The Right to Privacy is the entitlement of individuals to keep their personal lives, bodies, decisions, and data free from unwarranted intrusion by the State, corporations, or fellow citizens. At its core, it encompasses:
- Bodily Integrity & Personal Autonomy
The freedom to make decisions about one’s own body and personal relationships without coercion or surveillance.
- Informational Self‑Determination
The right to control the collection, use, and dissemination of one’s personal data; financial, medical, digital footprints, and more.
- Confidentiality & Secrecy
Protection against the interception of communications (letters, emails, phone calls) and intrusion into private spaces (homes, diaries, private property).
Internationally, this right is enshrined in Article 12 of the Universal Declaration of Human Rights (1948) and Article 17 of the International Covenant on Civil and Political Rights (1966). In India, it has been read into the fundamental right to life and personal liberty under Article 21 of the Constitution, a journey marked by incremental judicial recognition.
Evolution of Privacy Jurisprudence in India
Though not explicitly mentioned in the Constitution, the Supreme Court of India has interpreted various rights to carve out a phonebooth for personal privacy over decades:
1. M.P. Sharma v. Satish Chandra (1954)
A nine‑judge bench grappled with unreasonable searches and seizures. While it did not conclusively recognize privacy, it laid groundwork by emphasizing the need for reasonable procedure under Article 21.
2. Kharak Singh v. State of Uttar Pradesh (1961)
A six‑judge bench considered police surveillance of “history‑sheeters.” It held that domiciliary visits and beat patrolling might infringe personal liberty, but stopped short of declaring a standalone privacy right.
3. Gobind v. State of Madhya Pradesh (1975)
The Court borrowed the “compelling state interest” test from U.S. jurisprudence—privacy would yield only to an overriding public good, subject to necessity and proportionality.
4. PUCL v. Union of India (1997)
Reinforced that interception of telephone communications without due process violates personal liberty, confirming a limited “privacy interest” in private correspondence.
5. Information Technology Act, 2000 (Amended 2008)
Section 43A and related rules-imposed liabilities on companies mishandling sensitive personal data, marking the first statutory nod toward informational privacy.
6. The K.S. Puttaswamy Judgment (2017)
A watershed moment arrived in Justice K.S. Puttaswamy (Retd.) v. Union of India (2017), where a nine‑judge Constitution Bench unanimously held:
- Privacy as a Fundamental Right
Privacy is “intrinsic to life and personal liberty” under Article 21, and also flows from the freedoms in Part III (speech, movement, residence, etc.).
- Overruling Past Precedents
Earlier decisions in M.P. Sharma and Kharak Singh—denying a standalone right—were overruled, recognizing that the Constitution’s silence did not imply exclusion.
- Territorial & Personal Scope
The right applies to all persons within India, regardless of citizenship, and protects activities whether offline or online.
- Scope of State Action
State interference must satisfy the triple test of legality (backed by clear law), necessity (in a democratic society), and proportionality (least intrusive means).
Significance of Privacy as a Fundamental Right
1. Preserving Human Dignity
Autonomy over personal choices, family, faith, sexuality, upholds the Constitution’s promise of dignity.
2. Enabling Free Expression
Confidential spaces foster creativity, dissent, and robust democratic debate without fear of surveillance or repercussion.
3. Safeguarding Personal Data
Digitalization has made personal data a prime asset. Privacy protection mitigates identity theft, financial fraud, and unauthorized profiling.
4. Balancing Surveillance & Security
While national security demands certain intrusions (interception of communication, monitoring), constitutional checks prevent arbitrary or excessive surveillance.
5. Global Competitiveness
Clear privacy norms strengthen India’s digital economy, building trust, encouraging foreign investment, and aligning with international data‑flow standards.
Challenges to Privacy Protection
- Conflict Amid Fundamental Rights
The right to privacy may clash with free speech (publication of personal information), freedom of religion (faith‑based secrecy), or the State’s duty to protect life (health surveillance in pandemics). Striking the correct balance is complex.
- Legislative Vacuum
Absence of a comprehensive, standalone data‑protection law until recently left ambiguous duties for governments, private players, and citizens.
- Pervasive Surveillance Architecture
Legacy statutes like the Indian Telegraph Act (1885) and the Information Technology Act (2000) grant broad powers for interception and monitoring, often without robust oversight or transparency.
- Digital Divide & Awareness Gap
Large swathes of the population, particularly in rural areas there is lack digital literacy, leaving them vulnerable to data breaches, phishing, and unwitting consent to exploitative data practices.
- Corporate Data‑Harvesting
Social media platforms, e‑commerce sites, and telecom operators routinely collect user data with minimal consumer recourse, fueling opaque profiling and targeted advertising.
- Judicial Enforcement
While Puttaswamy enunciated the test for restrictions, lower courts vary in their interpretation. Clear guidelines on what constitutes proportionate interference are still evolving.
Government Initiatives & Legislative Reforms
B.N. Srikrishna Committee (2017–18)
- Constituted after Puttaswamy, this committee drafted the first comprehensive Data Protection Bill—anchored on principles of consent, purpose limitation, data minimization, and accountability.
- Key Recommendations: Establishment of an independent Data Protection Authority, rights of access, correction, erasure (‘right to be forgotten’), and explicit penalties for non‑compliance.
Digital Personal Data Protection Act, 2023
- Governs processing of digital personal data by both government and private entities within India and handling cross‑border flows.
- Data Fiduciary Obligations: Requires clear consent, data-protection impact assessments, breach notifications, and appointment of data-protection officers.
- Safeguards: Allows exemptions for national security, prevention of crime, journalistic work, academic research, and emergencies—subject to specified procedures.
- Penalties: Tiered fines for violations ranging from incorrect data processing to serious breaches affecting multiple individuals.
Indian Telegraph Act & IT Act
- Recent amendments have attempted to introduce stricter procedural safeguards for interception, and to limit data retention periods.
National Cyber Security Policy & CERT‑In
- Provide guidelines on best practices, incident response, and secure system architectures—though their focus extends beyond privacy to broader cyber resilience.
Way Forward: Strengthening Privacy Protection
1. Robust Judicial Oversight
Legislate clear standards for interception and surveillance, mandating prior judicial authorization, periodic review, and transparency reports.
2. Public Awareness & Digital Literacy
Launch nationwide campaigns, integrate privacy education in school curricula, and empower citizens to assert their data rights.
3. Technological Safeguards
Encourage adoption of privacy‑enhancing technologies, end-to-end encryption, anonymization, decentralized identifiers, and secure multi-party computation.
4. Streamlined Data‑Protection Authority
Ensure independence, adequate funding, and technical expertise for the Authority to investigate complaints, impose sanctions, and conduct audits.
5. Corporate Accountability & Transparency
Mandate clear privacy policies, periodic disclosures of data-processing practices, and impact assessments before large-scale deployments (e.g., facial recognition).
6. Harmonizing Laws & International Cooperation
Align domestic norms with GDPR, OECD guidelines, and APEC frameworks, facilitating cross-border data flows with adequate protections.
Contributed by: Vanshika Dhiman (Intern)