Balancing Digital Privacy and State Surveillance: Comparative Perspectives from India, the USA, and the EU

Introduction

The rapid digitalization of modern society has transformed how individuals communicate, store information, and interact with governments and corporations. With this transformation, the right to privacy has emerged as one of the most important yet contested areas of law. At the same time, states increasingly invoke national security and public interest as justifications for mass surveillance, data collection, and intrusive technologies. The tension between individual liberty and state security is not new; however, in the digital era, the scale and sophistication of surveillance raise unprecedented challenges.

This article examines how three major jurisdictions—India, the United States, and the European Union (EU)—have approached this balance. It argues that while each has developed distinct privacy frameworks shaped by history, constitutional culture, and judicial interpretation, none have achieved a perfect equilibrium. The comparative analysis suggests that the most sustainable model is one that embeds transparency, proportionality, and independent oversight into state surveillance practices.

1. Theoretical Foundations: Privacy as a Right in International and Domestic Law The concept of privacy is embedded in international human rights law. Article 12 of the Universal Declaration of Human Rights (UDHR) (1948) and Article 17 of the International Covenant on Civil and Political Rights (ICCPR) (1966) recognize the right to be free from “arbitrary interference with privacy, family, home, or correspondence.” These provisions have informed domestic courts and legislatures across the world.

At the constitutional level:

• In India, privacy was judicially recognized as a fundamental right in Justice K.S. Puttaswamy v. Union of India (2017), grounded in Article 21 (right to life and personal liberty).
• In the United States, privacy has no explicit constitutional mention but is derived from the Fourth Amendment, which protects against “unreasonable searches and seizures.” Judicial precedents have expanded this to cover electronic surveillance.
• In the EU, privacy is both a fundamental right under Article 7 of the Charter of Fundamental Rights of the EU, and data protection is separately protected under Article 8—making the EU unique in treating data protection as a distinct enforceable right.

Thus, while all three jurisdictions recognize privacy, the degree of protection and the scope of permissible state surveillance vary widely.

III. India’s Framework

1. Recognition of Privacy

For decades, Indian courts oscillated on whether privacy was a “fundamental right.” This uncertainty was settled in Puttaswamy (2017), where a nine-judge bench held privacy to be intrinsic to life and liberty under Article 21. The judgment emphasized proportionality and necessity as standards that justify legitimate state infringement.

2. Data Protection Law

India passed the Digital Personal Data Protection Act, 2023, attempting to regulate processing of personal data by governments and private companies. However, critics argue that the Act grants the Union Government sweeping exemptions in the name of national security, undermining the proportionality test articulated in Puttaswamy.

3. Surveillance Controversies

• Aadhaar: The biometric identity system has been criticized for enabling mass surveillance and data misuse. Despite Supreme Court rulings limiting its mandatory use, Aadhaar remains deeply integrated in welfare and financial systems.
• Pegasus spyware revelations (2021): Allegations that government agencies used Israeli spyware to target activists, journalists, and politicians raised concerns of unchecked surveillance without judicial oversight.
• Telecommunication rules: Laws like the Telegraph Act (1885) and Information Technology Act (2000) contain broad powers for interception and monitoring, often criticized for lacking sufficient safeguards or independent review.

In essence, India’s constitutional recognition of privacy has not been matched by robust institutional safeguards, leaving surveillance practices vulnerable to abuse.

The United States

1. Constitutional and Legal Basis

• The United States has a long tradition of surveillance justified on national security grounds, particularly post-9/11. The Patriot Act (2001) granted sweeping interception and data-gathering powers, while the Foreign Intelligence Surveillance Act (FISA) created special courts to authorize secret intelligence operations.

The Fourth Amendment—which guards against unreasonable searches—serves as a limit. However, courts have allowed significant exceptions, especially in cases involving third-party doctrine (data held by service providers).

2. Snowden Revelations (2013)

The disclosures by Edward Snowden revealed the PRISM program and other National Security Agency (NSA) initiatives, showing mass surveillance of domestic and international communications. This spurred debates and legislative reforms.

3. Recent Reforms

The USA FREEDOM Act (2015) attempted to scale back bulk collection of metadata and introduced some transparency requirements. Yet critics argue surveillance practices remain expansive, and judicial review is weak because FISA courts operate in secrecy.

Overall, the U.S. framework tilts towards security over privacy, mitigated only partially by civil society activism and periodic reforms.

The European Union

1. Legal Framework

The EU has one of the world’s strongest legal regimes for privacy and data protection. The General Data Protection Regulation (GDPR) (2018) sets stringent requirements on data collection, use, and transfer, with significant penalties for violations. Its extraterritorial scope makes it a global standard-setter.

2. Role of Courts

The Court of Justice of the EU (CJEU) has delivered landmark judgments imposing limits on surveillance:

• Digital Rights Ireland (2014) struck down mass retention of telecom data.
• Schrems I & II invalidated U.S.-EU data transfer frameworks due to insufficient safeguards against surveillance.

The European Court of Human Rights (ECHR), in cases like Big Brother Watch v. UK (2018), has also critically examined government surveillance, emphasizing necessity and proportionality.

3. Member State Practices

While EU law is robust, controversies persist (e.g., mass surveillance in France and the UK). However, strong judicial oversight mechanisms prevent unchecked intrusion.

Thus, the EU model uniquely combines constitutional recognition, regulatory framework (GDPR), and judicial activism, making it the most privacy-protective framework among global democracies.

1. Comparative Analysis

India struggles with implementation gaps: despite constitutional recognition, surveillance laws allow broad unchecked state powers.

The USA prioritizes national security, tolerating surveillance-heavy mechanisms, but maintains a tradition of public scrutiny and periodic reform.

The EU has institutionalized privacy through laws and courts, setting high global standards but still facing tensions between security needs and individual freedoms.

Key distinctions:

• Constitutional embedding: Strongest in EU (explicit), moderate in India (judicial recognition), and weak in US (derivative from Amendments).
• Oversight mechanisms: Strong in EU (independent regulators, courts), weaker in US (secretive FISA courts), weakest in India (executive-controlled authorizations).
• Balancing test: EU firmly applies proportionality; India aspires to but falls short; US often bypasses it in the name of security.

VII. Conclusion and Recommendations

The conflict between digital privacy and state surveillance is unlikely to subside in a world marked by terrorism, cyber threats, and evolving technologies. Yet, as this comparative study shows, legal systems can craft different balances:

• India must shift from formal recognition to institutional enforcement, ensuring judicial review and limiting broad executive exemptions.
• The United States should reform secretive surveillance practices with greater transparency and accountability, while reassessing the third-party doctrine in the digital age.
• The European Union, while a global leader, must ensure that counter-terrorism measures remain consistent with fundamental privacy rights.

Globally, there is an urgent need for a harmonized standard, rooted in basic international norms—necessity, proportionality, and independent oversight. Without such safeguards, the promise of the digital age risks collapsing into a surveillance society.