was revealed that, Covid and Covid related factors were major reasons for the pilgrims not arriving for darshan after booking. The subsequent change in travel plans after booking was another reason. On enquiry it is revealed that many of them have visited Sabarimala at a later date. However, they have not cancelled the slot which they have booked for darshan, despite the option being available. This has led to a large number of booked slots (26.6%) remaining unutilised. Annexure R2(a) is a copy of the report dated 05.08.2021 of the Deputy Inspector General of Police, Police Headquarters. For the last ten Sabarimala Festival seasons, Kerala Police has effectively used Virtual-Q system for crowd management and for maintaining law and order and security at Sabarimala. The existing SPMS, which is in the combined ownership of the Kerala Police and the TDB, may be permitted to be maintained, as it is a time-tested system that worked well during normal times as well as during difficult times like that prevailing on account of Covid-19 pandemic. It is possible to incorporate any required additional provision to the system to increase the number of devotees based on the allowed quota in consultation with the TDB. Since there is effective coordination between the Kerala Police and the TDB, the existing SPMS may be permitted to be maintained as such.

2.4. The Additional Director General of Police (Crime Branch) and Chief Police Co-ordinator, Sabarimala has sworn to another affidavit dated 27.09.2021, producing therewith Annexure I statement dated 06.08.2012 filed by the then State Police Chief in D.B.P.No.42 of 2009. In paragraph 4 of Annexure I statement, it is stated that a new facility for the pilgrims, namely, Virtual-Q system, was designed and introduced at Sabarimala with the approval of this Court.

2.5. On 20.10.2021, an objection dated 04.10.2021 has been filed on behalf of the 3rd respondent State Police Chief, to the report of the Special Commissioner, Sabarimala, wherein it is stated that Virtual-Q system was introduced in the year 2011, with an intention to avoid rush in Sabarimala, by distributing the crowd over the day, and to avoid the devotees' rushing at the peak hours. The year-wise booking of pilgrims through Virtual-Q system for the year 2011-12 to 2020-21 is furnished in the objection. In view of Covid-19 pandemic, Virtual-Q booking is made mandatory since 2020-21 Mandala DBP Makaravilakku Festival season. For facilitating the pilgrims coming without advance Virtual-Q booking, spot booking facilities were provided by the Kerala Police with spot registration counters at Erumeli, Kumali, Pathanamthitta Bus Stand and Vadasserrikkara, during the festival season 2019- 20. The domain name sabarimalaonline.org is registered in GoDaddy Domain Name Service Provider and Virtual-Q application is hosted in Amazon Web Service in Mumbai. The domain name is renewed yearly by the Kerala Police. As per order dated 24.07.2021, sanction was accorded by the State to accept advertisements in Virtual-Q system, in order to meet the expenditure towards its maintenance. The monthly usage bills are being paid to Amazon Web Service by the Kerala Police using the income generated from advertisements. At present, Rs.10,16,187.42 is pending payment due to lack of revenue received through advertisements. The Kerala Police is actively involved in the administration of Virtual-Q system. All the activities in the portal were conceptualized by the Kerala Police. Technical persons from the Kerala Police are giving detailed instructions to TCS Ltd. for controlling the activities in Virtual-Q system. Sufficient infrastructure including laptops, domain account, Amazon Web Service, application software and connectivity at Pamba are provided by the Kerala Police. The TCS Ltd. has developed the software application and they are maintaining the same. Facility for special booking was enabled as per the request of the TDB and discretionary quota of coupons are being issued to the guests of the State Government and the TDB. The ownership and control of SPMS are done jointly by the Kerala Police and the TDB. The devotees who have been regularly booking Virtual-Q tickets have not made any complaints against the management or administration of Virtual-Q system. During festival season, the Kerala Police operates a 24x7 helpline service to attend any issues in Virtual-Q booking. SPMS is a single online platform to provide all Sabarimala related services at one place to the devotees. Virtual-Q system is only a small part of that platform, which is being managed by the Kerala Police. The other modules like Appam/Aravana booking, e-kanikka, pooja services, etc., are exclusive Devaswom functionalities, where the total control is with the TDB, for which the Board has to directly interact with the TCS Ltd. Many of those functionalities are still not operational due to lack of support from the TDB to TCS Ltd. The Virtual-Q system is presently managed by the Kerala Police with the co-operation of the TDB and it has been operational without any glitches. Therefore, rather than an abrupt transfer of a well operational Virtual-Q system to the TDB, first Devaswom functionalities in SPMS like Appam/Aravana booking, etc., may be made operational.

2.6. The Deputy Secretary to Government Home (SSA) Department, Government of Kerala, has filed an objection dated 25.10.2021 on behalf of the 2nd respondent State, raising similar objections to the report of the Special Commissioner, Sabarimala, wherein it is stated that, on 14.01.2011 there occurred stampede at Pulmedu near Sabarimala which took the life of 52 pilgrims. In the wake of that tragic incident, this Court directed the Government as well as the State Police Chief to effectively regulate the pilgrims. Therefore, Virtual-Q system was introduced by the State and the Kerala Police with the approval of this Court. It was found to be very effective in regulating the crowd at Sannidhanam and also helpful to pilgrims all over the world, as they could select the time and date for joining the conventional queue at Sannidhanam, subject to availability of accommodation on first come first serve basis. In long queue formed in front of Pathinettampadi, the pilgrims will have to stand for 14 to 16 hours. There were also instances of aged pilgrims returning from Sabaripeedam without having darshan, as they could not take the ordeal of standing in the queue for such long hours. In order to mitigate the above sufferings, Virtual-Q system was introduced. The existing SPMS in the combined ownership of the Kerala Police and the TDB may be permitted to be maintained, as it is a time-tested system, which has worked well during normal times as well as during difficult times like Covid-19 pandemic. As there is effective coordination between the Kerala Police and the TDB, it would be appropriate to maintain status quo in the matter. The Government is of the view that Virtual-Q system has to be operated by the Kerala Police with active support of the TDB, as being done for the past so many years. Sabarimala, being a pilgrim destination of national importance, crowd control management and all sorts of security threats have to be taken care of by the Kerala Police and the police will be able to discharge the above duty, in a most effective manner, only if they have control over the Virtual-Q system.

2.7. On behalf of the TDB, the learned Standing Counsel has filed a statement dated 11.11.2021, wherein it is stated that, a nominal fee has to be charged for Virtual-Q booking to avoid bogus bookings. In W.P.(C)No.21609 of 2021, the Secretary of the TDB has sworn to a counter affidavit dated 20.10.2021, wherein it is stated that, Virtual-Q booking for Sabarimala darshan was introduced in the year 2011 as a project of the Kerala Police, which is looking after crowd management in Sabarimala and as such, the TDB does not have ownership or control over Virtual-Q system managed by the Kerala Police. Till the year 2020 Virtual-Q system was optional. Due to Covid-19 restrictions enforced in Sabarimala in the year 2020, it was made mandatory for all the devotees. The TDB has its own devotee portal for online booking of Vazhipadu/accommodation and also counter billing system at Sabarimala. Sabarimala being a pilgrim destination of national importance, crowd control management and all sorts of security threats have to be taken care of by the Kerala Police.

2.8. One S. Jayaraj Kumar has filed I.A.No.1 of 2021, seeking an order to get himself impleaded as additional 4th respondent. That application was allowed by the order dated 08.10.2021. In the affidavit filed in support of I.A.No.1 of 2021, it is stated that, there has been a huge decline in the number of pilgrims visiting Sabarimala Temple after the introduction of compulsory Virtual-Q system. Virtual-Q system in other major temples like Guruvayur is managed efficiently by the Devaswom Board. However, in Sabarimala, Virtual-Q system is managed by the Kerala Police. Over the past more than eight years, out of 14,95,718 Virtual-Q bookings in SPMS, only 8,32,391 materialised, i.e., only 55.66% of the devotees availed that facility after registration. The management of Virtual-Q system by the Kerala Police is not conducive to proper utilisation of the permitted number of pilgrims per day, especially because of strict adherence to the time slots, which is a difficult task to accomplish in view of the location of the temple and the ascent through the rocky pathway. Secondly, most of the pilgrims are from distant places and the mandatory requirement to report at the specified time also makes it difficult for the pilgrims to utilise their Virtual-Q booking slots. Since pooja and ceremonies during festival days are not properly reflected in Virtual-Q system managed by the Kerala Police, the pilgrims are put to much difficulty. Therefore, it is better to entrust the management of Virtual-Q system to the TDB to ensure proper utilisation of the permitted number of pilgrims per day.

2.9. By the order dated 21.10.2021, the TCS Ltd. was impleaded as additional 5th respondent, which has filed an affidavit dated 14.12.2021, on SPMS, data privacy, manpower deployment, etc. As per the said affidavit, the Kerala Police had expressed interest in creating Digital Pilgrim Management System for Sabarimala pilgrimage and the Company in the meetings held on 22.07.2019 and 23.07.2019 agreed to deliver a next generation online service system with darshan service for devotees to book advance darshan tokens at Sabarimala along with Pilgrim Verification System for verification of booking details. Based on the same, the State Police Chief issued work order dated 16.08.2019 to the Company to develop Digital Pilgrim Management System for Sabarimala, subject to the terms and conditions. On data privacy, it is stated that various data privacy and security measures, as stated in paragraph 4.2 of the statement, have been consistently implemented across all three modules of SPMS, i.e., online service platform, online spot booking and online verification system. The data collected at the time of Virtual-Q booking is used strictly for verification purpose by the operator kiosks set up by the Kerala Police and manned by them. Operators can only retrieve pilgrim information using front-end screen, that too, they can only see the last four digits of the ID card in the plain text format. No police staff has access to the database directly to query or retrieve information in any form. The Company does not share any personal information or sensitive personal information or data with the Kerala Police or with any other agency. Kerala Police has front-end access to refer to high level summary reports (day wise, month wise bookings, cancellations, arrivals, etc.) as part of their logistics and manpower deployment planning in advance to serve the pilgrims visiting in the season. Even in the summary reports, no personal information or sensitive personal information or data is accessible. The project has been completed and delivered free of cost. The complete IT and operational infrastructure is provided by the Kerala Police, viz, Amazon Web Services Cloud Server for storage, two apple Mac-books for designs, SMS service provider API account to send alerts to pilgrims, Dhanalakshmi Bank Payment Gateway provider API to integrate with online system so that, pilgrims can place orders for 'prasadham' by paying money directly to the Devaswom account digitally along with booking Virtual-Q coupons. The Company developed SPMS in accordance with the requirements provided by the Kerala Police. Postcompletion of the project, for ongoing maintenance and support, the Company is providing 12 full-time employees based on skill set up, during peak season when the temple opens for pilgrimage, as detailed in paragraph 7 of the statement. In the statement, the 5th respondent has stated that, data security and data privacy measures have been implemented bearing in mind the requirements under the Information Technology Act, 2008 and the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data and Information) Rules, 2011.

2.10. By the order dated 01.11.2021 in I.A.No.2 of 2021, the Hindu Seva Kendram, Ernakulam, represented by its Treasurer, was impleaded as additional 6th respondent. The affidavit filed in support of I.A.No.2 of 2021 contains various allegations, which have absolutely relevance to the issue raised in this DBP, concerning Virtual-Q system in Sabarimala Temple. In paragraph 12 of the affidavit, it is stated that crowd management in all temples in India, except Sabarimala, is being done by the employees of the Devaswom or professionals engaged by the Devaswom. This is the case in Guruvayur, Tirupathi and other temples in the country. The Police cannot enter the temple premises, except in the case of commission of an offence or at the request of the trustee of the temple. In the case of Sabarimala, it is the TDB. The management of devotees in a temple is within the domain of the Devaswom Board, which cannot be usurped by the State Government using the Police, in the name of security. The security threat at Sabarimala is the same as in the case of Guruvayur, Tirupathi and other major temples. Therefore, it is highly necessary to direct the TDB to take over crowd management in Sabarimala Temple.

2.11. By the order dated 01.11.2021 in I.A.No.3 of 2021, Vishwa Hindu Parishad, Kerala, represented by its General Secretary, was impleaded as additional 7th respondent. The additional 7th respondent has filed an affidavit dated 17.11.2021, wherein it is stated that, sufficient land is available at Sannidhanam, Pamba and Nilakkal for the festival activities at Sabarimala. In order to avoid unnecessary gatherings at Nilakkal, spot booking facilities can be provided at Sabarimala Edathavalams enumerated in Annexure R7(b) list.

2.12. The Special Commissioner, Sabarimala has filed various reports. Various orders have been passed by this Court for opening spot booking counters at Nilakkal, Erumeli, Kumali, etc., in order to ensure that the maximum number of devotees, within the permissible limit, have Sabarimala darshan on each day. The 2nd respondent State has also relaxed various restrictions imposed in connection with Covid- 19 pandemic and by the Government order dated 20.12.2021, the number of pilgrims permitted to have Sabarimala darshan was enhanced to 60,000 per day, and the conventional route was also opened to pilgrims.

3. W.P.(C)No.21609 of 2021 is one filed by the petitioner, who is a devotee of Lord Ayyappa, under Article 226 of the Constitution of India, seeking a declaration that the 2nd respondent State Police Chief has no authority or right to issue Virtual-Q booking coupon or any other such pass or ticket to the pilgrims, who seek to visit and have darshan at the holy shrine of Sabarimala. The petitioner has also sought for a declaration that Virtual-Q booking coupons issued by the respondents under SPMS as illegal, arbitrary, and unauthorised by law; a writ of certiorari to quash the orders pertaining to the issuance of Virtual-Q booking coupons by the 2nd respondent State Police Chief, as being violative of Articles 14, 19 and 21 of the Constitution of India; and a declaration that the 3rd respondent TDB had failed in honoring its statutory duties prescribed under the Travancore-Cochin Hindu Religious Institutions Act, 1950, including that under Section 31 by permitting the 2nd respondent State Police Chief to arrange for the conduct of worship by the devotee of Lord Ayyappa by the issuance of Virtual-Q booking coupon.

3.1. The 1st respondent State has filed a counter affidavit dated 25.10.2021. An affidavit on behalf of the 2nd respondent State Police Chief has been filed on 20.10.2021, which is one dated 18.10.2021. The 3rd respondent TDB has filed a counter affidavit dated 20.10.2021, wherein it is stated that the Virtual-Q booking for Sabarimala Darshan was introduced in the year 2011 as a project of the Kerala Police. Kerala Police is looking after crowd management in Sabarimala and as such, the TDB does not have ownership or control over the Virtual-Q system managed by the Kerala Police. Till the year 2020 Virtual-Q system was optional. Due to Covid restrictions enforced in Sabarimala in the year 2020, it was made mandatory for all the devotees. The TDB has its own devotee portal for online booking of Vazhipadu/ accommodation and also counter billing system at Sabarimala. Sabarimala being a pilgrim destination of national importance crowd control management and all sorts of security threats have to be taken care of by the Kerala Police.

4. W.P.(C)No.21812 of 2021 is one filed by Travancore Devaswom Board Employees Front, represented by its General Secretary, seeking a writ of mandamus commanding the 1st respondent State to consider Exts.P2 and P3 representations dated 17.09.2021, within a time limit to be fixed by this Court. The grievance of the petitioner in Exts.P2 and P3 representations is that the State Police is imposing severe restrictions in the matter of Sabarimala pilgrimage. The petitioner submitted Exts.P2 and P3 representations before the State with a request to stop Virtual-Q booking by implementing other suitable and comfortable restrictions by permitting nearly 1,00,000 pilgrims per day, holding a valid certificate of complete vaccination or RT-PCR certificate taken within 48 hours, to be produced at the base station at Pampa.

4.1. In this writ petition, by the order dated 21.10.2021 in I.A.No.1 of 2021, the Travancore Devaswom Service Pensioners’ Association, represented by its General Secretary, was impleaded as additional 7th respondent.

4.2. The 1st respondent State has filed a counter affidavit dated 23.10.2021, producing therewith Ext.R1(b) reply dated 21.10.2021 to Ext.P2 representation made by the petitioner Employees Front, wherein it is stated that Virtual-Q system is beneficial for security purposes and also to get the details of the number of devotees coming for darshan each day. Therefore, it was decided that Virtual-Q system need not be stopped. The additional 7th respondent has also filed a counter affidavit.

5. Heard the learned counsel for the petitioner in the respective writ petitions, the learned State Attorney for the official respondents, the learned Standing Counsel for TDB and also the learned counsel for the party respondents in the DBP and the writ petitions.

6. The learned counsel for the petitioner in W.P. (C)No.21609 of 2021 contended that the 2nd respondent State Police Chief has absolutely no authority or right to manage Virtual-Q booking platform for Sabarimala pilgrims. In view of the provisions under the Travancore-Cochin Hindu Religious Institutions Act, 1950 and that under the Kerala Hindu Places of Public Worship (Authorisation of Entry) Act, 1965, the management of Virtual-Q system can only be by the Travancore Devaswom Board. The 1st respondent State and the 2nd respondent State Police Chief have absolutely no right to interfere with such activities at Sabarimala. Morover, Virtual-Q booking for Sabarimala darshan can only be made optional, considering the ability of pilgrims among the marginalised population to avail such online facilities. The learned counsel addressed arguments on the protection of data and personal information of the pilgrims in the Virtual-Q platform, relying on the provisions under the Information Technology Act, 2008 and the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data and Information) Rules, 2011.

7. The learned counsel for the petitioner in W.P. (C)No.21812 of 2021, the learned counsel for the additional 7th respondent in W.P.(C)No.21812 of 2021, the learned counsel for the additional 4th respondent, the additional 6th respondent and the additional 7th respondent in D.B.P.No.13 of 2021 contended that, in view of the provisions under the Travancore-Cochin Hindu Religious Institutions Act and the Kerala Hindu Places of Public Worship (Authorisation of Entry) Act, neither the State of Kerala nor the State Police Chief has any authority to control the entry of devotees to Sabarimala through Virtual-Q online system. The online booking through Virtual-Q system can only be optional and at any rate, any such system for online booking has to be managed by the TDB and not by the State of Kerala or the State Police Chief.

8. Per contra, the learned State Attorney for the 2nd respondent State and also the 3rd respondent State Police Chief contended that, the management of Virtual-Q system by the 3rd respondent State Police Chief will in no manner violate the provisions under the Travancore-Cochin Hindu Religious Institutions Act or the Kerala Hindu Places of Public Worship (Authorisation of Entry) Act. Sabarimala is a high security zone and Kerala Police is having a statutory duty to maintain law and order at Sabarimala. The online booking facility provided at Sabarimala, originally with the support of the KELTRON, was approved by the Division Bench of this Court. Thereafter, the 3rd respondent State Police Chief entrusted the same to the additional 5th respondent TCS Ltd. Virtual-Q system has to be operated by the Kerala Police with the active support of the TDB, as being done for the past so many years. Sabarimala, being a pilgrim destination of national importance, crowd control management and all sorts of security threats have to be taken care of by the Kerala Police. The police will be able to discharge the above duty, in a most effective manner, only if they have control over the Virtual-Q system. On the data privacy issues, the learned State Attorney submitted that, sufficient safeguards have already been taken.

9. The learned Standing Counsel for the TDB argued that the Kerala Police is looking after crowd management in Sabarimala and as such, the TDB does not have ownership or control over the Virtual-Q system managed by the Kerala Police. Till the year 2020 Virtual-Q system was optional. Due to Covid restrictions enforced in Sabarimala in the year 2020, it was made mandatory for all the devotees. The TDB has its own devotee portal for online booking of Vazhipadu/ accommodation and also counter billing system at Sabarimala. Sabarimala being a pilgrim destination of national importance crowd control management and all sorts of security threats have to be taken care of by the Kerala Police. The TDB has no objection to take over Virtual-Q system, based on the orders of this Court.

10. The learned counsel for the additional 5th respondent TCS Ltd. argued that, as stated in the affidavit filed by the additional 5th respondent, the concern raised on the protection of data and personal information of the pilgrims in the Virtual-Q platform, relying on the provisions under the Information Technology Act, 2008 and the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data and Information) Rules, 2011, is absolutely without any basis. The TCS Ltd. is prepared to extend technical support to Virtual-Q system at Sabarimala, in case it is taken over by the TDB based on any orders of this Court.

11. Travancore-Cochin Hindu Religious Institutions Act, 1950 (for brevity ‘the Act’) enacted by the State Legislature makes provision for the administration, supervision and control of incorporated and unincorporated Devaswoms and of other Hindu Religious Endowments and Funds. As per subsection (3) of Section 1 of the Act, substituted by the Kerala Adaptation of Laws Order, 1956, Part I of the Act shall extend to Travancore, Part II of the Act shall extend to Cochin and Part III of the Act shall extend to the whole of the State of Kerala, excluding the Malabar District.

12. Clause (a) of Section 2 of the Act defines the term ‘Board’ to mean the TDB constituted under Chapter II of the Act in accordance with the covenant. Clause (c) of Section 2 defines the term ‘incorporated Devaswoms’ to mean the Devaswoms mentioned in Schedule I, and ‘unincorporated Devaswoms’ to mean those Devaswoms including Hindu Religious Endowments whether in or outside Travancore which were under the management of the Ruler of Travancore and which have separate accounts of income and expenditure and are separately dealt with. Sabarimala Devaswom is an incorporated Devaswom mentioned in Schedule I of the Act, under Chengannur Group, Pathanamthitta Taluk. As per subclause (i) of clause (d) of Section 2, ‘person interested’ includes, in the case of temple, a person who is entitled to attend at or is in the habit of attending the performance of worship or service in the temple or who is entitled to partake or is in the habit of partaking in the benefit of the distribution of gifts thereat.

13. Chapter II of the Act deals with the Travancore Devaswom. Section 3 of the Act deals with vesting of administration in Board. As per Section 3, t he administration of incorporated and unincorporated Devaswoms and of Hindu Religious Endowments and all their properties and funds as well as the fund constituted under the Devaswom Proclamation, 1097 M.E. and the surplus fund constituted under the Devaswom (Amendment) Proclamation, 1122 M.E. which were under the management of the Ruler of Travancore prior to the first day of July, 1949, except the Sree Padmanabhaswamy Temple, Sree Pandaravaka properties and all other properties and funds of the said temple, and the management of all institutions which were under the Devaswom Department shall vest in the TDB.

14. Section 4 of the Act deals with constitution of the Travancore Devaswom Board. As per sub-section (2) of Section 4, the Board shall be a body corporate having perpetual succession and a common seal with power to hold and acquire properties for and on behalf of the incorporated and unincorporated Devaswoms and Hindu Religious Institutions and Endowments under the management of the Board.

15. Section 15 of the Act deals with vesting of jurisdiction in the Board. As per sub-section (1) of Section 15, subject to the provisions of Chapter III of Part I, all rights, authority and jurisdiction belonging to or exercised by the Ruler of Travancore prior to the first day of July, 1949, in respect of Devaswoms and Hindu Religious Endowments shall vest in and be exercised by the Board in accordance with the provisions of this Act. As per sub-section (2) of Section 15, the Board shall exercise all powers of direction, control and supervision over the incorporated and unincorporated Devaswoms and Hindu Religious Endowments under their jurisdiction.

16. Section 15A of the Act, inserted by Act 5 of 2007, with effect from 12.04.2007, deals with duties of the Board. As per Section 15A, it shall be the duty of the Board to perform the following functions, namely, (i) to see that the regular traditional rites and ceremonies according to the practice prevalent in the religious institutions are performed promptly; (ii) to monitor whether the administrative officials and employees and also the employees connected with religious rites are functioning properly; (iii) to ensure proper maintenance and upliftment of the Hindu religious institutions; (iv) to establish and maintain proper facilities in the temples for the devotees. Section 16 of the Act deals with supervision and control by the Board. As per Section 16, the Board shall, subject to the provisions of Part I of the Act, exercise supervision and control over the acts and proceedings of all officers and servants of the Board and of the Devaswom Department.

17. Section 24 of the Act deals with maintenance of Devaswoms, etc., out of Devaswom Fund. As per Section 24, the Board shall, out of the Devaswom Fund constituted under Section 25, maintain the Devaswoms mentioned in Schedule I [i.e. incorporated Devaswoms], keep in a state of good repair the temples, buildings, and other appurtenances thereto, administer the said Devaswoms in accordance with recognised usages, make contributions to other Devaswoms in or outside the State and meet the expenditure for the customary religious ceremonies and may provide for the educational upliftment, social and cultural advancement and economic betterment of the Hindu community.

18. Section 27 of the Act deals with Devaswom properties. As per Section 27, immovable properties entered or classed in the revenue records as Devaswom Vaga or Devaswom Poramboke and such other Pandaravaga lands as are in the possession or enjoyment of the Devaswoms mentioned in Schedule I after the 30th Meenam, 1097 corresponding to the 12th April, 1922, shall be dealt with as Devaswom properties. The provisions of the Land Conservancy Act of 1091 (IV of 1091) shall be applicable to Devaswom lands as in the case of Government lands.

19. Section 31 of the Act deals with management of Devaswoms. As per Section 31, subject to the provisions of Part I and the rules made thereunder, the Board shall manage the properties and affairs of the Devaswoms, both incorporated and unincorporated as heretofore, and arrange for the conduct of the daily worship and ceremonies and of the festivals in every temple according to its usage.

20. In view of the provisions under the Travancore- Cochin Hindu Religious Institutions Act referred to hereinbefore, conclusion is irresistible that, the administration of Sabarimala Devaswom, which is an incorporated Devaswom mentioned in Schedule I of the Act, and all its properties and funds shall vest in the T DB. The Board shall hold and acquire properties for and on behalf of Sabarimala Devaswom, under the management of the Board. Subject to the provisions of Chapter III of Part I, all rights, authority and jurisdiction belonging to or exercised by the Ruler of Travancore prior to the first day of July, 1949, in respect of the Sabarimala Devaswom shall vest in and be exercised by the Board in accordance with the provisions of this Act and the Board shall exercise all powers of direction, control and supervision over the Devaswom.

21. Under the provisions of the Act, the Board is duty bound to see that the regular traditional rites and ceremonies according to the practice prevalent in Sabarimala are performed promptly; to monitor whether the administrative officials and the employees, and also the employees connected with religious rites are functioning properly; and to establish and maintain proper facilities in Sabarimala for the devotees. The Board shall, out of the Devaswom Fund, maintain and administer Sabarimala Devaswom in accordance with recognised usages and meet the expenditure for the customary religious ceremonies. Subject to the provisions of Part I of the Act and the Rules made there under, the Board shall manage the properties and affairs of Sabarimala Devaswom and arrange for the conduct of the daily worship and ceremonies and of the festivals in Sabarimala according to the usage.

22. The Kerala Hindu Places of Public Worship (Authorisation of Entry) Act, 1965 enacted by State Legislature provides for better provisions for the entry of all classes and sections of Hindus into places of public worship. Clause (b) of Section 2 of the Act defines ‘place of public worship’ to mean a place, by whatever name known or to whomsoever belonging, which is dedicated to, or for the benefit of, or is used generally by, Hindus or any section or class thereof, for the performance of any religious service or for offering prayers therein, and includes all lands and subsidiary shrines, mutts, devasthanams, namaskara mandapams and nalambalams, appurtenant or attached to any such place, and also any sacred tanks, wells, springs and water courses the waters of which are worshipped or are used for bathing or for worship, but does not include a ‘sreekoil’.

23. Section 3 of the Act provides that places of worship to be open to all sections and classes of Hindus. As per Section 3, notwithstanding anything to the contrary contained in any other law for the time being in force or any custom or usage or any instrument having effect by virtue of any such law or any decree or order of court, every place of public worship which is open to Hindus generally or to any section or class thereof, shall be open to all sections and classes of Hindus; and no Hindu of whatsoever section or class shall, in any manner, be prevented, obstructed or discouraged from entering such place of public worship, or from worshipping or offering prayers thereat, or performing any religious service therein, in the like manner and to the like extent as any other Hindu of whatsoever section or class may so enter, worship, pray or perform. As per the proviso to Section 3, in the case of a place of public worship which is a temple founded for the benefit of any religious denomination or section thereof, the provisions of this Section shall be subject to the right of that religious denomination or section, as the case may be, to manage its own affairs in matters of religion.

24. Section 4 of the Act deals with power to make regulations for the maintenance of order and decorum and the due performance of rites and ceremonies in places of public worship. As per sub-section (1) of Section 4, the trustee or any other person in charge of any place of public worship shall have power, subject to the control of the competent authority and any rules which may be made by that authority, to make regulations for the maintenance of order and decorum in the place of public worship and the due observance of the religious rites and ceremonies performed therein. As per the proviso to sub-section (1) of Section 4, no regulation made under this sub-section shall discriminate in any manner whatsoever, against any Hindu on the ground that he belongs to a particular section or class. As per sub-section (2) of Section 4, the competent authority referred to in sub-section (1) shall be, (i) in relation to a place of public worship situated in any area to which Part I of the Travancore-Cochin Hindu Religious Institutions Act, 1950, extends, the Travancore Devaswom Board; (ii) in relation to a place of public worship situated in any area to which Part II of the said Act extends, the Cochin Devaswom Board; and (iii) in relation to a place of public worship situated in any other area in the State of Kerala, the Government.

25. In view of the provisions under Section 4 of the Kerala Hindu Places of Public Worship (Authorisation of Entry) Act referred to hereinbefore, conclusion is irresistible that, the competent authority to make regulations for the maintenance of order and decorum and the due observance of the religious rites and ceremonies performed in a place of public worship situated in any area to which Part I of the Act of 1950 extends is the Travancore Devaswom Board. The competent authority in the case of a place of public worship situated in any area to which Part II of the Act of 1950 extends is the Cochin Devaswom Board. State Government is the competent authority in the case of a place of public worship situated in any other area in the State, i.e., an area to which Part I or Part II of the Act of 1950 has no application. Since Sabarimala is a place of public worship situated in an area to which Part I of the Act of 1950 extends, the competent authority to make regulations for the maintenance of order and decorum and the due observance of the religious rites and ceremonies performed in Sabarimala is the TDB and not the State Government.

26. In Commissioner, Hindu Religious Endowments, Madras v. Lakshmindra Thirtha Swamiar of Shirur Mutt [AIR 1954 SC 282], a decision relied on by the learned counsel for the additional 7th respondent in D.B.P.No.13 of 2021, on the constitutionality of Section 21 of the Madras Hindu Religious and Charitable Endowments Act, 1951, a Seven-Judge Bench of the Apex Court noticed that, the object of the legislation, as indicated in the preamble, is to amend and consolidate the law relating to the administration and governance of Hindu religious and charitable institutions and endowments in the State of Madras. As compared to the earlier Act, its scope is wider and it can be made applicable to purely charitable endowments by proper notification under Section 3 of the Act. The powers of the Commissioner and of the other authorities under him, have been enumerated in Chapter II of the Act. Section 21 gives the Commissioner, the Deputy and Assistant Commissioners and such other officers as may be authorised in this behalf, the power to enter the premises of any religious institution or any place of worship for the purpose of exercising any power conferred, or discharging any duty imposed, by or under the Act. The only restriction is, that the officer exercising the power must be a Hindu. The High Court has taken the view that the respondent as Mathadhipati has certain well defined rights in the institution and its endowments which could be regarded as rights to property within the meaning of Article 19(1)(f) of the Constitution. The provisions of the Act to the extent that they take away or unduly restrict the power to exercise these rights are not reasonable restrictions within the meaning of Article 19(5) and must consequently be held invalid.

27. In Lakshmindra Thirtha Swamiar of Shirur Mutt the Apex Court noticed that our Constitution makers have embodied the limitations which have been evolved by judicial pronouncements in America or Australia in the Constitution itself and the language of Articles 25 and 26 is sufficiently clear to enable us to determine without the aid of foreign authorities as to what matters come within the purview of religion and what do not. Freedom of religion in our Constitution is not confined to religious beliefs only; it extends to religious practices as well subject to the restrictions which the Constitution itself has laid down. Under Article 26(b), therefore, a religious denomination or organization enjoys complete autonomy in the matter of deciding as to what rites and ceremonies are essential according to the tenets of the religion they hold and no outside authority has any jurisdiction to interfere with their decision in such matters. The Apex Court agreed with the High Court in the view taken by it about Section 21 of the Act. Section 21 empowers the Commissioner and his subordinate officers and also persons authorised by them to enter the premises of any religious institution or place of worship for the purpose of exercising any power conferred or any duty imposed by or under the Act. It is well known that there could be no such thing as an unregulated and unrestricted right of entry in a public temple or other religious institutions, for persons who are not connected with the spiritual functions thereof. It is a traditional custom universally observed not to allow access to any outsider to the particularly sacred parts of a temple as for example, the place where the deity is located. There are also fixed hours of worship and rest for the idol when no disturbance by any member of the public is allowed. The Apex Court found that, as Section 21 stands, it interferes with the fundamental rights of the Mathadhipati and the denomination of which he is head guaranteed under Articles 25 and 26 of the Constitution. It was contended that Section 91 of the Act provides for sufficient safeguard against any abuse of power under Section 21. The Apex Court did not agree with that contention and concluded that Section 21 of the Act has been rightly held to be invalid by the High Court.

28. In Ram Mohan Das v. Travancore Devaswom Board and others [1975 KLT 55], another decision relied on by the learned counsel for the additional 7th respondent in D.B.P.No.13 of 2021, the petitioner moved this Court in an original petition under Article 226 of the Constitution of India seeking a writ of certiorari to quash the decision of the Travancore Devaswom Board to permit one Jesudas, who gave a declaration that he is a follower of Hindu faith also, to enter Mullakkal Temple. The petitioner contended that the action of the Devaswom Board results in allowing a non-Hindu to enter a Hindu temple and that action is without any authority of law. Before the learned Single Judge, the learned Standing Counsel for Travancore Devaswom Board raised a preliminary objection that the petitioner, who is the Secretary of Mullakkal Temple Advisory Committee is not an aggrieved person, and hence he is not entitled to move the original petition. The learned Single Judge overruled that objection, holding that, the petitioner is a Hindu entitled to worship in the temple concerned. The administration of incorporated and unincorporated Devaswoms and of Hindu Religious Endowments and all their properties and funds which were under the management of the Ruler of Travancore prior to 1st day of July 1949 except the Sree Padmanabha Swamy Temple, Sree Pandaravaka properties and all other properties and funds of the said temple have vested in the Travancore Devaswom Board under Section 3 of Travancore-Cochin Hindu Religious Institutions Act. Under Section 31 of the said Act, the Board shall manage the properties and affairs of the Devaswoms both incorporated and unincorporated as heretofore and arrange for the conduct of the daily worship and ceremonies and of the festivals in every temple according to its usage. The position of the Board in regard to the Devaswoms - incorporated and unincorporated - is analogous to that of trustees. Any improper act of the Trustees could be questioned by a worshipper. Under clause (d) of Section 2 of Act, in the case of a temple, a 'person interested' is defined to include a person who is entitled to attend at or is in the habit of attending the performance of worship or service in the temple or who is entitled to partake or is in the habit of partaking in the benefit of the distribution of gifts thereat. Though the Board has the duty to arrange for the conduct of the daily worship and ceremonies and of the festivals, it will amount to breach of trust if under the guise of such making arrangement they interfere with the mode or alter in any manner the mode or rules of such worship. That will certainly amount to interference with an essential part of Hindu Religion. As observed by the Apex Court in Lakshmindra Thirtha Swamiar of Shirur Mutt [AIR 1954 SC 282], matters of religion embrace not merely matters of doctrine but also the practice of it, or to put in terms of Hindu theology, not merely its Gnana but also its Bhakthi and Karma Kandas. In Venkataramana Devam v. State of Mysore [AIR 1958 SC 255], it had been unequivocally held by a Constitution Bench of the Apex Court that under the ceremonial law pertaining to temples, who are entitled to enter into for worship and where they are entitled to stand and worship and how the worship is to be conducted are all matters of religion which conclusion their Lordships say is implicit in Article 25 which after declaring that all persons are entitled freely to profess, practise and propagate religion enacts that this should not affect the operation of any law throwing open Hindu religious institutions of a public character to all classes and sections of Hindus. In E.R.J. Swamy v. State of Tamil Nadu [AIR 1972 SC 1586], it is stated that protection of Articles 25 and 26 is not limited to the matters of doctrine or belief but extends also to acts done in the performance of religion and therefore, contain a guarantee for rituals and observances, ceremonies and modes of worship which are integral parts of religion. If any action of the Board amounts to intrusion into any matter of religion as such, then certainly a worshipper could seek this court's jurisdiction under Article 226 of the Constitution of India.

29. In S. Mahendran v. Secretary, Travancore Devaswom Board and others [AIR 1993 Kerala 42], a decision relied on by the learned counsel for additional 7th respondent in W.P.(C)No.21812 of 2021, a Division Bench of this Court noticed that the management of the Devaswoms, both incorporated and unincorporated, in the erstwhile area of Travancore vests in the Travancore Devaswom Board under the Travancore-Cochin Hindu Religious Institutions Act. All the Hindu religious endowments and properties and funds except the Sree Padmanabha Swami Temple, Sree Pandaravaka properties and all other properties and funds of the said temple had vested in that Devaswoms in the area of Travancore. Section 31 of the Act enjoins a duty on the Board to arrange for the conduct of the daily worship and ceremonies and of the festivals in every temple according to its usage. The temples in Travancore were thrown open to all Hindus without any restriction being imposed on any Hindu either due to birth, caste or community. That historical proclamation was made by the Maharaja of Travancore on 27th Thulam 1112 corresponding 12th of November, 1936. Twelve days thereafter, the Maharaja issued another Proclamation by which conditions were imposed in the matter of entry in temples. Rule 6(c) of the Proclamation provides that women at such times during which they are not by custom and usage allowed to enter temples, shall not enter within the compound walls of a temple or its premises in case there is no compound wall. Rule 14 stipulates that no one shall do any act which would tend to derogate the purity and cleanliness of the temple and its premises. After the integration of the Princely States of Travancore and Cochin, an ordinance was promulgated by the Rajapramukh as Ordinance 4/1124 in respect of the administration of the Padmanabhaswami temple and the Devaswoms, both incorporated and unincorporated. The Ordinance provides that the management of the Devaswom shall continue to be carried on as heretobefore. Another ordinance was promulgated by the Rajapramukh on the 1st day of August, 1949, which is called "The Hindu Religious Institutions Ordinance, 1124". Section 31 of that Ordinance also directs the Devaswom Board to arrange for the conduct of the daily worship and ceremonies and festivals in every temple according to its usage. A duty is therefore cast on the Travancore Devaswom Board to arrange for the conduct of the daily worship and ceremonies in accordance with its usage. In other words, the Board has a statutory duty to enforce the usage prevalent in the temple. The Board has no right to alter or modify the same. The Travancore-Cochin Religious Endowments Act and its precursors had consistently enjoined this duty on the Travancore Devaswom Board. The Government of Kerala is aware of this position. The counter affidavit filed by the Chief Secretary on behalf of the 3rd respondent states that it is the Board which shall manage and arrange for the conduct of daily worship and ceremonies and festivals in every temple according to its usages. It is further averred that the scheme of the Act has made it clear that the Board is entrusted with the administration as well as the making of rules. It is therefore clear that Government have no power or authority to issue any order or direction in this matter and the management is within the prerogative of the Devaswom Board subject to the provisions of the Travancore- Cochin Hindu Religious Endowments Act. The Division Bench made special mention of the above fact in view of the stand taken by the learned Government Pleader that the State can take remedial measures including amendment of relevant rules to see that the Board does not deviate from the powers conferred on it.

30. In S. Mahendran, before the Division Bench it was contended that State can take a plea against the stand of the Devaswom Board. The Division Bench observed that the stand of the Government Pleader is against the authoritative pronouncement of the Apex Court. The Apex Court had in unmistakable terms held in Ratilal Panachand Gandhi and others v. State of Bombay and others [AIR 1954 SC 388] that in regard to affairs in matters of religion the right of management given to a religious body is a guaranteed fundamental right which no legislature can take away. The Division Bench doubted whether the State can impose restrictions on the powers of the Travancore Devaswom Board in the matter of regulating its affairs. The Division Bench found that this contention of the Government Pleader is contrary to the averment in the counter affidavit of the 3rd respondent wherein, after referring to Section 31 of the Travancore-Cochin Religious Endowments Act, it is stated that the Devaswom Board shall manage and arrange for the conduct of daily worship and ceremonies and festivals in every temple according to its usages. There is a further averment that it is the Board which is entrusted with the administration as well as the making of rules. There is a statutory duty cast on the Board under Section 31 of the Act to arrange worship in the temples in accordance with the usage. That statutory duty had been cast on the Board even earlier. In other words, the Travancore Devaswom Board can arrange worship in the temples under their control only in accordance with the prevailing usages.

31. As already noticed hereinbefore, under the provisions of the Travancore-Cochin Hindu Religious Institutions Act, the TDB is duty bound to see that the regular traditional rites and ceremonies according to the practice prevalent in Sabarimala are performed promptly; and to establish and maintain proper facilities in Sabarimala for the devotees. Subject to the provisions of Part I of the Act and the Rules made thereunder, the Board shall manage the properties and affairs of Sabarimala Devaswom and arrange for the conduct of the daily worship and ceremonies and of the festivals in Sabarimala according to the usage. Similarly, in view of the provisions under the Kerala Hindu Places of Public Worship (Authorisation of Entry) Act, since Sabarimala is a place of public worship situated in an area to which Part I of the said Act extends, the competent authority to make regulations for the maintenance of order and decorum and the due observance of the religious rites and ceremonies performed in Sabarimala is the TDB and not the State Government.

32. Sabarimala is situated in a difficult forest terrain prone to natural disasters. Unlike other temples in Kerala, the Kerala Police is responsible for crowd management and maintenance of law and order in Sabarimala during festival seasons and monthly poojas. In temples like Guruvayur, where queue regulation is managed by the temple authorities, the online system can also be managed by them. However, in Sabarimala, crowd management during festival seasons is a challenging task, which is regulated by the Kerala Police. Their presence is even necessary at Pathinettampadi to render necessary assistance to the devotees, especially children, senior citizens and also persons with disabilities. Crowd Management at Sabarimala during festival seasons and monthly poojas cannot be handled with the limited number of employees of the TDB, who are deputed on special duty. The crowd management by the Kerala Police at Sabarimala Sannidhanam and even at Pathinettampadi will not in any manner infringe the fundamental right guaranteed under Articles 25 and 26 of the Constitution. The contentions to that effect raised by the learned counsel for the party respondents in D.B.P.No.13 of 2021 and also by the learned counsel for the additional 7th respondent in W.P.(C)No.21812 of 2021, relying on the decisions referred to hereinbefore, are absolutely untenable.

33. In the direction issued on 01.07.2021, the Division Bench noticed that, in other temples in Kerala where darshan is permitted after registration in Virtual-Q system, such systems are managed by the Devaswoms concerned. Therefore, the question that has to be considered is as to whether Virtual-Q system for Sabarimala pilgrimage be entrusted to the TDB, as has been done in other Devaswoms. In the direction issued on 01.07.2021, the Division Bench observed that, even in case of such an arrangement, taking note of the fact that Sabarimala is a security vulnerable temple, where effective crowd management is required, the act of regulating the devotees turning up for darshan and the security aspects are to be retained with the Kerala Police, as usual.

34. In the affidavit filed on behalf of the 2nd respondent State and also that filed on behalf of the 3rd respondent State Police Chief, it is stated that, SPMS is in the combined ownership of Kerala Police and the TDB. However, in the counter affidavit filed on behalf of the TDB in W.P.(C)No.21609 of 2021, it is stated that, Virtual-Q system for Sabarimala darshan was introduced in the year 2011 as a project of the Kerala Police, which is looking after crowd management in Sabarimala. The TDB does not have ownership or control over Virtual-Q system managed by the Kerala Police. Though, in the affidavit filed on behalf of the 2nd respondent State and that filed on behalf of the 3rd respondent State Police Chief, it is stated that, in SPMS booking for Prasadams, etc. are independently controlled by the TDB, the specific stand taken by the TDB in the counter affidavit filed in W.P.(C)No.21609 of 2021 is that, the Board is having its own devotee portal for online booking of Vazhipadu/accommodation.

35. Pursuant to the order of this Court dated 02.09.2021, the Special Commissioner, Sabarimala, has filed a report dated 04.10.2021, wherein it is stated that, in the home page of the web portal sabarimalaonline.org the emblem of the Kerala Police is exhibited on the top and the emblem of the TDB is exhibited below on the left hand corner. When bookings are open certain advertisements are seen published by the Kerala Police relating to ambulance services, 'punyam poongavanam' and an advertisement of a ghee company. The web application is hosted in Amazon Web Services Cloud Server owned by the Kerala Police and the advertisements in the web page are displayed as per the request of the Kerala Police. In the objection filed on behalf of the 3rd respondent State Police Chief to the report of the Special Commissioner, Sabarimala, it is stated that, the domain name sabarimalaonline.org is renewed yearly by the Kerala Police. As per the order dated 24.07.2021, the Government accorded sanction to the Kerala Police to accept advertisements in Virtual-Q system, to meet the expenditure towards its maintenance.

36. The Kerala Police cannot own the domain name sabarimalaonline.org or display any advertisements on that web portal and earn revenue. That web portal should be owned and managed by the TDB. Similarly, the State Government has absolutely no authority to accord sanction to the Kerala Police to accept advertisements in Virtual-Q system, to meet the expenditure towards its maintenance. As in the case of other temples like Guruvayur, Virtual-Q system for Sabarimala darshan should be owned and managed by the TDB. During the course of arguments, the learned counsel for the 5th respondent TCS Ltd. submitted that, the TCS Ltd. is prepared to extend technical support to Virtual-Q system for Sabarimala darshan, in case it is taken over by the TDB based on the orders of this Court.

37. Therefore, the TDB is directed to take over Virtual- Q system for Sabarimala darshan, presently owned and managed by the Kerala Police, with the technical support of the 5th respondent the TCS Ltd. Once Virtual-Q system is taken over by the TDB, TCS Ltd. shall render necessary technical support to the TDB. The TDB, the State Police Chief and the TCS Ltd. are directed to take necessary steps in this regard, after completing the technical formalities and complying with the statutory requirements, and the entire exercise in this regard shall be completed, as expeditiously as possible, at any rate, within a period of three months from the date of receipt of a copy of this order.

38. On 14.01.2011 there occurred a stampede at Pulmedu near Sabarimala, which took the life of 52 pilgrims. In the wake of that tragic incident, Virtual-Q system was introduced for the first time in the year 2011, though it was optional till the year 2020-21. During the festival season 2020-21 the number of pilgrims was restricted and the entry to Sabarimala was allowed only through Virtual-Q booking. That was approved by this Court as an effective measure to regulate the number of pilgrims per day, as per the norms fixed on account of the restrictions imposed in connection with the spread of Covid-19 pandemic in the State. A regulated entry with details of pilgrims is imperative for crowd management at Sabarimala, when restrictions have been imposed on the number of pilgrims permitted to have darshan per day, on account of the spread of Covid-19 pandemic.

39. Verification of Virtual-Q tickets and other related matters are the responsibilities of the Kerala Police, as part of crowd management. For effective crowd management during festival seasons and also monthly poojas the Kerala Police should have access to the database in Virtual-Q system. When specific threat inputs have been received in respect of Sabarimala Temple, the Kerala Police will have to take preventive action after screening and verifying the database.

40. The Parliament enacted the Information Technology Act, 2000 to provide legal recognition for transactions carried out by means of electronic data interchange and other means of electronic communication, commonly referred to as ‘electronic commerce’, which involve the use of alternatives to paper-based methods of communication and storage of information, to facilitate electronic filing of documents with the Government agencies and further to amend the Indian Penal Code, 1860; the Indian Evidence Act, 1872; the Bankers' Books Evidence Act, 1891 and the Reserve Bank of India Act, 1934 and for matters connected therewith or incidental thereto.

41. Clause (o) of Section 2 of the Act defines ‘data’ to mean a representation of information, knowledge, facts, concepts or instructions which are being prepared or have been prepared in a formalised manner, and is intended to be processed, is being processed or has been processed in a computer system or computer network, and may be in any form (including computer printouts magnetic or optical storage media, punched cards, punched tapes) or stored internally in the memory of the computer.

42. Section 43A of the Act, inserted by Act 10 of 2009, with effect from 27.10.2009, deals with compensation for failure to protect personal data. As per Section 43A, where a body corporate possessing, dealing or handling any sensitive personal data or information in a computer resource which it owns, controls or operates, is negligent in implementing and maintaining reasonable security practices and procedures and thereby causes wrongful loss or wrongful gain to any person, such body corporate shall be liable to pay damages by way of compensation to the person so affected. As per Explanation to Section 43A, for the purpose of this Section, (i) ‘body corporate’ means any company and includes a firm, sole proprietorship or other association of individuals engaged in commercial or professional activities; (ii) ‘reasonable security practices and procedures’ means security practices and procedures designed to protect such information from unauthorised access, damage, use, modification, disclosure or impairment, as may be specified in an agreement between the parties or as may be specified in any law for the time being in force and in the absence of such agreement or any law, such reasonable security practices and procedures, as may be prescribed by the Central Government in consultation with such professional bodies or associations as it may deem fit; (iii) ‘sensitive personal data or information’ means such personal information as may be prescribed by the Central Government in consultation with such professional bodies or associations as it may deem fit.

43. Section 87 of the Act deals with power of Central Government to make rules. As per sub-section (1) of Section 87, the Central Government may, by notification in the Official Gazette and in the Electronic Gazette, make rules to carry out the provisions of this Act. As per sub-section (2) of Section 87, in particular, and without prejudice to the generality of the foregoing power, such rules may provide for all or any of the matters enumerated in clauses (a) to (zh). As per clause (ob) to sub-section (2) of Section 87, such rules may provide for the reasonable security practices and procedures and sensitive personal data or information under Section 43A of the Act.

44. In K.S. Puttaswamy v. Union of India [(2017) 10 SCC 1], a decision relied on by the learned counsel for the petitioner in W.P.(C)No.21609 of 2021, the following two questions came up for consideration before a Nine-Judges Bench of the Apex Court;

(i) Whether there is any fundamental right of privacy under the Constitution of India and if so, where is it located and what are its contours?

(ii) What is the ratio decidendi in M.P. Sharma v. Satish Chandra [AIR 1954 SC 300] and Kharak Singh v. State of U.P. [AIR 1963 SC 1295] and whether those cases are rightly decided?

45. In K.S. Puttaswamy the Nine-Judges Bench answered the reference as follows;

(i) The decision in M.P. Sharma which holds that the right to privacy is not protected by the Constitution stands overruled;

(ii) The decision in Kharak Singh to the extent that it holds that the right to privacy is not protected by the Constitution stands overruled;

(iii) The right to privacy is protected as an intrinsic part of the right to life and personal liberty under Article 21 and as a part of the freedoms guaranteed by Part III of the Constitution.

(iv) Decisions subsequent to Kharak Singh which have enunciated the position in (iii) above lay down the correct position in law.

(underline supplied)

46. The conclusions in K.S. Puttaswamy, at Paras.316 to 328 of the main judgment authored by D.Y. Chandrachud, J., read thus;

“316. The judgment in M.P. Sharma holds essentially that in the absence of a provision similar to the Fourth Amendment to the US Constitution, the right to privacy cannot be read into the provisions of Article 20(3) of the Indian Constitution. The judgment does not specifically adjudicate on whether a right to privacy would arise from any of the other provisions of the rights guaranteed by Part III including Article 21 and Article 19. The observation that privacy is not a right guaranteed by the Indian Constitution is not reflective of the correct position. M.P. Sharma is overruled to the extent to which it indicates to the contrary.

317. Kharak Singh has correctly held that the content of the expression 'life' under Article 21 means not merely the right to a person's "animal existence" and that the expression “personal liberty” is a guarantee against invasion into the sanctity of a person's home or an intrusion into personal security. Kharak Singh also correctly laid down that the dignity of the individual must lend content to the meaning of “personal liberty”. The first part of the decision in Kharak Singh which invalidated domiciliary visits at night on the ground that they violated ordered liberty is an implicit recognition of the right to privacy. The second part of the decision, however, which holds that the right to privacy is not a guaranteed right under our Constitution, is not reflective of the correct position. Similarly, Kharak Singh's reliance upon the decision of the majority in A.K. Gopalan v. State of Madras [AIR 1950 SC 27] is not reflective of the correct position in view of the decisions in Rustom Cavasjee Cooper v. Union of India [(1970) 1 SCC 248] and in Maneka Gandhi v. Union of India [(1978) 1 SCC 248]. Kharak Singh to the extent that it holds that the right to privacy is not protected under the Indian Constitution is overruled.

318. Life and personal liberty are inalienable rights. These are rights which are inseparable from a dignified human existence. The dignity of the individual, equality between human beings and the quest for liberty are the foundational pillars of the Indian Constitution.

319. Life and personal liberty are not creations of the Constitution. These rights are recognised by the Constitution as inhering in each individual as an intrinsic and inseparable part of the human element which dwells within.

320. Privacy is a constitutionally protected right which emerges primarily from the guarantee of life and personal liberty in Article 21 of the Constitution. Elements of privacy also arise in varying contexts from the other facets of freedom and dignity recognised and guaranteed by the fundamental rights contained in Part III.

321. Judicial recognition of the existence of a constitutional right of privacy is not an exercise in the nature of amending the Constitution nor is the court embarking on a constitutional function of that nature which is entrusted to Parliament.

322. Privacy is the constitutional core of human dignity. Privacy has both a normative and descriptive function. At a normative level privacy sub-serves those eternal values upon which the guarantees of life, liberty and freedom are founded. At a descriptive level, privacy postulates a bundle of entitlements and interests which lie at the foundation of ordered liberty.

323. Privacy includes at its core the preservation of personal intimacies, the sanctity of family life, marriage, procreation, the home and sexual orientation. Privacy also connotes a right to be let alone. Privacy safeguards individual autonomy and recognises the ability of the individual to control vital aspects of his or her life. Personal choices governing a way of life are intrinsic to privacy. Privacy protects heterogeneity and recognises the plurality and diversity of our culture. While the legitimate expectation of privacy may vary from the intimate zone to the private zone and from the private to the public arenas, it is important to underscore that privacy is not lost or surrendered merely because the individual is in a public place. Privacy attaches to the person since it is an essential facet of the dignity of the human being.

324. This Court has not embarked upon an exhaustive enumeration or a catalogue of entitlements or interests comprised in the right to privacy. The Constitution must evolve with the felt necessities of time to meet the challenges thrown up in a democratic order governed by the rule of law. The meaning of the Constitution cannot be frozen on the perspectives present when it was adopted. Technological change has given rise to concerns which were not present seven decades ago and the rapid growth of technology may render obsolescent many notions of the present. Hence the interpretation of the Constitution must be resilient and flexible to allow future generations to adapt its content bearing in mind its basic or essential features.

325. Like other rights which form part of the fundamental freedoms protected by Part III, including the right to life and personal liberty under Article 21, privacy is not an absolute right. A law which encroaches upon privacy will have to withstand the touchstone of permissible restrictions on fundamental rights. In the context of Article 21 an invasion of privacy must be justified on the basis of a law which stipulates a procedure which is fair, just and reasonable. The law must also be valid with reference to the encroachment on life and personal liberty under Article 21. An invasion of life or personal liberty must meet the threefold requirement of (i) legality, which postulates the existence of law; (ii) need, defined in terms of a legitimate State aim; and (iii) proportionality which ensures a rational nexus between the objects and the means adopted to achieve them.

326. Privacy has both positive and negative content. The negative content restrains the State from committing an intrusion upon the life and personal liberty of a citizen. Its positive content imposes an obligation on the State to take all necessary measures to protect the privacy of the individual.

327. Decisions rendered by this Court subsequent to Kharak Singh , upholding the right to privacy would be read subject to the above principles.

328. Informational privacy is a facet of the right to privacy. The dangers to privacy in an age of information can originate not only from the State but from non- State actors as well. We commend to the Union Government the need to examine and put into place a robust regime for data protection. The creation of such a regime requires a careful and sensitive balance between individual interests and legitimate concerns of the state. The legitimate aims of the State would include for instance protecting national security, preventing and investigating crime, encouraging innovation and the spread of knowledge, and preventing the dissipation of social welfare benefits. These are matters of policy to be considered by the Union Government while designing a carefully structured regime for the protection of the data. Since the Union Government has informed the Court that it has constituted a Committee chaired by Hon'ble Shri Justice B.N. Srikrishna, former Judge of this Court, for that purpose, the matter shall be dealt with appropriately by the Union Government having due regard to what has been set out in this judgment.”

(underline supplied)

47. In K.S. Puttaswamy, at Paras.297 and 298 of the main judgment authored by D.Y. Chandrachud, J., the Apex Court noticed that, privacy postulates the reservation of a private space for the individual, described as the right to be let alone. The concept is founded on the autonomy of the individual. The autonomy of the individual is associated over matters which can be kept private. These are concerns over which there is a legitimate expectation of privacy. Privacy is a postulate of human dignity itself. Privacy protects the individual from the searching glare of publicity in matters which are personal to his or her life. Privacy constitutes the foundation of all liberty because it is in privacy that the individual can decide how liberty is best exercised. Privacy of the individual is an essential aspect of dignity. Dignity has both an intrinsic and instrumental value. As an intrinsic value, human dignity is an entitlement or a constitutionally protected interest in itself. In its instrumental facet, dignity and freedom are inseparably intertwined, each being a facilitative tool to achieve the other. The ability of the individual to protect a zone of privacy enables the realisation of the full value of life and liberty. Privacy lies across the spectrum of protected freedoms. The family, marriage, procreation and sexual orientation are all integral to the dignity of the individual. Above all, the privacy of the individual recognises an inviolable right to determine how freedom shall be exercised. An individual may perceive that the best form of expression is to remain silent. Silence postulates a realm of privacy. Paras.297 and 298 of the said judgment read thus;

“297. What, then, does privacy postulate? Privacy postulates the reservation of a private space for the individual, described as the right to be let alone. The concept is founded on the autonomy of the individual. The ability of an individual to make choices lies at the core of the human personality. The notion of privacy enables the individual to assert and control the human element which is inseparable from the personality of the individual. The inviolable nature of the human personality is manifested in the ability to make decisions on matters intimate to human life. The autonomy of the individual is associated over matters which can be kept private. These are concerns over which there is a legitimate expectation of privacy. The body and the mind are inseparable elements of the human personality. The integrity of the body and the sanctity of the mind can exist on the foundation that each individual possesses an inalienable ability and right to preserve a private space in which the human personality can develop. Without the ability to make choices, the inviolability of the personality would be in doubt. Recognising a zone of privacy is but an acknowledgment that each individual must be entitled to chart and pursue the course of development of personality. Hence privacy is a postulate of human dignity itself. Thoughts and behavioural patterns which are intimate to an individual are entitled to a zone of privacy where one is free of social expectations. In that zone of privacy, an individual is not judged by others. Privacy enables each individual to take crucial decisions which find expression in the human personality. It enables individuals to preserve their beliefs, thoughts, expressions, ideas, ideologies, preferences and choices against societal demands of homogeneity. Privacy is an intrinsic recognition of heterogeneity, of the right of the individual to be different and to stand against the tide of conformity in creating a zone of solitude. Privacy protects the individual from the searching glare of publicity in matters which are personal to his or her life. Privacy attaches to the person and not to the place where it is associated. Privacy constitutes the foundation of all liberty because it is in privacy that the individual can decide how liberty is best exercised. Individual dignity and privacy are inextricably linked in a pattern woven out of a thread of diversity into the fabric of a plural culture.

298. Privacy of the individual is an essential aspect of dignity. Dignity has both an intrinsic and instrumental value. As an intrinsic value, human dignity is an entitlement or a constitutionally protected interest in itself. In its instrumental facet, dignity and freedom are inseparably intertwined, each being a facilitative tool to achieve the other. The ability of the individual to protect a zone of privacy enables the realisation of the full value of life and liberty. Liberty has a broader meaning of which privacy is a subset. All liberties may not be exercised in privacy. Yet others can be fulfilled only within a private space. Privacy enables the individual to retain the autonomy of the body and mind. The autonomy of the individual is the ability to make decisions on vital matters of concern to life. Privacy has not been couched as an independent fundamental right. But that does not detract from the constitutional protection afforded to it, once the true nature of privacy and its relationship with those fundamental rights which are expressly protected is understood. Privacy lies across the spectrum of protected freedoms. The guarantee of equality is a guarantee against arbitrary State action. It prevents the State from discriminating between individuals. The destruction by the State of a sanctified personal space whether of the body or of the mind is violative of the guarantee against arbitrary State action. Privacy of the body entitles an individual to the integrity of the physical aspects of personhood. The intersection between one's mental integrity and privacy entitles the individual to freedom of thought, the freedom to believe in what is right, and the freedom of self-determination. When these guarantees intersect with gender, they create a private space which protects all those elements which are crucial to gender identity. The family, marriage, procreation and sexual orientation are all integral to the dignity of the individual. Above all, the privacy of the individual recognises an inviolable right to determine how freedom shall be exercised. An individual may perceive that the best form of expression is to remain silent. Silence postulates a realm of privacy. An artist finds reflection of the soul in a creative endeavour. A writer expresses the outcome of a process of thought. A musician contemplates upon notes which musically lead to silence. The silence, which lies within, reflects on the ability to choose how to convey thoughts and ideas or interact with others. These are crucial aspects of personhood. The freedoms under Article 19 can be fulfilled where the individual is entitled to decide upon his or her preferences. Read in conjunction with Article 21, liberty enables the individual to have a choice of preferences on various facets of life including what and how one will eat, the way one will dress, the faith one will espouse and a myriad other matters on which autonomy and self-determination require a choice to be made within the privacy of the mind. The constitutional right to the freedom of religion under Article 25 has implicit within it the ability to choose a faith and the freedom to express or not express those choices to the world. These are some illustrations of the manner in which privacy facilitates freedom and is intrinsic to the exercise of liberty. The Constitution does not contain a separate article telling us that privacy has been declared to be a fundamental right. Nor have we tagged the provisions of Part III with an alpha-suffixed right to privacy: this is not an act of judicial redrafting. Dignity cannot exist without privacy. Both reside within the inalienable values of life, liberty and freedom which the Constitution has recognised. Privacy is the ultimate expression of the sanctity of the individual. It is a constitutional value which straddles across the spectrum of fundamental rights and protects for the individual a zone of choice and self-determination.”

48. In K.S. Puttaswamy, at Para.315 of the judgment, the Apex Court noticed the constitution of a committee chaired by Justice B.N. Srikrishna, former Judge of the Supreme Court of India to review, inter alia, data protection norms in the country and to make its recommendations. Para.315 of the said judgment reads thus;

“315. During the course of the hearing of these proceedings, the Union Government has placed on the record an Office Memorandum dated 31.07.2017 by which it has constituted a committee chaired by Justice B.N. Srikrishna, former Judge of the Supreme Court of India to review inter alia data protection norms in the country and to make its recommendations. The terms of reference of the Committee are:

a) To study various issues relating to data protection in India;

b) To make specific suggestions for consideration of the Central Government on principles to be considered for data protection in India and suggest a draft data protection bill.

Since the Government has initiated the process of reviewing the entire area of data protection, it would be appropriate to leave the matter for expert determination so that a robust regime for the protection of data is put into place. We expect that the Union Government shall follow up on its decision by taking all necessary and proper steps.”

(underline supplied)

49. In K.S. Puttaswamy, at Para.61 of the main judgment authored by D.Y. Chandrachud, J., the Apex Court noticed that, in R. Rajagopal v. State of T.N. [(1994) 6 SCC 632] a Bench of two Judges recognised that the right to privacy has two aspects: the first affording an action in tort for damages resulting from an unlawful invasion of privacy, while the second is a constitutional right. Paras.61 to 63 of the said decision read thus;

'61. The decision which has assumed some significance is R. Rajagopal v. State of T.N. [(1994) 6 SCC 632]. In that case, in a proceeding under Article 32 of the Constitution, a writ was sought for restraining the State and Prison Authorities from interfering with the publication of an autobiography of a condemned prisoner in a magazine. The Prison Authorities, in a communication to the publisher, denied the claim that the autobiography had been authored by the prisoner while he was confined to jail and opined that a publication in the name of a convict was against Prison Rules. The prisoner in question had been found guilty of six murders and was sentenced to death. Among the questions which were posed by this Court for decision was whether a citizen could prevent another from writing about the life story of the former and whether an unauthorised publication infringes the citizen's right to privacy. Jeevan Reddy, J. speaking for a Bench of two Judges recognised that the right to privacy has two aspects: the first affording an action in tort for damages resulting from an unlawful invasion of privacy, while the second is a constitutional right. The judgment traces the constitutional protection of privacy to the decisions in Kharak Singh v. State of U.P. [AIR 1963 SC 1295] and Gobind v. State of M.P. [(1975) 2 SCC 148]. This appears from the following observations: [R. Rajagopal, SCC pp. 639-40, para.9]

“9. … The first decision of this Court dealing with this aspect is Kharak Singh v. State of U.P. [AIR 1963 SC 1295]. A more elaborate appraisal of this right took place in a later decision in Gobind v. State of M.P. [(1975) 2 SCC 148] wherein Mathew, J. speaking for himself, Krishna Iyer and Goswami, JJ. traced the origins of this right and also pointed out how the said right has been dealt with by the United States Supreme Court in two of its well-known decisions in Griswold v. Connecticut [14 L Ed 2d 510] and Roe v. Wade [35 L Ed 2d 147].”

The decision in Rajagopal considers the decisions in Kharak Singh and Gobind thus: [SCC p. 643, para.13]

“13. … Kharak Singh was a case where the petitioner was put under surveillance as defined in Regulation 236 of the U.P. Police Regulations.

… Though right to privacy was referred to, the decision turned on the meaning and content of “personal liberty” and “life” in Article 21. Gobind was also a case of surveillance under M.P. Police Regulations. Kharak Singh was followed even while at the same time elaborating the right to privacy….”

62. The Court in Rajagopal held that neither the State nor can its officials impose prior restrictions on the publication of an autobiography of a convict. In the course of its summary of the decision, the Court held: (SCC pp. 649-50, para.26)

“(1) The right to privacy is implicit in the right to life and liberty guaranteed to the citizens of this country by Article 21. It is a “right to be let alone”. A citizen has a right to safeguard the privacy of his own, his family, marriage, procreation, motherhood, child-bearing and education among other matters. None can publish anything concerning the above matters without his consent - whether truthful or otherwise and whether laudatory or critical. If he does so, he would be violating the right to privacy of the person concerned and would be liable in an action for damages. Position may, however, be different, if a person voluntarily thrusts himself into controversy or voluntarily invites or raises a controversy.

(2) The rule aforesaid is subject to the exception, that any publication concerning the aforesaid aspects becomes unobjectionable if such publication is based upon public records including court records. This is for the reason that once a matter becomes a matter of public record, the right to privacy no longer subsists and it becomes a legitimate subject for comment by press and media among others. We are, however, of the opinion that in the interests of decency [Article 19(2)] an exception must be carved out to this rule, viz., a female who is the victim of a sexual assault, kidnap, abduction or a like offence should not further be subjected to the indignity of her name and the incident being publicised in press/media.

(3) There is yet another exception to the rule in (1) above - indeed, this is not an exception but an independent rule. In the case of public officials, it is obvious, right to privacy, or for that matter, the remedy of action for damages is simply not available with respect to their acts and conduct relevant to the discharge of their official duties. This is so even where the publication is based upon facts and statements which are not true, unless the official establishes that the publication was made (by the defendant) with reckless disregard for truth. In such a case, it would be enough for the defendant (member of the press or media) to prove that he acted after a reasonable verification of the facts; it is not necessary for him to prove that what he has written is true. Of course, where the publication is proved to be false and actuated by malice or personal animosity, the defendant would have no defence and would be liable for damages. It is equally obvious that in matters not relevant to the discharge of his duties, the public official enjoys the same protection as any other citizen, as explained in (1) and (2) above. It needs no reiteration that judiciary, which is protected by the power to punish for contempt of court and Parliament and legislatures protected as their privileges are by Articles 105 and 104 respectively of the Constitution of India, represent exceptions to this rule.”

63. The judgment of Jeevan Reddy, J. regards privacy as implicit in the right to life and personal liberty under Article 21. In coming to the conclusion, the judgment in Rajagopal notes that while Kharak Singh had referred to the right to privacy, the decision turned on the content of life and personal liberty in Article 21. The decision recognises privacy as a protected constitutional right, while tracing it to Article 21.'

50. In K.S. Puttaswamy, at Para.511 of the concurring judgment authored by Rohinton Fali Nariman, J., the Apex Court noticed that in R. Rajagopal v. State of Tamil Nadu [(1994) 6 SCC 632] the Apex Court decided on the rights of privacy vis-a-vis the freedom of the press, and in doing so, referred to a large number of decisions and arrived at the conclusions summerised in Para.26 of the said decision [SCC pp.649-51]. The conclusion in Para.536 of the concurring judgment is that, the inalienable fundamental right to privacy resides in Article 21 and other fundamental freedoms contained in Part III of the Constitution of India. M.P. Sharma and the majority in Kharak Singh, to the extent that they indicate to the contrary, stand overruled. The later judgments of the Apex Court recognising privacy as a fundamental right need not be revisited.

51. In K.S. Puttaswamy, at Para.622 of the concurring judgment authored by Sanjay Kishan Kaul, J., the Apex Court noticed that, Samuel Warren and Louis Brandeis in 1890 expressed the belief that an individual should control the degree and type of private-personal information that is made public. This formulation of the right to privacy has particular relevance in today's information and digital age. Paras.623 to 626 of the said judgment read thus;

“623. An individual has a right to protect his reputation from being unfairly harmed and such protection of reputation needs to exist not only against falsehood but also certain truths. It cannot be said that a more accurate judgment about people can be facilitated by knowing private details about their lives - people judge us badly, they judge us in haste, they judge out of context, they judge without hearing the whole story and they judge with hypocrisy. Privacy lets people protect themselves from these troublesome judgments.

624. There is no justification for making all truthful information available to the public. The public does not have an interest in knowing all information that is true. Which celebrity has had sexual relationships with whom might be of interest to the public but has no element of public interest and may therefore be a breach of privacy. Thus, truthful information that breaches privacy may also require protection.

625. Every individual should have a right to be able to exercise control over his/her own life and image as portrayed to the world and to control commercial use of his/her identity. This also means that an individual may be permitted to prevent others from using his image, name and other aspects of his/her personal life and identity for commercial purposes without his/ her consent.

626. Aside from the economic justifications for such a right, it is also justified as protecting individual autonomy and personal dignity. The right protects an individual's free, personal conception of the 'self.' The right of publicity implicates a person's interest in autonomous self-definition, which prevents others from interfering with the meanings and values that the public associates with her.”

(underline supplied)

52. In K.S. Puttaswamy, at Para.629 of the concurring judgment authored by Sanjay Kishan Kaul, J., the Apex Court noticed that, the right of an individual to exercise control over his personal data and to be able to control his/her own life would also encompass his right to control his existence on the internet. Whereas, the right to control dissemination of personal information in the physical and virtual space should not amount to a right of total eraser of history, this right, as a part of the larger right of privacy, has to be balanced against other fundamental rights like the freedom of expression, or freedom of media, fundamental to a democratic society. Thus, the European Union Regulation of 2016 has recognised what has been termed as 'the right to be forgotten'. This does not mean that all aspects of earlier existence are to be obliterated, as some may have a social ramification. If we were to recognise a similar right, it would only mean that an individual who is no longer desirous of his personal data to be processed or stored, should be able to remove it from the system where the personal data/information is no longer necessary, relevant, or is incorrect and serves no legitimate interest. Paras.629 to 636 of the said judgment read thus;

“629. The right of an individual to exercise control over his personal data and to be able to control his/her own life would also encompass his right to control his existence on the internet. Needless to say that this would not be an absolute right. The existence of such a right does not imply that a criminal can obliterate his past, but that there are variant degrees of mistakes, small and big, and it cannot be said that a person should be profiled to the nth extent for all and sundry to know.

630. A high school teacher was fired after posting on her Facebook page that she was "so not looking forward to another school year" since the school district's residents were "arrogant and snobby". A flight attendant was fired for posting suggestive photos of herself in the company's uniform In the pre-digital era, such incidents would have never occurred. People could then make mistakes and embarrass themselves, with the comfort that the information will be typically forgotten over time.

631. The impact of the digital age results in information on the internet being permanent. Humans forget, but the internet does not forget and does not let humans forget. Any endeavour to remove information from the internet does not result in its absolute obliteration. The foot prints remain. It is thus, said that in the digital world preservation is the norm and forgetting a struggle.

632. The technology results almost in a sort of a permanent storage in some way or the other making it difficult to begin life again giving up past mistakes. People are not static, they change and grow through their lives. They evolve. They make mistakes. But they are entitled to re-invent themselves and reform and correct their mistakes. It is privacy which nurtures this ability and removes the shackles of unadvisable things which may have been done in the past.

633. Children around the world create perpetual digital footprints on social network websites on a 24/7 basis as they learn their 'ABCs': Apple, Bluetooth, and chat followed by download, e-mail, Facebook, Google, Hotmail, and Instagram They should not be subjected to the consequences of their childish mistakes and naivety, their entire life. Privacy of children will require special protection not just in the context of the virtual world, but also the real world.

634. People change and an individual should be able to determine the path of his life and not be stuck only on a path of which he/she treaded initially. An individual should have the capacity to change his/her beliefs and evolve as a person. Individuals should not live in fear that the views they expressed will forever be associated with them and thus refrain from expressing themselves.

635. Whereas this right to control dissemination of personal information in the physical and virtual space should not amount to a right of total eraser of history, this right, as a part of the larger right of privacy, has to be balanced against other fundamental rights like the freedom of expression, or freedom of media, fundamental to a democratic society.

636. Thus, the European Union Regulation of 2016 has recognised what has been termed as 'the right to be forgotten'. This does not mean that all aspects of earlier existence are to be obliterated, as some may have a social ramification. If we were to recognise a similar right, it would only mean that an individual who is no longer desirous of his personal data to be processed or stored, should be able to remove it from the system where the personal data/information is no longer necessary, relevant, or is incorrect and serves no legitimate interest. Such a right cannot be exercised where the information /data is necessary, for exercising the right of freedom of expression and information, for compliance with legal obligations, for the performance of a task carried out in public interest, on the grounds of public interest in the area of public health, for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes, or for the establishment, exercise or defence of legal claims. Such justifications would be valid in all cases of breach of privacy, including breaches of data privacy.”

(underline supplied)

53. In Thalappalam Service Co-operative Bank Ltd. v. State of Kerala [(2013) 16 SCC 82] the Apex Court held that, r ight to be let alone, as propounded in Olmstead v. The United States [(1927) 277 US 438] is the most comprehensive of the rights and most valued by civilised man. Recognising the fact that the right to privacy is a sacrosanct facet of Article 21 of the Constitution, the legislation has put lot of safeguards to protect the rights under Section 8(1)(j) of the Right to Information Act, 2005. If the information sought for is personal and has no relationship with any public activity or interest or it will not sub-serve larger public interest, the public authority or the officer concerned is not legally obliged to provide those information. If the authority finds that information sought for can be made available in the larger public interest, then the officer should record his reasons in writing before providing the information, because the person from whom information is sought for, has also a right to privacy guaranteed under Article 21 of the Constitution. Paras.63 and 64 of the said judgment read thus;

“63. Section 8 begins with a non obstante clause, which gives that Section an overriding effect, in case of conflict, over the other provisions of the Act. Even if, there is any indication to the contrary, still there is no obligation on the public authority to give information to any citizen of what has been mentioned in clauses (a) to (j). Public authority, as already indicated, cannot access all the information from a private individual, but only those information which he is legally obliged to pass on to a public authority by law, and also only those information to which the public authority can have access in accordance with law. Even those information, if personal in nature, can be made available only subject to the limitations provided in Section 8(1)(j) of the Right to information Act. Right to be let alone, as propounded in Olmstead v. The United States reported in [(1927) 277 US 438] is the most comprehensive of the rights and most valued by civilised man.

64. Recognising the fact that the right to privacy is a sacrosanct facet of Article 21 of the Constitution, the legislation has put a lot of safeguards to protect the rights under Section 8(1)(j), as already indicated. If the information sought for is personal and has no relationship with any public activity or interest or it will not sub-serve larger public interest, the public authority or the officer concerned is not legally obliged to provide those information. Reference may be made to a recent judgment of this Court in Girish Ramchandra Deshpande v. Central Information Commissioner and others [(2013) 1 SCC 212] wherein this Court held that since there is no bona fide public interest in seeking information, the disclosure of said information would cause unwarranted invasion of privacy of the individual under Section 8(1)(j) of the Act. Further, if the authority finds that information sought for can be made available in the larger public interest, then the officer should record his reasons in writing before providing the information, because the person from whom information is sought for, has also a right to privacy guaranteed under Article 21 of the Constitution.”

(underline supplied)

54. In Navtej Singh Johar v. Union of India [(2018) 10 SCC 1] a Five-Judges Bench of the Apex Court noticed that, in R. Rajagopal v. State of T.N. [(1994) 6 SCC 632], while discussing the concept of right to privacy, it has been observed that the right to privacy is implicit in the right to life and liberty guaranteed to the citizens of this country by Article 21 and it is a ‘right to be let alone’, for a citizen has a right to safeguard the privacy of his/her own, his/her family, marriage, procreation, motherhood, childbearing and education, among other matters.

55. In Central Public Information Officer, Supreme Court of India v. Subhash Chandra Agarwal [(2020) 5 SCC 481] a Five-Judges Bench of the Apex Court noticed that, a claim to protect privacy is, in a sense, a claim for the preservation of confidentiality of personal information. With progression of the right to privacy, the underlying values of the law that protects personal information came to be seen differently as the courts recognised that unlike law of confidentiality that is based upon duty of good faith, right to privacy focuses on the protection of human autonomy and dignity by granting the right to control the dissemination of information about one's private life and the right to the esteem and respect of other people. [See: Sedley LJ in Douglas v. Hello Ltd. (2001) QB 967]. In PJS v. News Group Newspapers Ltd. [(2016) UKSC 26], the Supreme Court of the United Kingdom had drawn a distinction between the right to respect private and family life or privacy and claims based upon confidentiality by observing that the law extends greater protection to privacy rights than rights in relation to confidential matters. In the former case, the claim for misuse of private information can survive even when information is in the public domain as its repetitive use itself leads to violation of the said right. The right to privacy gets the benefit of both the quantitative and the qualitative protection. The former refers to the disclosure already made and what is yet undisclosed, whereas the latter refers to the privateness of the material, invasion of which is an illegal intrusion into the right to privacy. Claim for confidentiality would generally fail when the information is in public domain. The law of privacy is, therefore, not solely concerned with the information, but more concerned with the intrusion and violation of private rights. Citing an instance of how publishing of defamatory material can be remedied by a trial establishing the falsity of such material and award of damages, whereas invasion of privacy cannot be similarly redressed, the court had highlighted the reason why truth or falsity of an allegation or information may be irrelevant when it comes to invasion of privacy. Therefore, claims for protection against invasion of private and family life do not depend upon confidentiality alone.

56. In Subhash Chandra Agarwal the Apex Court noticed that, the right to privacy though not expressly guaranteed in the Constitution of India is now recognised as a basic fundamental right vide decision of the Constitutional Bench in K.S. Puttaswamy holding that it is an intrinsic part of the right to life and liberty guaranteed under Article 21 of the Constitution and recognised under several international treaties, chief among them being Article 12 of the Universal Declaration of Human Rights, 1948 which states that no one shall be subjected to arbitrary interference with his privacy, family, home or correspondence, nor to attacks upon his honour and reputation. The judgment recognises that everyone has a right to the protection of laws against such interference or attack. In K.S. Puttaswamy (main judgment authored by D.Y. Chandrachud, J.) has referred to the provisions of Section 8(1)(j) of the Right to Information Act, 2005 to highlight that the right to privacy is entrenched with constitutional status in Part III of the Constitution, thus providing a touchstone on which validity of executive decisions can be assessed and validity of laws can be determined vide judicial review exercised by the courts. This observation highlights the status and importance of the right to privacy as a constitutional right. The ratio as recorded in the two concurring judgments of the learned Judges (R.F. Nariman and Sanjay Kishan Kaul, JJ.) are similar. It is observed that privacy involves a person's right to his physical body; right to informational privacy which deals with a person's mind; and the right to privacy of choice which protects an individual's autonomy over personal choices. While physical privacy enjoys constitutional recognition in Article 19(1)(d) and (e) read with Article 21, personal informational privacy is relatable to Article 21 and right to privacy of choice is enshrined in Article 19(1) (a) to (c), 20(3), 21 and 25 of the Constitution.

57. In Subhash Chandra Agarwal the Apex Court noticed that, privacy, it is uniformly observed in K.S. Puttaswamy, is essential for liberty and dignity. Therefore, individuals have the need to preserve an intrusion-free zone for their personality and family. This facilitates individual freedom. Privacy and confidentiality encompass a bundle of rights including the right to protect identity and anonymity. Anonymity is where an individual seeks freedom from identification, even when and despite being in a public space. After referring to various judicial precedents, the Five-Judges Bench opined that, personal records, including name, address, physical, mental and psychological status, marks obtained, grades and answer sheets, are all treated as personal information. Similarly, professional records, including qualification, performance, evaluation reports, ACRs, disciplinary proceedings, etc., are all personal information. Medical records, treatment, choice of medicine, list of hospitals and doctors visited, findings recorded, including that of the family members, information relating to assets, liabilities, income tax returns, details of investments, lending and borrowing, etc., are personal information. Such personal information is entitled to protection from unwarranted invasion of privacy and conditional access is available when stipulation of larger public interest is satisfied.

58. As already noticed hereinbefore, Sabarimala is situated in a difficult forest terrain prone to natural disasters. Virtual-Q system was introduced at Sabarimala for the first time in the year 2011, when there occurred a stampede at Pulmedu near Sabarimala, on 14.01.2011, which took the life of 52 pilgrims. A regulated entry with details of pilgrims is imperative for crowd management at Sabarimala, when restrictions have been imposed on the number of pilgrims permitted to have darshan per day. Verification of Virtual-Q tickets and other related matters are the responsibilities of the Kerala Police, as part of crowd management. For effective crowd management during festival season s and also monthly poojas the Kerala Police should have access to the database in Virtual-Q system. When specific threat inputs have been received in respect of Sabarimala Temple, the Kerala Police will have to take preventive action after screening and verifying the database. Any access to the database in Vitrual-Q platform by the Kerala Police, for crowd control during festival seasons and also monthly poojas, in order to avoid a stampede or an untoward, or for taking any preventive action in case any specific threat or security input, would not amount to an unwarranted invasion of the privacy of pilgrim s. The contentions to the conta raised by the learned counsel for the petitioner in W.P.(C)No.21609 of 2021 are untenable.

59. In exercise of the powers conferred by clause (ob) of sub-section (2) of Section 87 read with Section 43A of the Act, the Central Government made the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011, which came into force on 11.04.2011. Clause (b) of Rule 2 defines ‘biometrics’ to mean the technologies that measure and analyse human body characteristics, such as ‘fingerprints’, ‘eye retinas and irises’, ‘voice patterns’, ‘facial patterns’, ‘hand measurements’ and ‘DNA’ for authentication purposes.

60. Clause (d) of Rule 2 of the Rules defines ‘cyber incidents’ to mean any real or suspected adverse event in relation to cyber security that violates an explicitly or implicitly applicable security policy resulting in unauthorised access, denial of service or disruption, unauthorised use of a computer resource for processing or storage of information or changes to data, information without authorisation. Clause (e) of Rule 2 defines ‘data’ to mean data as defined in clause (o) of subsection (1) of Section 2 of the Act. Clause (f) of Rule 2 defines ‘information’ to mean information as defined in clause (v) of sub-section (1) of Section 2 of the Act.

61. Clause (g) of Rule 2 of the Rules defines ‘intermediary’ to mean an intermediary as defined in clause (w) of sub-section (1) of Section 2 of the Act. Clause (h) of Rule 2 defines ‘password’ to mean a secret word or phrase or code or passphrase or secret key, or encryption or decryption keys that one uses to gain admittance or access to information. Clause (i) of Rule 2 defines ‘personal information’ to mean any information that relates to a natural person, which, either directly or indirectly, in combination with other information available or likely to be available with a body corporate, is capable of identifying such person.

62. Rule 3 of the Rules defines ‘sensitive personal data or information’. As per Rule 3, sensitive personal data or information of a person means such personal information which consists of information relating to (i) password; (ii) financial information such as Bank Account or Credit Card or Debit Card or other payment instrument details; (iii) physical, physiological and mental health condition; (iv) sexual orientation; (v) medical records and history; (vi) biometric information; (vii) any detail relating to the above clauses as provided to body corporate for providing service; and (viii) any of the information received under above clauses by body corporate for processing, stored or processed under lawful contract or otherwise. As per the proviso to Section 3, any information that is freely available or accessible in public domain or furnished under the Right to Information Act, 2005 or any other law for the time being in force shall not be regarded as sensitive personal data or information for the purposes of these rules.

63. As per Rule 4 of the Rules, body corporate to provide policy for privacy and disclosure of information. As per sub-rule (1) of Rule 4, the body corporate or any person who on behalf of body corporate collects, receives, possess, stores, deals or handle information of provider of information, shall provide a privacy policy for handling of or dealing in personal information including sensitive personal data or information and ensure that the same are available for view by such providers of information who has provided such information under lawful contract. Such policy shall be published on website of body corporate or any person on its behalf and shall provide for (i) clear and easily accessible statements of its practices and policies; (ii) type of personal or sensitive personal data or information collected under Rule 3; (iii) purpose of collection and usage of such information; (iv) disclosure of information including sensitive personal data or information as provided in Rule 6; (v) reasonable security practices and procedures as provided under Rule 8.

64. Rule 5 of the Rules deals with collection of information. Rule 6 deals with disclosure of information. Rule 7 of deals with transfer of information. Rule 8 deals with Reasonable Security Practices and Procedures. As per sub-rule (1) of Rule 8, a body corporate or a person on its behalf shall be considered to have complied with reasonable security practices and procedures, if they have implemented such security practices and standards and have a comprehensive documented information security programme and information security policies that contain managerial, technical, operational and physical security control measures that are commensurate with the information assets being protected with the nature of business. In the event of an information security breach, the body corporate or a person on its behalf shall be required to demonstrate, as and when called upon to do so by the agency mandated under the law, that they have implemented security control measures as per their documented information security programme and information security policies. As per sub-rule (2) of Rule 8, the international Standard IS/ISO/IEC 27001 on ‘Information Technology - Security Techniques - Information Security Management System - Requirements’ is one such standard referred to in sub-rule (1).

65. As per sub-rule (3) of Rule 8, any industry association or an entity formed by such an association, whose members are self-regulating by following other than IS/ISO/IEC codes of best practices for data protection as per sub-rule (1), shall get its codes of best practices duly approved and notified by the Central Government for effective implementation. As per sub-rule (4) of Rule 8, the body corporate or a person on its behalf who have implemented either IS/ISO/IEC 27001 standard or the codes of best practices for data protection as approved and notified under sub-rule (3) shall be deemed to have complied with reasonable security practices and procedures provided that such standard or the codes of best practices have been certified or audited on a regular basis by entities through independent auditor, duly approved by the Central Government. The audit of reasonable security practices and procedures shall be carried out by an auditor at least once a year or as and when the body corporate or a person on its behalf undertake significant upgradation of its process and computer resource.

66. In view of the provisions under Rule 4 of the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, the body corporate or any person who o

Please Login To View The Full Judgment!

n behalf of body corporate collects, receives, possess, stores, deals or handle information of provider of information, shall provide a privacy policy for handling of or dealing in personal information including sensitive personal data or information and ensure that the same are available for view by such providers of information who has provided such information under lawful contract. Such policy shall be published on website of body corporate or any person on its behalf and shall provide for the matters enumerated in clauses (i) to (v) of sub-rule (1) of Rule 4 of the said Rules. 67. Since Virtual-Q system for Sabarimala darshan is ordered to be taken over by the TDB, we deem it appropriate to direct the TDB to scrupulously follow the requirements of the Information Technology (Reasonable Security Practices and Procedures and Sensitive Data or Information) Rules, 2011, once the ownership and management of Virtual-Q system is transferred to the Board. 68. In Distribution of Essential Supplies and Services during Pandemic, In re, [(2021) 7 SCC 772], a decision relied on by the learned counsel for the petitioner in W.P.(C)No.21609 of 2021, a Three-Judge Bench of the Apex Court noticed its earlier order dated 30.04.2021-Distribution of Essential Supplies and Services During Pandemic, In re, [(2021) 18 SCC 201], wherein the Court had highlighted the concerns relating to the ability of the marginalised members of society to avail of vaccination, exclusively through a digital portal in the face of a digital divide. A survey on ‘Household Social Consumption: Education” was conducted by National Statistics Office (July 2017-June 2018), in which it was revealed that, around 4% of the rural households and 23% of the urban households possessed a computer. In the age group of 15-29 years, around 24% in rural households and 56% in urban areas were able to operate a computer. Nearly 24% of the households in the country had internet access during the survey year 2017-18. The proportion was 15% in rural households and 42% in urban households. Around 35% of persons in the age group of 15-29 years reported use of internet during the 30 days prior to the date of survey. The proportions were 25% in rural areas and 58% in urban areas. The Telecom Regulatory Authority of India in its report titled ‘Wireless Data Services in India’ noted that, out of the total population of 1.3 billion, only 578 million people in India (less than 50%) have subscription to wireless data services. The wireless teledensity in rural areas is 57.13% as compared to 155.49% in urban areas as on 31.03.2019. In the report, it is stated that, this reflects the rural-urban divide in terms of telecom services' penetration. Since the number of wireless data subscribers are less than 50% of the total wireless access subscribers, the number of wireless data subscribers in rural areas would be much lower. The report also noted that in a few Indian States like Bihar, Uttar Pradesh and Assam the teledensity is less than 75%. The monthly income of persons living below the poverty line in urban areas and rural areas is Rs.1,316/- and Rs.896/-, respectively. However, to access internet data services, a minimum tariff plan would cost around Rs.49/-, which includes 1 GB of data every 28 days. This would constitute 4-5% of the month's income of such persons accessing data. As such, the report notes that this would bear a considerable cost for persons living below the poverty line. The Apex Court noticed that, according to the Annual Report of Common Services Centres (CSC) for 2019-20, published by the Ministry of Electronics and Information Technology, while there are 2,53,134 Gram Panchayats in India, as on 31.03.2020 only 2,40,792 Gram Panchayats are covered with at least one registered CSC. Hence, approximately 13,000 Gram Panchayats in India do not have a CSC. It is clear from the above statistics that there exists a digital divide in India, particularly between the rural and urban areas. The extent of the advances made in improving digital literacy and digital access falls short of penetrating the majority of the population in the country. Serious issues of the availability of bandwidth and connectivity pose further challenges to digital penetration. The Apex Court found that a vaccination policy exclusively relying on a digital portal for vaccinating a significant population of this country between the ages of 18-44 years would be unable to meet its target of universal immunisation owing to such a digital divide. It is the marginalised sections of the society who would bear the brunt of this accessibility barrier. This could have serious implications on the fundamental right to equality and the right to health of persons within the above age group. 69. In this DBP and connected writ petitions, this Court passed various orders, whereby spot booking facilities were opened at various places, in order to ensure that the devotees, who do not have the facility for online booking in Virtual-Q system, are given an opportunity to book for Sabarimala darshan at the spot booking centres. Moreover, online booking in Virtual-Q system can be made through Akshaya Centres all over the State. During the course of arguments, the learned counsel for the petitioner in W.P.(C)No.21609 of 2021 submitted that, the pilgrims including those among the marginalised population availed the spot booking facilities opened at various places, based on the orders of this Court, for Sabarimala darshan through Virtual-Q system. 70. As already noticed hereinbefore, Virtual-Q system was introduced at Sabarimala for the first time in the year 2011, when there occurred a stampede at Pulmedu near Sabarimala, on 14.01.2011, which took the life of 52 pilgrims. Till the year 2020, Virtual-Q system was optional. In the year 2020, in connection with the spread of Covid-19 pandemic, it was made mandatory for all pilgrims. During Covid-19 pandemic, the State Disaster Management Authority will have the power to impose restrictions regarding entry of pilgrims to Sabarimala, by prescribing the number of devotees permitted to have darshan per day. Any such restriction imposed by the State Disaster Management Authority has to be complied with by the Travancore Devaswom Board. Once such restrictions are lifted, it would be open to the Travancore Devaswom Board to take an appropriate decision as to whether Virtual-Q system has to be made optional, by permitting the pilgrims to opt for the conventional queue system without online booking. 71. After detailed consideration of the pleadings and materials on record and also the submissions made by the learned counsel on both sides, our conclusions are as follows; (i) In view of the provisions under the Travancore- Cochin Hindu Religious Institutions Act, 1950 the administration of Sabarimala Devaswom, which is an incorporated Devaswom mentioned in Schedule I of the Act, and its properties and funds shall vest in the Travancore Devaswom Board. The Board is duty bound to see that the regular traditional rites and ceremonies according to the practice prevalent in Sabarimala are performed properly; and to establish and maintain proper facilities in Sabarimala for the devotees. Subject to the provisions of Part I of the Act and the Rules made thereunder, the Board shall manage the properties and affairs of Sabarimala Devaswom and arrange for the conduct of daily worship and ceremonies and festivals in Sabarimala according to the usage. (ii) In view of the provisions under the Kerala Hindu Places of Public Worship (Authorisation of Entry) Act, 1965 in the case of a place of public worship situated in any area to which Part I of the Travancore-Cochin Hindu Religious Institutions Act extends, the Travancore Devaswom Board is the competent authority under sub-section (1) of Section 4 of the said Act. Since Sabarimala is a place of public worship situated in an area to which Part I of the said Act extends, the competent authority to make regulations for the maintenance of order and decorum and the due observance of the religious rites and ceremonies performed in Sabarimala is the Travancore Devaswom Board and not the State Government. (iii) Unlike other temples in Kerala, the Kerala Police is responsible for crowd management and maintenance of law and order in Sabarimala during festival seasons and monthly poojas, since Sabarimala is situated in a difficult forest terrain prone to natural disasters. In Sabarimala, crowd management during festival seasons is a challenging task, which is regulated by the Kerala Police. Their presence is even necessary at Pathinettampadi to render necessary assistance to the devotees, especially children, senior citizens and also persons with disabilities. Crowd Management at Sabarimala during festival seasons and monthly poojas cannot be handled with the limited number of employees of the Travancore Devaswom Board, who are deputed on special duty. The crowd management by the Kerala Police at Sabarimala Sannidhanam and even at Pathinettampadi will not in any manner infringe the fundamental right g uaranteed under Articles 25 and 26 of the Constitution of India. (iv) Virtual-Q system was introduced at Sabarimala for the first time in the year 2011, when there occurred a stampede at Pulmedu near Sabarimala, on 14.01.2011, which took the life of 52 pilgrims. A regulated entry with details of pilgrims is imperative for crowd management at Sabarimala, when restrictions have been imposed on the number of pilgrims permitted to have darshan per day. Verification of Virtual-Q tickets and other related matters are the responsibilities of the Kerala Police, as part of crowd management. For effective crowd management during f estival season s and also monthly poojas the Kerala Police should have access to the database in Virtual-Q system. When specific threat inputs have been received in respect of Sabarimala Temple, the Kerala Police will have to take preventive action after screening and verifying the database. Any access to the database in Vitrual-Q platform by the Kerala Police, for crowd control during festival seasons and also monthly poojas, in order to avoid a stampede or untoward incidents, or for taking any preventive action in case any specific threat or security input, would not amount to an unwarranted invasion of the privacy of pilgrim s. (v) Though the stand taken by the 2nd respondent State and the 3rd respondent State Police Chief is that, Sabarimala Pilgrim Management System (SPMS) is in the combined ownership of the Kerala Police and the Travancore Devaswom Board, the specific stand taken by the Travancore Devaswom Board is that, Virtual-Q system for Sabarimala darshan introduced in the year 2011 is a project of Kerala Police, which is looking after crowd management in Sabarimala, and the Board does not have ownership or control over Virtual-Q system. The Kerala Police cannot own the domain name sabarimalaonline.org or display any advertisements on that web portal and earn revenue. That web portal should be owned and managed by the Travancore Devaswom Board. Similarly, the State Government has absolutely no authority to accord sanction to the Kerala Police to accept advertisements in Virtual-Q system, to meet the expenditure towards its maintenance. As in the case of other temples like Guruvayur, Virtual-Q system for Sabarimala darshan should be owned and managed by the Travancore Devaswom Board. Therefore, the Travancore Devaswom Board is directed to take over Virtual-Q system for Sabarimala darshan, presently owned and managed by the Kerala Police, with the technical support of the 5th respondent the Tata Consultancy Services Ltd. Once Virtual-Q system is taken over by the Travancore Devaswom Board, Tata Consultancy Services Ltd. shall render necessary technical support to the Travancore Devaswom Board. The Travancore Devaswom Board, the State Police Chief and the Tata Consultancy Services Ltd. are directed to take necessary steps in this regard, after completing the technical formalities and complying with the statutory requirements, and the entire exercise in this regard shall be completed, as expeditiously as possible, at any rate, within a period of three months from the date of receipt of a copy of this order. (vi) In view of the provisions under Rule 4 of the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011 the body corporate or any person who on behalf of body corporate collects, receives, possess, stores, deals or handle information of provider of information, shall provide a privacy policy for handling of or dealing in personal information including sensitive personal data or information and ensure that the same are available for view by such providers of information who has provided such information under lawful contract. Such policy shall be published on website of body corporate or any person on its behalf and shall provide for the matters enumerated in clauses (i) to (v) of sub-rule (1) of Rule 4 of the said Rules. Since Virtual-Q system for Sabarimala darshan is ordered to be taken over by the Travancore Devaswom Board, the Travancore Devaswom Board is directed to scrupulously follow the requirements of the Information Technology (Reasonable Security Practices and Procedures and Sensitive Data or Information) Rules, once the ownership and management of Virtual-Q system is transferred to the Board. (vii) During Covid-19 pandemic, the State Disaster Management Authority will have the power to impose restrictions regarding entry of pilgrims to Sabarimala, by prescribing the number of devotees permitted to have darshan per day. Any such restriction imposed by the State Disaster Management Authority has to be complied with by the Travancore Devaswom Board. Once such restrictions are lifted, it would be open to the Travancore Devaswom Board to take an appropriate decision as to whether Virtual-Q system has to be made optional, by permitting the pilgrims to opt for the conventional queue system without online booking. In the result, this DBP and the writ petitions are disposed of in terms of the directions contained as above.
O R