Published on: 24th December, 2025
Authored by: Manya Shah
Jindal Global Law School
Abstract
In recent times, it has been observed that the rise of social media presence has led to many people losing their right to privacy, which is one of the fundamental rights under Article 21 of the Indian Constitution. The landmark judgment delivered by the Supreme Court in Justice K.S. Puttaswamy (Retd.) v. Union of India (2017)[1] marked a transformative start, as it established the right to privacy as a fundamental right under Article 21 of the Constitution. The right to privacy has helped us to protect ourselves from being exploited by a third party who could use this information. As our society evolves, we must introduce additional laws to further protect our privacy. The lawmakers have taken steps to introduce the Digital Personal Data Protection Act, 2023, which follows the core principles of the Justice K.S. Puttaswamy case, and it further includes the right to correct, erase, and control their data.
In this article, we will focus on recent developments made in the right to privacy post-Puttaswamy judgment and the introduction of additional laws which will further help protect the privacy of an individual.
Keywords: Post-Puttaswamy Judgment, Fundamental right, Right to Privacy
1. Introduction and Background of the Study
The recognition of the right to privacy came by a landmark judgment given by the Supreme Court of India in the famous case, which is Justice K.S. Puttaswamy (Retd.) v. Union of India. In this case, a retired High Court Judge of Karnataka, Justice K.S. Puttaswamy, filed a PIL (Public Interest Litigation) in 2012. The main reason for filing this PIL was the introduction of the Aadhaar card Scheme, which collected biometric and demographic data of individuals for identity verification and access to public services. The main concern was that this scheme lacked legislative backing, and it violated the right to privacy. The issue was taken into consideration by a Nine-Judge bench, which held that the right to privacy is protected under Article 21 (Right to Life and Personal Liberty) and also follows from Articles 14 (Right to Equality) and 19 (Freedom of Speech and Expression) of the Constitution.[2] This verdict played a crucial role in changing the perspective of the right to privacy in India among the Indian society.
Previously, the court did not take that much consideration regarding the right to privacy, which is evident from two important cases, which are M.P. Sharma v. Satish Chandra (1954)[3] and Kharak Singh v. State of Uttar Pradesh (1962).[4] In M.P. Sharma v. Satish Chandra (1954), the court had stated that the right to privacy is not a fundamental right and the Fourth Amendment principles from the United States are not applicable.[5] While in Kharak Singh v. State of Uttar Pradesh (1962), the court upheld police surveillance on constitutional grounds, and the right to privacy was not considered a fundamental right at that time.
In the Puttaswamy case, the court overruled these two decisions and also formulated an intensive framework for understanding privacy in Indian society. Further, the lawmakers are still formulating laws that would further protect the personal information of individuals from third parties who use this information.
2. Constitutional Foundations of the Right to Privacy
The Puttaswamy case firmly believes that the right to privacy is an essential right under Part III of the Indian Constitution. The scope of the right to privacy is not limited to Article 21 of the Constitution; it also covers Article 19 and Article 14.
Article 21 of the Constitution has a broad scope as it not only focuses on physical protection but also on ensuring individual dignity, autonomy, and personal liberty. The right to privacy is an integral aspect when it comes to assuring individual liberty. The term ‘individual liberty’ connects with Article 21, with the right to privacy.
Article 19 of the Constitution ensures freedom of speech, movement, and form associations. If the right to privacy is denied to an individual, they would not get free space to express themselves. Unauthorized surveillance and data intrusion could create fear among people.
Article 14 of the Constitution guarantees equality before the law and equal protection under the law. This ensures that state actions should not be discriminatory, irrational, or arbitrary. The legislative and the executive cannot intrude upon anyone’s privacy, as it must satisfy the test of reasonable classification and avoid manifest arbitrariness.
This brings us to the conclusion that the court did not isolate the right to privacy, but it gave us a foundational value by including various articles that assure that the right to privacy of an individual is not jeopardized.
3. Scope and Dimensions of Privacy Recognized
The scope of the right to privacy under Part III of the Indian Constitution is not a narrow concept, but it is a broad concept. Following are the aspects included under the right to privacy:
Bodily Privacy
This protects the physical integrity and autonomy of individuals. It protects an individual from an unlawful search, forced medical procedure, and state interference with anyone’s body.
Informational Privacy
This ensures that the individual has the right to control what personal information can be shared with third parties or spread. The court also ensures the protection of personal information from both state parties and non-state parties.
Decisional Privacy
This allows individuals to make their decisions independently without any intrusion from external authority or power. An individual can make decisions in family-related matters, procreation, sexual orientation, and personal beliefs.
The Court advocates that privacy is context-specific and that its content may vary depending on the situation. It also underscored the need for a proportionality-based framework when it comes to privacy limitations, ensuring that any restriction must be lawful, necessary, and proportionate.
4. Impact on Aadhaar and the Data Protection Framework
In India, the Aadhaar Scheme was introduced in the year of 2009, and it was officially issued in 2010. During the introduction of this system, no law protected the privacy of individuals, which allowed various private companies to issue Aadhaar cards for their verification of their employees. This puts a jeopardy to the individual’s biometric data. This concerned a retired High Court Judge of Karnataka, and he filed a PIL (Public Interest Litigation).
This led to the implementation of limitations that struck down the provision of allowing private companies to issue Aadhaar Cards for verification, and it invalidated Article 57 of the Aadhaar Act, enabling excessive data sharing.[6] The court also focused on the implementation of data minimization, purpose limitation, and storage restrictions.
The verdict also brought up the issue of a lack of any provision regarding the protection of online data, which led to the formation of the Justice B.N. Srikrishna Committee that introduced the Digital Personal Data Protection Act, 2023, which ensured the protection of digital data.
The Act introduced the consent-based data processing, the right to erasure, and the right to seek grievances. However, it has drawn criticism for allowing wide exemptions to the state under vague “public interest” clauses, and for not establishing a sufficiently independent data protection authority.[7]
Furthermore, concerns regarding biometric databases, metadata retention, and lack of adequate encryption safeguards continue to challenge the spirit of the Puttaswamy judgment.
5. Privacy in the Digital Age
The final verdict of the Puttaswamy case was announced in the year of 2017. At this time, we have observed rapid development in technology, as we saw a rise in social media presence among individuals, and the introduction of various online platforms has posed a massive danger to the privacy of individuals.
As a result, the government had decided to introduce the Digital Personal Data Protection Act, 2023. Though this act was successful in dealing with various issues that could have endangered individuals’ privacy, it fails to provide complete protection to individual privacy, as it allows the government to conduct surveillance, and it also fails to establish strong enforcement mechanisms.
Further, various state-led surveillance programs have been conducted, like the Centralized Monitoring System (CMS) and the NATGRID, which has a facial recognition system that poses a direct threat to informational privacy. These programs often operate without clear statutory backing, violating the standards of legality and proportionality laid down in Puttaswamy.[8]
Similarly, various social media platforms are also alleged to be conducting data mining for targeted advertising, algorithmic bias, and opaque privacy policies. The collection of a vast amount of data from these big firms is often done without taking any consent from individuals, and users are rarely aware about the fact that their information is being stored.[9]
6. Evolving Jurisprudence After Puttaswamy
The Puttaswamy case has played a crucial role in changing the perspective among the lawmakers and the judges. This landmark case focused on creating the right to privacy as a fundamental right, which has also changed the verdicts of various cases that have been taken to the courts.
In Navtej Singh Johar v. Union of India, the Supreme Court of India has decriminalized consensual same-sex relationships. This allows individuals to decide their sexual orientation.[10]
In Joseph Shine v. Union of India, the court held that decriminalizing adultery will be a violation of individuals’ rights to make their own decisions in personal matters.[11]
In Justice K.S. Puttaswamy v. Union of India (2018), the court stated that an individual should have informational privacy, which means they should be aware of where their information is being used.
Despite all the progress made, a persistent gap remains between principle and practice. The implementation deficit and inconsistency in the lower court ruling are causing a loss to the legacy of the Puttaswamy case. Moreover, the lack of a judiciary-enforced data fiduciary framework continues to place citizens’ digital rights in a vulnerable position.
7. Comparative Perspective
The implementation of the right to privacy as a fundamental right aligns with current global trends, but privacy jurisprudence is still in development compared to more established jurisprudences.
In the United States, the Constitution does not explicitly guarantee the right to privacy as a fundamental right. Still, the Supreme Court has interpreted various amendments, like the Fourth Amendment, which protects from unreasonable searches and seizures. Various landmark cases, such as Katz v. United States and Carpenter v. United States, have further extended privacy protection by granting it to digital communication and location data.[12]
In contrast, the European Union provides a robust privacy protection system in the world. Article 8 of the EU Charter of Fundamental Rights explicitly guarantees the right to data protection. The General Data Protection Regulation (GDPR) ensures strong principles like data minimization, purpose limitations, the right to be forgotten, and imposes strict accountability standards on data controllers.[13]
Unlike the EU, India has yet to formulate an independent data protection authority with ensured power and autonomy. Therefore, India must continue to adapt to the complex realities of a global data-driven society to ensure individual privacy.
8. Balancing State Interests and Individual Privacy
The Puttaswamy case has assured that the right to privacy is a fundamental right, but it is not absolute. Depending on the circumstances, the authority can intrude on someone’s privacy. This is called the doctrine of proportionality. The following are the bases:
Legality
Necessity
Proportionality[14]
This framework assures that the state can act when it is required, which prevents unwanted intrusion of individual privacy from the government.
9. Conclusion and Way Forward
The Puttaswamy case has made a significant impact on the evolution of the right to privacy in India. It has been stated to be a fundamental right in the Indian Constitution, which assures that the privacy of an individual is maintained. However, many problems persist regarding the allocation of authority, and who will strictly ensure the privacy of people.
In this current era of technology can make it difficult for authorities to protect the privacy of people. Though the government has taken a major step by introducing the Digital Personal Data Protection Act, 2023, there are many flaws that act as a barrier to reaching the full potential of this act.
Going forward, India must focus on implementing strong procedural safeguards, promoting digital literacy, and ensuring privacy remains core to various government and technology policies. Strengthening judicial enforcement and alignment of domestic policy with global privacy standards, like the GDPR, will play a crucial role in upholding the right to privacy.
Footnotes:
[1] Justice K.S. Puttaswamy (Retd.) v. Union of India, (2017) 10 SCC 1 (SC).
[2] Ibid.
[3] Justice K.S. Puttaswamy (Retd.) v. Union of India, (2017) 10 SCC 1 (SC).
[4] Ibid.
[5] M.P. Sharma v. Satish Chandra, AIR 1954 SC 300.
[6] K.S. Puttaswamy (Aadhaar-5J.) v. Union of India, (2019) 1 SCC 1 (SC).
[7] Digital Personal Data Protection Act 2023, s. 3, s. 8.
[8] Justice K.S. Puttaswamy (Retd.) v. Union of India, (2017) 10 SCC 1 (SC); see also Apar Gupta, ‘The Architecture of Surveillance: A Legal Analysis of Surveillance in India’ (2019) 14 NUJS L Rev 131.
[9] Shoshana Zuboff, The Age of Surveillance Capitalism (Profile Books 2019); see also Udbhav Tiwari, ‘Data Privacy and Big Tech in India: Emerging Challenges’ (2020) 13(4) Indian Journal of Law and Technology 102.
[10] Navtej Singh Johar v. Union of India, (2018) 10 SCC 1 (SC).
[11] Joseph Shine v. Union of India, (2019) 3 SCC 39 (SC).
[12] Katz v. United States, 389 US 347 (1967); Carpenter v. United States, 138 S. Ct. 2206 (2018).
[13] Charter of Fundamental Rights of the European Union [2012] OJ C326/391, art 8; Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 (General Data Protection Regulation) [2016] OJ L119/1.
[14] Justice K.S. Puttaswamy (Retd.) v. Union of India, (2017) 10 SCC 1, [180]–[182] (SC).
References:
1. Justice K.S. Puttaswamy (Retd.) v. Union of India, (2017) 10 SCC 1 (SC).
2. Justice K.S. Puttaswamy (Retd.) v. Union of India, (2018) 1 SCC 809 (SC) (Aadhaar judgment).
3. Katz v. United States, 389 US 347 (1967).
4. Carpenter v. United States, 585 US __ (2018).
5. Charter of Fundamental Rights of the European Union [2012] OJ C326/391, art 8.
6. Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (General Data Protection Regulation) [2016] OJ L119/1.
7. Government of India, The Digital Personal Data Protection Act, 2023, No. 22 of 2023.
8. Ministry of Electronics and Information Technology, Report of the Committee of Experts on Data Protection (2018) (‘Srikrishna Committee Report’).
9. Central Government, UIDAI Annual Report 2020-21, available at: https://uidai.gov.in/images/annual_report_2020_21_english.pdf accessed 20 July 2025.
10. Chinmayi Arun, ‘Rebalancing Regulation of Speech: Hyper-Local Content on Global Web Platforms’ (2020) 13(2) NUJS Law Review 1.
11. Gautam Bhatia, The Transformative Constitution: A Radical Biography in Nine Acts (HarperCollins, 2019).
12. Ujwala Uppaluri, ‘Proportionality in India: A Bridge to Nowhere?’ (2020) 3(1) Indian Law Review 41.
