Published On: October 28th 2025
Authored By: Ammar Ahmad
BABU BANARSI DAS UNIVERSITY, LUCKNOW
“Privacy is not lost or surrendered merely because the individual is in a public place. Privacy attaches to the person since it is an essential facet of the dignity of the human being.” — Justice D.Y. Chandrachud
ABSTRACT
The Right to privacy has consistently evolved from implied to explicit right at the heart of the Indian constitution. The Apex court with its nine-judge bench delivered the landmark judgment in Justice K.S. Puttaswamy (Retired) v. Union of India (2017), which recognized the Right to privacy as the fundamental right under Article 21- (Right to life and personal liberty). The Part III of the Indian constitution deals with the fundamental rights. Right to privacy is now one of the fundamental rights of the Indian citizens. It further examines the conceptual development of privacy as a right across jurisdictions and the challenges and problems faced by the digital economy and surveillance.
INTRODUCTION
Right to privacy is now a fundamental right after the Supreme court landmark judgment in K.S. Puttaswamy v. Union of India, (2017), where the retired judge named Justice K.S. Puttaswamy filed a case in 2012, challenging the government’s aadhaar scheme (Required individuals to share fingerprints and personal data for the identification process). The issue that was placed before the honorable court “Is the privacy a fundamental right under Indian constitution?”. The Apex court overruled its earliest precedents and held the Privacy a fundamental right under Article-21 of the Indian constitution. This right protects the Individuals private lives, their personal Information, and be protected from unwarranted interference and restrictions. Privacy means to have control over your personal life, information, and property without unnecessary interference and surveillance. It’s a Jus natural right of one’s own choices.
EARLY RECOGNITION OF PRIVACY IN INTERNATIONAL LAW
Privacy as a whole was first recognized by the Article-12 of the Universal Declaration of Human Rights (UDHR, 1948). Article-12 of the UDHR states: “No one else shall be subjected to arbitrary interference with his privacy, family, home or correspondence, nor to attacks upon his honour and reputation. Everyone has the right to the protection of the law against such interference or attacks.” This was one of the first attempts to recognized the privacy as a vital element of human dignity and liberty. Other than the UDHR, International Covenant on Civil and Political Rights (ICCPR, 1966), repeats and strengthens the UDHR’s recognition. Article-17 of the ICCPR states: “No one shall be subjected to arbitrary or unlawful interference with his privacy, family, home, or correspondence, nor to unlawful attacks on his honour and reputation. Everyone has the right to the protection of the law against such interference or attacks.” ICCPR using the similar statement to Article-12 of the UDHR. The only difference between the two statements lies in the fact that ICCPR added the word ‘unlawful’ twice. These articles by the UDHR and ICCPR, led privacy an essential and enforceable international human right. These provisions were revolutionary because they recognized and tied the privacy as a part of human dignity, freedom, liberty and right.
INDIAN LEGAL CONTEXT OF PRIVACY BEFORE EXPLICITLY RECOGNIZED
The Indian constitution came into force on 26 January, 1950. The makers of the Indian constitution did not expressly Mentioned the right to privacy as a fundamental right. Their primary concern was about the freedoms like, Speech, assembly, movement, and protection of the rights and equality. The earlier precedents of the Apex court also rejected the privacy as a fundamental right. This could be seen by the judgement delivered by the Apex court in the M.P. Sharma v. Satish Chandra (1954), where the Apex court held that “When the Constitution makers have thought fit not to subject such regulation to constitutional limitations by recognition of a fundamental right to privacy, analogous to the American fourth amendment, we have no justification to import it, into a totally different fundamental right, buy some process of strained construction.” And in the Kharak Singh v. State of Uttar Pradesh (1964), Justice Ayyangar said – “The right of privacy is not a guaranteed right under our constitution, arid therefore the attempt to ascertain the movements of an individual is merely a manner in which privacy is invaded and is not an infringement of a fundamental right guaranteed in Part III.” The realization began with Gobind v. State of MP (1975), where the court prudently acknowledged privacy as a part of the human right and dignity. Later, in R.Rajagopal v. State of Tamil Nadu (1994), the court to a great extent recognized the privacy as a right of the individuals against the media’s unwarranted intrusion in the citizens private lives and information. The real necessity came in People’s union for civil
liberties v. Union of India (1997), Where the phones of journalists, politicians and Private individuals were being tapped without their permission, knowledge and Safeguards. This infringement raised serious concerns about the privacy of the individuals. Then there came the Apex court’s final landmark judgment in the K.S. Puttaswamy v. Union of India (2017), which explicitly includes the Right to privacy as the fundamental right under Article 21- which includes Right to life and personal liberty.
UNITED STATE RECOGNITION OF PRIVACY AS A RIGHT
The fourth amendment of the United States constitution also clearly states: “The right of the people to be secure in their persons, house, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no warrants shall issue, but upon probable cause, supported by oath or affirmation, and particularly describing the place to be searched, and the person or things to be seized.” The amendment aims to protect the individual from unreasonable searches and seizure by the government and police. This amendment doesn’t solely addresses the right to privacy, but it prohibits the controlling authority from unreasonable searches and prevents them from issuing the warrant without probable cause. It can be seen as foundation element of the right to privacy. The United States v. Jones (2012), and Riley v. California (2014), Further accelerated the principle of privacy.
EARLIER LEGISLATION AND FRAMEWORK OF PRIVACY IN INDIA
In India, the INFORMATION TECHNOLOGY ACT, 2000, was the first attempt to protect the privacy in the digital world. This act connects to Right to privacy mainly because of its provisions. Such as, Section-43A (included by the 2008 amendment of the IT act), though Section-43A has been suspended by the Digital personal data protection act, 2023, Which provides more stronger and comprehensive protection for data protection in India. Section-72 (Penalizes anyone for breach of confidentiality and Privacy), with imprisonment up to 2 years and fine up to ₹1 lakh. Section-72A (Punishment for disclosure of personal information in breach of lawful contract), with imprisonment up to 3 years and fine up to ₹ 5 lakh. These were some of the early provisions or the first attempts to prevent and protect the privacy of individuals in India.
RECOGNITION OF PRIVACY AS A FUNDAMENTAL RIGHT
Before The Apex court final landmark judgement in K.S. Puttaswamy v. Union of India (2017), Privacy was not explicitly included as the fundamental right of the individuals. The Apex court’s earlier precedents clearly shows that the Indian law did not expressly confer the right to privacy like the United States fourth amendment. It was in 2017, when the nine-judge bench overruled their earlier decision and included the privacy as the fundamental right of the Indian citizens under Article-21 (Right to life and personal liberty.) The aim of including privacy under Article-21, clearly demonstrates that it protects not only the physical privacy, but also the informational privacy and personal dignity. Government actions like phone tapping, information collection, and surveillance are all subject to the test of necessity and legality. In 2018, the Apex court restricted the mandatory Aadhar use only to welfare schemes and subsidies, while striking it down for other services Such as, SIM cards and School admission. The judgment of Puttaswamy case, directly led to the drafting of the Personal Data Protection bill (2019), and eventually the Digital Personal Data Protection act, 2023.
CHALLENGES AND PROBLEMS OF PRIVACY IN DIGITAL WORLD
The main challenges and problems that often hinders the security and protection of the privacy in digital era, lies in the fact that India with the other digital countries is being driven towards artificial intelligence, e-commerce platforms, and digital economy. Social media platforms (Instagram, Facebook, WhatsApp, messenger, and YouTube, etc), online shopping, and other various mobile apps are constantly storing, collecting, and sharing their Users vast amount of information and data. If the data is not handled according to the Data protection laws, this may expose the individuals to lack of privacy and security and they shall suffer data breach and compromise. The problem is not new, but the ways of accessing and sharing of data in digital era has advanced. Cyberattacks and hacking has expose and raise serious questions about privacy as a right. Many of thousand individuals still lack the knowledge and awareness of how their data and information are being processed, used, stored and shared. This further creates complications, challenges and imbalance between the Individuals right and those sharing and controlling the information and data. The real gap lies between the Individuals awareness and the government overreach. India is not only increasing in population, but also in lack of privacy. As mentioned above, large sections lack the knowledge of the rights and privileges. In rural areas, the violations of the privacy often go unnoticed and unchallenged due to the illiteracy and poor communication and lack of knowledge and awareness about the privacy and their misuse.
CONCLUSION
The evolution of privacy as a fundamental right can be traced back in M.P. Sharma v, Satish Chandra, (1956), where the apex court denied the privacy as the right of the Indian citizens. The Puttaswamy’s Landmark judgement was the turning point for the constitutional evolution and fundamental rights of the citizens. Yet, the recognition is alone not sufficient in the digital world revolution and with India being in developing phase. The Digital Personal Data Protection Act, 2023, is India’s first dedicated law for protecting data in digital era. But this law also allows the central government for broad exemption for the state-related activities. Further, the penalties for violations of privacy can go up to ₹250 crores (depending on the sensitivity of data), but funds go to the central government and not to the victims whose data has sacrificed. Section 44(3) of The DPDP act, 2023, significantly alter and undermines the Right to information (Article-300A), Section 8(i)(j).
The Change may strengthen the privacy protection, but at the cost of weakening public oversight, thereby removing the crucial balance between the privacy and transparency. The main problem is that the majority of the India’s population don’t know that they’re being track. Social media platforms such as, Instagram, Facebook, WhatsApp, twitter, and YouTube ask for Individuals private information. This could often lead to compromising of large amounts of data and information of the users, by the hackers who steal the most sensitive information of the users. Cyberattacks and state surveillance often leads to loss of privacy as a right. According to the Exploding Topics report there are 600 million cyberattacks per day and nearly 54 people per second fall victim to a cyberattacks. According to Trend Micro Cyber Security Risk Report 2025, India ranks 2nd globally in email threats, contributing 6.9% to global detections and nearly 24% to Asia’s total. India holds 3rd place globally in malware detections, responsible for 4.74% of all global threats. India’s average organizational cost of a data breach has hit INR 220 million in 2025, up ~ 13% from 2024. Details of more than 30,000 students and alumni exposed (caste, financial data, contact info). Data apparently accessible for years.
India needs awareness about privacy and its violation that cause data breach, identity theft and compromise of personal information. Recognizing the Privacy as a fundamental right is not enough until that right is properly protected and respected as a Fundamental Rights of the Indian Constitution. Only then shall the privacy truly serve and stand as the cornerstone of freedom in the digital world.
REFERENCES
[1] SOURCE: Justice K.S. Puttaswamy (Retd.) v. Union of India (2017) 10 SCC 1 [90], available at https://indiankanoon.org/doc/127517806/ accessed 2 September, 2025.
[2] The landmark judgement of apex court that recognized the Privacy as a fundamental right of the Indian citizens.
[3] Principle of law derived from nature or reason rather than from human legislation.
[4] Universal Declaration of Human Rights (adopted 10 December, 1948, UNGA Res 217 A(III) (UDHR) ARTICLE-12.
[5] International Covenant on Civil and Political Rights (adopted 16 December, 1966, entered into force on 23 March, 1977). 999 UNTS 171 (ICCPR) ARTICLE-17.
[6] SOURCE: M.P. SHARMA V. SATISH CHANDRA AIR 1954 SC 300 (Headnote), available at https://indiankanoon.org/doc/1306519/ accessed 5 September, 2025.
[7] SOURCE: KHARAK SINGH v. STATE OF UTTAR PRADESH AIR 1963 SC 1295 [20], available at https://indiankanoon.org/doc/619152/ accessed 6 September, 2025.
[8] Gobind v. State of Madhya Pradesh (1975) 2 SCC 148.
[9] R.Rajagopal v. State of Tamil Nadu (1994) 6 SCC 632.
[10] People’s Union for Civil Liberties v. Union of India (1997) 1 SCC 301.
[11] US Constitution, amend IV, National Constitution Center https://constitutioncenter.org/ accessed 7 September, 2025.
[12] It came into force on 17 October, 2000. The act give legal recognition for transactions carried out by means of electronic data and digital signature.
[13] It is introduced after the withdrawal of Personal Protection of Data Bill, 2019. This act is introduced to protect the privacy of individuals in digital environment.
[14] Information Technology act, 2000.
[15] Justice K.S. Puttaswamy (Retd) v. Union of India (Aadhaar case) (2019) 1 SCC 1 [332(f)], [447].
[16] It was introduced to regulate how personal data of individuals are collected, used, stored, and shared. However, it was withdrawn in August 2022.
[17] The Digital Personal Data Protection Act, 2023. Section- 44(3).
[18] Exploding Topics, ‘How Many Cyber Attacks Occurs Each Day? (2025)’ (Exploding Topics, 27 August 2025) https://explodingtopics.com/blog/cybersecurity-stats accessed 9 September, 2025.
[19] Trend Micro, Trend Micro Cybersecurity Risk Report 2025: India (Trend Micro, 10 June 2025) https://www.trendmicro.com/en_in/about/newsroom/oress-releases/2025/2025-06-10.html accessed 9 September, 2025.
[20] IBM, India Records Highest Average Cost of a Data Breach at INR 220 million in 2025: IBM Report (IBM Newsroom, 7 August 2025) https://in.newsroom.ibm.com/2025-08-07-India-Records-Highest-Average-Cost-of-a-Data-Breach-IBM accessed 10 September,2025.
[21] IIT- Roorkee data breach: Personal details of 30,000 students, alumni exposed online for years; caste, finances, contact details at risk (Times of India, 10 August 2025) https://timesofindia.indiatimes.com/city/dehradun/iit-roorkee-data-breach-exposes-personal-details-of-30k-alumni/articleshow/123220043.cms accessed 10 September, 2025
