The Right to Privacy in India After K.S. Puttaswamy : Constitutional Foundations Limits and the Emerging Data Protection Framework

ABSTRACT 

The Supreme Court’s decision in Justice K.S. Puttaswamy (Retd.) v. Union of  India (2017) constitutionalized the right to privacy as a fundamental right  intrinsic to life and personal liberty under Article 21 of the Constitution of  India and integrally connected with other freedoms under Part III. This  recognition marked a decisive shift from earlier judicial uncertainty and established privacy as a cornerstone of dignity, autonomy, and democratic  citizenship. Simultaneously, India’s rapid digital transformation—characterized  by large-scale data collection, digital welfare platforms, financial technologies,  and expanded state surveillance—has intensified concerns regarding  informational control, misuse of personal data, and unchecked executive  power. This research article examines the constitutional content of the right to  privacy after Puttaswamy, focusing on the proportionality standard governing  privacy restrictions and its application in subsequent judicial decisions. It  further evaluates India’s emerging data protection framework, particularly the  Digital Personal Data Protection Act, 2023, through a constitutional lens. The  paper argues that while statutory recognition of data protection is a positive  development, effective privacy protection requires narrowly tailored state  exemptions, independent oversight mechanisms, procedural safeguards, and  meaningful remedies to ensure compliance with constitutional mandates. 

Keywords: Right to Privacy; Article 21; Proportionality; Digital  Surveillance; Data Protection; DPDP Act, 2023; Constitutional  Law 

1. INTRODUCTION 

Privacy in Indian constitutional law has evolved from a contested and implied  value into a firmly recognized fundamental right. For decades, the Supreme  Court adopted an inconsistent approach toward privacy, often treating it as a peripheral aspect of personal liberty rather than an enforceable constitutional  guarantee. However, the exponential growth of digital technologies, data driven governance, and surveillance practices compelled a re-examination of  privacy’s constitutional status. In this context, the landmark nine-judge bench  judgment in Justice K.S. Puttaswamy (Retd.) v. Union of India decisively  affirmed privacy as an essential component of life and personal liberty under  Article 21 and as a right that enables the effective exercise of other  fundamental freedoms. 

The constitutionalization of privacy has far-reaching implications. It subjects  all state actions and legislation affecting privacy to rigorous constitutional  scrutiny, demands proportionality in rights restrictions, and informs the legal  architecture governing data collection and surveillance. This paper addresses  three core questions: (i) what is the constitutional scope of the right to privacy  after Puttaswamy; (ii) how Indian courts have operationalized the  proportionality standard in privacy-related contexts; and (iii) whether India’s  data protection regime aligns with constitutional requirements. 

RESEARCH METHODOLOGY 

This research adopts a doctrinal method, relying on constitutional provisions,  statutes, judicial precedents, and scholarly writings. Comparative references  are used where relevant to contextualize India’s privacy framework. Comparative references and international instruments have been used where  relevant to contextualize Indian constitutional jurisprudence. The study is  analytical in nature and seeks to evaluate judicial reasoning and legislative  developments through a constitutional lens. 

2. LEGAL FRAMEWORK AND JUDICIAL EVOLUTION OF PRIVACY 

2.1 Early Judicial Uncertainty 

In M.P. Sharma v. Satish Chandra (1954), the Supreme Court declined  to recognize privacy as a fundamental right, reasoning that the Indian  Constitution did not contain an explicit equivalent to the Fourth  Amendment of the United States Constitution. Similarly, in Kharak  Singh v. State of Uttar Pradesh (1963), the majority rejected privacy as  a standalone fundamental right, although Justice Subba Rao’s dissent  recognized privacy as intrinsic to personal liberty. These decisions  reflected a narrow, text-centric approach to constitutional interpretation. 

2.2 Gradual Expansion under Article 21 

Subsequent jurisprudence marked a gradual shift. In Gobind v. State of  Madhya Pradesh (1975), the Court acknowledged privacy as an implied  right under Article 21, subject to reasonable restrictions. Later  decisions, such as R. Rajagopal v. State of Tamil Nadu (1994),  recognized privacy in the context of media freedom, reinforcing its  relevance to dignity and autonomy. 

2.3 K.S. Puttaswamy and Constitutional Recognition 

The Puttaswamy judgment unanimously held that the right to privacy is  a fundamental right protected under Articles 14, 19, and 21 of the Constitution. The Court overruled earlier contrary precedents and  emphasized that constitutional rights must be interpreted dynamically to  protect human dignity in changing social and technological contexts. 

3. ANALYSIS: PROPORTIONALITY AND LIMITS ON PRIVACY 

A central contribution of Puttaswamy lies in its articulation of the  proportionality framework governing privacy restrictions. Any infringement of  privacy must satisfy four essential conditions: (i) legality, requiring a valid law;  (ii) legitimate state aim; (iii) proportionality, ensuring necessity and minimal  intrusion; and (iv) procedural safeguards against abuse. This framework  ensures that privacy is not treated as an absolute right but as a protected interest  subject to constitutional discipline. 

The importance of safeguards cannot be overstated. Without independent  oversight, transparency, and effective remedies, even legitimate state objectives  risk degenerating into disproportionate surveillance. Judicial insistence on  procedural safeguards reflects a commitment to prevent arbitrary executive  action and to preserve democratic accountability. 

4. PRIVACY AND DIGITAL SURVEILLANCE IN INDIA 

Digital surveillance poses unique challenges due to its invisibility, scalability,  and potential for continuous monitoring. Indian surveillance practices are  primarily governed by the Telegraph Act, 1885, and the Information  Technology Act, 2000. Critics argue that these laws lack robust safeguards and  independent oversight mechanisms. 

In Anuradha Bhasin v. Union of India (2020), the Supreme Court emphasized  the need for proportionality, transparency, and periodic review in restrictions  affecting fundamental rights. Although not a pure privacy case, the decision  reflects judicial sensitivity to the dangers of unchecked executive power in the  digital domain. 

4.1 Chilling Effect of Surveillance on Fundamental Freedoms 

An important constitutional concern associated with digital surveillance  is its chilling effect on the exercise of fundamental freedoms,  particularly freedom of speech and expression under Article 19(1)(a)  and freedom of association under Article 19(1)(c). When individuals are  aware or suspect that their online activities, communications, or  movements are subject to continuous monitoring, they may self-censor  their opinions or avoid participating in lawful political or social  activities. This indirect suppression of rights undermines democratic  discourse and pluralism. 

The Supreme Court in K.S. Puttaswamy recognized that privacy is not  merely an individual right but a condition precedent for the meaningful  exercise of other fundamental freedoms. Surveillance without adequate  safeguards can therefore have consequences beyond privacy, affecting the democratic fabric itself. Journalists, activists, lawyers, and political  dissenters are particularly vulnerable, as surveillance may compromise  confidential sources, professional privileges, and the freedom to  criticize the state without fear. 

From a constitutional perspective, surveillance measures must be  narrowly tailored and accompanied by strong oversight mechanisms to  prevent abuse. The absence of transparency and independent review  increases the risk of arbitrary action, which is antithetical to  constitutional governance. 

5. DATA PROTECTION AND THE DPDP ACT, 2023 

The Digital Personal Data Protection Act, 2023, represents India’s first  comprehensive attempt to regulate personal data processing. The Act  introduces consent-based processing, obligations for data fiduciaries, and rights  for data principals. From a constitutional perspective, the Act is significant in  operationalizing informational privacy. 

However, concerns persist regarding broad exemptions granted to the State and  the limited independence of the Data Protection Board. If exemptions are  framed too broadly, they risk diluting the proportionality standard established  in Puttaswamy and undermining effective privacy protection. 

5.1 Informational Privacy and Consent Fatigue 

While the DPDP Act, 2023, emphasizes consent as the primary basis for  lawful processing of personal data, over-reliance on consent presents practical challenges. In the digital ecosystem, individuals are frequently  confronted with lengthy and complex privacy notices, resulting in what  is commonly described as “consent fatigue.” Users often consent  without fully understanding the scope, duration, or consequences of  data processing. 

From a constitutional standpoint, consent must be meaningful to serve  as a safeguard for autonomy and dignity. Consent obtained through  coercive terms, lack of alternatives, or asymmetry of power—especially  where essential services are involved—raises serious concerns. Welfare  schemes, employment platforms, and financial services often leave  individuals with little choice but to agree, thereby weakening the  protective value of consent. 

Therefore, constitutional privacy requires that consent be supplemented  with substantive safeguards such as purpose limitation, data  minimization, and accountability obligations on data fiduciaries. This  ensures that informational privacy is not reduced to a formalistic  exercise but remains a substantive right. 

5.2 Data Minimization and Purpose Limitation as Constitutional  Requirements 

An essential component of informational privacy is the principle of data  minimization, which requires that only such personal data be collected  as is strictly necessary to achieve a specific and lawful purpose. Closely  linked to this is the principle of purpose limitation, which mandates that  data collected for one purpose should not be used for unrelated  objectives without fresh legal authorization or valid consent. These  principles are central to constitutional proportionality, as they ensure  that privacy intrusions are limited in scope and duration. 

In the Indian context, large-scale data collection initiatives, particularly  in governance and welfare delivery, raise concerns regarding over collection and function creep. Data initially collected for legitimate  purposes may later be repurposed for surveillance, profiling, or  enforcement activities, thereby exceeding the original justification. 

Such practices dilute constitutional safeguards and undermine public  trust. 

The Supreme Court in K.S. Puttaswamy cautioned against excessive  and indiscriminate data collection, emphasizing that informational  privacy requires continuous oversight and limitation. The DPDP Act,  2023, partially reflects these concerns by incorporating obligations  relating to purpose limitation; however, the effectiveness of these  provisions depends on strict enforcement and narrow interpretation of  state exemptions. Without meaningful implementation, data  minimization risks remaining a formal principle rather than a  substantive constitutional safeguard. 

6. COMPARATIVE PERSPECTIVE 

International instruments such as Article 12 of the Universal Declaration of  Human Rights and Article 17 of the International Covenant on Civil and  Political Rights recognize privacy as a human right. The European Union’s  General Data Protection Regulation (GDPR) offers a robust accountability based model that emphasizes transparency, data minimization, and strong  enforcement mechanisms. India can draw valuable lessons from these  frameworks while tailoring solutions to its constitutional and social context. 

6.1 International Human Rights Jurisprudence on Privacy 

Privacy has long been recognized as a fundamental human right in  international law. Article 12 of the Universal Declaration of Human  Rights and Article 17 of the International Covenant on Civil and Political Rights prohibit arbitrary interference with privacy, family,  home, or correspondence. International human rights bodies have  interpreted these provisions to require legality, necessity, and  proportionality in state surveillance practices. 

The jurisprudence of the European Court of Human Rights (ECHR) has  consistently emphasized that surveillance regimes must be accompanied by adequate and effective guarantees against abuse. These  include clear legal provisions, independent authorization, oversight  mechanisms, and effective remedies. Such standards reinforce the  principles articulated by the Indian Supreme Court in Puttaswamy,  demonstrating convergence between domestic constitutional law and  international human rights norms. 

India’s constitutional commitment to privacy must therefore be  understood within this broader global framework, strengthening the  argument for robust safeguards and accountability mechanisms. 

7. FINDINGS AND OBSERVATIONS 

This study finds that while the constitutional recognition of privacy marks a  significant milestone, effective enforcement remains a challenge. Weak  oversight mechanisms, broad state exemptions, and limited public awareness  hinder meaningful realization of privacy rights. Judicial scrutiny has improved  accountability, but legislative and institutional reforms remain necessary. 

7.1 Role of Judiciary in Strengthening Privacy Protection

The judiciary plays a critical role in translating constitutional  recognition of privacy into effective protection. Post-Puttaswamy,  Indian courts have shown increasing willingness to scrutinize executive  actions that affect privacy, particularly in matters involving digital  restrictions, surveillance, and data collection. 

Judicial review serves as an essential check on executive discretion,  ensuring that privacy restrictions adhere to constitutional standards of  proportionality and fairness. However, courts alone cannot safeguard  privacy in the absence of strong legislative frameworks and institutional  mechanisms. Judicial interventions must therefore be complemented by  clear laws, independent regulators, and informed public participation. 

7.2 Public Awareness and Digital Literacy 

Legal protection of privacy cannot succeed without public awareness.  Many individuals remain unaware of how their data is collected,  processed, and shared. Enhancing digital literacy and awareness of  privacy rights is essential to empower citizens to exercise informed  choices and seek remedies when violations occur. A rights-based digital  culture strengthens constitutional democracy and accountability. 

7.3 Technology, Artificial Intelligence, and Future Privacy Risks 

Emerging technologies such as artificial intelligence, facial recognition  systems, and predictive analytics present new challenges to the  constitutional right to privacy. These technologies enable automated  decision-making and large-scale profiling, often without transparency  or explainability. When deployed by the state, such systems can affect  access to welfare, employment, policing, and public services, raising  concerns of arbitrariness and discrimination. 

From a constitutional perspective, the use of such technologies must be  subject to heightened scrutiny. Automated systems should not replace  human judgment in matters affecting fundamental rights without  adequate safeguards. Transparency, auditability, and accountability are  essential to prevent misuse and ensure compliance with constitutional principles. As India advances technologically, privacy protection must  evolve to address these future risks proactively. 

8. CONCLUSION AND RECOMMENDATIONS 

The recognition of privacy as a fundamental right underscores the  Constitution’s commitment to dignity, autonomy, and democratic governance.  To translate this promise into reality, India must ensure narrowly tailored state  exemptions, strengthen institutional independence, enhance transparency in  surveillance practices, and provide accessible remedies. A privacy-respecting  digital governance framework is essential for sustaining public trust and  constitutional democracy. 

REFERENCES (BLUEBOOK STYLE) 

1. Justice K.S. Puttaswamy (Retd.) v. Union of India, (2017) 10 SCC 1.
2. M.P. Sharma v. Satish Chandra, AIR 1954 SC 300.
3. Kharak Singh v. State of Uttar Pradesh, AIR 1963 SC 1295.
4. Gobind v. State of Madhya Pradesh, (1975) 2 SCC 148.
5. R. Rajagopal v. State of Tamil Nadu, (1994) 6 SCC 632.
6. Anuradha Bhasin v. Union of India, (2020) 3 SCC 637.
7. Constitution of India, arts. 14, 19, 21. 
8. Digital Personal Data Protection Act, 2023. 
9. Universal Declaration of Human Rights art. 12 (1948).