The Right to Privacy in India: Constitutional Provisions, Judicial Evolution, and Future Challenges

Right to Privacy under Constitutional Provisions in India

Gaining greater prominence in Indian constitutional jurisprudence, the right to privacy is mainly concerning recent technological developments and increased state surveillance. Curiously, there is no mention whatsoever of the right to privacy in the original text. Yet, reading between the lines, various Fundamental Rights under Article 21 have been distilled, including the right to life and personal liberty among others. A long chain of judgments has been influential in the shaping of the constitutional right of privacy, continuing their development in terms of the role the Supreme Court of India is to play in its interpretation within the context of changing societal needs and challenges.

Genesis of Privacy Rights in India

Legal history of recognition of privacy as a fundamental right in India is divided and begins from early years of the Constitution. One of the earliest cases dealing with the subject of privacy, albeit indirectly, is Kharak Singh v. State of Uttar Pradesh[i], In that case, the Supreme Court weighed the constitutionality of police surveillance under the Uttar Pradesh Police Regulations. It was contended by the petitioner that these were violating his fundamental rights under Article 21. Even while some provisions were declared unconstitutional, the Court was vague about discovering a distinct right to privacy and brushed off the very concept of personal liberty and freedom from arbitrary state interference.

The doctrine of privacy evolved with subsequent cases. In the case of Govind v. State of Madhya Pradesh, the Supreme Court recognized that some elements of privacy might fall within the more inclusive head of personal liberty but did not declare it to be a fundamental right. The Court held that any claim of privacy would have to be weighed against the state’s interest in maintaining law and order, which was the first sign of this tug-of-war between privacy rights and state surveillance.

The Puttaswamy Judgment: A Landmark Decision

The landmark judgment defining the turning point of right to privacy in India is Justice K.S. Puttaswamy (Retd.) v. Union of India[ii], wherein a retired judge Justice K.S. Puttaswamy challenged the constitutionality of Aadhaar scheme that compels people to give biometric data while getting government services. Here, the petitioner states that the scheme violates the right to privacy as one needs to surrender huge heaps of data without proper mechanisms for safeguarding.

The Supreme Court while delivering a unanimous judgment by a nine-judge bench declared that privacy is an inalienable component of Article 21, which ensures protection for a right to life and personal liberty. The court has already acknowledged in its judgment that privacy is an important component of dignity, autonomy and freedom.[iii] Judgment overruled earlier decisions in M.P. Sharma v. Satish Chandra[iv], and Kharak Singh, which had rejected the existence of a constitutional right to privacy.

The Court provided a three-step test for any state invasion of privacy:

(1) legality, which assumes that law exists.

(2) legitimate aim, which must be compelling in character; and

(3) proportionality: that the action taken is necessary and proportionate to the objective sought.[v] This test has since then become a standard for checking cases involving violation of rights of privacy, pitted against the state’s interests, with individual rights balanced against the latter.

Implication on State Surveillance

The new trend carries extremely crucial implications to surveillance practices in the state of India. Although the state still maintains the prerogative to surveil on the grounds of national security, law enforcement, and public safety, it must meet the standards of the Constitution that are stated by Puttaswamy, which include showing that the measures of surveillance are lawful, aimed at a legitimate goal, and proportionate to the threat they target.[vi]

However, despite the Puttaswamy ruling, concerns continue to mount because India lacked all-encompassing data protection legislation, pending the passage of the Digital Personal Data Protection Act, 2023, which aims at ensuring the protection of privacy rights but could provide excessive exemptions to state surveillance regarding the access granted by government agencies to personal data without explicit consent.[vii]

Global Standards of Privacy and Surveillance Comparison

This debate over privacy and state surveillance is not India-specific but a global phenomenon. Countries around the world have approached issues of balancing individual rights relating to privacy with the state’s need for surveillance, particularly in national security and public order. There are historic, cultural, and legal factors shaping this difference, so that while regulatory frameworks themselves differ-for example, between the EU, U.S., and many other jurisdictions-an examination of these would also provide significant points of comparison as to how privacy is being protected (or not).

The European Union: Hard Stance on Data Protection

The right to privacy has been the primary good leader of the European Union, where this right is given as one of the fundamental human rights under the Charter of Fundamental Rights of the European Union (Art. 7, 8). The General Data Protection Regulation enacted in 2018 is described by many as one of the most comprehensive pieces of legislation related to data protection in the world. The GDPR lays out high standards with regard to the collection, processing, and storage of personal data. It is based on the principle of consent and the right to be forgotten (GDPR, Art. 6, 17). Companies are obliged to process data in a lawful, fair, and transparent manner-in other words, only after having obtained explicit consent before collecting personal data.

The GDPR also introduced data minimization, meaning that only the minimum quantity of personal data necessary for the specified purpose can be collected. Some limitations have also been imposed by the GDPR on the surveillance of people through private and state actors regarding their collection of data, with national security being exempted. Some of the strict mechanisms of enforcement by regulation include harsh penalties for noncompliance, cases such as a €50 million fine issued on Google by the French data protection authority, known as CNIL.[viii]

Author: Kaustubh Kumar, in case of any queries please contact/write back to us via email to chhavi@khuranaandkhurana.com or at Khurana & Khurana, Advocates and IP Attorney.

REFERENCES

[i] AIR 1963 SC 1295

[ii] (2017) 10 SCC 1

[iii] Singh, The Evolution of Privacy Jurisprudence in India, 58 J. Indian L. Inst. 173, 2018

[iv] AIR 1954 SC 300

[v] Chandrachud J., Puttaswamy, para. 181.

[vi] Basu, Privacy Protections in Indian Jurisprudence Post-Puttaswamy, 32 Nat’l L. Sch. India Rev. 97, 2020

[vii] Sharma, A Critical Analysis of the Digital Personal Data Protection Act, 14 NUJS L. Rev. 135, 2024

[viii] (CNIL, Decision No. SAN-2019-001).