Published On: February 2nd 2026
Authored By: Joy Mercy
Chettinad School of Law
ABSTRACT
In India, the non existence of a specific law governing Facial Recognition Technology (FRT) has resulted in major constitutional issues concerning the right to privacy, which is one of the most important human rights. The mass surveillance and biometric data extraction that are made possible by the use of FRT technology are not subjected to any specific safeguards or accountability mechanisms in the legislative frameworks like the Information Technology Act 2000 (IT Act, 2000 ) and the Digital Personal Data Protection Act 2023 (DPDP Act, 2023). To a large extent, the Supreme Court’s ruling in the K.S. Puttaswamy v. Union of India case has determined that the State must meet four conditions legality, legitimate aim, necessity, and proportionality to justify its intrusion into the private lives of citizens. The FRT use, in the absence of a definitive government statute, violates the condition of “legality”, thereby cutting down the privacy rights protected by the Indian Constitution. Besides judicial precedents, empirical studies, and academic discussions have strengthened the argument that executive or departmental ratifications do not meet the requirements for such invasive technologies. This article puts forward the view that the lack of a specific law for FRT usage amounts to its being unconstitutional and subsequently, it calls for a sweeping legislative action to not only comply with constitutional and global standards but also to be in sync with them.
INTRODUCTION
Facial Recognition Technology (FRT) has become one of the key building blocks for digital governance in India, having been rolled out by the government at airports, law enforcement agencies and smart city projects. But the overnight expansion of FRT has not been accompanied by an analogous growth in a specific legal framework governing its uses. In an important ruling in K.S. Puttaswamy v. Union of India (2017), the Supreme Court had upheld privacy as a fundamental right under Article 21 and developed a four-part proportionality test legality, legitimate aim, necessity, and proportionality to judge the constitutionality of State violations of privacy. Yet, India does not yet have any legislation that is exclusively dedicated to FRT and has continued to rely on antiquated or fragmented legislations like the Information Technology Act 2000 and the Digital Personal Data Protection Act 2023. This Article explores whether the lack of a specific FRT law infringes the one’s constitutional right to privacy, with reference to constitution, legislation, case-law and academic commentaries.
ANALYSIS ON THE LAW OF PRIVACY
[1]Mustafa’s piece highlights the unconstitutionality of using FRT in circumstances without express statutory mandate on account of invasion with respect to privacy. The author emphasizes that the Puttaswamy verdict demands a definite law for each State Intervention dealing with right to privacy and FRT use under any statute, which is not there presently. Mustafa contented that executive/departmental authorizations are inadequate for invasive technology like FRT, and comprehensive safeguard should be in place through law to protect constitutional rights.
[2] This paper explores the absence of regulation for FRT and suggests that India must legislate to fill this gap, ensure such practices are overseen by an independent authority and build accountability mechanisms to protect fundamental rights. MAGLAW emphasizes the lack of a dedicated FRT law and warnings citizens that mass surveillance and mass profiling will be carried out without this new rights based regulatory framework which would ensure observability at source, transparency in use, preclusion of misuse.
[3] While government run facial recognition is currently limited for both good and bad, its potential misuse can be fatal within months of the CRPF’s app, Delhi Police was using AFRT by matching protesters with Aadhaar data, which comparisons showed 82% false positives. The article recommends an immediate moratorium or strong statutory limits, and emphasizes the need for transparency, accountability and robust oversight to safeguard fundamental rights to ensure responsible use of AFRT in India.
[4]Qandeel examines states’ duty under international law to regulate FRT, with particular attention to what is at stake for human rights and democratic accountability if they do not act. The piece stresses that it is critical to have clear statutory authorization and independent oversight in order to safeguard privacy while avoiding breaches of fundamental rights through FRT rollouts.
[5]This journal concerns technology and law of FRT in India, exposing the absence (and urgency) of specific law, and the critical importance for a rights based regulating framework. IRJMETS feels that the existing legal framework is having its hands tied and feels that all embracing legislation is required to protect privacy and misuse.
The right to privacy is a part of personal liberty under Article 21. The Supreme Court’s Puttaswamy judgment requires that in order to intrude into privacy, “a law must have a legitimate aim and it must not be arbitrary”, whereas any intrusion on the right under Article 21 by the State can only be against procedure established by law, validating there is law, which would specify ‘no other will Do’ but enforcing such law. FRT’s mass surveillance powers must stand on its own specific statutory power which does not exist at present. There are no provisions in the Information Technology Act 2000 that deal with biometric technologies, algorithmic based decision-making and contemporaneous public surveillance. Being specific to cybercrimes and unauthorized access, it is structurally unfit to regulate contemporary technologies such as FRT. In particular, the definition of biometric data as personal data in the Digital Personal Data Protection Act 2023 does not treat biometric data as special or sensitive or provide for provisions on real-time surveillance and algorithmic transparency. The Act exempts the State broadly for national security and law enforcement, so it can process facial data without consent, notice or third-party review.
CASE LAWS REFLECTING RIGHT TO PRIVACY
K.S. Puttaswamy v. Union of India (2017): The Apex Court ruled that privacy is a fundamental right under Article 21 and any intrusion into the same by State action must be supported by a law, meet the standards of necessity and proportionality. The judgement expressly over ruled the consolidated past denial of privacy, holding that such right is an essential part of dignity and liberty.
Selvi v. State of Karnataka (2010): Forced scientific tests were ruled to be an intrusion on privacy by the Supreme Court, in case laws upholding FRT as a requirement enacted by law. The Court stressed that invasive investigative powers must have unfettered statutory grant and guidelines.
SUGGESTIONS:
Legislative Reform
India needs an exclusive FRT legislation that unequivocally specifies its ambit, purpose and safeguards. The use of FRT must be subject to specific statutory authorization by law, so that its use is not up to executive decree.
Statutory Safeguards
The law must treat biometric data as a special category deserving of greater protection, requiring stringent safeguards explicit consent, purpose limitation and data minimization. It should also set minimum accuracy standards, and demand regular auditing against misuse and false identifications.
Judicial and Independent Oversight
Create specific oversight entities to regulate FRT implementation and protect against privacy concerns. Courts must have jurisdiction to rule on illegal or overly invasive surveillance.
Transparency and Accountability
Mandate transparency reports and provision of public notice for deployments of FRTs, including data retention practices and redress process. This will have the effect of creating transparency and instilling public confidence.
International Best Practices
Harmonise India’s FRT regulations with the likes of EU’s GDPR, which compel stringent safeguards for biometric data processing. This is to ensure that India’s regulatory system is consistent with global privacy norms.
Public Consultation
Involve relevant stakeholders such as civil society organizations, legal professionals and technologists in the development and oversight of policies related to FRTs.
Remedies and Redressal
Ensure effective redress for misidentification and misuse of FRT, including compensation and the ability to pursue judicial review. This will bring protection to people’s rights and stop others from continuing abuses.
CONCLUSION
There being no specific law on the regulation under Facial Recognition Technology in India, it is violative of the right to privacy which is a fundamental right and therefore protected by Article 21. Instead, the existing legal regime (which relies on outdated statutory provisions together with wide ranging state exemptions) fails to meet the constitutional standards of legality, necessity and proportionality which were outlined in K.S. Puttaswamy v. Union of India .The case law, the facts on the ground and the academic reviews also prove that executive/department authorizations simply do not cut it for such invasive technologies. India needs a strong, comprehensive law to regulate FRT and make it accountable, transparent and constitutional. In the absence of such a law, FRT uses are unconstitutional and deeply threatening to civil liberties.
REFERENCES
[1] Faizan Mustafa & Utkarsh Leo, On Facial Recognition and Fundamental Rights in India: A Law and Technology Perspective (Dec. 30, 2021), SSRN,
https://papers.ssrn.com/sol3/papers.cfm?abstract_id=3995958
[2] Shubham Bhatia, AI-Driven Facial Recognition: Human Rights Concerns and Regulatory Challenges, 4 MAGLAW 1 (2025),
https://maglaw.puchd.ac.in/index.php/maglaw/article/view/345
[3] Ameen Jauhar, Facing Up to the Risks of Automated Facial-Recognition Technologies in Indian Law Enforcement, 16 Indian J.L. & Tech. 1 (2020).
Facing up to the Risks of Automated Facial-Recognition Technologies in Indian Law Enforcement
[4] Mais Qandeel, Facial Recognition Technology: Regulations, Rights and the Rule of Law, 7 Front. Big Data (2024),
Frontiers | Facial recognition technology: regulations, rights and the rule of law
[5] Sakshi Satyawan Dicholkar, Facial Recognition Technology: Invasion of Privacy, 7 Int’l Res. J. Mod. Eng’g Tech. & Sci. (2025). https://www.irjmets.com/upload_newfiles/irjmets70700002542/paper_file/irjmets70700002542.pdf
