RIGHT TO PRIVACY AS A FUNDAMENTAL RIGHT: EVOLUTION AND CHALLENGES

Abstract

The research explores the transition of the concept of privacy from being neglected by the courts to becoming a fundamental right under article 21, by analyzing various judgments and worldwide shift, this paper conveys the evolution of the ‘right to privacy’. It is one of the most debated and needed rights in the digital age, wherein every second a news or information goes viral, and the number of illegal hackers are on the rise. It deals with the various dimensions of a single word privacy discussed via various cases such as Suchitra Srivastava and Puttaswamy and the challenges that surround it including the various technological advancements, triggering the need for a robust framework to counter such challenges and safeguard individuals from the external intrusion not merely on paper but also in reality.

Introduction

Will a person be alright with some personal information getting leaked? Do people publicly declare their bank account details? Can bodily autonomy and personal space be neglected?

These questions are the exact reason that ‘Privacy’ as a concept came into existence. To make more room for individuals to govern themselves without interference or threat from external forces or people, privacy started to be seen as a fundamental right rather than being a mere constitutional right.

‘Privacy’ is a non-negotiable right as an individual or group of individuals can practice anything of their choice as a private affair, subject to it not being a threat to security or welfare of the public at large. Voting for one’s chosen party, bank account details that protect one’s money, bodily autonomy of a person; all of these are secured by the ‘right to privacy’.

Especially in the age of social media, where everyone is in the deep ocean of the virtual world, the boundaries and the physical distance has blurred, everyone is aware where a person was on a weekend; the need for protecting the privacy of persons has also witnessed a growth.

History of ‘Right to privacy’

There has been no one particular definition derived for the ‘right to privacy’, as several definitions can be formulated to describe it and all of them would be apt in its own way. The evolution of the concept can be traced back to the philosophical discussions, including significantly of Aristotle, wherein he mentioned that there should be a distinction between public life and private life- public life is largely concerned with political activity and social well-being at large where as the private life is concerned with family and domestic life.

Lord Denning advocated for the recognition of the right to privacy, so that any infringement of the right gives a course to an action for damages, although he advocated for a balanced approach with certain exceptions to the right being also recognized, such as when the public good outweighs the need for privacy.

The 1960s and 1970s saw a sparking growth in technological advancements, especially in the information technology sector. This led to worldwide support for recognizing the right to privacy as a more rigid right.

‘The right to be let alone’ was a phrase that gained attention as one of the most significant milestones for the development of modern privacy laws. This phrase was popularized by Samuel Warren and Louis Brandeis in their arguments, they firmly believed that privacy is the most cherished of freedoms of democracy.[1]

Evolution in India

The development of right to privacy in India is largely owed to the landmark cases and the judicial interpretations. The makers of the Indian constitution did not explicitly mention the right in the constitution and neither was it a part of fundamental rights. However, significant issues relating to it came to courts of Justice leading to the final interpretation of including it as an inherent part of article 21.

In the case of MP Sharma v Satish Chandra[2], the supreme Court bench of eight judges ruled in favour of search and seizure outweighing privacy laws, this attracted attention towards the need for privacy laws and the case was criticized for its neglect towards such need.

Kharak Singh v State of UP[3], was not really distinct from the case of MP Sharma, its outcome also landed on the same mark as that of the case of Sharma. In this case, a resident of UP challenged the unrestricted power of the police to search and conduct surveillance activities such as visiting at night, keeping record of personal movements and even keeping surveillance registers. The court responded to the contentions stating that the right to privacy is not an absolute right under the constitution. However, it is noteworthy that Justice Subba Rao in his dissenting opinion held that the right to life and liberty comprises dignity and the right to be alone is a facet of the right to privacy.

Govind v State of MP[4] was a landmark case, dealing with the implications and need for privacy as a right within the constitutional framework, it laid out the state interest test which tested if the individual’s right to privacy convincingly attracted larger state interest.

Writing about a person’s life and publishing it without that person’s consent is unauthorized and infringement or an individual’s right to privacy, this was stated in the case of Rajagopal v State of Tamil Nadu[5] where in the court further conveyed to strike a balance between protecting privacy and freedom of speech and expression.

PUCL vs. Union of India[6] established that phone tapping without proper legal authorization and safeguards constitutes a violation of the right to privacy. It also emphasized the importance of creating safeguards against arbitrary surveillance powers of the state, therefore it is a landmark case that laid out the foundation for cases like Justice Puttaswamy v UOI[7]. PUCL case largely dealt with implications of surveillance powers of state but 2017 case of Puttaswamy refined the interpretation and settled the havoc of confusion. Justice Puttaswamy case is a constitutional milestone in Indian jurisprudence, where the Supreme Court of India unanimously recognized the right to privacy as an intrinsic part of the right to life and personal liberty under Article 21  granted under part III of the Indian Constitution.

The Court went on to affirm that privacy is an inalienable right, deeply embedded in the values of human dignity and personal autonomy. It stated that privacy is not something granted by the state, but a natural and inherent right of every individual. This recognition positioned privacy as a pre-existing right that the Constitution protects, rather than creates.

In clarifying how privacy fits within the framework of Article 21, the judgment identified several dimensions of the right. It included bodily autonomy, such as the right to make decisions about one’s own body; decisional autonomy, involving the freedom to make personal choices about one’s life and lifestyle; and informational privacy, which relates to an individual’s right to control the dissemination and use of personal data. These facets of privacy, the Court emphasized, are essential elements of the broader guarantee of “personal liberty” under Article 21.

The judgment also laid down a crucial three-fold test of legality, necessity, and proportionality to determine the validity of any state action that seeks to infringe upon an individual’s right to privacy. According to this test, such action must be supported by a valid law (legality), must pursue a legitimate state aim (necessity), and must be the least intrusive measure available to achieve that aim (proportionality). This standard has since become an important framework in assessing government policies, particularly those involving surveillance and the collection of biometric data under systems like Aadhaar.

The judgment opened the door to progressive developments in areas such as data protection, LGBTQ+ rights, reproductive autonomy, digital surveillance safeguards, and freedom of expression in the digital age. It marked a transformative moment in Indian constitutional law, reaffirming the centrality of individual autonomy in the relationship between citizens and the state.

Understanding Basic elements and challenges to them

It is not a concept with a linear view; it is more of a multifaceted concept[8] with various elements to it.  The right to privacy protects an individual from various threats in the same way an umbrella protects from the sun as well as the rain. The various elements safeguarded under the ambit of privacy include:

Bodily privacy: the right of a person over one’s own body establishing bodily autonomy and protection against forced medical procedures, custodial violence, any other unnecessary interference that affects a person’s physical integrity and the dignity intertwined with their body. It further comprises reproductive choices as established in Suchitra Srivastava v Chandigarh Administration[9]. The court in the case held that a woman’s reproductive choices including abortion are her own and she has the right to be protected for the same under right to privacy secured under Article 21.

Decisional privacy: This comprises freedom to make person choices and intimate choices without being subject to intrusion. It involves decisions related to whom to marry- that in India majorly safeguards from the threats a couple of inter-caste marriage can face, family life, sexual orientation and one’s own identity. The discussions on sexual orientation in Navtej Singh Johar[10] which decriminalized homosexuality highlighted this dimension, and in Joseph Shine v UOI[11] this concept made it possible to strike down the criminal liability for adultery.

Information privacy: Informational privacy refers to an individual’s right to control the collection, use, and dissemination of personal data. In the digital age, where data is constantly collected by the state and private entities, this dimension is increasingly important. It encompasses issues like data protection, consent in data sharing, surveillance, and digital profiling. The recent challenge revolving around it was discussed in the Aadhar case itself.

Spatial privacy: This dimension protects the sanctity of private spaces, such as one’s home or personal environment, from intrusion. It upholds the principle that certain spaces,like one’s residence, are inviolable without lawful authority, preserving the individual’s right to live in peace and security. Spatial privacy is exactly the reason everyone can comfortably sit at home and act in the way they feel like.

Communicational privacy: This refers to the privacy of correspondence and communication, including phone calls, emails, and digital messages. It ensures that individuals can communicate freely without surveillance or interception, unless such interference is justified under law and meets the proportionality test. This concept initiated the end-to-end encryption system, to generate trust in the users that their chats and communication are secure.

Novel challenges

Aadhaar and Biometric Data: Concerns regarding data safety and its potential exploitation have been linked to the Aadhaar scheme which collects citizens’ biometric data. Although the Supreme Court upheld the constitutionality of Aadhaar, it placed some limits with regard to the privacy restrictions applied.

Government Surveillance: Surveillance technologies like facial recognition, and AI-based monitoring systems, pose dangers to individual privacy. As stated by the Supreme Court, there must be legislation aimed at controlling these surveillance activities.

Laws governing Data: The lack of a detailed data protection law puts citizens at risk of violations related to privacy. These issues are attempts to be solved by the Personal Data Protection Bill, 2019, although it has been criticized for clauses that could breach privacy.

Social Networking Sites and Privacy: Social media services and online platforms expose one’s private data and personal information for public viewing without proper consent. Accountability and responsibility concerning data practices tends to undermine the privacy of individuals.

Attempts to cope with the challenges

The Digital Personal Data Protection Act, 2023[12]: India’s first comprehensive legislation focused solely on the protection of digital personal data. It encompasses the data which is collected in India and even the data which is processed in other countries if it is about Indian citizens. It provides individuals the right to access, correct, delete their personal data, and file complaints.[13] It also requires the creation of a Data Protection Board of India to supervise compliance and ensure fines are imposed for infringement of laws. Data fiduciaries, as they are referred to, have distinct responsibilities and obligations which require them to maintain an appropriate level of transparency and accountability.

It has attracted criticism for enabling the government too many broad exemptions, particularly under loosely defined and vague expressions “sovereignty,” “public order,” and “security of the state.” These lack precise definitions and erode individual privacy safeguards.

Information Technology Act, 2000(IT Act)[14]: It continues to govern all aspects of cyber conduct and digital regulation in India. Although it does not specifically deal with data protection, under section 43A, companies that deal with sensitive personal data are assigned a set of policies to reasonably secure confidential information. In a similar vein, section 72A of the Act imposes a penalty on any person or intermediary who, without authorization, reveals personal data or does so in violation of a lawful contract. This is the foundational legal framework for a variety of privacy claims prior to the enacting of the DPDP Act.

IT Intermediary Guidelines and Digital Media Ethics Code of 2021[15]: The social media platforms and digital news content were under less restrictive government regulation prior to the 2021 IT Rules. The IT Rules, 2021 require major intermediaries like WhatsApp, Facebook, and Twitter to enable message traceability, appoint Indian compliance officers, and establish grievance redressal mechanisms. While the government justifies these measures for national security, critics argue they threaten end-to-end encryption and infringe on communication privacy, particularly in private messaging.

Sectoral regulations: Alongside the overarching legislation, there are other laws enacted by different sector-specific regulators which focus on privacy issues. The RBI mandates data localization for payment systems[16], requiring financial data of users to be stored within India. Similarly, IRDAI and SEBI enforce data protection standards[17] in the insurance and securities sectors. The UIDAI, which oversees Aadhaar under the Aadhaar Act, sets biometric data security norms, though Aadhaar continues to face scrutiny over privacy risks due to its extensive linkage with public and private services.

Cyber security Policy: India’s National Cyber Security Strategy is yet to be finalized. It will purportedly contain provisions on data protection, securing critical infrastructure, and responding to cyber incidents. The implementation of such strategies will enhance the nation’s readiness to cyber threats and aid in safeguarding digital privacy.

Conclusion

Right to privacy in today’s world is not a luxury, it is a fundamental right and the courts took long enough to recognize it but the cases like PUCL and Puttaswamy need to be celebrated for settling the most heated arguments hindering the capacity of this right. Judicial interpretations not only corrected misconceptions but laid the multifaceted concept of it covering bodily, descional, informational, communicational and other dimensions. On the lines of Article 21, DPDP Act(2023) and the IT act further showcase India’s attempt to overcome challenges of data breaches, surveillance, etc. It is to truly adopt the right to privacy as a fundamental right in all aspects. Although certain steps need to be taken apart from the already taken ones in order to cope with the advancing world by refining cyber laws and creating AI related protection frameworks.

 

 

References

1] R K Gupta, Unit 1: Introduction to Privacy and Data Protection (Indira Gandhi National Open University 2019) https://egyankosh.ac.in/bitstream/123456789/7682/1/Unit-1.pdf accessed 20 May 2025

[2] MP Sharma v Satish Chandra (1954) 1 SCR 1077 (SC).

[3] Kharak Singh v State of Uttar Pradesh (1964) 1 SCR 332 (SC).

[4] Govind v State of Madhya Pradesh (1975) 2 SCC 148 (SC).

[5] R Rajagopal v State of Tamil Nadu (1994) 6 SCC 632 (SC).

[6] People’s Union for Civil Liberties v Union of India (1997) 1 SCC 301 (SC).

[7] K S Puttaswamy (Retd.) v Union of India (2017) 10 SCC 1 (SC).

[8] Lawctopus, ‘Right to Privacy in India’ (Lawctopus, 2023) https://lawctopus.com/clatalogue/clat-pg/right-to-privacy-in-india/ accessed 20 May 2025.

[9] Suchitra Srivastava v Chandigarh Administration (2010) 6 SCC 1 (SC).

[10] Navtej Singh Johar v Union of India (2018) 10 SCC 1 (SC).

[11] Joseph Shine v Union of India (2018) 2 SCC 189 (SC).

[12] Digital Personal Data Protection Act 2023.

[13] LawBhoomi, ‘Digital Personal Data Protection Act, 2023’ (LawBhoomi, 2023) https://lawbhoomi.com/digital-personal-data-protection-act-2023/ accessed 20 May 2025.

[14] Information Technology Act 2000.

[15] Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules 2021.

[16] Moneycontrol, ‘India’s Data Localisation for Payment Systems: Origins, Evolution, and the Road Ahead’ (Moneycontrol, 2018) https://www.moneycontrol.com/news/india/data-localisation-for-payment-systems-origins-evolution-and-the-road-ahead-31832.html accessed 20 May 2025.

[17] The Wire, ‘Unpacking RBI’s Quest to Have All Payment Data Stored Within India’s National Boundaries’ (The Wire, 2023) https://thewire.in/finance/rbi-payment-data-localisation accessed 20 May 2025.