Right to Privacy as a Fundamental Right: Evolution and Challenges

Abstract

The right to privacy has undergone a transformative journey in India’s constitutional jurisprudence. Initially denied recognition in early decisions such as M.P. Sharma v Satish Chandra (1954) and Kharak Singh v State of Uttar Pradesh (1962), privacy was later affirmed as a fundamental right by the Supreme Court in Justice K.S. Puttaswamy v Union of India (2017) [1] [2] [3]  . This landmark judgment declared privacy as intrinsic to Article 21, encompassing autonomy, dignity, and informational control. Despite this recognition, privacy in India faces significant challenges, particularly with state surveillance, the rise of digital technologies, and limits within the Digital Personal Data Protection Act 2023 [4]. This article analyses the constitutional evolution of privacy in India, highlights judicial approaches, examines key challenges, and proposes reforms for robust privacy protection in the digital era.

Introduction

The concept of privacy, while deeply rooted in human dignity, was historically overlooked in India’s constitutional framework. The framers did not expressly provide for a right to privacy, and for decades, Indian courts hesitated to acknowledge it as a fundamental right. However, technological developments, the expansion of state surveillance, and increased public awareness gradually reshaped the discourse. The watershed moment arrived in Justice K.S. Puttaswamy v Union of India (2017), where a nine-judge bench recognised privacy as a fundamental right under Articles 14, 19 and 21 of the Constitution [5] [6].

The significance of privacy in India cannot be overstated—it is essential for autonomy, liberty and democracy. Yet, challenges such as government overreach, inadequate data protection laws and corporate misuse of personal information continue to undermine it. This article traces the evolution of privacy in Indian constitutional law, evaluates present challenges and suggests reforms to strengthen protection.

Constitutional Basis and Judicial Evolution

Early Judicial Approach

In the Republic’s formative years, the Supreme Court adopted a restrictive view. In M.P. Sharma (1954), the Court held that privacy was not protected by the Constitution, upholding broad search and seizure powers under the Code of Criminal Procedure [7]. In Kharak Singh (1962), although the Court struck down domiciliary visits as unconstitutional, it refused to recognise privacy as an independent guarantee, reflecting a strictly textual approach to rights because the Constitution lacked an express privacy clause [8].

Doctrinal Shifts

From the 1970s, the Court pivoted toward recognising privacy as implicit in the Constitution. In Gobind v State of Madhya Pradesh (1975), it suggested privacy could be read into Articles 19 and 21, subject to reasonable restrictions [9]. In R Rajagopal v State of Tamil Nadu (1994), the Court articulated a “right to be let alone”, especially against unauthorised media intrusion [10]. Subsequently, in People’s Union for Civil Liberties (PUCL) v Union of India (1997), telephone tapping without adequate safeguards was held to violate privacy, emphasising procedural protections for communications [11].

The Puttaswamy Breakthrough

Puttaswamy decisively settled the debate by affirming privacy as a fundamental right located within Articles 14, 19 and 21 [12]. The Court clarified that privacy safeguards dignity, bodily integrity, decisional autonomy and informational control, and adopted a proportionality standard: restrictions must pursue a legitimate aim, be necessary, and remain proportionate to that aim [13]. This transformed privacy into a constitutional cornerstone and guided subsequent cases on identification systems, surveillance and digital rights.

Dimensions of Privacy in India

The Court in Puttaswamy conceptualised privacy as multifaceted, protecting both the individual sphere and the conditions for self-development [14]:

1. Bodily Privacy – Protection against intrusive medical procedures or custodial violence.
2. Decisional Autonomy – Freedom to make intimate choices in matters of marriage, procreation and sexuality; this understanding underpinned Navtej Singh Johar v Union of India (2018), which decriminalised consensual same-sex relations [15].
3. Informational Privacy – Control over personal data in a digitised society, including limits on collection, use and disclosure by state and private actors.
4. Spatial Privacy – The right to seclusion in one’s home and private spaces, shielding individuals from arbitrary intrusion.

These dimensions collectively underscore privacy’s role as a precondition for dignity and liberty in a constitutional democracy.

Contemporary Challenges to Privacy in India

State Surveillance

India’s surveillance framework relies on statutory foundations conceived in a different era. The Indian Telegraph Act 1885 and the Information Technology Act 2000 enable interception and monitoring but lack independent oversight commensurate with modern expectations of accountability [16] [17]. The Aadhaar programme, upheld in part in K.S. Puttaswamy (Aadhaar) (2019), raised enduring concerns about centralised databases, profiling and exclusion risks despite the Court’s attempt to cabin use [18]. Further, reporting about the Pegasus spyware controversy suggested targeted surveillance of journalists and activists, bringing to the fore the absence of transparent authorisation, ex post review and meaningful remedies [19]. Without a comprehensive surveillance law with judicial or parliamentary checks, privacy remains exposed to opaque executive action.

Data Protection Gaps

India’s Digital Personal Data Protection Act 2023 (DPDP Act) is a significant step toward a comprehensive privacy framework, introducing consent obligations and duties on data fiduciaries. However, the statute accords broad exemptions to the State on grounds of sovereignty and security, and its Data Protection Board’s structural independence has been questioned, raising apprehensions about effective enforcement [20] [21]. The absence of robust principles like purpose limitation with narrow exceptions, strong privacy-by-design duties and stringent breach notification requirements may dilute individual control and accountability. Unless the Act is strengthened, informational privacy—central to Puttaswamy—risks being compromised in practice.

Private Sector Intrusions

Large technology firms and data-rich industries increasingly rely on profiling, targeted advertising and algorithmic decision-making. These practices, in the absence of stringent obligations and independent oversight, can precipitate discrimination, manipulation and lock-in effects that are difficult to contest. Scholarship tracking global privacy laws has shown the importance of strong regulator powers, deterrent penalties and rights such as access, erasure and objection to profiling—benchmarks India must internalise to protect users effectively [22].

Balancing Privacy and Security

Courts must calibrate privacy with competing aims such as national security, public order and welfare. Although Puttaswamy mandated proportionality, application has been uneven. In Anuradha Bhasin v Union of India (2020), the Supreme Court required periodic review and proportionality for internet restrictions but refrained from articulating hard thresholds or bright-line limits, leaving scope for executive discretion [23]. The challenge ahead is to translate proportionality from doctrine to determinate standards that meaningfully constrain power while allowing legitimate state objectives.

Way Forward

A credible privacy regime must be grounded in legislation, institutions and jurisprudence that work in tandem:

1. Strengthen the DPDP Act – Amend the statute to ensure true independence of the Data Protection Board, embed purpose limitation and data minimisation with narrow exceptions, mandate privacy-by-design and conduct impact assessments for high-risk processing, and provide prompt, user-centric remedies [24].
2. Modernise Surveillance Law – Replace fragmented interception powers with a comprehensive law requiring prior judicial (or robust quasi-judicial) authorisation, targeted rather than bulk measures, ex post notification (subject to narrow postponement), mandatory logging, independent audits and periodic reporting to Parliament; all restrictions should satisfy Puttaswamy’s proportionality [25].
3. Judicial Consistency – High Courts and the Supreme Court should develop structured proportionality review tailored to digital contexts (data retention, device searches, geo-fencing, facial recognition), clarifying necessity and least-restrictive means with evidentiary burdens on the State.
4. Institutional Capacity and Literacy – Invest in regulatory capacity, data protection officers in public bodies, and sustained citizen awareness to ensure rights are actionable on the ground, not merely aspirational on paper.

Conclusion

The recognition of privacy as a fundamental right marks a constitutional milestone. Yet, recognition alone does not guarantee protection. Outdated surveillance statutes, an under-powered data protection framework and uneven judicial enforcement leave significant gaps. A coherent legal architecture—clear limits, independent oversight and consistent proportionality—must now consolidate the promise of Puttaswamy. As Justice Chandrachud observed, privacy is not an elitist construct but the “constitutional core of human dignity”; its protection is essential to the legitimacy of democratic governance in the digital age [26].

References

Legislation

• Constitution of India 1950.
• Indian Telegraph Act 1885.
• Information Technology Act 2000.
• Digital Personal Data Protection Act 2023.

Cases

• M.P. Sharma v Satish Chandra AIR 1954 SC 300.
• Kharak Singh v State of Uttar Pradesh AIR 1963 SC 1295.
• Gobind v State of Madhya Pradesh (1975) 2 SCC 148.
• R Rajagopal v State of Tamil Nadu (1994) 6 SCC 632.
• People’s Union for Civil Liberties v Union of India (1997) 1 SCC 301.
• Justice K.S. Puttaswamy v Union of India (2017) 10 SCC 1.
• K.S. Puttaswamy v Union of India (Aadhaar) (2019) 1 SCC 1.
• Navtej Singh Johar v Union of India (2018) 10 SCC 1.
• Anuradha Bhasin v Union of India (2020) 3 SCC 637.

Books

• Graham Greenleaf, Global Data Privacy Laws 2023: Europe’s GDPR Influence (2023) 186 Privacy Laws & Business International Report 1.

Journal Articles

• Usha Ramanathan, ‘Aadhaar: Surveillance and the Demise of Privacy’ (2014) 9(3) Economic and Political Weekly 12.

Reports / News Articles

• ‘Pegasus Project: Spyware Targeted Journalists, Activists in India’ The Guardian (18 July 2021)

[1] M.P. Sharma v Satish Chandra AIR 1954 SC 300

[2] Kharak Singh v State of Uttar Pradesh AIR 1963 SC 1295

[3] Justice K.S. Puttaswamy v Union of India (2017) 10 SCC 1

[4] Digital Personal Data Protection Act 2023

[5] Justice K.S. Puttaswamy v Union of India (2017) 10 SCC 1

[6] Constitution of India, arts 14, 19, 21

[7] M.P. Sharma v Satish Chandra AIR 1954 SC 300

[8] Kharak Singh v State of Uttar Pradesh AIR 1963 SC 1295

[9] Gobind v State of Madhya Pradesh (1975) 2 SCC 148.

[10] R Rajagopal v State of Tamil Nadu (1994) 6 SCC 632

[11] People’s Union for Civil Liberties v Union of India (1997) 1 SCC 301.

[12] Justice K.S. Puttaswamy v Union of India (2017) 10 SCC 1

[13] ibid

[14] Justice K.S. Puttaswamy v Union of India (2017) 10 SCC 1

[15] Navtej Singh Johar v Union of India (2018) 10 SCC 1

[16] Indian Telegraph Act 1885

[17] Information Technology Act 2000

[18] K.S. Puttaswamy v Union of India (Aadhaar) (2019) 1 SCC 1

[19] ‘Pegasus Project: Spyware Targeted Journalists, Activists in India’ The Guardian (18 July 2021)

[20] Digital Personal Data Protection Act 2023, s 17

[21] Digital Personal Data Protection Act 2023

[22] Graham Greenleaf, ‘Global Data Privacy Laws 2023: Europe’s GDPR Influence’ (2023) 186 Privacy Laws & Business International Report 1

[23] Anuradha Bhasin v Union of India (2020) 3 SCC 637.

[24] Digital Personal Data Protection Act 2023, s 17

[25] Justice K.S. Puttaswamy v Union of India (2017) 10 SCC 1

[26] Justice K.S. Puttaswamy v Union of India (2017) 10 SCC 1, [298] (Chandrachud J)