A judge said “a trash bag, is a common repository for one’s personal effects because a single bag of trash testifies eloquently to the eating, reading, and recreational habits of the person who produced it including intimate details about sexual practices, health, and personal hygiene, financial and professional status, political affiliations and inclinations, private thoughts, personal relationships, and romantic interests.”

Today, in this age of digital technology, while “cell phones have improved the quality of life, enhanced accessibility to information, promoted social knowledge” it has also become the source of problems. Cell phones now contain even more intimate and personal information than trash bags and it is increasing. However, in recent times, it has become so common that business entities are asking customers to provide their phone numbers whenever the payments are done electronically. This was probably due to some failures on the part of the financial institutions as there are reports of transactions that failed yet the records show otherwise, giving rise to distrust among the business entities on electronic payment. Such a requirement makes every customer vulnerable to serious violations of privacy of consumers, including possible harassment and misuse of these records.

 Privacy plays a vital role in shaping democracy as “the development of individuality in democratic societies” generates independent thought, diversity of views to enable unhindered expression and conduct, without “fear of ridicule or penalty, and for the opportunity to alter opinions before making them public.” Recognszing the importance of privacy in a democracy, the Constitution of Bhutan ensures that the right to privacy is one of the fundamental rights.  This is echoed further by Information and Communications Act 2018.

 For example, Sections 336-338 of ICM Act mandates the ICT and Media facility or service provider and vendor to respect and protect privacy of personal information, including sensitive personal information which they receive from the users or consumers and limit the collection, use and disclosure of personal information, to that which a reasonable person would consider appropriate in the circumstances.

 However, who monitors these business entities with possession of huge public data with personal cell numbers as they are not legally authorised entities to collect phone numbers of any customer? Yet, hundreds of thousands of phone numbers are recorded in their sales registers. These records are in most cases not secured and accessible to anyone coming to their premise, including their friends, family members and even strangers in some instances. Thus, what assurance is there that none of the shopkeepers has adequate means to protect their consumers from being harassed by their employees, friends, or family members by using their phone numbers? Should there be a serious breach of privacy due to their negligence or poor storage of such information, who should be liable, the banks or the business entities? The benefits of every transaction through electronic are business entities, consumers, and banks but only consumers will suffer if their phone numbers are misused.

 It is, thus, important that our banks must convince the shopkeepers that electronic payment is reliable and collection of personal cell phone numbers is not required.  The Royal Monetary Authority must issue policy interventions in the interest of consumers and banks must come up with a system that is secure, safe, and reliable. It is the duty of financial institutions to build confidence and trust in their own systems.      

Sonam Tshering

Lawyer, Thimphu

Disclaimer: The views expressed in this article are author’s own.