Sangeeth Krishna G S·
Article WritingConstitution of IndiaGeneral
··
Last updated:
·83 views

Constitutional Right To Privacy And Its Implication For Data Protection Laws

About the authors:

  • Anjali Gurunath Naik, 5th Year BA LLB, Kerala Law Academy, Thiruvananthapuram
  • Maneesha Gopal, , 4th year B. A LL.B, Government Law College Thiruvananthapuram

  • Introduction

Fundamental Rights are those inalienable rights that are available to every individual, which are essential for the enjoyment of life with dignity. There exist numerous international treaties and covenants like the International Convention on Civil and Political Rights, the International Convention on Economic and Social Rights, etc.  which mentions the cultural, economic, and political rights of individuals, such as the right to life, the right to liberty, the right of association, and the right to freedom of religion. These treaties impose an obligation on the signatories to assure the rights of the individual. But the right to privacy as such has not been in the limelight for long. Even in India, the earlier constitution interpretation was that right to privacy was not protected in the Constitution, but later the courts changed their view and in the digital era the term privacy has gained extra significance due to the risks that can arise due to data breaches and encroachment over the privacy of an individual.

  • Evolution of right to privacy 

Right to privacy as such is not recognized in the Constitution and the discussion of right to privacy has emerged through a series of case laws starting from 1954. In the MP Sharma v. Satish Chandra[1] case, the Supreme Court decided in favour of the practice of search and seizure when contrasted with privacy.  During the 1970s there was a slight shift in the court’s approach. The minority view in Kharak Singh[2] case by Subha Rao J shows the scope for a widened interpretation of Article 21 to include the right to privacy. In the judgment it is stated that – “our Constitution does not expressly declare a right to privacy as a fundamental right, but the said right is an essential ingredient of personal liberty”.[3]

While in all the above cases, the concept of privacy was related to the physical realm or relating to physical privacy, the 1997 PUCL v Union of India[4] further evolved the notion of privacy to include personal communications, holding that “the right to hold a telephone conversation in the privacy of one’s home or office without interference can certainly be claimed as right to privacy”.[5]  But these interpretations of Privacy as a right again came up in the Supreme Court in the petition of Justice K.S Puttaswamy & Another v. Union of India and Others[6]which turned out to be a landmark case regarding privacy in India.

  • Puttaswamy verdict

The Supreme Court in a landmark judgement on 24 August 2017 unanimously ruled that privacy is a fundamental right and held that the right to privacy is protected as an intrinsic part of the right to life and personal liberty, as a part of the freedoms guaranteed by Part III of the Constitution. The Bench also ruled that the right to privacy is not absolute, but is subject to reasonable restrictions (as is every other fundamental right).[7] The court also mentioned that privacy is not lost or surrendered merely because the individual is in a public place and Privacy attaches to the person since it is an essential facet of the dignity of the human being.[8]  The  Puttaswamy judgement overruled the decision  in M.P Sharma[9] case and also the decision in Kharak Singh to the extent that it holds that the right to privacy is not protected by the Constitution. This historic judgement resulted in declaring privacy as an inherent freedom of an individual and made it on par with the other important freedoms like right to equality, free speech and expression, religion and a myriad of other important fundamental rights essential for a dignified existence subject to reasonable restrictions of public health, morality and order.

  • Article 21 as a right to privacy

Article 21 of the Indian Constitution involves the right to privacy of an individual or group of persons. The following are the features of Article 21 as a right to privacy.

  1. Inherent Right: The right to privacy is considered inherent in the right to life and personal liberty under Article 21.
  2. Personal Autonomy: Individuals have the right to make personal choices without unwarranted interference, safeguarding personal autonomy.
  3. Freedom from Surveillance: Protection against arbitrary or unauthorized surveillance by the state or private entities.
  4. Informational Privacy: Recognition that individuals have the right to control their personal information, preventing its unauthorized collection and dissemination.
  5. Dignity and Personal Space: Upholding an individual’s dignity by safeguarding their personal space from unwarranted intrusion.
  6. Consent and Choice: Emphasizing the importance of informed consent and the right to make choices without coercion.
  7. Constitutional Safeguard: The right to privacy is not explicitly mentioned but is derived from the broader interpretation of Article 21.
  8. Balancing Test: The courts may balance individual privacy rights with legitimate state interests to ensure a fair equilibrium.
  • International perspective

The courts may consider international treaties and conventions to interpret and reinforce the right to privacy. Article 21 safeguards the private sphere, shielding individuals from unwarranted intrusions into personal matters. It Implies limitations on the government’s power to infringe upon an individual’s privacy without a justifiable cause and extends to all individuals, irrespective of citizenship, emphasizing its universal nature.

  • Right to privacy and data protection

At the time of Puttaswamy verdict when discussions happened related to the existence of the right to privacy there were also deliberations relating to the potential violation of this right with the evolving technologies. Justice S.K Kaul, in his judgment mentioned about the vulnerabilities posed by State and non -State actors and voiced the privacy concerns against the state and non-state actors.

The growth and development of technology has created new instruments for the possible invasion of privacy by the State, including through surveillance, profiling and data collection and processing.”[10] The capacity of non-State actors to invade the home and privacy has also been enhanced and, in this digital age, individuals are constantly generating valuable data which can be used by non-State actors to track their moves, choices and preferences. Data is generated not just by active sharing of information, but also passively, with every click on the ‘world wide web’. We are stated to be creating an equal amount of information every other day, as humanity created from the beginning of recorded history to the year 2003, enabled by the ‘world wide web’.[11]

Hence the court mentioned that there is an ever-growing need for a data protection regime and considered it important that the State put forth a regime of data protection that balances legitimate state interests and an individual’s privacy concerns, giving due regard to the consent of the individual for the collection and usage of data. At the time of the Puttaswamy verdict, there was no legislation in India which explicitly deals with data protection in the digital realm, but the court mentioned the need for having a legislation on that matter.

  • Digital personal data protection law, 2023

The Information Technology Act 2000 is the special legislation in India which deals with digital technology and this act brought major changes regarding the legal validity of electronic documents and the recognition of Digital Signature. But The IT Act does not create a privacy right in itself and the provisions of IT act was found to be insufficient to govern the concerns and disputes that arise from the way data (including personal data) is handled, stored, and shared. The Justice Srikrishna Committee[12]report on data protection, has mentioned about the digital revolution in the world and how it has influenced India towards a digital economy.[13] In this transition, data has become an invaluable asset as well as a dangerous weapon. While data can be put to beneficial use, the unregulated and arbitrary use of data, especially personal data, has raised concerns regarding the privacy and autonomy of an individual.[14]

Later the parliament passed The Digital Personal Data Protection Act, 2023 which is an Act to provide for the processing of digital personal data in a manner that recognises both the right of individuals to protect their personal data and the need to process such personal data for lawful purposes and for matters connected therewith or incidental thereto.[15]  The act contains provisions that deal with the obligations of data fiduciaries, rights and duties of data principal and also mentions some special provisions relating to transfer and processing of data.  As per this act personal data may be processed only for a lawful purpose upon consent of an individual.  Consent may not be required for specified legitimate uses such as voluntary sharing of data by the individual or processing by the State for permits, licenses, benefits, and services.[16]

  • Conclusion

The constitutional right to privacy envisages the existence of the right of an individual to lead a dignified life devoid of any unnecessary intrusion by State or non-state actors. In conclusion, the right to privacy and data protection in India is an evolving legal landscape that is influenced by judicial decisions and legislative initiatives. The Supreme Court’s recognition of the right to privacy as a fundamental right has brought attention to the need for comprehensive data protection and privacy laws in the country. The enactment of the Digital Personal Data Protection Act, 2023 will be a significant step towards the protection of individual’s privacy rights and the regulation of the processing of personal data in India. As the legal framework for privacy and data protection continues to develop, it is essential for the government to ensure that individuals’ privacy rights are adequately safeguarded, and that data controllers and processors adhere to data protection regulations.

[1] MP Sharma v. Satish Chandra, (1954) 1 SCR 1077

[2] Kharak Singh v. State of U.P., AIR 1963 SC 1295.

[3] Ibid

[4] People’s Union for Civil Liberties (PUCL) v. Union of India, (1997) 1 SCC 301.

[5] Id, ¶18.

[6] [Writ Petition (civil) No. 494 of 2012]

[7] Ibid

[8] Ibid

[9] (1954) 1 SCR 1077

[10] S.K Kaul J, Justice K.S Puttaswamy & Another vs. Union of IndiaWRIT PETITION (CIVIL) NO. 494 OF 2012; https://www.scobserver.in/wpcontent/uploads/2021/10/Right_to_Privacy__Puttaswamy_Judgment_1-497-543.pdf

[11] Ibid (Justice SK Kaul referred to the work of Michael L. Rustad, Sanna Kulevska Titled ‘Reconceptualizing the right to be forgotten to enable transatlantic data flow’ published in 28 Harv. J.L. & Tech. 349)

[12] Srikrishna Committee Report on Data Protection, 27 July 2018

[13] Ibid

[14]  Srikrishna Committee Report — [Data Protection]. 27 July 2018.

[15] Preamble, THE DIGITAL PERSONAL DATA PROTECTION ACT, 2023 (NO. 22 OF 2023)

[16] https://prsindia.org/billtrack/digital-personal-data-protection-bill-2023 (last accessed on 23/12/2023)

Related