The proliferation of Information Technology (IT) has transformed the way personal data is generated, stored, processed, and shared. With this digital revolution, however, comes a heightened risk of misuse, unauthorized access, surveillance, and data breaches. This technological shift has had a profound impact on the Right to Privacy, a right that is increasingly recognized as essential in a democratic society. In India, the evolution of privacy protection has been shaped by both legislative developments such as the Information Technology Act, 2000 and judicial pronouncements that have responded to modern challenges.
Recognition of Right to Privacy in India
Historically, the Right to Privacy was not explicitly mentioned in the Constitution. However, judicial interpretations over time expanded the scope of Article 21 – Right to Life and Personal Liberty to include privacy.
The most pivotal case in this regard is the Justice K.S. Puttaswamy (Retd.) v. Union of India (2017). The Supreme Court of India, in a unanimous decision by a nine-judge bench, held that the Right to Privacy is a fundamental right under Articles 14, 19, and 21. The Court emphasized that informational privacy, i.e., the ability of a person to control access to their personal data, is an essential aspect of this right.
The Role of Information Technology in Privacy Violations
While technology has enabled better connectivity and services, it has also led to mass data collection and surveillance. Digital platforms, mobile applications, social media, facial recognition systems, and AI tools constantly collect personal data including names, locations, browsing habits, and biometric details.
These platforms often lack transparency in how data is used. Unauthorized surveillance, data leaks, and targeted advertising have become increasingly common. Notably, incidents such as the Aadhaar data leak, WhatsApp spyware (Pegasus) case, and the Cambridge Analytica scandal illustrate the dangers posed by unregulated digital systems.
Relevant Provisions in the Information Technology Act, 2000
The Information Technology Act, 2000 is India’s primary legislation governing cyber activities, data protection, and electronic governance. It was amended in 2008 to include provisions for safeguarding privacy.
Key Sections relevant to privacy include:
- Section 43A: Imposes liability on companies for failure to protect sensitive personal data. If a body corporate is negligent in implementing reasonable security practices and this causes wrongful loss or gain, they must pay compensation to the affected person.
- Section 72: Prohibits service providers from disclosing personal information without consent. Violation leads to penalties.
- Section 66E: Penalizes capturing, publishing, or transmitting images of a person’s private areas without their consent. It specifically addresses bodily privacy in the digital realm.
These sections aim to establish accountability and ensure that entities handling personal data follow security protocols.
Judicial Responses and Landmark Cases
- Justice K.S. Puttaswamy (2017)
- As mentioned, this case established privacy as a fundamental right and stressed the need for data protection in the digital age.
- Aadhaar Case – Justice K.S. Puttaswamy v. Union of India (2018)
- The Supreme Court upheld the constitutional validity of Aadhaar but imposed restrictions on its use. It ruled that Aadhaar could not be made mandatory for private services like telecom and banking, recognizing the risk of profiling and mass surveillance.
- Shreya Singhal v. Union of India (2015)
- The Supreme Court struck down Section 66A of the IT Act, which criminalized offensive messages sent through communication devices, for being vague and unconstitutional. It was a significant victory for online freedom and indirectly supported privacy by resisting overbroad surveillance powers.
- PUCL v. Union of India (1997) – Telephone Tapping Case
- Although predating the IT Act, this case laid foundational principles by stating that surveillance must be subject to procedural safeguards. It emphasized that privacy cannot be compromised arbitrarily.
- WhatsApp Privacy Policy Case (2021, Delhi HC)
- Raised concerns over how WhatsApp shares data with parent company Facebook. The court acknowledged the importance of data privacy and the need for clear user consent under Indian and international norms.
Emerging Framework: Digital Personal Data Protection Act, 2023
To meet global data protection standards like the GDPR, India passed the Digital Personal Data Protection (DPDP) Act, 2023. This new law complements the IT Act and introduces key rights and obligations:
- Consent-based data processing
- Right to access, correct, and erase personal data
- Grievance redressal mechanisms
- Significant penalties for violations
The DPDP Act reflects the concerns raised in Puttaswamy and aligns with modern privacy needs in a digital society. However, the effectiveness of this legislation depends on its enforcement and the establishment of a robust Data Protection Board.
Challenges Ahead
Despite these laws, challenges remain:
- Lack of awareness among users about privacy rights
- Inadequate cybersecurity infrastructure
- Data breaches due to poor enforcement
- Excessive data collection by government and private players
- Ambiguities around consent and cross-border data flows
There is a need for better coordination between technology providers, the government, and civil society to ensure that digital innovation does not compromise individual liberty.
