Feb 7, 2023

The Right to Privacy

By Mihir Wagh


On 24th August 2017, in a landmark judgement  in Puttaswamy v. Union of India, a nine-judge bench of the Supreme Court ruled that the right to privacy is a fundamental right guaranteed by the Indian Constitution. The Court reasoned that this right stems from Part III of the Indian Constitution. It includes Articles 14, 15, and 21, is  indispensable and absolutely necessary to protect and safeguard the freedoms of the Indian people. Not only would the Court establish new precedent, it would also signal a change in how the Supreme Court analysed cases on individual liberty, by overturning decades of legal precedent. 

This article delves into what the right to privacy means in the Indian context, the implications of this judgement, and subsequent jurisprudence of the Court.

What Does the Right to Privacy Entail?

The Right to Privacy has no one definition. One possible way to define it is that privacy is a fundamental right that every person has, just by virtue of being alive. It contains protections from the state and in some cases from private entities’ monitoring, bodily integrity, autonomy, dignity, confidentiality, compelled speech, and the freedom to move, think, and express oneself. The right to privacy also acts as a barrier against surveillance and censorship, by protecting the information and data of the person in question. It also affects our freedom of speech. It is often viewed as a crucial prerequisite for fulfilling the right to freedom of expression. Unlawful invasions of a person’s privacy can restrict the free exchange of ideas both directly and indirectly.

In today’s world, there has been a massive rise in gathering, storing, and distributing personal information. It is possible that someone can collect this information without the person’s consent and use it to monitor or target them .. The state can infringe upon an individual’s right to privacy when it believes that the interest of violating the right to privacy is proportional to the impact of the violation. 

This leads to the question of what the right to privacy means in an Indian sense, and which rights emerge from this judgement. 

LGBTQ Rights

One of the most integral rights derived from this judgement is the right of two consensual adults to engage in sexual activities, particularly homosexual acts. While Section 377 of the Indian Penal Code was formally struck down by the Supreme Court in Navtej Singh Johar v. Union of India, much of the foundation and framework was borrowed from Puttaswamy v. Union of India. The Court was of the opinion that “Sexual orientation is an essential attribute of privacy. Discrimination against an individual on the basis of sexual orientation is deeply offensive to the dignity and self-worth of the individual” and that the rights of the members of the LGBTQ community “dwell in privacy and dignity”. The court used this reasoning to strike down Section 377 of the Indian Penal Code. 

Abortion Rights

While highlighting the privacy of choice, in the case of K S Puttaswamy, the Supreme Court stated that “The freedom of a woman to choose whether to bear a child or abort her pregnancy is a matter that falls within the realm of privacy.” he Supreme Court of India has upheld women’s rights to make decisions about their reproductive health in other cases, such as the case of Suchita Shrivastava vs. Chandigarh Administration. It asserts that these rights fall under the parameters of personal liberty as defined in Article 21. An important judgement regarding bodily autonomy is X v. Health & Family Welfare Department, where the Court held “The intersection between one’s mental integrity and privacy entitles the individual to freedom of thought, the freedom to believe in what is right, and the freedom of self-determination”. 

Data Protection

Another integral aspect of the right to privacy is the protection of personal data. An individual’s right to privacy is not fully and explicitly protected by law in India. The Information Technology Act, 2000, and its regulations cover the law governing data protection and privacy in India today. According to section 43A of the IT Act, a body that controls, handles, or deals with any sensitive private information or data and doesn’t have reasonable security practises and causes damages to someone can be held liable to pay damages to them. Section 72A states that personal information disclosed knowingly or intentionally without the subject’s consent or in violation of a valid contract is punishable by up to three years in prison and a fine of Rs. 5,000,000. This Section only comes into play when some loss is caused to the subject. 

Section 69 of the Act allows the government to, in certain cases, order any government organisation to collect, analyse, or decrypt any data generated, sent, collected, or maintained in any computer system, or to cause such interception, monitoring, or decryption to occur. 

To address concerns about data privacy, the Ministry of Electronics & Information Technology set up a Joint Parliamentary Committee. They tasked the Committee with reviewing and recommending changes to a draft Bill (Personal Data Protection Bill, 2019). However, that Bill was withdrawn from the Parliament, leading to the Data Protection Bill being introduced in 2022. This Bill attempts to combat some of the deficiencies of the current regulations of privacy. The DPDP Bill is applicable to “personal data” (defined as any data about a person who may be identified from or in connection with such data). This includes personal data acquired online that has been converted to digital form for processing. When it comes to offline data, however, due to conflicting Clauses 4(1) and (3), the Bill is ambiguous in nature. This definition is narrower than that of the previous bill. It addresses three significant parties involved in the data processing cycle:

  • data fiduciary- any individual who, along with other stakeholders, determines the intent and means of handling data;
  • (ii) data processor – any individual who handles data on behalf of data fiduciary; and 
  • (iii) data principal – the person to whom the personal data relates; in the case of children (i.e., those who are under 18 years old), this will include their parents or their legal guardian. 



All of this points to the fact that the Right to Privacy in India is still in its nascent stage. While the Puttaswamy verdict was undoubtedly a step in the right direction, which was followed by subsequent judgements that upheld more rights to privacy, the government still has to formulate laws that protect all aspects of privacy. The Right to Privacy is a fundamental right. It is time that its benefits become more universal.

Have a question you want to ask our legal experts?