In India, the Identification of Prisoners Act, 1920 (the “1920 Act”) permitted the collection of fingerprints, footprint impressions, and photographs of, among others, (i) persons convicted of a crime for which the punishment is one year of rigorous imprisonment; and (ii) persons arrested in connection with such a crime. Considering that prisoner identification is now done in many more ways than those provided in the 1920 Act, the Criminal Procedure (Identification) Act, 2022 (the “2022 Act”) has been passed by both houses of parliament and has received the President's assent. The 2022 Act will widen the type of identifiable information that can be collected from convicts or arrested persons for criminal investigations.
However, the 2022 Act has been challenged by lawyer, Harshit Goel, in the Delhi High Court because it allows the police to "forcibly take measurements" of convicts and accused persons.
This critique identifies the important changes and key issues in the 2022 Act
- The 2022 Act will permit the collection of biological samples, “behavioral attributes”, and reports of any physical examinations of the accused conducted under sections 53 and 53A of Criminal Procedure Code (“CrPC”) dealing, among others, with rape cases.
- Unlike the 1920 Act, the 2022 Act aims to authorize the collection of data from convicts, persons arrested for offences punishable under any law, or those detained under preventive detention laws. The 2022 Act limits the forced collection of biological samples to offences committed against a woman or a child or for any offence punishable with imprisonment for a period not less than seven years.
- Under the 1920 Act, the power to make rules relating to criminal investigations had been entrusted with the state governments; however, the 2022 Act seeks to vest the rule making power in the central government and the state government.
- To aid in an investigation or proceeding under the CrPC, the 2022 Act seeks to empower a magistrate to direct any person to give his/her measurements and data as prescribed.
1 Delhi HC seeks Centre's stand on challenge to Criminal
Procedure (Identification) Act, available at
- The 2022 Act increases the number of persons who are eligible or authorized to collect data and provides discretion to prison officers, the police, and the magistrate's officers, in this regard.
- The National Crime Records Bureau (“NCRB”), which is a central government authority, is entrusted with the task of maintaining the electronic records of measurements and other data, including the collection, storage, preservation, sharing, dissemination, destruction, and disposal of such records.
- The 2022 Act also proposes retaining such records of measurements for a period of seventy-five years.
- Arrested persons who have committed offences against women or children or for offences punishable with imprisonment for seven years or more, will be legally required to give their biological samples. Moreover, “measurements” and personal data other than biological samples can be demanded from all arrested persons. Eventually, if they are exonerated, such persons will still find their data in the NCRB, which may include iris and retina scans, biological samples, etc.
- The definition of “measurements” specifies behavioural attributes that include signatures, handwriting or any other examination referred to in sections 53 or 53A of the CrPC; however, the scope of the term “behavioural attributes” has not been explained anywhere in the 2022 Act. In the absence of a properly crafted explanation, the result may be that such “measurements” may create evidence against the accused which can lead to self-incrimination in violation of Article 20(3) of the Constitution.
- Extending the power to legislate and/or make rules under the 2022 Act to the central government may give rise to conflicts with state authorities who are also so empowered.
- More importantly, the 2022 Act fails to make provisions for an appeal to a higher authority against any arbitrary exercise of power by an authorised entity to collect an individual's personal data. Therefore, by default, any remedy for abuse of power will fall into the lap of the High Courts of states or the Supreme Court.
- The 2022 Act does not mandate the NCRB to provide for the safekeeping of records of “measurements” against security threats like data breaches and cyber incidents. In addition, the 2022 Act does not restrict or provide for data sharing, which can pose a serious risk to the privacy of an accused who is acquitted or even in other instances.
While the 2022 Act will bring in modern prisoner identification techniques, there are a few disadvantages, namely, possibility of abuse of power by the authorities, chances of selfincrimination by the accused, data privacy, overlapping or conflicting legislation between states and the central government, etc. In addition, some provisions of the 2022 Act need to be clarified, and in the absence thereof, there is a threat to law abiding citizens and their fundamental rights. Moreover, the government has been deliberating and scrutinizing Indian data protection and privacy laws to develop a robust data protection framework (see our update (see our update here) Once established, the collection and retention of “measurements” under the 2022 Act will have to be done in accordance with established data protection laws.
The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.