Right to privacy

February 5, 2024

14660

This article is written by Shivani Kumari. This article extensively covers the origin of the right to privacy as a fundamental right. It discusses the current legal developments that have made the right to privacy a fundamental right. It provides a description of events where the Constituent Assembly of India considered including privacy as a right in the Constitution of India. The article discusses the various international treaties that recognise privacy as a basic human right. It sheds light on how privacy was dealt with before it was guaranteed the status of fundamental rights. The article further deals with the judicial pronouncements of the Indian courts that have recognised privacy as a fundamental right. It discusses the right to be forgotten as a facet of privacy rights. At last, it critically appraises the Digital Personal Data Protection Act, 2023, the law for data protection in India.

Table of Contents

Introduction

It is often said that humans are social animals. Yet there are some aspects of human life that the individual wants to keep to himself or the selected person he wants to share them with. Privacy has been declared one of the essential facets of liberty guaranteed to an individual. The term privacy has been derived from ‘privatus‘, a Latin word meaning private, secret, or personal, different from what is public or does not belong to the state. Thus, the word ‘privacy’ entails the sense of something belonging to oneself, something that the individual would not want to share with others.

Richard B. Parker in his book Privacy wrote “Privacy means the control over whom and when various parts of us can be sensed by others.” By ‘various parts’, he means our body parts, our voice, and the product of our bodies. It also includes the objects with which we are very closely associated and which are only accessible to us. ‘Sensed by others’ means that they have seen, smelled, heard, tasted, or been touched by others.

The right to own something includes a bundle of rights concerning that thing, such as the owner’s right to sell it, gift it, or even destroy it. They also have the right to be protected from someone else stealing it, using it, transferring it, or destroying it without their consent.

What is the right to privacy

Privacy means the state of being alone and keeping one’s personal matters and relationships secret. The Black’s Law Dictionary defines it as “the right that determines non-intervention in secret surveillance and protecting an individual’s information. It is of four categories. First, physical: an imposition whereby another individual is restricted from experiencing an individual or situation. Second, decisional: the imposition of an exclusive restriction on an entity. Third, informational: the prevention of searching for unknown information. Fourth, dispositional: the prevention of attempts made to know the minds of individuals.”

The concept of privacy is not new. However, the concept of recognising privacy as a fundamental right is modern. Ancient Greek society had two spheres, Polis and Oikos, where the former referred to the public sphere like the city and the latter referred to household affairs. However, in nineteenth-century America, there were common law principles and constitutional and statutory protection for the right to privacy.

The Right to Privacy, a Harvard Law Review article published by Boston law partners Samuel D. Warren and Louis Brandeis in 1890, is credited with recognising the right to privacy and creating a new tort as an invasion of personal privacy. In their published article, the Boston Partners proposed a remedy for invasion of personal privacy by the press. The renowned jurist Roscoe Pound, Dean of Harvard Law School (1916-1936), opined about the article that “it did nothing less than add a chapter to our law.”

International recognition of the right to privacy as a fundamental right

The international community has identified the right to privacy as a basic human right that serves as the basis for several other rights. Privacy, as a right, is recognised in the Universal Declaration of Human Rights (UDHR), 1948, and the International Covenant on Civil and Political Rights (ICCPR), 1966. Article 12 of the UDHR and Article 17 of the ICCPR provide legal protection to persons against ‘arbitrary interference’ with one’s privacy, family, correspondence, home, reputation, and honour.

Apart from universal treaties like UDHR and ICCPR, special conventions for the protection of the rights of special groups also recognise and protect the privacy rights of those communities. Article 16 of the Convention on the Rights of the Child,1989 provides children protection of the law from arbitrary and unlawful invasion of their privacy, home, correspondence, and family, and also safeguards their honour and reputation from unlawful attacks. Similarly, Article 14 of the International Convention on the Rights of All Migrant Workers and Members of Their Families, 1990, provides protection to migrant workers and their families from unlawful interference in their privacy, home, and correspondence, or unlawful attacks on their honour and reputation.

The regional groupings have also recognised the right to privacy and granted protection to their citizens along the same lines. Article 8 of the European Convention on Human Rights and Fundamental Freedom grants the citizens of the European Union the right to respect for private and family life, but subject to certain restrictions in the interest of national security, health or morals, the well-being of the country, and protection of rights and freedoms of others. Article 21 of the Arab Charter on Human Rights, 2004, grants protection from arbitrary interference and attacks on one’s privacy, family matters, or correspondence. Article 16(8) specifically protects the security and privacy of convicted persons in all circumstances. Article 11 of the American Convention on Human Rights guarantees the protection of the law against arbitrary or abusive interference in one’s private life and family, his home or correspondence, or attacks on honour or reputation. Article 1 of the Convention for the Protection of Individuals with regard to Automatic Processing of Personal Data states that the objective of the Convention is to respect human rights and fundamental freedoms, especially the right to privacy. The Asia-Pacific Economic Cooperation Privacy Framework provides for the protection of informational privacy during the free flow of information in the Asia-Pacific region.

Right to privacy in different countries

With the increasing amount of personal data in the new data-driven world, it is pertinent that different countries have come up with their own data protection and privacy legislation. According to the United Nations Conference on Trade and Development (UNCTAD), 137 out of 194 countries in the world have privacy and data protection legislation. Countries in Asia and Africa have shown wide acceptance of privacy legislation, with 57 and 61 percent of countries, respectively, having enacted privacy protection laws. The international data protection legislation is based on the five global privacy principles.

Notice: advising visitors, users, readers, and users of the policies to protect personal information;
Choice and Consent: providing people with the choice to consent or not to the collection, storage, use, or management of personal information;
Access and Participation: ensuring that the information-tuned data is used by the correct people within the security protocols;
Integrity and Security: ensuring that there are proper measures to secure the data and that there is no unauthorised access to the data;
Enforcement: ensuring that the site, service, solution, and platform are aligned with regulations that enforce compliance.

The European Union took the first move to encode the General Data Protection Regulation (GDPR) of 2018 to protect and guard the data of its citizens against unwarranted invasion and processing. The GDPR serves as the basis for almost all the data and privacy laws around the world, with countries moulding it to suit their situations. The European data protection laws provide stringent punishment and hefty fines for data breaches.

The Fourth Constitution Amendment of the US Constitution is referred to as guaranteeing protection against unwarranted lawful invasion. In the US, in the absence of formal law at the federal level, the states have their own data protection laws, with California being the frontrunner. In 1972, California amended its Constitution to include privacy in the list of inalienable rights. Pursuant to the amendment, the legislature of California has enacted several laws to protect the privacy of its citizens, viz., the Online Privacy Protection Act, the Privacy Rights for California Minors in the Digital World Act, and the California Consumer Privacy Act, (CCPA) 2020 . CCPA provides robust data and privacy protection mechanisms. The law enables its residents to ensure how their personal data is being collected and for what purposes it is used. It gives its citizens a right to institute a suit if the data is subjected to unauthorised access, exfiltration, theft, or disclosure or if there is a violation of the duty to implement and maintain reasonable security procedures and practices to protect the personal information of the person.

The people of China are guaranteed the right to privacy and protection from unlawful search and intrusion of their homes and correspondence through Articles 39 and 40 of the Constitution of the People’s Republic of China. The Civil Code, 2021 (through Book Four Personality Rights Chapter VI pg.186-188), and the Personal Information Protection Law, 2021, regulate the processing of personal informational data in China. The privacy law in China is largely focused on regulating private entities and corporations while collecting and handling personal data. The law has a wide ambit for the government to use the data for monitoring and undertaking surveillance actions on its subjects.

Constituent assembly on the right to privacy

The Advisory Committee on Fundamental Rights was tasked with formulating a draft of the fundamental rights of the citizens. Eminent members, like Harman Singh, K. M. Munshi, and Dr. Ambedkar, staunchly advocated for the inclusion of privacy as a right. Inspired by the Czech Constitution, Harman Singh stated in his note on fundamental rights, “Every dwelling shall be inviolable”. Dr. Amedkar, in his note, mentioned the protection against unreasonable searches and seizures. The Sub-Committee on Fundamental Rights proposed two rights. First, the right to the inviolability of one’s home is protection against unreasonable searches and seizures; second, the secrecy of correspondence. However, Sir B.N. Rau, K.M. Pannikar, and A. K. Ayyer dissented against the proposals, citing that it could hinder the process of law enforcement. Finally, the Advisory Committee on Fundamental Rights did not approve, and the rights were not included in the report.

In the Constituent Assembly, Mr. Kazi Syed Karimuddin moved an amendment to protect the privacy of individuals from unreasonable state interference, searches, and seizures along the lines of the American and Irish Constitutions. Dr. B.R. Ambedkar replied, accepting his amendment, that the Criminal Procedure Code has the provision to provide a safeguard against such interference. However, privacy was not given a mention in the Constitution. The amendment to include these rights was moved several times, but the moves could not gather consensus, and the assembly moved forward, leaving the provision undecided.

Article 21 of the Constitution and the right to privacy

Article 21 is the heart of the Constitution of India. It guarantees the right to life and personal liberty to every person, whether a citizen or non-citizen residing in India. It is the base of all other rights that are provided by the Constitution because life is an essential element for enjoying other rights such as freedom, equality, or religion. The Article includes in itself all other rights that are necessary for a human to live to its full potential, such as the right to health, the right to a clean environment, the right to sleep peacefully, the right to livelihood, the right to free legal aid and speedy trial, or the right to privacy.

The right to privacy has been described as the concomitant of the right to life and personal liberty from the very beginning. The Supreme Court in the case of Kharak Singh v. State of Uttar Pradesh (1963) has held that the right to life does not mean just the mere animal existence, it means the right to enjoy life with all the limbs and faculties of a human body. It includes access to all the means that make life worth living. A person cannot be said to live his life when someone is keeping a continuous watch on him, even though he is not physically confined.

The term liberty in the Article means that an individual has control of all aspects of his life and enjoys his personal space without any unnecessary interference. The judgement by the Supreme Court in Maneka Gandhi v. Union of India (1978) has widened the scope of liberty. Anything that is there to curtail liberty should be backed by a legislative procedure, which is free from arbitrariness and is just, fair, and reasonable. In K.S. Puttaswamy v. Union of India (2017), finally, the Supreme Court elevated the right to privacy as an intrinsic part of the right to life and personal liberty.

Privacy is not an absolute right but is subjected to reasonable restrictions

Just like the other fundamental rights, the right to privacy is also not an absolute right, and it can be curtailed in some situations. The exception to the right to privacy is twofold: first, the reasonable restrictions that can be put on the exercise of privacy as a fundamental right, such as the national interest, or where there is a threat to the sovereignty of India, public order, decency or morality, contempt of court, or incitement of an offence, and other reasonable restrictions provided under Article 19 of the Constitution of India. Another aspect of the exception to the right to privacy is that it can be subjugated when there is a conflict between the right to privacy and another fundamental right that serves the public interest, as was the case in Mr. X v. Hospital Z (1998), where the petitioner was denied the right to privacy as it was more important to uphold the right to health of his fiance.

Justice (Dr.) D. Y. Chandrachud in the Puttaswamy Judgement (2017) laid down the test of proportionality. It meant that the invasion of privacy must be in proportion to the need for interference. The test lays down the following criteria to be fulfilled in order to qualify as an exception to the right to privacy:

Such an act of interference must be sanctioned by the law, and there should be a due legal procedure for such interference. The law and the legal procedure must be just, fair, and reasonable, and they must be free from manifest arbitrariness.
The law should be backed by a legitimate and reasonable state’s interest so as to provide unnecessary state interference.
The method, nature, and quality of the interference must be proportionate to the objects, needs, and purposes sought to be fulfilled by the law.

Right to privacy and government surveillance

Surveillance, in its literal sense, means to keep watch over or observe someone. The government has been undertaking surveillance activities to keep track of criminals and suspects. The purpose of surveillance is to prevent crime or terrorist activities, maintain law and order, and protect the national interest. There are laws that give governments the power to monitor the activities of certain classes of people through searches and seizures, telephone tapping, decryption of messages, and inspection of their correspondence. In the tech world, surveillance is also done through CCTV cameras, scrutinising the emails and online activities of a person. The Information Technology Act, 2000; the Indian Telegraph Act, 1885; followed by the Telegraph (Amendment) Rules, 2007, provides the government to issue surveillance orders.

As per Section 5 of the Indian Telegraph Act, the central or state governments can issue orders to intercept messages on the grounds of public emergency or public safety or when there are circumstances that make it expedient to issue such orders. Among other grounds, the government can issue interception orders if there is a threat to the public order, security of the state, sovereignty and integrity of India, friendly relations with the state, preventing the commission of an offence, etc.

Rule 419A of the Telegraph (Amendment) Rules, 2007, gives power to the Secretary of Home Affairs of the Central Government and the Head In-Charge of the Home Department of the State Government to issue an order of interception to any agency in their respective jurisdiction. This power can be exercised by the Officer of the Home Department of either the central government or the state government, not below the rank of Joint Secretary, in unavoidable circumstances.

Section 69 of the Information Technology Act, 2000, provides the power to the central government and state governments to issue orders for monitoring, intercepting, and decrypting any information transmitted, received, or stored in any computer resource.

The agencies authorised under the IT Act and IT Rules, 2009, by the order of the Ministry of Home Affairs are the Central Bureau of Investigation (CBI), National Investigation Agency (NIA), Narcotics Control Bureau (NCB), Research and Analysis Wing (RAW), Intelligence Bureau (IB), Enforcement Directorate (ED), Directorate of Revenue Intelligence, Central Board of Direct Taxes (CBDT), Commissioner of Police (Delhi), and Directorate of Signal Intelligence (for Jammu and Kashmir, the North East, and Assam).

However, the power of surveillance can be misused by governments. They use these powers to create an environment where each and every action of the person is monitored, suppressing dissenting opinions. These actions amount to the infringement of the right of privacy of the person being surveillanced. The incidents of Pegasus Spyware attacks and Cambridge Analytica are the examples where the governments allegedly tried to surveil persons. The incidents were criticised as a dangerous attack on the right to privacy of the persons so affected.

The surveillance provisions were challenged in the cases of M.P. Sharma v. Satish Chandra (1954), Kharak Singh (1963), and Govind v. State of Madhya Pradesh (1975) on the ground of breach of privacy. However, the Supreme Court gave different opinions in all these cases. In the case of M.P. Sharma (1954), it was held that the power of search and seizure is not a violation of right to privacy, as no such right is guaranteed by the Constitution. Further, these powers are necessary for the maintenance of law and order and for proper discharge of police duties.

In Kharak Singh’s case (1963), the Apex Court did not recognise the right to privacy but declared that the night visits to the house of the appellant for surveillance purposes were violative of his right to life and liberty. The majority opinion upheld other activities, such as secret picketing or monitoring and reporting the movement of the suspect, as valid and held that these orders are issued against a certain class of people who are suspected of committing crime. The minority opinion of Subba Rao and Shah, JJ., held that all the surveillance activities were unconstitutional and violative of the right to life and personal liberty of a person. A person cannot enjoy his liberty if he is under the fear of being watched every time. By observing this, the court impliedly accepted the concept of the right to privacy, despite denying it in express terms.

In Govind v. State of M.P. (1975), the Apex Court firmly held that the surveillance provisions under the Police Regulation were on the verge of violating the right to privacy. The court observed that these powers must only be used in a strict sense of community security and should not be used as a regular duty of the police to visit each and every person who is released from jail at the end of his conviction.

In PUCL v. Union of India (1997), the Supreme Court upheld that the power exercised by the CBI under Section 5 of the Telegraph Act to intercept the telephonic conversation, in the absence of fair and reasonable procedural safeguards, was violative of the right to privacy. The court held that every person has the right to freely converse over the phone without the fear of intrusion.

In 2012, Justice Puttaswamy challenged the Aadhar Scheme in Supreme Court of India on the very same grounds that the government, by compulsorily collecting the biometric data of all individuals, will have more power to surveil the acts of every person. It will create a situation of the surveillance state. He contended that compulsory collection of biometric data is against the right to privacy of the person. The Apex Court took almost five years to decide the case, and finally, in 2017, it held that the right to privacy is a fundamental right, and in the age of growing technologies, the informational privacy of a person needs to be protected more efficiently. The right to privacy is not an absolute right, but nevertheless, it can be restricted only on the basis of due procedure established by law. The government should ensure the proper mechanism to protect the personal and biometric data of individuals. It should use the data only for the purpose for which it is being collected and must refrain from using it for any surveillance purposes.

Furthering the judgement in Puttaswamy’s case (2017), the Bombay High Court in Vineet Kumar v. CBI (2019), set aside three interception orders of the Ministry of Home Affairs of India against the petitioner on the grounds of violation of the right to privacy and also ordered the destruction of intercepted records.

Brief history of right to privacy in India

The right to privacy has evolved from being protection against unnecessary state intervention in the lives of its subjects to the right to informational privacy, protecting individuals’ sensitive personal information from unwanted and unlawful attacks by the state or even non-state actors. The development of these technologies has brought new challenges to protecting the data of individuals from cyber attacks, identity thefts, and data breaches. M. P. Sharma v. Satish Chandra (1954) was the first case in India on the grounds of protection from unnecessary searches and seizures. Even when privacy was not given the status of a fundamental right, the courts had time and again iterated that the right to life and personal liberty cannot be enjoyed to the fullest if there is an unlawful invasion in someone’s personal life. The Indian Judicial System has largely followed American jurisprudence while dealing with privacy issues. The protection against unwanted interference was granted by the principles of common law. Justice Subba Rao, through his dissenting opinion in case of Kharak Singh (1963), held that the right to life and liberty does not mean mere animal existence; it means life to live with human dignity. The right to be alone is a facet of the right to privacy. In the matter of Mr. X v. Hospital Z (1998), it was held that the right to privacy is not an absolute right and that it can be subverted to serve the large public interest and public health. In the case of R. Rajagopal v. State of Tamil Nadu (1995), it was decided by the Aex Court that unauthorised publication of a person’s life without his consent is violative of the person’s right to privacy, and hence the right to freedom of speech and expression must be exercised with the duty of not intervening in the privacy of a person. In the case of State of Maharashtra v. Madhukar Narayan Mardikar (1991), it was held by the Supreme Court that every person has the right to privacy and can seek the protection of the same, even when the person is a woman of easy virtue. All the discussions and confusion about the status of the right to privacy were settled by the Supreme Court in Justice K.S. Puttaswamy v. Union of India (2017). It was held that the right to privacy is an intrinsic part of the right to life and personal liberty under Article 21 of the Constitution of India. The judgement especially declared that, in this new technological era, the personal data of a person, especially his biometric data, forms valuable information and can be used by another having unauthorised access; hence, protection of informational privacy needs to be guaranteed. No party, even if it is the government, can have unauthorised access to the personal data of an individual. The cases that led to the recognition of privacy as a fundamental right have been dealt with in the following section.

Important judicial pronouncements on the right to privacy in India

The right to privacy is not solely recognised in the Constitution of India. However, with the development of laws on the rights constructing the right to personal liberty and dignified life, the right to privacy has been recognised as its integral component. The Hon’ble Supreme Court of India has given full-fledged recognition to the right to privacy as a fundamental right in the celebrated case of Justice K.S. Puttaswamy (Retd.) v. Union of India (2017), popularly known as Privacy Judgement.

Here is the series of cases that led to the recognition of the right to privacy as a fundamental right in India.

M.P. Sharma v. Satish Chandra (1954)

Four years after the enforcement of the Constitution, protection from infringement on privacy by search and seizure by police was sought before the Supreme Court of India by the Dalmia Group, the largest industrial conglomerate of India at the time.

Facts of the case

On November 19th, 1953, the Registrar of the Joint Stock Companies, Delhi, logged information with the Delhi Special Police Establishment about the alleged fraudulent practices being adopted by M/S. Dalmia Jain Airways Ltd. (Company). The allegation was made based on the report of the investigating officer appointed by the government under the Companies Act. The report showed that the company was involved in organised attempts to misappropriate and embezzle its funds and declare a substantial loss from its inception. It was alleged that the company had concealed the true state of affairs from its shareholders, carried out fraudulent transfers, and made wrong and false entries in its books of accounts. The director and chairman of the company, Seth R.K. Dalmia, was also accused of committing fraud using this company and other companies which he controlled through his nominees.

The District Magistrate, on an application based on the above information (F.I.R.), issued the search warrants. The searches were conducted simultaneously at 34 places, and voluminous documents were seized from there.

M/S Dalmia Jain Airways Ltd., along with other companies, filed the petition in the Supreme Court challenging the constitutionality of Section 96(1), Code of Criminal Procedures, 1868, which allowed the search and seizure of places and documents, as the section was violative of the fundamental rights provided under Article 19(1)(f) and Article 20(3) of the Constitution of India.

Issues involved in the case

Does the search and seizure of documents under Sections 94 and 96 of the Code of Criminal Procedure amount to compelled production violating the principles of Article 20(3) of the Constitution of India?
Is the right to privacy guaranteed by the Constitution of India?

Judgement of the court

The Eight- Judge Bench of the Supreme Court held that the search and seizure are only a temporary interference in the right to hold property searched and articles seized. The statutory recognition of the procedure is necessary and is a reasonable restriction to the right under Article 19(1)(f). The search and seizure of documents is not compelled production of documents and hence cannot be a violation of Article 20(3).

The power of search and seizure is the power of the state for the protection of social security. The intention of the Constitution-makers was not to subject this to the right to privacy.

Kharak Singh v. State of U.P. (1963)

It was acknowledged that the right to life under Article 21 does not mean mere ‘animal existence’ but rather a dignified human life. The Hon’ble Supreme Court did not use the word privacy while striking down the provision of domiciliary visits on the rationale of privacy. However, this judgement noted that privacy is not a constitutionally protected right in India.

Facts of the case

The petitioner in this case, Kharak Singh, was charged with dacoity but was released due to a lack of evidence. The police included him in the list of “history sheeters,” and he was put under surveillance under Regulation 236 of the U.P. Police Regulation. The regulation of surveillance provisioned for secret picketing of the house, periodical inquiries by the officers not below the rank of Sub-Inspector of the repute, habits, association, occupation, income, and expenses of the suspect, domiciliary visits to the house at night, reporting of movement by chowkidars, verification of movements and absence by inquiry slips, and collection of records in the history sheet of all information bearing on conduct. The petitioner challenged the constitutionality of Chapter XX of the U.P. Police Regulation Act under Article 32 of the Constitution.

The respondents took the defence that the provisions are not an infringement of rights guaranteed under Part III of the Constitution; even if they are, they are made in the interest of public order and to enable the police to discharge its functions efficiently.

Issues involved in the case

Whether “surveillance” under Chapter 20 of U.P. Police Regulation constitutes infringement of fundamental rights provided under Part III of the Constitution of India.

Judgement of the court

This case was decided by a six-judge bench of the Supreme Court, with the dissenting opinions of Subba Rao and Shah, JJ. The majority held the domiciliary visits under Regulation 236(b) by the police officer to check the presence of the accused in his house at night as unconstitutional and the rest of the provisions for surveillance as constitutional. The court opined that other terms like picketing or shadowing were not impeding the suspects from moving freely and hence were not violative of the rights guaranteed under Article 19(1)(d) or Article 21 of the Constitution.

The dissenting justices were of the opinion that all the provisions for surveillance were unconstitutional. The right to move freely does not only guarantee freedom from physical hindrances to movements; it guarantees the freedom of moving freely without being watched, noticed, or the movements being traced. The rights in Articles 19 and 21 are two distinct rights. The right to move freely is an attribute of personal liberty, but it is wrong to say that the right to move freely is carved out of the right to liberty. The right to be left alone is a facet of the right to privacy.

Govind v. State of Madhya Pradesh (1975)

This is the first case in India that extensively discusses the right to privacy. The constitutionality of the police surveillance of criminals on the list of “history sheeters” was again challenged before a three-judge bench of the Supreme Court.

Facts of the case

The petitioner, through the writ petition under Article 32, had challenged Regulations 855 and 856 of the Madhya Pradesh Police Regulations under Section 46(2)(c) of the Police Act of 1961. The petitioner averred that he had been conceived as a habitual offender and faced consistent domiciliary visits and other surveillance activities by the police. This amounts to serious infringements of his rights guaranteed under Article 19(1)(d) and Article 21. Therefore, the challenged regulation should be struck down for being in violation of fundamental rights.

Issues involved in the case

Whether Regulations 855 and 856 of the Madhya Pradesh Police Regulations were unconstitutional

Judgement of the court

The bench dismissed the petition and held that the regulation made under the provision of the Police Act has the force of law and was made in furtherance of the object of the Police Act to prevent the commission of a crime; hence, it is not an infringement of a fundamental right provided under Article 21 but a reasonable restriction on the rights of a certain class of persons who are determined to lead a criminal life.

The bench further noted that the right to privacy is not explicitly stated in the Constitution and assumed that though it emanates from the right to liberty, the right to move freely, and the right to speech, it cannot be an absolute right and should be subjected to the compelling public interest. The law infringing the right to privacy must satisfy compelling state interests.

However, the court interpreted the regulation in a narrow way to prevent it from being struck down. It also noted that the challenged regulations are on the verge of being violative of fundamental rights, and hence, the state should revise the old police regulations. The surveillance should be reduced to the clearest cases of community security, not as a routine function of the police to visit every person whose conviction ends or is released from jail.

State of Maharashtra & Ors. v. Madhukar Narayan Mardikar (1991)

In this case, the Supreme Court held that even a woman of “easy virtue” has the right to protect her privacy, and it would not be open to any person to violate her private space at his whims. The court further disagreed with the Bombay High Court’s assessment, which dismissed the testimony of Banubi on the grounds that she was an unchaste woman and her testimony could not be believed to ruin the career of a public official.

Facts of the case

A police inspector, the respondent, allegedly committed forceful sexual intercourse with a woman, Banubi, by entering her hutment. The women resisted him and filed a written complaint against him. Pursuant to the written complaint, a departmental inquiry was conducted against the respondent. The inquiry found him guilty of “perverse conduct,” and he was dismissed from his duty.

The respondent filed a writ against the order of departmental inquiry in the High Court of Bombay, Nagpur Bench. The High Court set aside the departmental inquiry and held that the testimony of Banubi could not be relied upon as she is a woman of doubtful character. The order of the High Court was challenged in the Supreme Court through a Special Leave Petition.

Issues involved in the case

Whether the High Court was justified in disbelieving the testimony of Banubi while assessing the guilt of the respondent.
Whether the Respondent was given sufficient materials to meet the charges against him.

Judgement of the court

The Supreme Court held that the High Court had ousted its jurisdiction by reconsidering the evidence. Further, the High Court had erred by placing the decision that the testimony of Banubi could not be relied upon to convict the accused. The testimony of the Banubi is corroborated by the testimony of her husband and the shifting testimony of two constables who followed him on the raid. The Supreme also considered that she was being honest about her antecedents and could not file a false complaint against the police official, knowing that she has a bad reputation. Thus, the Court found the police official guilty of the offence and held that even a woman of easy virtue enjoys the right to privacy and is entitled to the protection of the same.

In 2023, the Supreme Court of India, through CJI D.Y. Chandrachud, has recently released a Handbook on Combating Gender Stereotypes, which prohibits the calling of women by derogatory words such as unchaste or concubine. All these words were a reflection of pervasive stereotypes against women. It is a positive step towards making a society that respects the dignity of a woman, ensuring her societal justice.

R Rajagopal v. State of Tamil Nadu (1995)

This case is famously known as the Auto Shanker Case. The right to privacy was dealt with against the right of the media to publish the autobiography of a prisoner exercising the right to freedom of speech and expression under Article 19(1)(a).

Facts of the case

The editor and publisher of the Tamil Weekly Magazine Nakkheeran prayed through a writ petition under Article 32 for the issuance of an appropriate order restraining the Tamil Nadu State police authorities from taking any action against the petitioner and obstructing them from publishing the autobiography of Gauri Shanker. Shanker, a condemned criminal, was confined in prison for committing murders. The petitioner averred that Shanker had written his autobiography in the prison itself and had given the power of attorney to his advocate for the publication of the same in their magazine. It is the right of the petitioner under Article 19(1)(a) to publish the autobiography. The State Police is obstructing the publication of the autobiography because it reveals the connection of various politicians and IAS and IPS officers with the prisoner.

The prison authorities contended that the alleged autobiography was not written by Shanker, and publication of the same would amount to a violation of his right to privacy. They further said that the allegation of tutoring the prisoner was baseless.

Issues involved in the case

Whether any person could prevent another person from publishing his life story or biography if such unauthorised writing impinges on the person’s right to privacy;
Whether the press is entitled to publish the unauthorised accounts of a person’s life via the right to speech under Article 19(1)(a), and if such publication violates the right to privacy of a person or causes defamation, whether any remedy is available for it;
Whether the public officials or the state could maintain defamation and place prior restraint on the publication of defamatory material;
Whether the prison officials are entitled to act on behalf of the prisoner and prevent the publication of his biography to protect his rights

Judgement of the court

The Supreme Court held that the publication of a person’s life story without his consent is violative of his right to privacy, and the person is entitled to damages for injuries resulting from an unauthorised invasion. The right to privacy, though not explicitly mentioned in the Constitution of India, is the penumbra of the right to life and personal liberty under Article 21. The right to privacy entails the right to be let alone.

The court further held that the actions of public officials or public figures are open for scrutiny by the public in general, as citizens have a legitimate interest in their actions regarding public issues and concerns. The court referred to the decisions of the U.S. Supreme Court in Griswold v. Connecticut (1965) and Roe v. Wade (1973) which discussed the infringement of privacy by the State, and New York Times Co. v. Sullivan (1954) which held that the public has a legitimate interest in the conduct of public officials and figures, and the freedom of the press extends to debating the conducts of public officials in matters pertaining to public matters. Public officers cannot invoke infringement of privacy rights with respect to their conduct in the discharge of official duties; however, they have the right to claim damages for false publication motivated by malicious intention. Thus, there is a need to maintain a balance between the right to privacy and freedom of the press.

No prior restriction can be put on any publication merely on the grounds of suspension that such publication will amount to a violation of the privacy of individuals. The state is under the heavy burden of justifying publication as an attack on privacy for the imposition of restraint on such publication.

PUCL v. Union of India (1997)

This is the first PIL case to challenge the constitutionality of a law as violative of the right to privacy. The Civil Society Organisation People’s Union for Civil Liberties filed a petition in the Supreme Court contending that Section 5(2) of the Indian Telegraph Act, 1885, gives the state executives the power to tap the phones of individuals in certain circumstances as a stark attack on the individual’s privacy.

Facts of the case

The Central Bureau of Investigation published a report on the telephone tapping of politicians by Mahanagar Telephone Nigam Limited (MTNL) at the request of government officials. The report revealed several procedural flaws in the phone tapping. The PUCL filled a writ petition in the Supreme Court of India challenging Section 5(2) of the Telegraph Act, which allows the Central and State Governments to intercept messages on the grounds of public emergency or safety, sovereignty and integrity of India, and friendly relations of India with foreign states, as violative of the right to privacy enshrined in Articles 19 and 21 of the Constitution of India.

Union of India, the respondent argued that the provision was not an infringement of any right and, if declared unconstitutional, would jeopardise the public interest. The phone-tapping power can be invoked only by the officer appointed on this behalf by the central or state government. If any person wants to challenge the act of phone tapping, they can approach the government for suitable action. Further informing the person about their phone tapping would defeat the purpose of the action.

Issues involved in the case

Whether Section 5(2) of the Indian Telegraph Act was used to infringe the right to privacy.
Whether there was a need to provide procedural safeguards in order to prevent indiscriminate phone tapping and preclude arbitrariness.

Judgement of the court

The Apex Court held that the right to privacy is guaranteed under Article 21 of the Constitution by referring to the previous judgements in MP Sharma’s case, Kharak Singh’s case, Gobind v. State of M.P., and Rajagopal’s case. The right to have a telephonic conversation without intrusion is a part of the right to privacy under Article 21 and cannot be curtailed except by procedures established by law. The court noted that the procedural safeguards for fair and reasonable exercise of substantive power of surveillance were not given in the provision; therefore, the provision lacks the sanctity of reasonable restriction that can be invoked to curtail the fundamental rights of individuals. However, it did not strike down the challenged Section 5(2) of the Indian Telegraph Act but laid down detailed guidelines for the exercise of surveillance power by the executive in a just, fair, and reasonable manner. The Court did not accept the petitioner’s argument that prior judicial scrutiny was the only safeguard against interception orders and laid down the following guidelines:

The Home Secretary to the Central or State Government could only pass the orders of the telephone tapping, with the power to delegate its authority only in emergency situations.
The authority, before passing the order, must satisfy itself that it is necessary to obtain the information through such orders only.
The order of interception would cease to have effect after two months from the date of its issue, if not renewed, and the total period of operations would be limited to a total period of six months only.
A detailed report should be maintained of the intercepted communications and procedures followed therein.
The intercepted communication shall be used only for the minimum necessary purpose and shall be destroyed after retention has become unnecessary.
The central and state governments shall constitute a Review Committee to assess compliance with the law.

All these cases have proven to be seminal in identifying privacy as a right and have served as the basis for establishing the right to privacy as a fundamental right. The later judicial developments in the series are discussed hereinafter.

Mr. X v. Hospital Z (1998)

In this case, there was a conflict between two rights emanating from the right to life and personal liberty under Article 21, the right to marriage and the right to health. It was decided that the right to privacy is not an absolute right and can be subjugated when the purpose is to serve the larger public interest.

Facts of the case

The appellant was a Grade 1 Assistant Surgeon under the Government of Nagaland. He was ordered to assist a patient to the hospital. He was asked by the hospital to donate his blood to the patient. The hospital, based on his blood samples, found that he was HIV+ and disclosed this information. This disclosure resulted in the annulment of the marriage of the appellant. Additionally, he had to face ostracization at the hands of his family and relatives. As a result, he had to leave Nagaland. He went to Madras. He filed a petition with the National Consumer Dispute Redressal Commission (NCDRC) claiming damages against the hospital for breaching his confidentiality under medical ethics. The Consumer Forum dismissed his petition and asked him to approach the Civil Court for the proper remedy.

The appellant then filed an appeal in the Supreme Court on the grounds of a violation of medical ethics for not maintaining confidentiality and violation of his right to privacy under Article 21 of the Constitution. He argued that the hospital had breached its duty as to the rule of confidentiality, citing the Hippocratic Oath, the International Code for Medical Ethics, and the Indian Medical Council Act, 1956. He also contended that every person has a right to marriage, and the hospital was under a duty to maintain his secrecy.

Issues involved in the case

Whether the respondent has violated the right to privacy recognised under Article 21 of the Appellant as well as the duty to maintain confidentiality as per medical ethics

Judgement of the court

The Supreme Court of India studied and analysed the Code of Medical Ethics in India and the guidelines issued by the General Medical Council of Britain with respect to the exception to the rule of confidentiality in case of the HIV and AIDS-positive persons. The court found that the exception to the rule of confidentiality in cases of persons suffering from HIV and AIDS is recognised and disclosure is permissible in the public interest. The court observed that the negligent or unlawful communication of these life-threatening communicable diseases is punishable under Section 269 and Section 270 of the Indian Penal Code, 1860. Hence, the appellant in this case was under moral duty to inform his fiance about his disease.

The court further observed that every right of one person does not necessarily cast a correlative duty on another person, and the right to marry is one of such rights. By referring to the provisions of the Hindu Marriage Act, 1955; the Dissolution of Muslim Marriage Act, 1939; the Indian Divorce Act,1869; and the Special Marriage Act, 1954, the court observed that matrimonial systems are based on a healthy body and moral ethics. It provides venereal disease as a ground for divorce if one of the parties to the marriage is suffering from venereal disease. Thus, the right to marry and the duty to inform his or her proposed partner about the ailment are vested in the same person.

The court therefore suggested that it is the moral duty of the persons suffering from HIV, AIDS, or another venereal disease to inform his proposed partner about their ailment, and the right to marry cannot be enforced by the court of law till the disease is cured, and therefore, till then, the right to marry remains suspended.

The court further held that when there is a conflict between a person’s right to privacy and another person’s right to health, which serves the larger public interest, the right that serves the public interest or public morality would be enforced by the courts. The right to life includes the right to live a healthy life, enjoying every function of the human body in its prime condition. The appellant in this case has breached the right to be informed of his fiance (Ms. Akali) by not letting her know about his ailment. The respondent hospital in the present case cannot be said to have violated the rule of confidentiality or caused the breach of the right to privacy of the appellant.

Mr. X v. Hospital Z (2002)

In 2002, a three-judge bench of the Supreme Court, in a petition filed by the appellant under Article 32 turned application overruled the previous decision of the court in this matter except to the extent of holding that the appellant’s rights were not affected by the disclosure of his HIV positive information to his fiance and family. The court passed this decision considering the fact that the court, in its previous decision in the present matter, had surpassed its jurisdiction in deciding the rights and devising the exception to the rule of confidentiality for persons suffering from HIV or AIDS in general.

Hinsa Virodhak Sangh v. Mirzapur Moti Kuresh Jamat (2008)

The Supreme Court in this case held that the restriction on slaughterhouses for a temporary period of time during the Jain Festival Paryushan is not a violation of the constitutional right to trade of the petitioners. The validity of two regulations by the Ahmedabad State Corporation and the State of Gujarat were upheld by the Supreme Court, which the High Court of Gujarat had earlier declared unconstitutional. Justice M. Katju noted in his obiter dicta that the dietary preferences of a person are a part of his personal autonomy and right to privacy under Article 21 of the Constitution, while referring to the case of R. Rajagopal v. State of Tamil Nadu (1995), which declared that the right to be let alone is included in the right to privacy.

Facts of the case

The matter in the Supreme Court was brought by a Special Leave Petition against the order of the High Court of Gujarat, which declared the two regulations unconstitutional against Article 14 and the right to carry trade, profession, or business under Article 19(1)(g) of the Constitution. The impugned regulations provided for the closure of municipal slaughterhouses in the state during the Jain Festival of Paryushan. The High Court found them unconstitutional as they were an infringement on the rights of meat sellers and eaters. The High Court relied on the Judgement of the Supreme Court in the matter of Mohd. Faruk v. State of Madhya Pradesh (1970) – a Five Judges Bench that held that the sentiments of particular sections of people were irrelevant while imposing any prohibition. Aggrieved by the decision of the High Court, Hinsa Virodhi Manch brought this appeal to the Supreme Court to represent the cause of the Jain community.

Issues involved in the case

Whether a short-term restriction on selling meat would violate the rights guaranteed under Article 19(1)(g) of the meat traders without the restriction being reasonable under Article 19(6)
Whether these short-term restrictions affect the right to life under Article 21 for regular meat-eaters.

Judgement of the court

The Supreme Court at first pointed out that the decision of the Supreme Court in Mohd Faruk’s Case had been implicitly overruled by the Seven Judges Bench of the Supreme Court in State of Gujarat v. Mirzapur Moti Kureshi Kassab Jamat and Ors. (2006). Another case, Mohd. Hanif Qureshi v. State of Bihar (1959) which validated the total ban on cow slaughter law in Bihar referred to by the High Court, is also partially overruled by the State of Gujarat v. Mirzapur Moti Kureshi Kassab Jamat and Ors. (2006). The Supreme Court allowed the argument of the petitioner that a nine-day restriction on the slaughterhouses is not against the right to trade under Article 19(1)(g) and the right to life under Article 21, as the meat eater can source meat from neighbouring areas. The Court noted that India is a secular country, and protecting the interests of every religious, cultural, and linguistic community should be taken good care of by the state. The states of Gujarat and Rajasthan are home to many people who have faith in the Jain religion. Non-violence (Ahimsa) is a basic and integral tenet of Jain philosophy. The festival of Paryushan is very significant for the Jain community as they undergo penance during this period; therefore the closure of slaughterhouses for the period of Paryushan is valid and not against the constitutional protected rights under Articles 19 and 21 of the Constitution of India.

The Supreme Court referred to its decision in the case of State of Madras v. V.G. Row (1952) to test the reasonableness of the regulations. The V.G. Row case provided that while deciding the validity of the regulations, the courts should not only consider the duration and extent of the regulation but also the manner and circumstances in which they were being implemented. The Court cited the case of Om Prakash & Ors. v. State of U.P. & Ors. (2004) that validated the Municipal Bye-law imposing prohibition on the sale of meat, fish, and eggs in Rishikesh as the purpose of the visitors there is largely religious in nature, and host communities are strictly vegetarian.

However, the Court also noted that imposing restrictions on slaughterhouses for a considerable period of time without valid justification would render many people unemployed in the slaughter industry. Additionally, the non-vegetarians will be forced to be a little more vegetarian.

Jamiruddin Ahmed v. State of West Bengal (2008)

Facts of the case

In this case, an appeal was made to the Supreme Court. The Senior Police Officials of the rank of Additional S.P. conducted raids in the house of the appellant in a remote village at midnight under the Narcotics Drugs and Psychotropic Substances Act, 1985 (NDPS Act). The raids were challenged for non-compliance with the second proviso to Section 42(1) of the NDPS Act. The second proviso appended to Section 42(1) provides that the authority exercising the powers under the Act has reason to believe that the warrant for search or authorization Cannot be obtained without offering an opportunity to the offender to conceal the evidence or facility for the escape; the authority may enter and search such building, conveyances, or enclosed spaces after sunset and before sunrise after recording his grounds for the belief. The officials did not record the grounds for the reasons to be recorded for the midnight search without a search warrant.

Issues involved in the case

Whether a raid conducted under Section 42 of the NDPS Act without recording the reason was legal.

Judgement of the court

The Supreme Court had declared the search illegal because, despite having sufficient time to record their reason in writing for the search without a warrant in the appellant’s house, the authorities did not record the grounds for the same. The judgement was set aside, and the appellant was set free from jail. The court observed that the statute for compliance was directory in nature in clear terms and should be complied with scrupulously. In the statutes like NDPS Act, which provides stringent punishments, when a power of search, seizure, or arrest without warrant is conferred upon the authority under the Act, compliance with the conditions precedents is a prerequisite. Non-compliance with such provisions will result in a breach of the right to privacy of persons.

Ram Jethmalani & Ors. v. Union of India (2011)

This case is related to the failure of the government to address the routing of monies generated from unlawful activities by national and legal entities to foreign banks, especially in tax-haven countries with strict secrecy laws. The court noted that persons’ right to privacy cannot be breached unless they have committed an unlawful act allowing the disclosure of information about the persons against whom the investigation was completed and the proceedings were initiated. However, it refused the disclosure of information about persons against whom the investigation was not completed. The Supreme Court noted that “the right to privacy is an integral part of the right to life under Article 21 of the Constitution. This is a cherished constitutional value, and it is important that human beings be allowed domains of freedom that are free from public scrutiny unless they act in an unlawful manner.” The right of citizens to seek protection of fundamental rights under Article 32 needs to be balanced against the right of persons under Article 21.

Facts of the case

Citizen India, a civil society organisation of former bureaucrats, social activists, and well-known professionals, filed a petition in the Supreme Court, drawing the court’s attention toward various media reports and scholarly articles that revealed large amounts of unlawful money being secreted away from India in foreign bank accounts. The petitioners alleged that the government is not addressing this issue efficiently, highlighting the pattern of dereliction of duty in Hassan Ali Khan’s case and the case of Kashinath and Chandrika Tarapuriya. The government has not initiated any investigation or prosecution, despite the issue of the show cause notices. The petitioners have asked the government to provide a list of the persons who have bank accounts offshore, especially in Liechtenstein. They also asked for the formation of a SIT headed by former Supreme Court judges for a proper investigation of the cases.

The petitioners argued that the government is using the Double Tax Agreement (DTA) as an excuse to conceal information from the public.

In its reply, the government submitted that a high-level committee is coordinating the investigation in these cases and there is no need for SIT. It further contended that under the DTA, the government cannot reveal the name and particulars of persons who have lawfully deposited their money in foreign banks, as it would be against their right to privacy. The government, however, submitted that the details of persons against whom the investigation has been completed and proceedings have been initiated can be disclosed, but not of those against whom the investigation and proceedings are pending.

Issues involved in the case

Whether the government had lapsed in its duty to conduct a proper investigation, and further, whether there is a need to form SIT.
Whether disclosure of the name of the person holding black money in offshore bank accounts violates their right to privacy.

Judgement of the court

The Supreme Court, being unsatisfied with the report placed by the government and the performance of the high-level committee, ordered the appointment of the SIT to monitor the investigation and prosecution in the matters concerning unlawful monies in foreign bank accounts, especially in the case of Hasan Ali and Tarapuriyas.

The court analysed the clauses of DTA and held that the agreement does not provide for complete secrecy and that it is the duty of the government to provide information to the court and the petitioners. However, the court also noted that merely having a bank account in a foreign country is not grounds for disclosing the details of a person’s bank account unless the government finds some unlawful activities being done through these accounts through a proper investigation. The court allowed the disclosure of information about persons against whom the investigation was completed and the proceedings were initiated, and refused the disclosure of information of persons against whom the investigation was not completed, noting that the citizens’ right to seek information under Article 32 and the citizen right to privacy under Article 21 need to be balanced.

In Re: Ramlila Maidan Incident v. Home Secretary, Union of India & Ors. (2012)

The Supreme Court took suo moto cognizance of the suppression of a peaceful protesting crowd sleeping in the Ramlila Maidan of Delhi by the government at midnight hours of 12:30 am. The Court held that to impose Section 144 of The Code of Criminal Procedures, 1973, there must be a co-existence of material facts, imminent harm, and the requirement to take immediate steps to prevent the harm. The right to sleep and the right to privacy are integral parts of the right to life under Article 21, just as the right to eat, to drink, etc. The state is under a duty to protect these rights of persons from unlawful and unreasonable intrusion by others.

Facts of the case

On June 4, 2011, Baba Ramdev staged a hunger strike protest against the Government of India for its inaction against black money. At about 11:30 pm, the police team headed by the Joint Commissioner of Police met Baba Ramdev and told him that permission to conduct the camp had been withdrawn and Baba Ramdev would be detained. In just one hour, at about 12:30 am, the Central Reserve Police Force and the Rapid Action Force were deployed to evacuate the Ramlila Maidan. The forces used tear gas, water cannons, and batons on the protestors, which led to injuries to many people and the death of one person.

The Supreme Court took suo moto cognizance of the incident. The Amicus Curiae submitted to the court that the imposition of Section 144 of Cr.P.C. was unreasonable, was politically motivated based on mala fide intentions, and that an increase in the number of persons attending the event cannot be a ground to apprehend violence. The government resorted to undue use of force by deploying water canons, tear gas, and batons with the motive to quell the protest. The Bharat Swabhiman Trust, the organisation of Baba Ramdev, submitted that they have obtained a NOC from the Commissioner of Police to conduct the event in Ramlila Maidan.

The Delhi Police submitted that permission was given to conduct a yoga camp, not to organise a hunger strike. Further, the imposition of Section 144 Cr.P.C. was done by viewing the number of people that could join the protest the next day. It was also contended that the violence was used in response to violent incidents breaking out among the protesters, which resulted in injuries to police officers.

Issues involved in the case

Whether the imposition of Section 144 of the Code of Criminal Procedure, 1973, led to the violation of the right to peaceful assembly, the right to freedom of speech and expression, and the right to life guaranteed under Articles 19 and 21 of the Constitution.

Decision of the case

The decision in this case was given by a two-judge bench of the Supreme Court comprising Justice B.S. Chauhan and Justice Swatantra Kumar. Justice Chauhan, in his concurring judgement, discussed the right to sleep and the right to privacy as integral parts of the right to life. The court extensively discussed the various aspects relating to the restrictions that could be imposed on the exercise of fundamental rights. The Court referred to its judgement in State of Madras v. V.G. Rao (1952), wherein it was held that the reasonableness of the restriction depends upon the circumstances and the manner in which the restrictions are being imposed, the evil sought to be remedied, the level of urgency needed to address the evil, the duration and extent to restriction and the prevailing conditions at that time. It held that the imposition of Section 144 could only be reasonable when it is not arbitrary and excessive and possesses a direct and proximate nexus with the object sought to be achieved. The order under Section 144 must be in writing, and the public should be given appropriate notice and time to evacuate the place. The government failed to establish that there existed any compelling circumstances that necessitated the imposition of Section 144 at midnight hours in the present case.

Justice K.S. Puttaswamy (Retd.) v Union Of India (2017)

The watershed decision in the judicial history of India recognised the right to privacy as a distinguished fundamental right under Article 21 of the Constitution of India. The decision of this case laid the foundation for the identification and protection of other liberties in India such as, the decriminalisation of adultery in Joseph Shine v. Union of India (2018), decriminalisation of consensual same-sex relationship in Navtej Singh Johar v. Union of India (2018), etc. The Supreme Court of India observed that the concept of privacy entails the natural right of a person to have autonomy in the choices made by him regarding core aspects of life.

The contemporary age of technological advancements has been regarded as the “era of ubiquitous dataveillance, the systemic monitoring of the communications and actions of individuals through information technology.”

Facts of the case

Justice Puttaswamy, a retired High Court Judge, in 2012 challenged the Constitutionality of the Unique Identification Authority of India (UIDAI), popularly known as the Aadhaar Scheme of the Government of India. In 2016, the policy was given legislative backing by the enactment of the Aadhar (Targeted Delivery of Financial and Other Subsidies, Benefits and Services) Act, 2016 (hereinafter referred to as the Aadhaar Act). Similar petitions were also filed to challenge the constitutionality of the policy and the vires of the Act. The policy sought to create a unique identity for Individuals by collecting their biometric data, consisting of their iris and fingerprint, so as to ensure the direct and targeted delivery of welfare schemes to the people in India. The petitioner challenged the policy on the ground that mandatory collection of biometric data by the government so that the individual can avail of government services is a violation of the right to privacy under Article 21 of India. It is against democratic values and may lead to a surveillance state.

The Union of India and UIDAI, in its counter-affidavit stated that the right to privacy is not a fundamental right, relying on the Judgment of the Eight Judges’ Bench of the Supreme Court in the M.P. Sharma case

Issues involved in the case

Whether the right to privacy is a fundamental right under Part III of the Constitution of India.

Why a Nine Judges’ Bench in Justice K.S. Puttaswamy (Retd.) v. Union of India (2017)

Earlier, the matter was heard by the bench of the Supreme Court, consisting of three Judges. The Bench observed that though the Eight-Judge Bench of M. P. Sharma’s case and the Six-Judge Bench of Kharak Singh’s case had decided that the right to privacy is not a fundamental right in India, the decision of the smaller benches in Govind v. State of M.P., R. Rajagopal v. State of Tamil Nadu, and People Union of Civil Liberties v. The Union of India has identified privacy as a constitutionally protected right following the decisions in A.K. Gopalan’s case, Maneka Gandhi’s case, and R.C. Cooper’s case. Therefore, there is a state of confusion about whether privacy is a fundamental right or not under the Constitution of India. The issue needed to be authoritatively decided by a bench of appropriate strength.

The matter was referred to the Constitutional Bench of nine judges to authoritatively resolve it. The nine-judge bench, comprising the then Chief Justice of India, J.S. Kehar, and Justices D.Y. Chandrachud, R.K. Agarwal, S. A. Nazeer, J. Chelameswar, S.A. Bobde, R. F. Nariman, A. M. Sapre and S.K. Kaul, JJ. delivered six concurring yet unanimous judgements and decided that the right to privacy is a fundamental right and can be traced to Articles 14, 19, and 21 of the Constitution of India.

Judgement of the case

The Supreme Court, through an order dated August 24, 2017, passed the following orders:

The decisions in the cases of MP Sharma and Kharak Singh stand overruled, which held that the right to privacy is not protected under the Constitution of India.
The right to privacy is an intrinsic part of the right to life and personal liberty under Article 21 and a part of freedoms guaranteed by Part III of the Constitution of India.

The following section provides the crux of the judgements delivered by Dr. D.Y. Chandrachud, Chelameshwar, S. A. Bobde, Nariman, Sapre, and S.K. Kaul, JJ.

Judgement by Justice Chandrachud (for J.S. Kehar, J., the then CJI, Nazeer, and Agarwal JJ. and himself)

The judgement overruled the previous judgements in MP Sharma’s case and the Kharak Singh’s case to the extent they held that the Constitution of India does not protect the right to privacy of an Individual.

The judgement in the case of ADM Jabalpur v. Shivakant Shukla was also overruled to the extent that the right to life and liberty, including the right to privacy, can be surrendered in an emergency.

It was held that the right to privacy is a concomitant right to life and personal liberty protected under Article 21. It is a natural right that is inalienable to human existence and is not a boon granted by the state. Although the right is not absolute, it does not amount to usurpation of legislative function.

The core of privacy lies in the ability of individuals to control the vital aspects of life and safeguard the autonomy exercised by them in decisions of personal intimacies, the sanctity of family life and sexual orientation, matters of home, and marriage.

Judgement by Justice J. Chelameshwar

The right to privacy has three important aspects: repose, sanctuary, and intimate decisions, which are essential for the liberty of an individual. The right to liberty can be enjoyed to its full potential unless it is backed by privacy. A liberal state must protect freedom and prevent an unnecessary state’s intrusion into the life of an individual. The right to privacy is not an absolute right and has to be identified on the nature of claimed interest. The legislation restricting the right to privacy must pass the test of strictest scrutiny of compelling state interest and withstand the just, fair, and reasonable standard.

Judgement by Justice S. A. Bobde

The right to privacy is distributed under all the rights guaranteed under Part III and takes the form of the right which enjoyment is curtailed. Therefore, the act of the state violating privacy, along with passing the test of just, fair and reasonable under Article 21, must also pass the test applicable to that Article.

The right to privacy may be guaranteed both under fundamental rights and common law. As a fundamental right, it is protected against the state, whereas, in common law, it is safeguarded horizontally between individuals.

The right to privacy is an inalienable human right and is a necessary basic condition to exercise the right to liberty. The essence of privacy is the right to be let alone and the right to seclude oneself from intrusion in any manner. It also entails the negative autonomy of not doing a specific act. A reasonable restriction can be put on the exercise of the right to privacy.

Judgement by Justice Fali Nariman

Justice Nariman, in his judgement, propounded that the right to privacy may not be an absolute right, but it is an inalienable right. It can be traced to Article 21 and can also be found in other liberties guaranteed in concurrence with the nature of the right claimed. It will develop on a case-by-case basis. Privacy is a multifaceted concept that encompasses all the aspects of non interference in the personal life of a person.

He referred to the dissenting judgements of Justice Subbarao in Kharak Singh’s case, Justice Fazl Ali in A.K. Gopalan’s case, and Justice Khanna in ADM Jabalpur’s case.

During the time of MP Sharma’s case, fundamental rights were interpreted in separate, watertight compartments exclusive of others rights, but the time has changed since Maneka Gandhi’s case. The fundamental rights are to be read inclusive of other rights provided. The intent of the constitutional assembly was to provide an organic constitution that could be interpreted with the passage of time. The right to privacy must be discussed in the light of ongoing technological advancement. Privacy in the context of India includes protection against intrusion into the personal life of a person, informational privacy, and protection from the dissemination of personal information. The principles enshrining the cardinal values of fraternity and dignity of individuals can only be achieved when individuals are given autonomy in making their choices.

Judgement by Justice Sapre

He highlighted that the right to privacy can be traced to Articles 21 and 19, and also to the Preamble to the Constitution as well. The society that follows the rule of law must cherish the multifaceted and inalienable right to privacy, but the right is subject to some restrictions that are necessary for protecting moral, social, and potent public interests.

Judgement by Justice S. K. Kaul

Justice Kaul discussed the right to privacy from the prism of the right to individual autonomy and right to non-interference in one’s personal life by the state and non-state actors. He highlighted that the concept of liberty, equality and dignity in the Preamble are the abstract principles that need to be interpreted to incorporate the past, present, and future liberties.

Technological advancements have made room for intrusion in the personal life of an individual by the state and non-state parties as well. It is therefore imperative to protect the privacy of an individual. The state must bring a law that balances the privacy concerns of individuals with legitimate state interests.

He also stressed that the law should serve the interest of all, not just the majority. The sexual autonomy of an individual must be protected as an attribute of privacy.

The Test of Proportionality and Legitimacy: Puttaswamy v. Union of India (2017)

While upholding the right to privacy as a fundamental right, the Court also held that the right to privacy is not absolute and can be subjected to fulfilling the legitimate state’s interests, such as protection of other fundamental rights, national security, public interest, including scientific and historical research purposes, prevention and investigation of crime, etc.

To determine the criteria of a legitimate state’s interest, the court, through Justice S.K. Kaul, laid down the Test of Proportionality and Legitimacy. It held that any intrusion into the right to privacy must be in accordance with the procedure established by law, which is just fair and reasonable.

The following test of proportionality and legitimacy must be applied to limit the state’s discretion:

The action of the state must be sanctioned by the law.
The proposed action must be backed by a legitimate aim in a democratic society.
The extent of interference must be proportionate with the need of interference, and
There must be procedural guarantees against abuse of such interference.

Justice Chandrachud also laid down a similar test to determine the legitimacy of the state’s interest in intruding on the privacy of individuals.

Justice K.S. Puttaswamy v. Union of India (2018) (2019)

Facts of the case

After the judgement given by the nine-judge constitution bench, the issue raised about the constitutionality of the Aadhar scheme and the Aadhar Act, 2016, was decided by the Five-Judge constitution bench, comprising Chief Justice Dipak Mishra, A.K. Sikri, A.M. Khanwilker, Dr. D.Y. Chandrachud, and A. Bhusan, JJ, in three opinions, with Justice Chandrachud writing the dissenting one.

The matter in the case was related to the informational privacy of an individual. The demographic and biometric information being collected by the state is for the purpose of providing its citizens with a unique identity, for better dissemination of government services, subsidies, and other benefits, and to prevent the dissipation of funds for direct benefit transfers, such as in the public distribution system (PDS), or MGNREGA.

Issues involved in the case

Whether the Aadhar Project created or has a tendency to create a surveillance state, and whether this ground is unconstitutional.
Whether the Aadhar Act, 2016 and Section 139AA of the Income Tax Act, 1961, violate the right to privacy.
Whether children could be brought within sweep of Sections 7 and 8 of the Aadhar Act.
Whether the Aadhar Act could be passed as a “Money Bill” within the meaning of Article 110 of the Constitution.

Submissions made by the state in its defence in Justice K.S. Puttaswamy v. Union of India (2018)

The main contention of the state was that governments allocate about 3% of the GDP towards subsidies, scholarships, education, food, pensions, and other welfare programmes, half of which do not reach the intended beneficiaries. Aadhar is therefore necessary, as there is no other identity document commonly and widely used by the residents of the country. It also provides assurance of authentication of documents.

As regards privacy with respect to iris and fingerprint data, there is no expectation of privacy. They are not capable of revealing any personal information about an individual except for the purpose of identification. Further, they are the most accurate and non-invasive way of identifying an individual. These data are used in biometric attendance, mobiles, and laptops for passwords and other security reasons for private use. 120 countries use these biometric data for issuance of passports.

The state further contended that the Act satisfies the proportionality test and furthers the legitimate state interest by preventing the leakages and dissipation of subsidies and other welfare benefits that are covered under Section 7 of the Aadhaar Act. The Act tries to maintain a balance between two rights, the right to privacy and the right to food, shelter, and employment, under Article 21 of the Constitution, which are to be fulfilled under the positive obligation of the state and are in furtherance of the Directive Principles of State Policy under Articles 38, 39, 41, 43, 47, and 48 of the Constitution of India.

The state refuted the argument of “illusory consent” by submitting that Section 7 of the Aadhaar Act makes the Aadhaar mandatory to avail of the benefits, subsidies and services linked to the Consolidated Fund of India.

Judgement of the court

To answer the very first issue, the Supreme Court noted that the nature of the data being collected for the Aadhar scheme was minimal. It did not collect any information regarding place, purpose, or other information related to transactions. Ample security measures have been taken to ensure the security of data. Only registered devices could be used for authentication. Therefore, it is difficult to profile individuals based on their biometric and demographic data. However, the court reduced the time limit for storage of data provided in the Act from five years to six months under Regulation 27.

To the question of whether the Aadhar Act violates the right to privacy, The court noted that it meets the threefold criteria of the test laid down in the Puttaswamy judgement (2017), that is

the legality, means backed by the law;
need, defined in the terms of a legitimate state’s interest, and
proportionality, which is a rational nexus between the objects sought to be achieved and the means employed to achieve it.

The court further noted that Section 139AA of the Income Tax Act, which makes the linkage of Aadhar with PAN mandatory, is not unconstitutional, but the mandatory linkage of Aadhar with bank accounts is not valid as it does not satisfy the test of proportionality, and therefore it was struck down.

On the issue of whether children can be brought under the sweep of Sections 7 and 8 of the Aadhaar Act, the court held that the parents can take the decision on their behalf; however, they have the option of opting out upon attaining the age of majority.

The Court validated the passing of Aadhar as a “Money Bill” within Article 110 of the Constitution, as the expenses incurred in the process of achieving the objectives of Aadhar, which are the grant of subsidies and other benefits, were to be met out of the Consolidated Fund of India.

The Court also struck down some provisions of the Aadhaar Act as unconstitutional. The court struck down Section 47 of the Act, which empowered only UIDAI to be a complainant in cases of violation of the Act, and directed that any person who has been aggrieved or a victim can file a complaint against breach.

Further, the court struck down Section 57 of the Act, which allowed the private entities to use Aadhar. The court observed that the term “any purpose” is vulnerable and can be misused to manipulate private data.

Justice Chandrachud, in his dissenting judgement, held that the passing of Aadhar as money bill was unconstitutional. He noted that the Act lacks privacy safeguards, such as the individuals must have the right to access, correct and delete data. There should be consented collection and detention of biometric data. Furthermore, the retention period needs to be specified. The individual must be given an option of opting out.

He pointed out that Aadhar poses the risk of creating a surveillance state, which is violative of informational self-determination, informational privacy, and the protection of data. The Aadhar Act is violative of Article 14 in absence of robust regulatory and monitoring framework for data protection. An individual must not be compelled to compromise his or her right to privacy to avail themselves of food and other welfare services.

Vinit Kumar v. Central Bureau of Investigation (2019)

Facts of the case

In this case, the Ministry of Home Affairs of India made three interception orders to intercept the telephonic calls of the petitioner between October 2009 and February 2010 under the Indian Telegraph Act, 1885, Section 5(2) on the charge of bribing public officials to obtain favour in credit.

The interception of the telephonic communication of the petitioner by the government was challenged on the grounds of a violation of the right to privacy. The High Court of Bombay, referring to the Judgement of Puttaswamy (2017), set aside the three interception orders. Further, the Court did not allow the use of the recorded conversation as evidence against Kumar and ordered the destruction of copies of intercepted messages or recordings.

Judgement of the court

The High Court of Bombay observed that the order of interception to be valid must satisfy the test of proportionality and legitimacy as laid down in Puttaswamy’s case (2017). The order of interception should,at first, be sanctioned by law; second, it must be necessary in a democratic society; third, the extent of interference should be proportionate to the need for interference; and lastly, there must be a procedural guarantee to safeguard against abuse of that interference. The Court refuted the argument of the CBI that the order was made on the ground of public safety. It was noted that three interception orders were not sanctioned by law, hence not valid.

Brief overview of privacy laws in India

The right to privacy was first recognised as guaranteeing protection against the unwanted interference of the state, barring the physical liberty of the person, as a violation of their right to privacy. The journey has been so far that the biometric and digital data of a person is also protected under the ambit of the right to privacy.

Legislative provisions on protection of privacy in India

Before the enactment of the Digital Personal Data Protection Act, 2023, there was not an exclusive law in India that dealt with the protection of the privacy of individuals. The issue raised in Puttaswamy’s case (2017) highlighted the need for a robust data protection mechanism in India, which was time and again iterated by the Supreme Court.

Indian Penal Code, 1860

However, there were provisions in different laws that provided for the protection of certain aspects of privacy. Such as Section 354C of the Indian Penal Code, 1860, which makes the act of voyeurism an offence; Section 354D punishes the act of staking, including the act of online stalking; and Section 228A, which prohibits the disclosure of identity of victims of certain offences.

The Information Technology Act, 2000

The Information Technology Act, 2000, has served as a source of protecting data till date. The Act was enacted to provide legality to e-commerce and fight cybercrime issues. The Information Technology Act was amended in 2008 to make it more comprehensive towards addressing the problems of the internet and technological advancements such as cybercrime, phishing, online voyeurism, and data theft.

Section 66A prohibits the sending of inappropriate, inaccurate, dangerous, or misleading messages through online communication with the intention of “causing irritation, discomfort, fear, humiliation, hindrance, harm, criminal intimidation, hostility, hatred, or ill will.”

Section 67 and Section 67A prohibit the transmission of obscene and sexually explicit material online and provide punishment of imprisonment for five years with a fine of up to ten lakhs on the first conviction and imprisonment for seven years with a fine of ten lakhs on the subsequent conviction.

Section 69A empowers the Central Government to ask any agency or intermediary to restrict the public access to certain information if it is deemed to be a threat to India’s sovereignty, national security, or public order.

However, the Supreme Court in Shreya Sighal v. Union of India (2015) struck down Section 66A in its entirety. At the same time, it upheld Section 69A as constitutionally valid.

The Digital Personal Data Protection Act, 2023

The enactment of the Data Protection Act for India has been long sought. The first draft data protection bill was tabled in Parliament in 2018 under the title Personal Data Protection Bill, 2018. The draft was prepared by the Justice Srikrishna Committee ( a committee formed by the Ministry of Electronics and Information Technology). The bill was sent for reconsideration as it mandated the data fiduciary to maintain at least one copy of serving copy of customers’ information in India so that it would be easy for law enforcement agencies to access the information. This mandatory requirement posed a serious threat to privacy by allowing the state to process the personal data. The regulatory framework established by the bill was given minimal autonomy, and it would have worked largely under the central government.

Other two bills were also presented in the Parliament in 2019 and 2021, but both were withdrawn due to inadequacies present in them in providing a robust legal mechanism to secure the digital data of Indians.

Finally, on 11th August 2023, the Digital Personal Data Protection Act, 2023 (DPDP Act) was enacted, which provides a roadmap for protecting the digital data of individual citizens.

Key Features of the Digital Personal Data Protection Act, 2023

The Act defines personal data as the “information that relates to identified or identifiable individuals.”
The Act is applicable to the processing of digital personal data within India where such data is (i) collected online or (ii) collected offline and is digitised.” The Act also applies to the processing of data outside India, which means offering goods and services in India.
Data processing means the full or partial automated operation of digital personal data. It includes the collection, storage, use, and sharing of data.
Consent is central to the Data Protection Act. The processing of personal data can only be done after obtaining the consent of the individual. A notice must be given before seeking consent, which shall include the details of the personal data collected and the purpose of the processing. The consent can be revoked at any time. The consent on behalf of the minor will be provided by the parent or legal guardian.
In certain cases, there would be no requirement for consent for legitimate purposes, such as

specified purposes where the individual has voluntarily provided the data,
provision for government benefits and services,
medical emergency, and
employment.

The Act allows transfer of data outside India, except in a few countries, which shall be notified by the Central Government.

Stakeholders in the Digital Personal Data Protection Act, 2023

The act provides for the following stakeholders relating to the industry of data:

Data Fiduciary: It is the person who, either alone or in conjunction with others, determines the purpose and means of processing personal data. Section 10 gives power to the central government to notify certain data fiduciaries or certain classes of data fiduciaries as significant data fiduciaries.
Data Principal: The person to whom such personal data relates is the data principal. In the case of a child or a person with a disability, the parents or lawful guardian of the person shall be the data principal.
Data Processor: The data processor is the person who processes the data on behalf of the fiduciary. The data fiduciary and the data processor are the different stakeholders.
Consent Manager: As defined in Section 2(g) of the Act, a consent manager shall be a person registered with the data protection board. The function of the data protection board shall be to act as a single platform for enabling data principals to give, manage, review, and withdraw their consent, whenever needed through accessible, transparent, and interoperable platforms.
Data Protection Officer: The individual appointed by the significant data fiduciary.
Data Protection Board: The Board is tasked with protecting the personal data of individuals, receiving complaints and conducting inquiries into the matter of data breaches, imposing penalties, and awarding remedies to the aggrieved data principles.

Data Protection Board under the Digital Personal Data Protection Act, 2023

The act provides for the establishment of the Data Protection Board of India under Section 18, Chapter V. The chairperson and members shall be appointed for two years and shall be eligible for reappointment.

The eligibility criteria for the Chairperson of the Board or Members of the Board are discussed in Section 19(3), which provides that the person should be a person of integrity, ability, standing, and knowledge or practical experience in the fields of communication and digital technology, data governance, dispute resolution, the digital economy, and techno-regulation. At least one member shall be an expert in law. The board shall monitor compliance with the Act and also hear the grievances of the affected persons.

Functions of the Data Protection Board under the Digital Personal Data Protection Act, 2023

The powers and functions of the Data Protection Board of India are given under Section 27 of the Act under Chapter VI. The Board shall perform the following functions, namely:

to provide urgent remedial and mitigation measures in case of a personal data breach and investigate the same;
to inquire in the matter of data breaches on a complaint received by the data principle on breach of the obligation of the consent manager and impose a penalty for the same;
to inquire into the matter of breach of personal data by the data fiduciary on receipt of a complaint from the data principle or reference made by the central government for such breach and impose a penalty;
to inquire and impose penalties in event of breach of registration conditions by the consent manager;
to inquire and impose a penalty on the reference made by the central government regarding breach by intermediary of obligation under Section 37(2), i.e., non-obligation of the direction issued by the central government to an intermediary.

Exemptions to the Rights of Individuals and Obligations of Data Fiduciaries in the Digital Personal Data Protection Act, 2023

The Act provides for certain situations where the right of data principle or the obligation of data fiduciary (except data security) shall not apply, such as;

investigation and prevention of crimes;
enforcement of legal claims and rights;
processing of data by government entities for security of state or public order, and
research, archiving, or statistical purposes.

Criticism of the Digital Personal Data Protection Act, 2023

Excessive Delegated Legislation: The Data Protection Act has attracted several criticisms by the experts and academia. They have highlighted that there is excessive delegated legislation in the Act that may lead to excessive exercise of power or arbitrariness in decisions by the authorities.
No Compensation to the Aggrieved Data Principal: The Act provides no compensation to the aggrieved data principle for the breach of data. Further, the provision of the Information Technology Act of 2000 that provided the compensation has also been repealed. The General Data Protection Regulation of the European Union provided for compensation to aggrieved data principals.
Voluntary Undertaking Clause: The “Voluntary Undertaking” Clause in Section 32 is the most debated part of the Act. The very purpose of the enactment of the DPDP Act, 2023, is hit by this clause, as any unscrupulous data fiduciary may get themselves absolved of the penalties after making a declaration of voluntary undertaking.
Independence of the Data Protection Board: Concerns over the Independency of the Data Protection Board have also been raised. The central government has the power to appoint the chairperson and members of the board. The Bill of 2019 provided for the selection committee to appoint the chairperson and the members of the board.
Right to be Forgotten and Data Portability: No provisions have been provided for the right to data portability that were provided in the Bill of 2019. The Joint Parliamentary Committee has also recommended the inclusion of these rights for maintaining transparency, autonomy, and giving individuals control of their data. The European GDPR also recognises these inviolable rights.
Exemptions to Government: The Act has exempted the government from asking for the consent of individuals while processing it for security purposes or to maintain public order. It may result in the intrusion by the government into the personal life of an individual, the profiling of the individual, and a surveillance state.

Right to privacy and right to be forgotten

The right to be forgotten is considered part of the broader right to privacy. Whereas, the right to privacy prevents the publication of information, the right to be forgotten requires the removal of information from public resources. In the age of technology, where each and every action of an individual creates a digital footprint, it is pertinent that the right to be forgotten be included in the right to privacy. The right to be forgotten calls for the ability of an individual to get the information removed or deleted from the databases, such as the right of an accused to get his name struck from the list in case he is not convicted. The right to be forgotten entails that an individual is able to remove their digital footprints that have been created by the use of the internet about their choices, preferences, contacts and so on.

The right to be forgotten has been recognised in the recent case of Google v. Agencia Española de Protección de Datos, Costeja Gonzalez (2014) by the European Court of Justice. The court ruled that the citizens of the European Union have the right to get their name removed from the search engine if it is no longer relevant. It further ruled that the right to be forgotten is not absolute and can be denied if the publication is in the exercise of freedom of speech and other legal obligations.

Rout v. State of Odisha (2020)

The High Court of Odisha, through Justice S.K. Panigrahi observed that the right to be forgotten is in sync with the right to privacy. Every victim has the right to get materials removed from the internet through an approaching court that is against her dignity and reputation.

In this case, the accused forcibly committed sexual intercourse with his classmate, recorded the incident, and uploaded it to facebook with a fake ID of the victim. After being caught by the police, he deleted the videos. The court, while rejecting his bail plea, observed that the victim or the prosecution may approach the court for proper order to the intermediary to remove the objectionable content from their database.

Jorawer Singh Mundy v. Union of India (2022)

In India, the recent judgement in Jorawar Singh Mundy v. Union of India (2022) of the Delhi High Court directed the online legal databases such as Indian Kanoon and others to remove the judgement titled Custom v. Jorwar Singh Mundy (2013) from their websites in which the petitioner’s name appeared.

The petitioner was an American citizen of Indian origin. He visited India in 2009 and was charged with the offences under the Narcotics and Psychotropic Substances Act, 1985. Though he was acquitted of the charges, any potential employer had access to judgement, and hence, he was not able to get the job in america.

Issues involved in the case

The issue of the case was whether the court’s Judgement can be removed from online platforms.

Judgement of the court

The Delhi High Court, through Justice M. Pratibha Singh, noted that the above issues entail the perusal of two rights, viz., right to privacy, the right to information of the public, and the maintenance of transparency. Considering the loss caused to the petitioner in terms of his social life and career prospects, the court gave him interim relief and ordered the removal of the case name from the databases by Indian Kanoon and directed to block any results appearing from the searches of Google or Yahoo, or similar search engines.

Conclusion

The right to privacy has been given the status of a constitutionally protected right. Jurisprudence is the result of the judicial intellect of the judges. The Court has proven itself to be the true protector of fundamental rights by recognising new rights as per the changing needs of society. The forms of protection sought for privacy have also changed over the years. At the earliest stage, it was to protect the individual from an unwanted state’s interference in their day-to-day life. Later, the protection of privacy was sought against the unwanted interference in the personal life of an individual by the press, and thus it was recognised that there is a need to maintain a balance between one’s right to information, the right to publish information, and another’s right to privacy to keep one’s matters confined to oneself. It has also been established that, though the right to privacy is an intrinsic part of the right to life and personal liberties under Article 21 of the Constitution, it is not absolute and subject to reasonable restrictions. In the new age of technology, where the personal data of individuals is being extensively used by state and non-state entities, it has become imperative to protect the data of individuals from theft and other data breaches. The Puttaswamy Judgement has played a pivotal role in recognising the right of informational privacy of the individual. It paved the way for the enactment of the Data Protection Act. However, the data protection law has been criticised for certain lacunae. In order to strengthen the belief of the people in the data protection law, the government should consider the recommendations being given by the experts.

Frequently Asked Questions

Is the right to privacy a fundamental right in India?

Yes, the right to privacy has been granted the status of fundamental right in the Constitution of India under Article 21. The 9-Judges Bench of the Supreme Court of India in Justice K.S. Puttaswamy v. Union of India (2017) unanimously recognised that the privacy of the persons is protected under Article 21 of the Constitution. The judgement also laid down that the right to privacy though a fundamental right is not an absolute right. It can be limited by imposing reasonable restrictions. Privacy forms a part of liberty enjoyed by a person and can be restricted by due procedure established by law.

When can the right to privacy be restricted?

The right to privacy can be restricted in the case of legitimate state’s interests. The legitimate interests of the state means the situations such as protection of other fundamental rights, national security, public interest, including scientific and historical research purposes, prevention and investigation of crime, etc. The Supreme Court has also laid down the test of proportionality that needs to be applied while determining whether the restriction imposed on privacy is right or wrong. The following test of proportionality and legitimacy must be applied to limit the state’s discretion:

The action of the state must be sanctioned by the law.
The proposed action must be backed by a legitimate aim in a democratic society.
The extent of interference must be proportionate with the need of interference, and
There must be procedural guarantees against abuse of such interference.

Does India have the Data Protection Law?

Yes, the Parliament of India has enacted the Digital Personal Data Protection Act, 2023 in August 2023, with the purpose of protecting the personal data of Individuals from being breached. The Act obliges the data fiduciaries to take necessary organisational and technical measures to protect the personal data of individuals. The Act provides that the personal data of any individual can be stored and used for processing only after obtaining the consent of the individual. Further, the individual has the power to remove this consent whenever he/she wants. The data fiduciaries have to appoint a consent manager for this purpose. The data must be used only for the purpose for which the consent has been obtained and should be removed from the database, once the purpose is completed, following the principle of purpose limitation. The Act also provides for the establishment of a Data Protection Board, a body that will be responsible for receiving the grievances of data breaches and providing remedies for the same. The board also has been given powers to make inquiries and impose penalties in the matter of data breach on the guilty party.