History of right to privacy

Reading time : 10 minutes

Privacy is not a present day notion, if we see the history in which it matured and grown this far it is by getting knocked down every way possible. It has its own destitution from not being  mentioned to being one of the most controversial, delusional and unsettled fundamental right in India. From household to constituent assembly nobody talked about it in past, but world has changed now. People just not talk about it rather they demand it. Before in year 1954 Supreme Court begin to face the questions regarding the privacy in MP Sharma vs Satish Chandra1case but till now it is a never ending notion that might  last a long way. Privacy never got the attention it needed and was ignored. By the time domain of privacy has expanded to the extent that Now it became a question of at most importance, it is question of people, who has entered a new era of technology, who won’t accept privacy as simply a question mark, they won’t give away their privacy just for the larger interest of the state, We need a convincing solution which feeds the need of privacy of people as well as interest of the state.

On 24th august 2017, in the landmark case of  Puttuswamy v. union of India2a 9 judge bench of the supreme court of India grants privacy as a fundamental right making it as the most major  judgment in the timeline of privacy. Supreme Court declared that right to privacy will come under part III of the Constitution and this right will be stated in the fundamental right to life and liberty under Article 21. If we see the background of this judgment we see how big an achievement it was for people of India. This judgment was stated as the effect of the aadhaar case when it was argued on the fact that the constitution of India does not include privacy as a fundamental right of people. It was argued based on two crucial cases first being M.P. Sharma vs. Union of India3,  by 8 judge bench and the second one being Kharak Singh vs. State of Uttar Pradesh4, decided by 6 judge bench. M P Sharma was handled with right against self incrimination whereas Kharak Singh case was on whether intrusion into a person’s home is a breach of liberty, but at that situation there wasn’t any regarding right to privacy  in the Indian constitution. The landmark judgment of Supreme Court in the case of Puttuswamy v. union of India5 has put a deep impact and made a big milestone by making it the most important judgment which added and after a long span of time connected the history of privacy and evolved and arised as a Fundamental right which was long awaited.

 Necessity for the privacy in the society

Privacy matters a lot when we talk about an individual who want to maintain his or her reputation in a certain way, in that scenario privacy place a very major role. It is more about respecting each other’s privacy as well as their private space so that people can grow up and deal with their own private matters without any interference. Privacy make people strong independent a give them some hold on their personal like and give them a space to grow and think about themselves without getting judged by others. Privacy gives them a chance of redemption, a sense of understanding, a space to think and this help people to think positively and protect them from guilt feelings, revenge, vengeance etc.

An individual always like to control the data related to himself or herself  as to what extent they want the world to know about it. The most important and strong benefit of privacy is that it stops the government to put its nose anywhere and everywhere.

 Post Right to privacy as  Fundamental right

If we all observe the present status of right to privacy we can very rightly say that at present right to privacy has more importance than before maybe because of the ongoing development in the technology or can be because of the power of information which can be misused very easily and also on a very bigger scale, if control is taken by the Wrong people. It can be as strong as a weapon that can shake and uplift the whole political system of the country and can get its citizen on a very higher level of risk. This is what makes privacy so important and crucial to be protected from both private and public players who are engaged in the social media intermediaries as well as the government. Both if given exclusive powers can misuse it. We have to understand the power of information and understand that privacy is as important as transparency and nothing should impact their interplay it should be balanced and should exist with each other that is the only way both the powers can be used effectively without harming

 anyone and by this we can keep a balance and a check on authorities as well as people who can misuse privacy if given absolutely.

How Technology can be Threat to privacy:

The Technological advanced era that we are living in has both positive and negative effects to us. It has given both ethical and juridical problems which are new and different than the old ones. There are some challenges that we are facing in this era that are the biggest threat to right to privacy,

Call tapping is hearing of a phone call between two or more people without them getting to know and this phone tapping will amount to the violation of the fundamental right , Article 19(2) that is right  to freedom of speech and expression.

  In recent times GPS( Global Positioning System) tracking is the widely used method to track vehicles which is a positive side, but. This method also has negative side where this technology provides much information after observing and examining persons activities which is a violation of his right to privacy.

If a question is asked like Is there any other way for government to trace messages other than breaking end to end encryption , then the answer is YES, The government has numerous alternatives for getting information to prove offences which was committed online, they can get access to other type of encrypted data such as metadata, and any other digital trails if available. The government already has accessibility for getting the encrypted data. The new IT rules just introduces some rules which will make this acquiring of data easy compared to the older method as it shortens the process.

Whatsapp v Central Government

This case has been considered as an important case to manifest the fate of the right to privacy in the present time. In the centre of this case lies the right to privacy that’s why this case can be called as the most important test of the application of right to privacy as provided by the Indian Constitution.

The new Information Technology rules Rule 4(2) imposed on the social media platform with more than 5 million users an obligation to ensure traceability of the originator of the information. Whatsapp challenges the central government on “Information Technology (Intermediary Guidelines and Digital Media Ethic Code) Rules 2021” which were informed on 25th February, 2021. New IT rules have bought new acquiescence for social media platforms and companies to implement the system of traceability and this should be effective by 26th may, 2021.

What the new Information Technology (Intermediary Guidelines and Digital Media Ethic Code) Rules 2021 has to say:

The new IT rule focuses on the concept of traceability. Traceability mentioned here means the origin of a particular message on a private messaging service.

There are other certain important rules which has to be followed by the popular messaging services in India, the rules like Setting up of grievance redressal mechanism and also taking down of illegal and explicit content within a certain time frame.

The Grievance redressal mechanism should be divided into three tiers, where one of it is held and controlled by the government and the other two by the particular messaging service.

Rule 4(2) of the new Information Technology(Intermediary Guidelines and Digital Media Ethic Code) Rules 2021 puts an obligation on social media intermediaries with more than 50 lakh users in India to enable traceability in their system to enable all the information about the originator and trace them easily if required by government authorities or courts for certain offences.

It is very well specified that government authority won’t get an absolute authority in this matter, that will be only limited to certain kind of cases.

In the past lot of regulation on Information Technology has came into being which had made lot of changes in the power of government authorities to provide information to them for instances, “Section 69 of the Information Technology act 2000” had put limitations and give power to the central as well as state governments or the authorities to take “Information or monitoring or decryption” of information from any source “if satisfied that it is necessary or expedient to do”. “The Information Technology(Procedure and safeguards for Interception, monitoring and decryption of Information) Rules, 2009”was issued to regulate the such orders related to centre and state or other authorized officer’s power to access the information from social media intermediaries provided that such an information which can be acquired from other means which are available to authorities and the order to get such information will given only on some specified grounds which includes country’s security matters and many other public matters which can even related to any cognizable offences or even for “investigation of any offence”.

The new IT rule also focuses on the concept of traceability. Traceability mentioned here means the origin of a particular message on a private messaging service.

Unintended consequence by new IT rules

The agencies enforced by law can demand the technological Companies to trace the first originator of a particular message. The messaging services like whatsapp have end to end encryption, and won’t be storing any information related to a particular message and guarantee the privacy to its users, but according to the new IT rules, the information must be stored by the messaging services to find the originator of the message and also would result in breaking of  end – end encryption which is given by those services.

The new rules also state that all the explicit content should be taken down by the messaging companies within a certain time frame, but this action goes against the a landmark judgment in the case of Shreya singhal6 where the court has stated that “companies would only be expected to remove content when directed by a court order or a government agency to do so”

These rules forced whatsapp to question central government and approach the Delhi high court. Whatsapp in their defense argued on the point that taking away end to end encryption makes people vulnerable which will lead to chaos and retaliation by people and activists will be against the public and private players for violation of their fundamental rights.

End to end encryption as provided till now by whatsapp is a system of communication where only the users have access to their messages and information communicated by them and no involvement of third party. It lowers the risk of breach of Privacy and make it difficult to get hacked and by this they can effectively insure the Fundamental right to privacy of the people. If this system of communication is tweaked then it will result in the rise of cyber hacking cases.

Whatsapp states in its official website why and how traceability won’t work , “Tracing messages would be ineffective and highly susceptible to abuse. If you had downloaded an image and also had shared it or captured a screenshot and resent it or sent an article on WhatsApp that someone sent you on mail, you would be considered to be the author of that content. At another point, someone might copy and paste the same piece of content and send it along to others in an entirely different circumstance. Think of this like a tree with many branches — looking at just one branch doesn’t tell you how many other branches there”

Whatsapp also stated what the Experts have commented on the new IT rules and the concept of traceability,

Mozilla: “ The open internet is fundamentally based on the principles of interoperability and common standards, which may begin to fragment under these rules. Some provisions, such as those enabling traceability of encrypted content and automated filtering, are fundamentally incompatible with end-to-end encryption and will weaken protections that millions of users have come to rely on in their daily lives ”

Access Now: “ The mandates in the new [Indian IT] rules would result in encouraging internet platforms to over-censor content, require dangerous unproven AI-based content regulation tools, retain vast amounts of user data for handing over to the government, and undermine end-to-end encryption crucial for cyber security and individual privacy ”

The Government’s say regarding the whatsapp case

 even in case of the most serious crime. This approach puts citizens and society at risk by severely eroding a company, the ministry of Electronics and IT gives importance on two important legal points relating to the traceability concept and of right to privacy, the release states that , there is no Fundamental right which is absolute including right to privacy  and all the rights are subject to reasonable restrictions,  and also is provided in the release that the traceability measure will be the last resort, the release also states that “ Any operations being run in India are subject to the law of the land. WhatsApp’s refusal to comply with the guidelines is a clear act of defiance of a measure whose intent can certainly not be doubted ”7

The Ministry criticizes whatsapp stating that whatsapp is mandating a privacy policy where it ill share the data of users with its parent company for advertising purposes but is also refusing the rules which are intermediary and is useful for the sake of law and order, whatsapp is also being criticized by the ministry as it hasn’t made any specific objection for the traceability  requirement .

The Governments release also contains a communique which was issued in the year 2019 by the government of various countries that includes New Zealand, U.S, Canada, Australia , U.K.

The Communique that was mentioned in the release by the ministry declares, “ We are concerned where companies deliberately design their systems in a way that precludes any form of access to contebility to identify and respond to the most harmful illegal content… Tech companies should include mechanism[s] in the design of their encrypted products and services whereby governments, acting with appropriate legal authority, can obtain access to data in a readable and usable format ”8

Lack of transparency in government actions

On the other hand government has put forward their arguments that by tracing the originator they can prevent a whole lot of illegal works. For instance, giving wrong information that led to chaos and mob lunching, sexual images of minors and women and cases like boys locker room can easily be stopped and the only solution to this is to trace the originator. But we have seen in many instances how government misused its powers there is no as such defined line between what are the powers of government to take away right to privacy of people and what are their limitations. As Supreme Court has declared that right to privacy comes with limitation but there is no specific limitation that has to be followed. So here the question arose weather we should give away our right to privacy for a greater interest of state where we have no idea if it is in good hands or not. Here we are facing the question about the privacy of the people close to 740 million internet users in India, whereas whatsapp has more than 400 million users alone, it is important to to understand their point of view but neither whatsapp nor the central government is concerned about their fundamental right.

Government has lot of time gone against the fundamental right of privacy of people. Indeed it is true that right to privacy is not an absolute type fundamental right and this has been time to time clarified by Supreme Court that there can be restrictions on this right and they are necessary because they include protection against wrongdoing. But when we see the Aarogya setu app it is considered to be imposed on people by government and it is another type of surveillance app which tracks the location of the person. In the amid of global pandemic this app was introduced by government of India and was imposed on companies like zomato, swiggy and many others to make it compulsory for their staff members to download the app and later it was made compulsory in malls and other public places. This app used to track the movement of its user through GPS and also stores the information and the data of its users. The question on the app started soon as there were no clear policies of the app and was complete silent on this matter, there was no check and balances on the app and it only mentioned that the data was encrypted. The question here arises that why this public app is made mandatory. Arguing that it was made under Disaster Management Act is not a sufficient answer as this app is against the fundamental right of privacy and it breached privacy in every view.

As we see the past instances and there  policy to share information with Facebook we can say that whatsapp is more concerned about his own business rather than the right of people so we can not completely say that whatsapp is fighting for people’s rights, court has to give their decision keeping that in mind.

Scrutiny of the new IT rules

According to sources, The IT rules was introduced with the consultation of those who are of interest, but the draft of the same rules regarding the concept of traceability which was released in the year 2018 received opposition from various companies and stakeholders and also civil society organizations.

There are certain changes and additions made to the same draft which was submitted in 2018 and is announced as the ne IT rules but these rules before being notified to the public weren’t put on a period of consultation.

The government may have not have more care towards the consequences that might happen because of  the new IT rules .

 This traceability debate has been going on in India from a very long time, a recent case where the concept of traceability came up was in Antony Clement Rubin v Union of India10,  this case was related to the petition of linking social medial users with their aadhar numbers.

Best of the both world:- Transparency as  well as privacy

The need of the hour is to enact a kind of legislation which has flavors of both transparency as well as privacy. We need “a right oriented data protection legislation” so that it can stop misuse and exploitation of data or information and by this we can safeguard the privacy and  stop the mass surveillance which government has been found doing time to time now it’s the time when state has to act more responsibly and should accept their duty to protect citizen’s personal information rather than take that information for granted.

It’s the time when government has to complete its true promise and give to the people their right to privacy with reasonable restriction. Government should just not think about their own benefit or the state interest rather they should establish a mixture of both right as well as restriction on privacy.


Right to privacy certainly is a question of this era and it’s the most delusional topic which still lack much information on it and it is not a very certain and fixed right in terms of its implementation and the powers  and limitations of people, government and private players are not clearly stated in the constitution. It is true that this right is not absolute right and it is provided to people with restrictions. Because of the past cases on the matter related to right to privacy and the judgments which evolved it and because of them it stands this powerful as a fundamental right . Indian judiciary has trialed many cases and on basis of those cases they came to  a consensus that right to privacy is as important a right as right to life to us. It is a very important essential or we can say part of right to life and personal liberty(Article 21) these past judgements have a very long lasting and deep impact which can never be underestimated they are the one which helped in realization of the importance of right to privacy to the courts.


Editor: Kanishka VaishSenior Editor, LexLife India


Right to privacy in India-legality and it’s Controversy

Reading time : 12 minutes


Meaning – As per our general understanding the term privacy means a personal space life, which permission only. But it would be clearer after referring to some dictionary meaning of the term, which is as follows: – 

After discussing the meaning in short the next part will be dealing specifically with the current status of privacy in India by totally focusing on SC’s judgment. 

Thisright was first recorded in 1800s when an English Court supported a Pardanashin woman’s right to access to her balcony freely. Its jurisprudence has finally evolved ever since and is now recognized as a fundamental right. Right to privacy u/Art 21 is a requisite of right to life and personal liberty. Basically it means means right to be left alone and to be free from any unjustified interference. Privacy is a dynamic concept, which needs to be explained. There are a lot of cases on privacy but none were considering it as a fundamental right before K.S. Puttaswamy v Union of India in 2017 whereby it gained the status of a fundamental right.

It has been admitted in several other countries as well, under different conventions. Right to privacy is contained under provisions of  different legislations, embracing various aspects. The desire of ours of private life came back after 9 years before a 6 bench of SC in Kharak Singh v State of UP in which Kharak Singh, an accused dacoit, was subjected to covert picketing of his home, nighttime inspections, periodic questions, and mobility tracking. The SC said:

proclaim it as a fundamental right, it wasessential to personal liberty. 

Intrusion in his privacy thereby acknowledging presence of this right in the constitution of India after the independence. After 12 years, the SC albeit a smaller3 judge bench, when faced a factual matrix in Gobind v State of MP, created by law upheld constitutionality of it however subject to restrictions like in other rights. Though Gobind lost, privacy won. Privacy was then strengthened after the liberalization era. In R. Rajagopal v State of TN, the SC tackled a dispute among press’ freedom and privacy as a right and held that the latter had a place in nation’s Constitution. Years down the line, in PUCL case, the court challenged the govt’s telephonic tapping of major lawmakers and demanded that the state follow stringent telephone call taping regulations. The provisions of the Telegraph Act of 1885 dealing with interception are based on Supreme Court recommendations given in PUCL  v union of India case.

Till here in our basic rights jurisprudence, privacy had taken on an intrinsic function that allowed us to live a meaningful life without fear of being watched. It has never faced a stronger test in its 54-year history than the one it is facing now before a nine-judge panel investigating whether the judgments in M.P.Sharma and Kharak Singh constitute sound legal precedent.

Security is the protected center of human nobility. Protection has regularizing and explaining capacity. Atregulating strata protection sub serves those unceasing qualities whereupon the assurances of life, freedom and opportunity are established. At an enlightening level, security proposes a heap of qualifications and interests, which lie at the establishment of requested freedom. Protection keeps at its mid the safeguarding of personal emotions, sacredness of family, marriage, reproduction, and home and sexual orientation.

While actual wish for protection might change from personal level to 

gave up just due to the fact that person is in an open area.


As we all know that the basic characteristics that make us human are liberty, freedom and intellectual capabilities. Liberty and freedom of a man are his prized possessions. Hence it is the duty of a state to strive for its protection. Technology and cyber space advancements the world has shrunken to a large extent. Also apart from the developments at bigger level there are various new issues cropping up at individual level. Privacy is most essential part of human life. This right and its protection from outsiders is a tedious and responsible task that needs to be performed majorly by the government. That being said, it is pertinent to discuss in brief the definition and meaning of privacy in its literal sense. This part of the project will deal with the present state of privacy laws in India with special reference to the landmark judgment in this regards given by SC. 

development of concept of privacy in India took about 60 years to become a fundamental right. The judgments overruled by the final verdict of the Supreme Court had a huge impact on the final decision. 

The following analysis will describe the chain that was followed and what finally led to the remarkable judgment. 

MP Sharma v Satish Chandra3


RESPONDENT: Satish Chandra, DM, Delhi

AIR 1954 SC 300.

BENCH  : The then Chief Justice Mehar Chand Mahajan and Justices B

Jagannadhadas, Ghulam Hasan, Natwarlal H Bhagwati, T L Venkatarama Aiyyar, B K Mukherjae, Sudhi Ranjan Das and Vivian Bose.


The Dalmia Jain Airways Ltd. was registered on 9th July 1946, with authorized capital of Rs. 10 crores. After surviving for about six years, it went into liquidation on 13th June, 1952. Almost two years after the liquidation, an FIR was logged on 19th November, 1953, requesting search warrants, to Delhi’s DM. It informed the authority of the wrongdoings undertaken by the group.

The investigation revealed corporate fraud and efforts to hide information from stockholders about company’s total state of affairs by filing fraudulent identities.

 An investigation into its affairs started under the Companies Act. The police in the process of unveiling the truth, ransacked a total of 34 establishments owned by M/s Dalmia Jain Airways Ltd.. The search busted out several records of fraudulent transactions showing false accounts with fictitious entries wherein money had been transferred and other escapes where the company was not being transparent to the stakeholders, violating their right to information and making fallacious of their money.


In a writ petition to  SC, the parties involved questioned the constitutionality of the search. They said that taking away of their private records was violating their fundamental rights, which included – Right to property [1] and protection against self-incrimination[2]

Here, judges had to determine whether there were any restrictions imposed by Constitution to privacy.


Here, judges had to establish if there were any constitutional limitations to the searching the premises, seizing materials and that if it would infringe on someone’s privacy in any manner. But, they turned down the defendant and said that; no The state has to protect and socially secure its citizens and so the challenge was rejected. The court only addressed if Article 20 (3) was breached or not. Finally, it was decided that a probe or arrest does not violate constitutional right to privacy.


PETITIONER: Kharak Singh


BENCH: Justices N. Rajagopala Ayyangar, J.C. Shah , Syed Jaffer Imam, K. Subba Rao, J.R. Mudholkar and Chief Justice B.P. Sinha.


 The petitionerwas charged with dacoity. Because of less evidence and after being challaned, the police released him. But, under the UPPR, a history sheet was opened in its name. Regulations provided power of regular surveillance, which included home visits for people who are likely to become offenders or are already habituated. Based on these provisions, the police would enter the house of the petitioner at any time of the day and even night to wake him up and also made him visit the police stations every now and then. Periodic inquiries by the officers were held and they also used to track the petitioner’s movement.


Kharak Singh claimed that all these acts by the police were infringing his constitutional rights. The 6 judge bench then analyzed Uttar Pradesh Police Regulations and surveillance’s validity in the context of power like these violating the freedoms of a citizen under the Indian Constitution. The petitioner put forth the point that these rules were infringing on his right to a dignified existence[4], which includes privacy rights. He also added violation of his personal liberties[5] .  


The 6 judge bench of SC stroke down concerned provision of Uttar Pradesh Police Regulations and declared them as unconstitutional. It said



RESPONDENT:  The State of Karnataka

BENCH: Justices R.V. Raveendran, J.M Panchal and Chief Justice of India K.G.



The case revolves around selvi and her daughter Kavita, Kavita married a man names Shiva kumar against the wishes of her family as the man was of different caste. Owing to caste differences, Shivakumar was brutally murdered in 2004, and Selvi was the main suspect, along with two others. Because the prosecution’s case was solely based on speculation, the court was asked to allow polygraphy and brain mapping tests on the three main suspects. The tests were carried out after the court granted authorization. When the polygraphy test revealed evidence of deceit, the prosecution asked the court for permission to conduct narcoanalysis on the three people. The court ordered that all three be subjected to narcoanalysis. All of them appealed the judgment to the Karnataka HC, but received no redress. They then proceeded to the SC to file an appeal.


In a notable departure from its simple approach, the SC ruled that mandatory brain mapping, polygraph testing, and narcoanalysis were in violation of Articles 20(3) and 21.

When deciding Selvi’s case, with 10 same type of cases, the SC Bench said that Narcs-analysis would not be an issue in case, which was determined by a 3 judge bench led by Justice V.R. Krishna Iyer, since it was not being used as an investigative technique at time.


The key sentence of the judgment: 

Our considerations in constitutionalism aren’t limited to facts, but also include consequences of our judgment for entire population along with future generations.”

The court’s first question was whether forced exposure to these methods violated the Constitution’s protection from self-incrimination (Article 20(3)). There were two sub-issues. :

  1. Is there a risk of incrimination for the subject if the contested methods are used in the investigation?
  2. Is it possible that the outcomes of the contested method amount to testimonial coercion, triggering Art. 20 (3)?

First issue

On a broad canvas, the tribunal dealt with the first problem. It first created the interrelationship between self-incrimination and right to a fair trial, placing it inside human rights sphere. Based on Maneka Gandhi’s case[7], it opined that Art. 20(3) of the Indian constitution must be analyzed with due consideration for mutual link among freedoms.

For tribunal, the right referred to in Art20(3) must be perceived with respect to various aspects of freedom u/Art 21, including the right to privacy. Infusion of values of constitution in all fields of law, including procedural fields, should be strategy and enforcement of such legislation must take into consideration the fulfillment of due process allegations. Ultimately, it is discovered that involuntary administration violates Art 20(3) and 21.

Second issue

The second issue was if investigative usage of methods might lead to self incrimination, whether the admissibility of outcomes leads to testimonial obligation, if protection is merely accessible to accused and also to witnesses. Most of these problems have been put to rest by Satish Sharma[8] and Nadini Satpathy vs PL Dani[9].It was opined that Art. 20(3) extends to the investigative phase and to all accused persons along with  those who think that their responses might expose them to charges in situation under inquiry or some other situation. 3 uses of custody statements are categorized by the tribunal;

  • Data will be shared, which leads to the discovery of new substances.
  • When information is found to be relevant in instances other than the one being investigated, it is called transaction use.
  • identification and confirmation when assertions are utilised for identification and confirmation, such as handwriting, body specimens, and so on.

The test is “responses that might support a belief are confessions, but responses that have a sensible inclination to point out that guilt is incriminatory.” It explains that “if the declaration includes self-exculpatory matter, it ceases to be confession. Article 20(3) affects confession and self-incrimination and leaves other appropriate factors untouched.”. The important issue that is answered in the negative is if derivative usage is consistent with Art 20(3). The issue that must be addressed by examining if mandatory test administration meets due process criteria for putting restrictions on personal freedom. Because these investigation approaches fail tests, they also fail Article 21 touchstone.


PETITIONER: Nandani Satpathy

RESPONDENT:  Dani (P.L.) and Anr.

BENCH: Justices Jaswant Singh, V.D. Tulzapurkar and V.R. Krishna Iyer.


Nandini Satpathy, former Orissa CM, was asked to come at Vigilance Police Station, Cuttack, regarding a vigilance case filed on her. She was presented with a large number of written inquiries regarding her suspected purchase of assets that were out of line to her recognized income sources. She continued to refuse to respond to questions, citing her right u/Art 20(3). No one accused of a crime can be forced to testify against themselves, according to Article 20(3).The DSP, Vigilance, Cuttack, filed a complaint  u/s 179 IPC before the Sub Divisional Judicial Magistrate, Cuttack. 


When she was issued a summon by the magistrate so as to appear before HC, she stated that Article 20(3) and Section 161(2) CrPC were enough to make her stance stand in the refusal. Section 161(2) states that a person is not obligated to answer inquiries if the answers have the potential to subject the individual to a criminal accusation, punishment, or forfeiture. When HC did not adhere to her claim, Nandini Satpathy appealed to SC. J Iyer was the judge said that directing a lady to a police station in contravention of Sec 160(1) may create stress and undermine consent. Furthermore, several of the relevant questions to her were likely to be self-incriminating.


The Supreme Court ruled in this instance that restrictive scope of Art 20(3) extended back to police inquiry.J Iyer ruled that an individual had all the rights to keep his or her mouth closed if response even has a probable chance of exposing his guilt. However, when there was no apparent inclination to criminate, Justice Iyer stated that an accused was obligated to answer. He also believed that granting accused right to contact a lawyer of choice was the greatest way to ensure that the right against self-incrimination was respected.

The SC, in its May 5 decision, reconsidered the concerns raised in Nandini Satpathy case in light of  challenge to e unintentional administering of narcoanalysis, polygraph examinations, and Brain Electrical Activation Profile (BEAP) tests for improving investigative attempts.

 In Narcoanalysis test a person is administered sodium pentothal, a drug that lowers one’s feeling that makes him/ her self conscious and allows them to talk freely. Examples and practical studies suggest that the revelations made by the subject need not be true as revelation and it is also a contention that these can easily be duped. The aim of a polygraph examination and the BEAP tests is to detect falsehoods and determine the subject’s familiarity with material related to a crime. These methods are fundamentally confirmatory in nature, since they draw conclusions from the subject’s physiological reactions. Their validity has been called into doubt in many empirical investigations. The trustworthiness of scientific evidence has a causal relationship with many aspects of the right to a fair trial in criminal proceedings, including the need of establishing guilt beyond a reasonable doubt and the right of the accused to offer a defense.


In India, the right to privacy has evolved through time as a result of a number of judgments. The following judgment, wherein a legal framework for privacy protection is formed spans over 547 pages. The judgments presented cover a broad variety of topics in order to demonstrate that privacy is a basic right that is inextricably linked to human dignity and liberty.

Justice K. S. Puttaswamy. v UOI

PETITIONER: Justice K. S. Puttaswamy (Retd.).


BENCH: Justices J. S. Khehar , J. Chelameswar , S. A. Bobde , R. K. Agrawal , R. F.

Nariman , A. M. Sapre , Dr. D. Y. Chandrachud , S. K. Kaul and S. A. Nazeer.


The case was filed by K S Puttaswamy, a 91-year-old retired HC Judge, against GOI before a 9 judge SC bench, which had been set up on the recommendation of Constitution Bench to decide the matter decided which Access to governmental benefits would be made obligatory, according to the administration’s proposal. The case was brought before a 3-judge SC panel on the claims that the plan infringed on right to privacy. On behalf of  GOI, the AG contended that Constitution doesn’t provide explicit protection for this right. He observations were based upon M.P. Sharma v. Satish Chandra15 and Kharak Singh v. UP.16

The dissenting position in Kharak Singh was upheld by a later eleven-judge panel, which ruled that basic rights were not to be interpreted as separate, unconnected rights. Later judgments by smaller Supreme Court benches that explicitly acknowledged the right to privacy were based on this precedent.

In this context, a Constitution Bench was established, with the conclusion that a nine-judge bench was required to decide whether the Constitution included a basic right to privacy.17


The primary question was if right to privacy comesu/Art 21. The 9 judge bench decided the case and answered above-said question in affirmative. Laying down a historical judgment the Bench has beautifully jotted down the reasons and conclusions for declaring right to privacy as a constitutional right.  

The Court has been questioned about a variety of privacy issues, including

: –  (i)Is there a reasonable expectation of privacy that is guaranteed by Constitution?; 

  • If a legally guaranteed right exists, it must be determined if it is an independent basic right or derives from  existing assurances of constitutional protections such as life and personal liberty.;
  • the theological underpinnings of privacy claim;
  • Components of privacy; and
  • character of state’s legislative oversight.[11]

Justice Chandrachud said: -In its most basic form, privacy enables each human being to be alone in an inviolable core. However, the individual’s autonomy is influenced by her interactions with the rest of society. Those connections may, and frequently do, call into question one’s autonomy and freedom of choice. The presence of state and non-state organizations overarchingly controls elements of social life that affect individual liberty. The maintenance of constitutional liberty is a labor in progress, in a sense. Existing issues must be addressed with challenges. In terms of a constitutional conception of where liberty puts a person in the framework of a social order, new problems must also be addressed. This case, in which the dispute over privacy is examined in the context of a global information-based society, exemplifies the development of new problems. The challenge before the Court is to provide constitutional meaning to individual liberty in an interconnected world in an era when digital technology controls almost every aspect of our lives. While we consider whether our constitution guarantees privacy as a fundamental concept, the Court must consider the requirements of, as well as the possibilities and risks to liberty presented by digital labor. 19 He said that when a person enters the public realm, their privacy is not completely lost.

It also held that the right to privacy included both the negative right against state intervention, such as when homosexuality was criminalized, and the positive right to be protected by the state. The Judges concluded that India needed to implement a data protection framework on this basis.

Court gave following observations regarding all the above issues: – 

  1. Privacyas a fundamental right: -The Supreme Court reaffirmed that right to privacy is a basic right that may be inferred from Articles 14, 19, and 21 of the Indian Constitution without having to be defined separately.It is a natural right, inextricably linked to the rights to life and liberty. It is a fundamental and inherent right that pertains to the individual and covers all information about that person and the decisions he or she makes. It shields an individual from the State’s inspection in their house, of their movements, and of their reproductive decisions, among other things. As a consequence, every action taken by the state that violates right to privacy is open to scrutiny in courts.
  • Subject to Restrictions – The SC clarified that right to privacy is not absolute and will always be subject to reasonable restrictions. It held that the State can impose restrictions on the right to privacy to protect legitimate State interests but it can only do so by following the three-pronged test summarized below:
  • The existence of a legislation that authorizes a breach of privacy.

ii.A valid State goal or necessity that guarantees that the type or substance of this legislation is reasonable and functions to prevent arbitrary State action; and

iii.The methods chosen by the State are proportionate to  objects and needs intended to be achieved by law.

As a result, every State activity that may have an effect on privacy must now be evaluated against this three-pronged test. This is expected to have an effect on a number of current initiatives, most notably the Aadhaar identification project.

Conclusion: – 

Privacy is a constitutionally guaranteed right that stems mainly from Article 21’s protection of life and personal liberty. Elements of privacy also emerge in different circumstances from the other aspects of freedom and dignity recognized and protected by the basic rights included in Part III of the Indian Constitution.

Supreme Court did remarkable job by giving such an exhaustive and elaborate judgment on right to privacy. Now the society has grown drastically from a primitive one to a technologically advanced and sound one and hence there is dire need to mend and make laws accordingly. Man’s life and liberty are one of the

precious possessions of him and hence they need to be protected. Supreme Court by protecting privacy has ensured the dynamic nature of law and faith of people in judiciary. Privacy as being one of the inherent part of daily lives can not be

ignored and therefore needs security. Privacy is not only related to personal relations but to each and every part of day to day life. Honorable Court accepted all these facts, changed the outdated law and embraced privacy as part and parcel of human life and existence. 


The controversies related to right to privacy is not a new concept but is something which has been holding hands of the said right since the emergence of the mere thought. 

The basic points over the issue for not recognizing it as a fundamental right are mentioned below:

  • The right has zero value as it was not found explicitly anywhere in constitution.
  • When citizens have little to conceal, why do they object to giving up their privacy for the public good?
  • Instead of being labeled as a violation of privacy, the efforts should be seen as the government’s sincere attempt to better understand its people, which is necessary for the effective distribution of limited resources to the needy population in a varied nation like India.

 Arguments against these said points made by the retaliators are:

The right to privacy is clearly an intrinsic element of Article 21  i.e. the right to life. Furthermore, India is a signatory to UDHR, which includes this right also.

fide, the lower level bureaucracy may misuse the data for petty gains. Parties never showed sign to back out from the fight so, over the years apart from making this controversy grow nothing happened.Talking about the case most controversial case in recent years is regarding Aadhar, the intresting as well obvious issue was that the challenges against Aadhaar began even before Aadhaar legislation was enacted in 2016. The main issue was regarding security of personal data and authenticity of it as an identity of an individual, so in order to check its The Aadhaar database, which includes the fingerprints and personal information of over one billion Indians, was hacked by a software patch that disables key security elements of the program, according to HuffPost India. When a French security expert, Elliot Alderson, questioned UIDAI why its toll-free hotline number is stored in everyone’s phonebooks by default, thousands of smartphone users in India were perplexed. TRAI chairman RS Sharma tweeted his 12-digit Aadhaar number and challenged ethical hacker Elliot Alderson to demonstrate how simple knowledge of the number might be abused. After a few hours, all of his personal information was made public. When the UIDAI revealed plans to establish a social media branch to “neutralize negative emotions” about Aadhaar, it sparked outrage. It said that the private firm will “watch Aadhaar-related internet discussions.” The Supreme Court questioned UIDAI on why it required to gather “metadata” on personal transactions of individuals who use Aadhaar to get services and benefits. UIDAI was pulled into yet another scandal as a result of the biometric mixtures.

UIDAI officials had once agreed that around 1 to 1.5 per cent, enrolments of nearly made in the past seven years have mixed biometrics. Indian cybersecurity researcher Kodali Srinivas flagged the leak of Adhaar details of The affected After such issues came in light the question came on the constitutional validity of the aadhaar scheme so, the final judgement came in last week of september 2018 in the 547 page judgement removes the fight of it being a fundamental right or not, which was started by the inconsistencies of two earlier judgements (mentioned in the cases section): 

  1. M.P Sharma v Satish Chandra

Turned down the plea of making this rightas a fundamental right by stating that Constitution drafters had never intended to subject the power of search and seizure to a fundamental right of privacy,they went on to arguethat the Indian Constitution does not include any language similar to the Fourth Amendment of the US Constitution, and therefore, the existence of this right was under question.

  • Khadak Singh v State of U.P

Hereby it was held that ths right is not a part of Article 21’s inclusive jurisprudence.

Hence the dispute was addressed in the K.S Puttaswamy case which said thatArticle 21 protects the right to privacy as an inherent element of the right to life and personal liberty, as well as as one of the freedoms granted by Part III of the Constitution. .[12]

Apart from this, judges went on to say that privacy is an essential prerequisite for the effective enjoyment of other protected freedoms, and the constitutional provisions must be read and construed in a way that improves their compliance with international human rights treaties signed by India. so that it country will save itself from not only being a contradicting state but it will also help the state to maintain its position firmly on what it says.

Finally, the question comes up that whether the controversy has been resolved or not after the landmark judgement and aadhaar act? The answer to the question remains unanswered as some scholars still believe that state should while many say that  state should not violate the basic rights of an individual no matter what.  


Right to privacy is a fundamental right intrinsic to Article 21. However, it is liable to have been subjected to some obvious and sensible restrictions which are necessary in order to maintain law and order and prevent the misuse of this right. The right to privacy has often come at cross roads with other fundamental rights like the right to health in the current era of Covid-19. Every individual needs his or her private space. It is from this basic need that this right comes out.




93&div=68&id=&page=http://www.mondaq.com/india/x/625192/Data+Protection+Privacy/ Supreme+Court+Declares+Right+To+Privacy+A+Fundamental+R


20Barriers%20through%20the%20Bench.pdfhttp://www.legalblog.in/2011/05/narco-analysis-polygraphtests.htmlhttps://www.thehindu.com/migration_catalog/article16297234.e ce/BINARY/Supreme%20Court%20judgement%20on%20nar co-analysis%20test%20(833%20Kb)http://www.newindianexpress.com/nation/2018/sep/26/here-areseven-interesting-stories-on-aadhaar-controversies-1877343.html

[1] Article 19 (1) (f) Omitted by the Constitution (Forty-fourth Amendment) Act, 1978 , (w.e.f. 206-1979). Prior to omission it read as:

[2] 5 The Constitution of India 1950, Article 20 (3).

[3]  [1963] AIR 1295.

[4]  Constitution of India, Article 21.

[5]  Constitution of India, Article 19.

[6]  [2010] 7 SCC 263.

[7] [1978] AIR 597.

[8] [1954] SCR 1077.

[9] [1978] 2 SCC 424.

[10] [1978] 2 SCC 424.

[11] ibid.

19 Writ Petition (Civil) No. 494 of 2012.

[12]  Constitution of India, 1950.

Author: Vedant Sharma, Kirit P Mehta School of Law, NMIMS Mumbai

Editor: Kanishka VaishSenior Editor, LexLife India.

Right to privacy; data protection law

Reading time : 8 minutes


This paper discourse about the right to privacy; data protection laws which has been recently introduced in India. reasonable restriction as a part of privacy which is there either in providing the right or using them, therefore, the privacy is given to the people to protect them from unreasonable interference o the state in their right to life and personal liberty and the people too have the right with a certain restriction which are important for the proper regulation of the right to avoid misuse of it. For example, some section of the society very much support and are ease in accepting the homosexual, on the other hand, some sections do not like their sexual orientation, therefore, it would be their choice to be open or jot to tell anyone about their sexual orientations now if there is any infringement of the state against the right to privacy it will be subject to action. Though India has recently adhered to this right, therefore, it is in process of making it a strong law which is the demand of the hour as with the pace of developing technology and nation the privacy plays a vital role. The importance of Article 21 as privacy is an implicit part of personal liberties. The data protection law bill for which has been drafted but not yet been passed by the government as it is given to the joint elect committee. 


The right to privacy is robust with the international framework. The right to privacy has been declared by the supreme court of India as one of the fundamental rights under Part III of the Indian constitution In the KS Puttaswamy vs Union of India case. It gives us enforcement and protection to other fundamental rights as it helps in the enjoyment of liberty and freedom by avoiding constant surveillance of the state. Not just fundamental rights but civil liberties to get under surveillance which prohibits citizens from enjoying their rights. Before the Aadhar case, there have been many cases that stated the right to privacy as the fundamental right though the Supreme Court never gave judgement in its favour. It limits the power of the government from intervention and restricts the state, private individual from using someone’s data without knowledge or permission from that person. An international instrument that promotes the framework of privacy are:

  • universal declaration of human rights,
  • the international covenant on civil and political rights and
  • European convention on human rights. It is useful in keeping the data privacy which is to be protected from arbitrary and illegal interference.

These frameworks shall be kept in consideration to make laws that would help India in regulating the data of its citizens with other countries and would give a form of basic uniformity internationally in the regulation of the data. As of right orientation in procuring, processing and regulation of the data is need of the hour as there are many loopholes there in the policies due to which the data of the citizens are at risk and would prove to be harmful to the country as well.

Article 21:

It is amongst one of the most important fundamental rights which is provided to the citizens by the constitution of India. As it is of great importance it is amongst one of the Articles which cannot be taken away by the government even during the proclamation of emergency provisions in the country. The amplitude of Article 21 has been interpreted many times to make it effective and useful to the people. It states that no one either citizen or non-citizen of the country shall not be deprived of life and personal liberty except for the procedure that has been established by law. It gives enforcement and increases the importance of all the other right that is given to the citizens. Personal liberty being of great importance as many or all the rights that gives value to life and help in making it full of freedom and liberty. In no worst-case scenario, it can be taken away as it is against the basic structure of the Constitution which has been given by the Constitution makers to the people of India. Right to Privacy has been interpreted from the aforesaid article as it is one of the many rights that are the inclusion of personal liberty to add value to the Article. From time-to-time Supreme Court has come to make new rights by interpreting the Article. It is amongst the Articles which have foremost important value in the Constitution. Though its earlier interpretation was very narrow as life meant nothing more than mere animal existence. But gradually and slowly it has evolved to make life meaning for all and by facilitating it to make it worth living. It would ensure that only that information are made public to which one has given consent or to the extent which is important for any sort of work.

Concept of trinity:

The doctrine of Trinity was introduced in the Maneka Gandhi case the Supreme Court basically stated for the purpose of justifying that any right falls in the ambit of Fundamental Right it needs to justify all the three Articles of Part III of the Indian Constitution. It is also named as “golden triangle” it includes Article 14, 19 and 21 in it.

  • Article 14 states about the right to equality i.e., rule of law and equal protection of the law which is of great importance as it ensures to promote equality to the citizens by prohibiting all types of discrimination which are a hindrance in making a healthy environment.
  • Article 19: ensures all types of freedom to the citizens to promote liberty. As it states to give freedom of speech and expression which is an important factor in nurturing and making the concept of democracy toughly to it. The concept of democracy in its true way provide freedom to the citizens to work according to their desire with reasonable restriction to ensure that there is no misuse of the right.
  • Article 21: states to give meaning to life by ensuring healthy living and personal liberty. No one can be deprived of their life at the will of the others but there must be a proper procedure to be allowed for the same by ensuring this the constitution maker restricted the arbitrary use of the power of the government by providing this right to the citizens.
  • These three Articles together ensures that the power of the government is restricted and there is no arbitrary use of their power. By the help of these Articles, any right justifies it plays an important role in ensuring that basic right that is needful to the people are provided to them. The concept of Right to Privacy passed this test and justified to come in the ambit of Fundamental Rights henceforth it is to be treated like other fundamental rights and thereupon in today’s era, it is of due diligence as due to technical development all-around privacy of an individual is being interrupted or basically is being compromised. At least with the introduction of this right, it would help citizens to ensure their personal pieces of information which play a vital role in dealing with one’s personal life financially, psychologically, socially etc. 

Right to privacy:

A nine-judge bench in the Aadhaar case finally gave legitimacy to the right to privacy which has been debated for a long by filling a writ petition against the Aadhaar project that was being worked upon by the government after five years of a long battle. finally, the Supreme Court gave unanimous judgement in the favour of the public (right to privacy) declaring it as one of the fundamental rights though it is not explicitly mentioned it can be interpreted through article 14, 19 and 21 of the Indian constitution. It is an integral part of the right to life and personal liberty which is a natural and inalienable right. As it is an integral part of “personal liberty” therefore its amplitude is very wide. There have been several cases starting from M.P Sharma vs Satish Chandra the case was filed to challenge the constitutionality of search and seizure of the document of the person against whom the FIR has been lodged the bench of eight-judge held that the right to privacy is not a part of the fundamental right, therefore, these may be considered as temporary interference. Kharak Singh vs State of Uttar Pradesh in the case domiciliary visit that is surveillance and regulation of Uttar Pradesh police act was put into question on the thing that right to privacy was one of the fundamental rights. The six-bench judge held that it was not part of the fundamental right. Gobind vs State of Madhya Pradesh after 11 years of the trial of the case the apex court the bench of three-judge gave some recognition to the privacy as one of the fundamental rights, the same was same as the Kharak Singh case as it challenged the validity of the domiciliary visit and of an act. Maneka Gandhi vs Union of India in this case the court linked and gave the concept of “golden triage” which are Article 14,19 and 21 it was held that any right which passed all the three Article significantly will be considered as one of the fundamental rights. The case was related to the ceasing of passport where the concept of “personal liberty” amplitude was widened by recognising it to be more than mere animal existence as in earlier cases the court held the right to life and personal liberty as mere animal existence and no other rights were included in it which would facilitate to live a healthy life. People’s Union Of Civil Liberties vs Union Of India the case was relating to the tapping of the phone called the court held that conversation of the phones are confidential in nature and therefore, tapping it would be a violation of someone’s privacy which is against the fundamental right which is inclusive of Article 21 personal liberty. Considerably through all this judgement, the concept of privacy has got recognition and finally, in the Aadhaar case its finally was held as one of the fundamental rights under the concept of personal liberty. The concept has evolved to include all the rights that would make life comfortable and easy to live as personal liberty add value to the golden trinity that has been introduced through the Menaka Gandhi case. With the change in time, the right to privacy has come to be recognised as one of the fundamental rights as it protects the ambit of freedom and liberty.  

K.S. Puttaswamy vs union of India:

  • The retired judge of high court K.S. Puttaswamy filed the writ petition challenging the constitutionality of the Aadhar card programme which was started by the government to mandate specific identity to everyone with would make mandatory in the government services.
  • The petitioner was of the contention that the right is privacy is an implicit fundamental right as made clear by apex courts in many of its judgement though it has not been specifically mentioned. Therefore, he petitioned to clearly mention it as one of the fundamental rights clearly.
  • The respondents were of the contention that the Right to Privacy has been nowhere clearly mentioned in any of the judgement passed by the Supreme Court therefore it will be akin to judicial overreach to consider it as one of the fundamental rights and stated that as it is being said to be implicit of Article 21, there is no judgement where it has been implemented.
  • Held: it is a landmark judgement that held the right to privacy to be an integral part of Part III of the constitution specifically Article 21 which is guaranteed by the constitution of India. as it would put conflict of opinion between the state making laws for the welfare of the citizens and in the exercise of individual’s fundamental right of Privacy, therefore, it not an absolute right but it comes with a certainly reasonable restriction which would try to create a balance between the two
  • The incursion of privacy either by state or non-state actors must pass a triple test to prove that it’s for the welfare of the citizens and does not prohibits the citizens in the exercise of the right which is: legitimate aim, proportionality, legality these are the three test which after passing which the action of state or non-state actors will be justified.  

Significance of Right to Privacy:

  • Trespass of personal data done by private, and government should be protected while exchanging the data without the consent of the data principal as it is arbitrary and can be illegally used by the people.
  • Medical data are of great gravity where the consent of the people whose data is being transferred needs to be informed as to its of imperative potential.
  • Financial records too are very important as with the increase in the number of financial fraud that is happening around the records shall not be made easily available to others and must be considered under the subject of data privacy.
  • The surveillance that is done by the employees on the employers shall also be limited as unwanted or excessive interference is a hindrance in the path of privacy. 

Data protection law:

  • To protect the interest of the people of the country robust data protection law is necessary. Currently, the ways of collecting data and using them are governed by the Information Technology Act 2000, which however falls short in providing proper protection to the personal data of the users.
There are current loopholes or issues there in the IT act which provides be not fully efficient to deal with the level of protection that is required at this moment of time. They are as follows:
  • Consent: it is one of the biggest issues as the data aggregators entities who provide a big list of terms and conditions are very lengthy and technical to understand for the general public henceforth, the data aggregators take the permission to use their data and the user stays aware of the fact.
  • Data privacy: IT Act was framed to promote data security and not for data privacy therefore it lacks and does not have very strong or rigid law in the case of data privacy. Herein If the entities provide measures that are to protect data, they lack in respecting the preference of the users which is essential in data privacy.
  • Large vacuum: this basically means that the IT act protects the data from the private individual and not from the government agencies I.e., state which means that there is no security or privacy of the data when the government is collecting it in junks.
  • Becoming superannuated: this means that IT Act was passed back in 2000 and amended in 2008 which is a long gap. This means that the vacuum between the present and past is drastic, and the aforesaid law is not updated in its own area which is data protection than how can it deal with data privacy which is very new in this regime.

Data protection bill 2019: (was introduced in Lok Sabha and is now under the joint elect committee for going through it thoroughly.)

  • It is a retrospective act which means it will be applicable from the date of its enforcement and not to the past judgements that have been delivered already.
  • It seeks to protect data privacy not only from the private entities but also from the government in all the sectors which lacks in the IT Act 2000.
  • Definition: Data principal: the one whose data is being collected and processed, Data fiduciary: the one who collects and process the data, Data processor: the one to whom the data fiduciary may give the data to process that is third-party.
  • Obligations: the data fiduciary who is collecting the data shall process the personal data only for specific, clear and lawful purposes. In addition to this, the entities must also keep transparency and accountability for the same through security safeguards, grievance redressal mechanisms etc.
  • Data Protection Authority: the companies must have a data protection officer wherein there must be a data protection authority to audit, inquire, record, maintenance and more.
  • The entities must verify the gap of the user and if it seems to be minor than parental consent would be required for processing the personal information.
  • The consent of the individual is precedent in the process of using the personal data though there are exceptions to it that is in certain case the data can be processed without consent they are when: medical emergency, legal proceedings and for the benefit of the people.
  • Certain rights are provided to the individual in the way to process their own data that is: if there is any mistake, inaccuracy or out-of-date personal data they make seek for correction, may ask the fiduciary to transfer their data from him to someone else, restrict from disclosing certain or all type of personal data when one feels needless.
  • The right to restrict the use of personal data is there with the individual and to receive the data from the fiduciary in a way that it is readable by the machine.
  • Adjudicating authority: on the complaint of the principal whose data is being misused the officers from the DPA may call the people against whom the principal has given a complaint about inquiry and determine penalties and compensation accordingly. Though the decision of the adjudicating authority can go for the appeal in the appellate tribunal and from the tribunal to the Supreme Court.
  • The central government may provide exemptions to any agencies if required and is in interest, security, sovereignty and integrity of India or friendly relation with the foreign state.
  • The act describes certain offences with penalties which are if the fiduciary who has the personal data of the individual processes or transfers it in a way which is in violation of the act shall be punishable with the fine of rupees 15 crores or 4% of his annual turnover whichever is higher and if in case of failure of conduction of the data audit the entities shall be punishable with five crore rupees or 2% of annual turnover whichever is higher. The law is very rigid in providing data privacy which is essential for the individual in this regime.
  • Section 6 of the act states that the processing of personal data should only be done to the extent that is necessary and not more than that. Section 7 mandates giving off the notice whenever the data of an individual is being collected, the nature of the information, and the purpose for which the data is being collected for the purpose of analysis and processing.


  • Appointment of the members of the DPA is not going to be an independent body but by the people belonging to the bureaucrats or appointed by the government for this purpose.
  • The power of the exemption from the act of data protection which is given to the central government is unlimited where they will be able to process the data without taking any safeguard into consideration which would create a severe security issue. As they have open-ended power in the same without any check on it.
  • The issue of intellectual property right would raise an issue and threaten the identity of individuals by allowing the companies to transfer non-personal data.
  • A watchdog is there in the act which has no functionary autonomy for the purpose of dealing with the issues arising out of the personal-data problem.


Right to privacy is amongst the most needful Article in today’s technical era as it provides the citizen by safeguarding their data from unwanted interference. As in the digital era, data is the most asset for anyone around therefore it needs proper regulation and protection. The privacy Article has been in debate for ages now it has finally resolved and got legal validity from the Supreme Court though proper legislature for the same still lacks but as the bill has been drafted someday soon it would receive the validity to become a proper statutory law which would help in regulating the data privacy which the country lacks at the point. Privacy with data protection law is of utmost importance as it would ultimately increase the value of other rights that are provided as it would protect them to keep the privacy of the detail that one does not want to do public. The government would play a very crucial role in the same by prohibiting the wrongdoer and penalising them. As the right to privacy is one of the fundamental rights it should be protected and promoted likewise all the other fundamental rights though privacy is not an absolute right but has certainly reasonable restriction so that it is not misused and to keep a balance. Though the proper framework is still missing the landmark judgements application paved its way in two very important judgement which has been passed after the Aadhar case which is Navtej singh Johar vs Union Of India the case was related to decriminalisation of homosexuality which is mentioned under Section 377 of IPC which was a long battle for getting recognition to the LGBTQ++ community and later, Joseph Shine vs Union Of India which was related to ending the provision of the adultery mentioned under Section 497 of IPC. 

Author: Shikha Singh, Amity University, Noida

Editor: Kanishka VaishSenior Editor, LexLife India.

New Information Technology Rules 2021 and Right to Privacy

Reading time : 12 minutes

The new world moves in leaps and bounds. Nothing is certain and everyday is a jumble of information. With the Covid-19 outbreak, the past year has been unprecedented for every human being. This pandemic has halted the world, and everything came to a standstill. Nonetheless as things started to resume back, India on 25th February 2021, woke up to the enactment of Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021, which obligated several surveillance mechanisms on social media and internet intermediaries. This caused widespread uproar and the courts saw major influx of cases being filed against these rules. Several independent media houses, artists, advocates, humanitarians and even the United Nations Human Rights Commission (UNHRC) has voiced their concerns against the rules. Privacy of an individual on the world wide web is already compromised with the development of technologies beyond our comprehension. Data protection and personal information of every person is at peril. To counter this hazard high tech firms come up with privacy protection services which are in return an issue for the government in restraining criminal activities.  

The meaning and ambit of the word privacy has evolved and developed from the time of its inception. When once it meant to have private autonomy, now as the essence remains the same, it has been attributed to the exercise of control over one’s personal data. With the advent of technology, easy access to internet services, the need to be available to the world twenty-four seven has become a habit and in some cases a compulsion. The range of privacy has expanded and also at the same time contracted. Earlier where privacy chiefly included personal space and physical boundaries, now it is confronted with the privacy of personal information. The advance of the technology has robbed us all of privacy and what we have left is mere notions of privacy. The New Information Technology Rules 2021 comes at a time when the debate for right to privacy is more heated than ever. It introduces new mechanisms and also infringes upon the already prevalent rules. During a generation when living without the internet is not a real option anymore, the rules and regulations guarding our privacy are the only hope of safety. As there are rules protecting the privacy of the individual, similarly there are also rules encroaching upon them, violating their fundamental right to privacy.

The onslaught of fake news and fabricated theories on the internet is relentless. To combat these rumors, the social media platforms have mechanisms to report such content. These new rules will instill a much in-dept grievance redressal mechanism in place to tackle these but also on the flip side will leave the personal data of millions of users vulnerable. The new IT Rules 2021 aims to lessen the end-to-end encryption provided by the digital media platforms, although not explicitly mentioned by the guidelines. The new guidelines have bifurcated digital social media into two parts namely social media intermediaries and significant social media intermediaries. The significant social media intermediaries have been decided as those digital platforms having more than fifty lakh users.

The second part of the guidelines also calls for the due diligence to be followed by the social media platforms towards their users. This includes informing the users about the privacy policies, the user agreement for accessing the computer resource. Rule 3 (1) (d), prohibits hosting, storing, and publishing anything which is against the law. The term “public order”[1] being cited as one of the reasons for something to be unlawful. Now, this term has a very broad reach and can be interpreted as per the demands of a particular situation. Public Order includes everything from unlawful assemblies to disputes related to immovable properties. The lack of clear definition of public order within the domain of internet and digital media platforms might lead to ambiguity in deciding maintenance of public order. It is inevitable that this uncertainty will create upheaval in the grievance mechanism that is to be followed during a complaint.

The rules also issue tracing the originator of the message. This will lead to the dissolution of end-to-end encryption policy which safeguards the personal data of the users. Encryption is a form of coding where no one other than the recipient and the sender of the message or files can access the information and no one else, not even the platform hosting and enabling the chatting mechanism. Encryption is majorly of two kinds, encryption in transit and at rest. In transit is used to secure information and data from network operators, Wi-Fi service providers, and other operators along the way. For example, if we connect to a particular web page and type something, it connects us to the various websites hosting data similar to our requirement, the web search engine then collects these and displays it to us all the while storing some pockets of caches. If the whole process is not encrypted, then there are chances of possible middlemen tampering with the information. This has been reduced due to end-to-end encryption services provided by many social media platforms whereby only the receiver and the sender has the decryption keys to the information. By introducing the traceability clause in the new guidelines, these intermediaries will have to reduce their encryptions and consequently leave the data of millions at risk of predators.

Interestingly a similar Bill has been introduced in the United States of America in March 2020 named, “Eliminating Abusive and Rampant Neglect of Interactive Technologies (EARN IT) Act, 2020”[2]. This Bill was initially brought before the judiciary committee on 11th March 2020. Coincidentally it has similar provisions to that of the New Information Technology Rules. Although the EARN IT Act of the US is generally focused on the welfare of child abuse victims and locate child abusers. It still aims at targeting the end-to-end encryption facilities for this purpose. Also, quite similarly under this law, it would empower the government of the US to demand private information about the users from the tech companies. This struggle between privacy of individuals on internet and elimination of the end-to-end encryption has been long going around the world. The Five Eyes Alliance, which includes United States of America, New Zealand, Australia, Canada, and United Kingdom (UK), is an intelligence alliance between these countries for the surveillance of the internet and root out any threat. Recipients of many criticisms by civil liberty advocates and human rights activists they had in a joint statement requested tech companies like Facebook to provide government authorities with the information of encrypted messages to annihilate threat to the security of the states and criminal conspiracies. However, these countries were quick to point out the importance of end-to-end encryption for the protection of “personal data”[3], “journalists, human rights activists, and other vulnerable communities”.

This is a pertinent Human Rights issue all over the world. Countries like China and Saudi Arabia has already eliminated end-to-end encryptions. Conversely, Human Rights advocates believe that such cancellation of encryption is done more for curbing dissent rather than to track serious criminals. Criminals generally find other methods to transmit information. The brunt of an encryption less platform is borne by the law-obeying ordinary citizen. The privacy of citizens at large is at stake when end-to-end encryptions are not there. Now the Five Eyes Alliance through a virtual meeting in June 2020 is looking forward to including India, South Korea, and Japan. So, it could be well understood that there are larger stakes at play when the question of ending encryption arises. India and Japan have joined the Five-Alliance in their demand for encryption backdoors from tech companies for “encrypted instant messaging applications, device encryption, custom encrypted applications, and encryption across integrated platforms”[4].

Following this new rule, WhatsApp, the prominent messaging platform, has filed a lawsuit before the Delhi High Court against the law to trace information. Although it can be contended that the new rules only require those who have transgressed to be detected, it would also jeopardize the data of millions of others.  WhatsApp has also argued that giving away the names of the originator of the messages would endanger the privacy of the users and violate their fundamental right to privacy. This new rule would mean cessation of the privacy of the users.  Also, another key factor is that end-to-end encryption is crucial feature of this application. This enables the application to lessen the bandwidth requirement and makes it functional on any device due to its low data storage need. It has garnered a huge user base and letting go of the encryption facility would eventually lead to it giving up a certain number of users. It is also pertinent to consider that WhatsApp is also facing a similar lawsuit in the Supreme Court of Brazil, where it declines to forfeit the security of its users. Non-compliance with the Brazilian legislations will lead to WhatsApp paying fines after the protection of data laws in Brazil are implemented in August 2021. The Brazilian National Congress is bringing out a new law which will demand the companies like WhatsApp to trace the messages of its users. This would mean an end to the privacy of personal information and as the new legislation will enforce the companies to give away the names of the users who sent a message and even of those who commented on it.

It is critical to discern that the question of right to privacy of an individual has been brought before the esteemed courts time and again. Most prominently in the case of Justice K.S Puttaswamy v. Union of India, the court upheld the right to privacy as an essential component of Part III of the Indian Constitution. This judgement subsequently overruled several other decisions namely of Kharak Singh v. State of UP and M.P Sharma v. Satish Chandra and held that the right to privacy is protected by the constitution. However, there has always been duel regarding the individual’s right to privacy and the need of the lawmakers to bring about new policies. Even if the policies are righteous, they still infringe upon the privacy of the citizens. It always settles down to how much privacy are we willing to give up. Right to Privacy of an individual in this era of technology is constantly under threat.

Right to Privacy has always been a tender topic for the world. With the United Nations framing policies and guidelines for the protection of privacy and its recognition as the basic right from which all other fundamental rights emanate. Right to Privacy as basic right garnered the world’s attention during the 2013 case of Edward Snowden, who brought into light the mass surveillance methods used by the American Intelligence Authorities which compromised the data of thousands of citizens. Since then, there has been a lot of discussions and debates around privacy of an individual during the coming times. While countries like Iceland, Estonia, and Canada, have been ranked as the countries that have very less control over the internet users and only monitored surveillance, others like Ethiopia, Cuba, and China have strict laws and huge control over the data of internet users. Such tight control over the user’s data in these countries have made people dubious about the privacy one has on social platforms over the internet.

Right to privacy of an individual is a most prized possession in this time and era, to infringe upon it means to violate the person’s most basic human right. Right to privacy and freedom of free speech and expression are interdependent on each other and are the two sides of the same coin. People are generally not comfortable with having their private details being read or monitored, personal lives are a matter of concern for everyone. What might be freedom of speech and expression could be counted as infringement of privacy for another.

The new rules also seek to remove content from the social media intermediaries immediately after receiving a court order or a notification from a Government Agency, within thirty-six hours. In a country where the freedom and speech and expression are fundamental right guaranteed under the Article 19, this could become a tender spot. Freedom of speech and expression which ensures an individual’s right to have their own opinions and convictions about a certain matter has been a bone of contention many a times. Having a perspective of one’s own is what distinguishes us from each other. We are after all solitary creatures with highly developed brains and capable of having separate thoughts. To curb a person’s thought is to directly inhibit their humanness and undermine their intelligence. Admittedly not all thoughts and opinions result in benefit of humanity, some are a threat to it as well. But to distinguish one from another is a demanding task ergo the need for a well-defined judicial system. The courts of the country have persistently held the importance of speech and expression in several judgements explicitly stating that the democracy stands on the pillars of free conversations and criticism. Hence the petition filed by TM Krishna, a Carnatic Musician and Ramon Magsaysay award winner, in lieu of his violation of freedom of speech and expression by the imposition of the new rules. In his petition he states the thirty-six hours’ time limit to be incongruous with Sec 69A of the IT Act 2000 and the IT Blocking Rules 2009. These laws already contain detailed provisions for removing or blocking online content. Accordingly, these new rules might lead to hampering the freedom of speech and expression. Through this petition, it has been contended that the Supreme Court had struck down Section 66A and stated it to be vague, arbitrary, and violative of Article 19(1)(a), similarly these rules should also be curbed as being violative of freedom of speech and expression of an individual. Subsequently the past months have seen an influx of petitions and pleas being filed by various independent media houses and newspapers. They have been challenged before the Delhi High Court by Foundation for Independent Journalism. The main area of conflict arisen is the fact that these rules seek to censor digital media when the main IT Act 2000 does not entail the same. In in the case of Romesh Thapar v. State of Madras, Patanjali Shastri J, said that a freedom of such vast magnitude might involve some risks but was of the same opinion as that of James Madison, chief author of the Bill of Rights in America, “that it is better to have a few noxious branches than to cut away the proper fruits”[5]. This authenticity of this statement is reflected in the current scenario where, the rules unreservedly violate more than one fundamental right of the citizens. Opinions and beliefs are personal to every individual, it forms the basis of every democracy.  

Under Section 3(1)(j), intermediaries are supposed to provide information and assistance to the authorized Governmental agency within seventy-two hours of receiving such orders. This is a very broad law and does not specify what it entails under information and assistance. Where it states to root out unlawful activities it could also be potentially violative of the fundamental rights of privacy that is Article 21 of the Constitution. Under the grievance redressal mechanism laid down there is a three-tier system for addressing the issues of a complainant. Firstly, there is the Self-Regulating Mechanism whereby the publishers of the intermediary need to appoint a grievance redressal officer based out in India and take decisions on the grievances received within fifteen days and inform the complainant about the same. In the next level, there could be more than one or more independent self-regulating bodies comprising of publishers and their associations. This body would be headed by a retired Supreme Court Judge or an eminent person from the society. This body then needs to register itself with the Ministry of Electronics and Information Technology. Then in the third level there is the Oversight Mechanism. Through this the Ministry will coordinate adherence of the publishers and self-regulating bodies to the Code of Ethics.

Chiefly it has laid down a grievance redressal mechanism under Sections 10 and 11. The complaint of the aggrieved must be acknowledged within twenty-four hours and the decision of the grievance redressal must be provided within fifteen days. Now, this mechanism is definitely straightforward, and the anguished individual has a better and swift chance at justice. Yet it is certain that at least some portion of such complaints will be contrived and formulated. Anyone anywhere can lodge a complaint with anything that does not confirm to their beliefs. The ambit of grievance is not defined so there is always a chance of disorderly conducts by miscreants. Moreover, for many independent publishing platforms it is cumbersome to maintain such grievance redressal mechanisms at their own costs. It is difficult for these small-scale publishing houses to stay afloat, to include another department for grievances will put a dent unto their already dwindling assets.

Section 14 of the Rules sets up an Interdepartmental Committee, which comprises of members from, “Ministry of Information and Broadcasting, Ministry of Women and Child Development, Ministry of Law and Justice, Ministry of Home Affairs, Ministry of Electronics and Information Technology, Ministry of External Affairs, Ministry of Defense and other such Ministries and Domains, including Domain experts can be included in the Committee”[6]. These members would then address the issues arising due to non-compliance with the rules. Essentially these are the functions of the judicial system of the country and other committees are generally not designated such tasks. With the dawn of the new era changes are unavoidable, but where the Ministries are already burdened with their respective responsibilities, to further increase their work might stall their purpose. The Committee is allowed to recommend censuring of content to the Ministry if it is contrary to the rules.

The Ministry is also empowered to appoint a “Authorized Officer”[7], who must not below the rank of Joint Secretary to Government of India, to issue orders under Rules 15 and 16. This officer will be entitled to issue directions for “deleting, modifying or blocking” [8]content which is deemed to be against the rules. This is very similar to Section 69A of the Information Technology Act 2000 which is concerned with cyber-crime in India. To bring about similar rules when there is already one present is unnecessary. It may be simpler and easier than the existing ones, but it is rather fluent to modify the previous rules than to go through the whole process of creating and editing which eventually becomes a cumbersome process. Where Section 69A includes all the perquisites and identical provisions of the new rules, it will only work to complicate the redressal systems. Rule 16 of the new guidelines allows the blocking the content in cases of emergency, if the content in question falls within the sweep of anything mentioned in sub-section 1 of section 69A of the Information Technology Act 2000. this completely arbitrary. The online content being monitored, and every step of the users being followed will open up new threats to privacy.

These new rules pose a new point of debate, where it will allow the users to report content which they find disturbing, contrarily it also will take over the privacy of the individuals by locating the originator of the information, which means to remove the end-to-end encryption facilities of the social media intermediaries. There is bound to be clash of different opinions and perspectives in a widely diverse society. It is not necessary that every person will be truly troubled by the published content but merely have a different viewpoint than the curator of the content. The dilemma over handing over the privacy of the users of internet services have always been a point of conflict for both the tech firms and the users as well. Where in the government seeks to contain criminal activities and threats to the national security through open access to information about the individuals and also staunchly ascertains that only the information which is of surmount importance is to be accessed, it still is a human rights error to open up the personal information of millions of users.

There is a very thin line of ethics between privacy and security, which at times is laborious to maintain. Privacy has always remained an integral part of the liberty of the citizens of the nation. Privacy albeit not explicitly mentioned in the constitution, has time and again been upheld by the courts of justice of the country to be implied and a fundamental right. The privacy of every individual is dependent on laws to guard it. Also, there are laws which breaches privacy. This is a chaos and enigma that does not at present have a viable solution. The status of every person around the world in a complex web of increasingly partisan and technological atmosphere is glaringly obvious. Moral and ethical demands of the current scenario is urgent or else individual privacy stands at the menace of being proclaimed an allegory.

[1] Information Technology (Intermediary Guidelines and Digital Media Ethics Code), 2021.

[2] Eliminating Abusive and Rampant Neglect of Interactive Technologies Act (EARNT IT), 2020, s. 1.

[3] Walking the Tight-rope in the Crusade Against End-to-End Encryption, India, available at: Statecraft | Walking the Tightrope in the Crusade Against End-to-End Encryption (last visited on June 18, 2021).

[4] India joins Five Eyes, Japan in demanding backdoor into WhatsApp end-to-end encrypted chats, India,  available at: India joins Five Eyes, Japan in demanding backdoor into WhatsApp end-to-end encrypted chats – Technology News (indiatoday.in) (last visited on June 18, 2021).

[5] The First Amendment Encyclopaedia, available at: James Madison | The First Amendment Encyclopedia (mtsu.edu) (last visited on June 18, 2021).

[6] Information Technology Rules 2021, India, available at: 250221 IR and DMEC Rules_Ver 1.12_25.02.2021_Clean version (pib.gov.in) ( Visited on June 18, 2021).

[7] The Information Technology Act, 2021.

[8] Ibid.

Author: Madhuparna Sarkar, IFIM Law School, Bengaluru

Editor: Kanishka VaishSenior Editor, LexLife India.


Reading time : 8 minutes

In the present day, Privacy is a necessity for each and every person. Privacy is an essential part of our lives and one of the very basic needs. The supreme court in the judgement on the case of Puttuswamy v. Union of India[1], declared that the right to privacy is a fundamental right that is protected under the Part III of the Indian Constitution.

The words privacy and right to privacy can not easily be formed into a particular concept or idea. Privacy takes into consideration and puts emphasis on the concept of natural rights and usually refers to the new communication and information technologies. The right of privacy is our right to the ability of being free from any public attention or interference with our personal acts and decisions, this includes all the things that are part of us, such as our body, home, feelings etc, the right to privacy gives us the capacity to choose which parts of our private life can be accessed by outside people and to control the extent, manner and timing of the use of those parts that we have chosen to disclose to others.

The recognition of the concept of Privacy in India, mainly traces its origin back to the case of Kharak Singh v State of Uttar Pradesh[2] where the majority were of the opinion that the right to privacy is not a guaranteed right under the constitution of India and due to this the attempt to ascertain the movements of an individual which is just an act in which privacy is being invaded is not an infringement of the fundamental right.

Privacy is an essential aspect of a society or a group’s self regulation which is defined by its various aspects to different people. In a democracy like India which is known for its diverse nature, having people from all religions, customs and backgrounds and therefore it is easy to understand that one thing may not be the same to everyone as there are bound be difference in opinions from person to person. Privacy holds different meaning for different people. For some people it may be the privacy of information, for another the privacy of body and many similar forms of privacy can be the meaning of privacy.

[3]Privacy of a person: Our Indian legal system guarantees the right of life and freedom of speech of a person which involves his/her privacy where no one can be forced to talk about their private matters such as about their marriage. It also provides protection from various forms of force, infirmity and fear. This system tries to make sure that no one is forced to behave in a certain manner. The system aims to protect the rights of a person from fear and force in order to guarantee the rights of a person.

Privacy of home: No one should live in dread or be concerned about the invasion of their privacy at home, which is a haven of solace, safety, and security. A home’s sacredness should be preserved. The value and sanctity of home is recognised by most countries.

Privacy of a family: The primary social impact of privacy, is on a family, it is viewed as a group of personal relationships that may thrive if kept hidden from public scrutiny. Starting from one’s financial ability to the observation of marital rights, privacy with regard to one’s family is extremely important. Due to the fact that everyone treats and considers their spouses as their confidants, the law protects all communication between a husband and his wife, as it  is necessary to make the world a better place to live in. If such privacy is not maintained between the spouses, an individual will have no one to confide in and will eventually be left alone.

Privacy and press: This is sometimes referred to as the Fourth Estate, and it is the cornerstone of any democracy. Individual privacy is to be defined as private even by the fourth estate, despite the fact that no legislation exists in the country to do so.

Privacy of gender: This privilege serves as a deterrent not only to the improper sharing of private information, but also to the misrepresentation of the accurate image. This is a right that every individual, male or female, famous or not, possesses. This right does not only exist for men in this country, but also for women, and regardless of who she is or what information she has, her life is her own and nobody else’s, from marriage to her conjugal obligations, whether she is a housewife, an employee, a corporate junkie, a vendor, or even a prostitute, no one has the right to invade her privacy.

Privacy of Health: In the health-care industry, privacy is a big problem. The trust connection between a doctor and a patient is known as a fiduciary relationship, which refers to those partnerships that are established on mutual trust and confidence. Every person has the option of keeping their medical history private or sharing it with someone they choose. No one is allowed to peek into someone’s personal or medical life, and physicians are not permitted to release the information, as the courts have ruled in circumstances when doctors are morally and ethically sound in maintaining secrecy.

Privacy and Data Protection: As a result, data privacy becomes even more vital, because no one wants their personal information leaked. As a result, all aspects of data protection, including data on individuals, their families, employment, health, and so on, must be a top priority for any government.

Privacy of Dead And Article 21-

[4]Article 21 states that “No individual shall be deprived of his life or personal liberty unless in accordance with a procedure established by law,”. In order to protect the privacy of the departed, the term “person” in Art 21 should also include “dead.” As a result, it is critical to examine the definition of the term “person.”[5]

The word “person” is not defined in the defining clause of Article 366 of the constitution. As a result, the General Clauses Act and the Indian Penal Code must be used to define it. A person is defined in Section 3 (42) of the General Clauses Act 1897 as “any corporation, association, or group of persons, whether incorporated or not.”

Rights of the Dead

There are some rights that can’t be taken away from the dead. Even if the body is devoid of life, the combination of life and body makes a human person. The Indian Succession Act of 1923, allows a person’s will to be carried out after his death. Under the Human Organ Transplantation Act of 1994, a person has the right to prevent his or her dead body from being mutilated, wasted, or having the organs removed, except with the consent of the person when he or she was alive, or with the consent of his or her kith and kin or the state if the body is unclaimed. As a result, only limited rights like as will execution and the right to a respectful cremation of the body were available to the dead. However, because privacy is a component of dignity, it can be extended even beyond death.


The issue was relating to the petition filed by J Deepa[6], the niece of the former Chief Minister J Jayalalitha, J Deepa had filed a High Court petition to prevent the screening of the biopic titled “Thalaivi.” The film is based on the former CM’s life. The petitioner claimed that the film is damaging her reputation. In addition, she stated that the life biography of Jayalalitha cannot be told without including the lives of her family. It will also be invasion of her (Deepa’s) privacy.

The appeal was filed in response to a single judge’s reluctance to halt the distribution of Kangana Ranaut and Arvind Swami’s Thalaivi, claiming that the film was not created with her approval and hence may tarnish Jayalalithaa’s reputation.

“We believe that ‘posthumous right’ is not a ‘alienable right,” stated the division bench comprising of Justice R Subbiah and Justice Sathi Kumar Sukumara Kurup, finding that a person’s privacy or reputation gained during his or her lifetime expires with his or her death. They further stated that the appellant (Deepa) is not entitled to an injunction on the grounds that the respondents are attempting to tarnish her aunt’s “posthumous right” as a result of the film’s publication.” They stated that the legal heirs cannot attempt to protect them through the introduction of legal trials.  The bench also noted that the film in issue is yet to be published, saying, “Even prior to that, the appellant is not entitled to seek an injunction on the premise that her aunt has been presented in the film in a negative light, therefore attempting to bring her image and name into disrepute.”

[7]The film’s distribution is contingent on certification by the central board of film certification, which will have the opportunity to review the film’s subject matter. The court also ruled that the film producers are not needed to obtain the petitioner’s permission before making a film on her aunt’s life. The court also quoted a Bombay high court decision, which stated that people who are in the positions of power must have shoulders which are broad enough in order to gracefully recognise a review of themselves. Democracy is built on the foundation of critical thinking. The filmmaker cannot be forced to convey simply one version of the facts since the film’s strength as a medium of expression depends in its potential to add to that evaluation. The court went on to say that the same thing happened with the online based series “Queen”. In one case, the council stated that the web series was not a true story, but rather a cost-effective adaptation of a story inspired by true events.

The Appellant is entitled to bring this claim as a Class I legal successor (as defined by Hindu law) of late Dr. J. Jayalalitha to defend the “posthumous right to privacy” and the dignity and legacy of her late aunt Dr. J. Jayalalitha.[8]

While making this submission the Appellant cited the case of Rajagopal Vs. State of Tamil Nadu[9] wherein, the Supreme Court of India, while summarizing the principles therein, Had observed that a citizen has a right to protect his or her own privacy, as well as the privacy of his or her family, marriage, procreation, and other matters, and that no one can publish anything concerning the above matters without his consent, whether true or not, laudatory or critical, and that if he does so, he will be violating the person’s right to privacy and will be liable in a damages action. It’s worth noting that the 1st and 2nd Respondents also cited the Rajagopal Judgment, which said that the Supreme Court found that there is a right to publish if it’s based on public documents. Both sides’ arguments relying on the Rajagopal decision shape the outlines of the right to privacy and essentially link back to the Single Bench’s rationale that the right to privacy must be balanced with the right to freedom of expression under the Constitution, both of which are fundamental rights, i.e., the balance of convenience theory. The Appellant claimed that the Series depicts false and distressing events, such as scenes in which Dr. J. Jayalalitha cuts her wrist, scenes in which Dr. J. Jayalalitha begs her male co-star to marry her, and scenes in which Dr. J. Jayalalitha’s brother is shown as a drug addict. The Appellant argued that these were not true incidents and that it is depicting Dr. J. Jayalalitha and her family members in a negative light, and Respondent No.3 is exploiting the Series’ completely fictional status as a smokescreen to sensationalise Dr. J. Jayalalitha’s personal life. At first glance, the Appellant’s allegations appear to be more along the lines of defamation than of violation of the right to privacy and unauthorised use of one’s personality rights, i.e., that the aforementioned dramatised scenes in the Series would harm such person’s reputation because they were factually incorrect. Respondent No. 3 relied on the fact that the Series was a “dramatisation and fictitious reproduction of real events,” that it was based on Book 2, and that it carried a disclaimer expressly indicating that the Series was not a biography of Dr. J. Jayalalitha. In numerous defamation matters, as discussed in Vadlapadla Naga Vara Prasad v Chairperson, Central Board of Film Certification, Bharat Bhavan, Mumbai[10], this combination of fictionalisation, dependency on a prior publication, and an appropriate disclaimer has been seen to be used, as discussed in the case of Vadlapadla Naga Vara Prasad v Chairperson, Central Board of Film Certification, Bharat Bhavan, Mumbai. The Division Bench did not go into great detail on this aspect of defamation in this decision, although it was mentioned briefly during the reading of Section 306 of the Indian Succession Act, 1925[11], and Rule 1 of Order XXII of the Code of Civil Procedure, 1908[12].

“Such a disagreement cannot be permitted so close to the debut of the film,” the bench added. Its release is conditional on the CBFC awarding a certificate following an evaluation of the film’s content.” The film’s expressive power derives from its ability to contribute to that evaluation, and the director cannot be obliged to reflect only one version of the facts. Similarly, the justices passed a similar ruling refusing to grant any remedy against the web series Queen. They noted that senior lawyer Satish Parasaran, speaking on behalf of the company’s director Gautham Vasudeva Menon, said that the web series has been available for a long time and that an injunction was superfluous. The online series, according to the lawyer, was not a true biography in the traditional sense, but rather a fictionalised rendition of a true story.

Restrictions (as indicated in the Court Order):

Only state action that passes each of the three standards is cabable of limiting the right: Any state action, first and foremost, must be founded on a legal obligation; second, it must be pursuing a legitimate state purpose; and third, it must be carried out in the public interest. Next, it must be proportionate, which means that such state action must be necessary in a democratic society, both in terms of kind and extent, and the action must be the least invasive of the available choices for accomplishing the aims.


Sushant Singh Rajput’s father, Krishna Kishore Singh, claimed to be “the Category-I or Class-II legal heir of SSR and absolute legal heir under Section 16 of the Hindu Succession Act, 1956,” and filed a suit in the Delhi High Court to protect his son’s “reputation, privacy, and rights of deceased son,” which he claimed were being violated by the making of films like “Nyay: The Justice,” “Shashank,” and others stating that hey are said to be based on Rajput’s life and events. The death of SSR was widely reported in electronic, social, and print media. The Plaintiff has asked the court for an ad-interim ex-parte injunction prohibiting the Defendants from exploiting his son’s name, caricature, lifestyle, or image in upcoming films and other endeavours, among other things. Any such publishing, production, or portrayal, he claims, would be a violation of his personality rights and the right to privacy, which includes the right to publicity, among other things, and could not be done without his legal heir’s permission.

[13]On 10th June 2021, the Delhi High Court dismissed the appeal brought by Sushant Singh Rajput’s father, Krishna Kishore Singh, wanting to restrain filmmakers from making films on his son, the late actor Sushant Singh Rajput. The film was supposed to be out on June 11th.

Nyay, Shashank, and an undisclosed crowd-funded film are a few of the future or proposed movie projects based on Sushant’s life. According to a petition signed by KK Singh, the filmmakers are profiting from the situation and hence do not have the right to free speech and expression. KK Singh demanded damages of nearly Rs 2 crore from the producers for “loss of reputation, emotional stress, and harassment,” claiming that the films might tarnish his son’s image. The petition also argued that allowing a “movie, web-series, book, or any other comparable materials to be published or televised would jeopardise the victim’s and deceased’s right to a free and fair trial. According to the lawsuit, because Sushant is a well-known star, “any abuse of his name/ image/ caricature/ way of delivering phrases also amounts to infringement of the plaintiff’s personality right alongside acts of passing off.”

On the issue as to whether ‘celebrity rights’ can be enacted after a person’s death,  Singh had claimed that such rights are inheritable by a celebrity’s legal heirs, citing the Gujarat High Court’s verdict of Kirtibhai Raval[14], which held that celebrity rights can be transferred to a direct descendant. In the said case the Plaintiff, claiming to be a direct descendant of late Shri Jalaram Bapa of Virpur, filed a lawsuit based on the right to privacy and the right of publicity, seeking an injunction against the publication of any film or creative work based on the life of late Jalaram Bapa without his approval. The Gujarat High Court upheld the trial court’s injunction, reasoning that “irreparable harm will be caused by violation of right to publicity or privacy that cannot be compensated monetarily,” but it also believed that the parties’ arguments needed to be thoroughly considered after appropriate evidence was presented.

The single judge bench led by Justice Sanjeev Narula, who delivered the judgement, first stated that the terms “publicity right,” “celebrity right,” and “personality right” are not expressly recognised by any Indian laws. There are, however, limited laws under which certain of these rights can be asserted as intellectual property rights, such as the Trade Marks Act and the Copyright Act, 1957 – none of which are applicable in this instance. The court concluded that whether these rights exist posthumously would have to be investigated further, as in the absence of codified laws protecting such rights, the common law that governs such rights would have to be examined, and further investigations would first require evidence from the Plaintiff to show that SSR’s persona is still surviving as a commercial property. While Singh “has sought to distinguish ‘celebrity rights’ from the ‘right to privacy,’ any assertion of such (celebrity) rights (except those claimed through Intellectual Property Rights for which special statutory protection is provided) cannot be appreciated apart from the concept of right to privacy, according to Justice Narula. In the unavailability of legislation recognition of such rights, the right to privacy derived from Article 21 would be the source of such rights.”

According to the court, “a limited class of celebrity rights that are protected as intellectual property rights under applicable law are assignable and licensable, and may outlast the actor’s death.” “However, because it is integrally linked to and sprouted from the right of privacy,” it added of the publicity right, “the Court prima facie finds merit in the Defendants’ argument that the posthumous privacy right is not acceptable.” [15]The Delhi High Court based its decision on the Supreme Court’s ruling in the Puttaswamy case, which stated that “any person’s right to privacy is essentially a natural right and remains with the human being until his or her last breath as it is born with the human being and extinguishes with the human being itself. “The court also quoted the Madras High Court’s judgment in the case of Makka Tholai Thodarpu Ltd’s Managing Director, which mentioned that a person’s “right of privacy cannot be inherited after his death by his legal heirs, and that a person’s personality right, reputation, or privacy enjoyed during his lifetime comes to an end after his lifetime,”.

“The name, caricature, lifestyle, and/or likeness of SSR is not being exploited by putting it on any object such as t-shirts, toys, posters, mugs, and so on in order to convey his personality,” the court decided. The Defendants are not making any false claims or misrepresenting their films in any way. The Court noted that it was not satisfied that the Saraogi, Sharma, and Gulati’s work infringed on celebrity rights since they “assert their work to be fictional, i.e., neither a biography nor based on true facts.”


As the current legal situation shows, dignity lasts even after death, thus privacy, as part of dignity, should be extended as well. The Supreme Court of India, on the other hand, recognised just the right to the dignity of a dead body in the Paramananda Katara case, and the ruling did not address the whole concept of preserving the dignity of the dead. As a result, we may conclude that privacy does not extend to the deceased based only on the legal position. However, in order to avoid a breach of a person’s privacy just because he is deceased, this right must be recognised and safeguarded by legislation. The public will surely be deceived if this right is not safeguarded. There’s a significant possibility that the law will be misunderstood by the public.

[1] (Justice K.S. Puttaswamy v. Union of India) (2017) 10 SCC 1

[2] (Kharak Singh vs The State Of U. P. & Others) 1963 AIR 1295, 1964 SCR (1) 332

[3] Privacy and its relation to different aspects of society, available at https://blog.ipleaders.in/know-the-right-to-privacy-in-india-its-sanctity-in-india/ (Last Modified June 12, 2020 )

[4]Article 21, available at, https://www.constitutionofindia.net/constitution_of_india/fundamental_rights/articles/Article%2021

[5] Privacy of Dead and Article 21, available at http://www.legalserviceindia.com/legal/article-120-should-your-privacy-die-with-you-.html 

[6] Right to privacy, reputation extinguishes after death, available at https://www.thehindu.com/news/national/tamil-nadu/right-to-privacy-reputation-extinguishes-after-death-hc/article34340089.ece

[7] HC refuses to ban Jaya biopic, says right to privacy cannot be inherited, available at https://www.dtnext.in/Lifestyle/LifeStyleTopNews/2021/04/17031838/1288135/HC-refuses-to-ban-Jaya-biopic-says-right-to-privacy-.vpf

[8] [8] POSTHUMOUS SURVIVAL OF PRIVACY & PERSONALITY RIGHTS: PART 2, available at https://www.legal500.com/developments/thought-leadership/posthumous-survival-of-privacy-personality-rights-part-2/

[9] (R.Rajgopal v. State of Tamil Nadu) 1995 AIR 264, 1994 SCC (6) 632

[10] (Vadlapadla Naga Vara Prasad v Chairperson, Central Board of Film Certification, Bharat Bhavan, Mumbai) WRIT PETITION No.30376 of 2011

[11] Section 306 of the Indian Succession Act, available at https://indiankanoon.org/doc/261549/

[12]Rule 1 of Order XXII of the Code of Civil Procedure, 1908, available at http://www.bareactslive.com/ACA/ACT379.HTM

[13] Sushant Singh Rajput’s father’s plea rejected, Delhi HC refuses stay on Nyay release, available at https://www.indiatoday.in/movies/celebrities/story/sushant-singh-rajput-s-father-s-plea-rejected-delhi-hc-refuses-stay-on-nyay-release-1813154-2021-06-10

[14] Kirtibhai vs Raghuram on 20 January, 2010 (Gujrat High Court)

[15] Sushant Singh Rajput Case : Are Celebrity Rights Available Posthumously? Delhi High Court To Decide, available at https://www.livelaw.in/top-stories/sushant-singh-rajput-case-are-celebrity-rights-available-posthumously-delhi-high-court-to-decide-175506


Editor: Kanishka VaishSenior Editor, LexLife India.

Explained: Privacy Policy of WhatsApp

Reading time : 8 minutes


In the recent times, the importance of data protection has taken a front row stand.  In 2017, The Supreme Court held that right to privacy is a fundamental right guaranteed under Article 21, in the landmark Justice Puttaswamy case. [WP (c) 494.2012]. However, with our ever increasing dependency on technology, it is important that new laws and regulations be formed to protect a consumer from private data exploitation.

In 2009, Jan Koum and Brain Action, created a technological platform for instant messaging that could be accessed by a consumer free of cost. It gained international recognition and now, WhatsApp, has become a cheaper and more popular alternative to SMS; being available in 180 countries and having over 340 million users. 

Through WhatsApp, a user can share messages, videos, pictures, voice notes and even important documents with the person of his/her choice.  Most of such informative may be confidential or private to the user and hence, it is important that such data be protected.

On 4th January 2021, however, WhatsApp issued its updated privacy policy, which created massive uproar amongst its users. The updated policy states that Facebook and other parents companies will be able to access the data of the user and furthermore, it states that if a user objects to or refuses to accept these new terms, that user can no longer access WhatsApp.

Background of the Issue & Stand of the Constiution

The updated policy of WhatsApp contradicts the Right to Privacy safeguarded under Article 21 in Part III of the Constitution of India. It was held in the Puttuswamy case that that right to Informational privacy falls within the ambit of Article 21 and each individual has the right to exercise control over his presence on the internet and data thereof. It was further held that, even where data was being extracted, it could only be done when it was 1) in public interest 2) done by a competent legislature 3) ONLY upto the required extent.

Facebook, is the parent company of many flourishing social media sites such as Instagram and Twitter and with WhatsApp coming under the control of Facebook, the same will be able to monopolize date within itself.  Facebook in the recent times has acquired a notorious name for itself. In 2019, Facebook was held guilty of Federal Trade Commission and charged with damages of $5 Billion. Facebook had, in 2018 sold data of consumers to a political campaign agency based out of Britain called Cambridge Analytica, who in turn used this data to profile individuals and create target political strategies.

India is the leading country of WhatsApp users and any data breach or piracy will directly influence India as a country. Moreover, a user is not given the option to choose whether he/she would want to share his/ her date with Facebook, the user is bound to. Adding to that, Facebook is a multinational corporation with data centers across all borders. The difference between localization of data by local businesses and multinational corporations should be realized. While data stored by local businesses will be subject to local laws and local authorities, data stored across borders will be subject to irregular laws. Furthermore, the updated privacy policy has not been created under the prudent watch of the government and hence the sanctity of it cannot be relied upon.

Another pressing issue is, that while India has the majority number of WhatsApp consumers, preferential treatment was given to the European Union and different privacy policies have been created for India and Europe.

In a petition filed by Advocate Chaitanya Rohila before the Delhi High Court argued that, the updated WhatsApp policy gave the company a 360 degree view into the lives of the user further arguing that WhatsApp does not have any authority to use the data of the customers to facilitate its own private agendas. The petitioner further stated that India being a signatory to the International Covenant on Civil and Political Rights (ICCPR) is duty bound to take actions to prevent information concerning person’s private lives does not fall into the hands of an unauthorized entity. Lastly, it was vehemently emphasized that the Data Protection Bill, which was introduced in 2018 would be able to successfully combat most of the issues surrounding the WhatsApp Privacy policy.

Union Government’s take

section 79 (2) (c) of the Information Technology Act read with section 87 (2) (zg) of the same act shows that the Centre has the power and authority to stop WhatsApp from sharing user data with third-party companies. On 19th January 2021, after the release of the updated privacy policy, The Ministry of Electronics and Information Technology labelled it unilateral and unfair and asked for its instant withdrawal with further demanding a list of 9 questions be answered.

The questionnaire asked questions regarding:

  1. The exact kind of data that was being collected from the Indian users
  2. Details of permissions and consents
  3. Utility of various service providers
  4. The reason for collection of ‘vast amount og highly invasive and granular metadata   &
  5. The distinctions between the WhatsApp privacy policy in India and other countries.

WhatsApp is still to reply to this questionnaire.

What does whatsApp say?

WhatsApp has held that personal messages sent via the App will not be accessible as they are end-to-end encrypted and nothing has changed in the security protocol. It (WhatsApp) has further clarified that the updated privacy policy applies only to the business feature available on the app and will provide further transparency on how data is collected.

It has further clarified that users will have the option to download and delete their data and third party corporations (or WhatsApp) will not have access to contacts, location, groups or calls.

WhatsApp has emphasized on the difference between a business using WhatsApp and personal messages. It has clarified that the privacy policy is to expand and be able to provide a stable platform for business to interact with their clients. WhatsApp has claimed to be providing secure hosting services from Facebook to manage WhatsApp chats with clients etc.

WhatsApp has further claimed to reduce contact time between business and client by letting a client WhatsApp message a business, of which the user saw an Ad on Facebook. WhatsApp has also added a payment feature which promises to increase convenience for user satisfaction.

Critical Analysis

It cannot be ignored that most privacy policies are made for personal gain and all such policies are unregulated. The Constitution under Article 21 protects a right to a person’s life and liberty which includes the right to privacy of a person, and as held in the Puttaswamy case, in India data can only be collected for public interest by authorized legislature and if data is collected arbitrarily, the Supreme Court is authorized to put a hold on this.

In view of this, it is important that updated privacy policy of WhatsApp should not be readily accepted and questioned tenaciously as:

  1. The collection of data is arbitrary and hence ultravires to the Constitution.
  2. Collection points being scattered across borders makes it extremely hard to claim damages in case of breach.
  3. There are no solid data protection laws in India.
  4. Differential policy treatment between India and other countries gives rise to suspicion.
  5. User does not have an option to object.

However, when the coin is flipped and the other side is considered, the creation of a link between WhatsApp and Facebook would inevitability transform business services and create a more convenient and user friendly mode of business communication.


Collection and trading of user data has gained significant boost due to development of new technologies like artificial intelligence, which help recreate the thinking of a human brain. Social media platforms have always been a place where individuals have freely been able to vocalize their option about different subjects such as politics, the Government, art, literature, personal likes and dislikes, sports, etc., which has saturated social media platforms with user data. One may think of this to be innocent data, however, when this data is collected over a period of time; it gives us an insight into the life of that person and may help profile individuals. Users, however, have the right over their data and have the right to protect themselves from corporations or the government from using this data without their permission for personal gains. WhatsApp, being an instant messaging app, in my opinion requires a ridged privacy policy, favoring the user because, confidential and private data is exchanged on this platform, which can be misused if pirated.

Author: Fareedunnisa Huma

Editor: Kanishka Vaish, Editor, LexLife India.

Data Protection Bill and Right to Privacy- An Analysis

Reading time: 8-10 minutes.

On December 11, 2019, the Minister of Electronics and Information Technology, Ravi Shankar Prasad introduced “The Personal Data Protection Bill” in the lower house. The bill aims to ensure, inter-alia, the protection of individuals’ privacy in relation to their personal data, the transparency of organisations and institutions processing personal data, and to establish a Data Protection Authority (hereinafter referred to as “DPA”), for the various purposes that the Bill seeks to fulfil. The Bill is the response of the Government of India to the long-standing need for a “data protection regime” to protect citizens’ personal data that they knowingly or unknowingly provide to various internet websites.

The Government of India constituted a Committee of experts on Data Protection on 31st July 2017, which was headed by Justice B. N. Srikrishna, to examine the issues pertaining to the Data Protection in India, and the report of this Committee was submitted on 27th July, 2018. Later, the Government placed the Bill in public domain, for feedback and suggestions from various stakeholders, ministers and consultants. Based on these suggestions the Union Cabinet approved a revised Personal Data Protection Bill, 2019, on December 4th, 2019. Later, the Bill was introduced in the Lok Sabha on December 11, 2019 and was referred to a Joint Select Committee of both the houses.

The right to privacy has been recently recognised as a fundamental right emerging primarily from Article 21 of the Constitution, in Justice K.S. Puttaswamy (Retd.) v. Union of India. To make this right meaningful, it is the duty of the State to put in place a data protection framework which, while protecting citizens from dangers to informational privacy originating from State and Non-State actors, serves the common good. It is this understanding of the State’s duty that the Committee must work with, while creating a data protection framework.

Major Features of the Bill:

The Bill regulates the processing of personal data by States, companies incorporated in India, and international companies dealing with personal data of individuals in India. The Bill sets out the fiduciary data responsibilities (i.e. the body deciding the intent and means of processing personal data) that certain accountability and transparency steps must be taken when detecting the data. The Bill requires personal data to be handled by data fiduciaries only if the data principal (i.e. the person to whom the data relates) has given his permission.

The Bill further provides a legal framework for the collection and use of personal information. While providing a collection of rights and obligations for the processing of personal data, the Bill proposes the creation of a DPA, to control and implement the legal structure. The Bill also vests the Central Government with substantial standard-setting powers and tasks the DPA with implementing the same. An important characteristic of the Bill is, its broad scope of applicability. If implemented, it would apply to all companies other than those expressly exempted across India. This will involve any organization that collects data using automated means. The DPA shall have the power to define small entities based on turnover, data volume handled and data collection purposes.

Further, the Bill makes consent an important factor to the proposed data protection framework. The Bill also proposes that the personal data of individuals should be accessed only on the basis of free, informed and detailed consent, with provisions that allow such consent to be withdrawn. Any processing of data without such approval would constitute a breach, which could result in penalties under Sections 11 and 57 of the Personal Data Protection Bill, 2019. Section 11 of the Bill establishes a separate category of ‘sensitive personal data’ and states that such data can only be processed with ‘explicit consent’.

There are certain grounds mentioned in Section 12 of the Bill, in which personal data can be processed without the consent. The grounds are, if personal data is required for the benefit of principal data, legal proceedings, response to medical emergencies or for the maintenance of law and order. The Bill also allows the Central Government to guide data fiduciary to include confidential personal data or non- personal data so that the Central Government can better plan the delivery of services or formulate evidence-based policies. According to the Bill, data fiduciaries must institute mechanisms for age verification and parental consent when processing sensitive personal data of children as stated under Section 16. Further, under Chapter V, the Bill gives certain rights, like the right to obtain confirmation whether data has been accessed or not, right to correct the erroneous personal data and the right to be forgotten.

“The right to be forgotten” reflects a major part of the legislation. Under Section 20, the data principal is entitled to avoid the continued disclosure of his personal data if the purpose of the data has been served, if the consent of the data principal has been removed or the data has been unlawfully released. The Bill also empowers the DPA to take measures to protect individual rights, prevent abuse of personal data and ensure compliance with the bill.

Negative Aspects of the Bill:

Although there are many strong and progressive provisions in the Bill, there are some provisions and features of the Bill which tend to raise significant concerns regarding the effectiveness of the Bill in protecting the data of citizens. They are dealt with in the subsequent paragraphs: 

  • Harm and Damage to Privacy:

The Bill defines ‘harm’ in a manner which appears problematic for many stakeholders. Any discriminatory treatment or denial or removal of a service, resulting from the assessment of the data principle would be protected under it, according to the concept of damage. This Bill talks about discrimination in general, which imposes severe restrictions on business activities because many businesses have to discriminate on different grounds for the smooth functioning of business. In reality, according to the Indian Constitution, only certain types of discrimination are problematic. Within the Bill, risk of harm is concern when determining what kind of protection and privacy protections should have to be implemented into the design of business policies. The focus on this controversial concept of harm should create a significant problem for various companies, as several times they have to remove specific services from customers when discriminating on the basis of data collected from them.

  • Voluntary User Verification:

Another criticism that the Bill has faced, is its clause that allows the businesses to provide users with options to voluntarily check their identity. If users do not check their identities, they are going to be a candidate for government surveillance or analysis. This provision would raise the risk of data breaches and entrench control in the hands of major social media companies who can afford such verification systems to be installed and maintained. In addition, this will also increase the risk of user privacy breaches. It also ignores the aspect that, sometimes, social media anonymity brings benefits like whistleblowing and stalker protection.

  • No Consent- Transfer of Non-Personal Data:

The Bill also mandates companies to share non-personal data with the Government, on the grounds of public good and planning. This will not only significant privacy concerns, but it will also have a disastrous impact on companies, as many a times, companies keep trade secrets in the form of non-personal data and on its being shared, they might suffer a setback.


The Personal Data Protection Bill is India’s move towards providing, inter-alia, data privacy for its people and avoiding misuse of their data. It places great emphasis on the individual’s consent before taking up his/her data for any purpose. It also has provisions for the establishment of an Indian Data Protection Authority to ensure proper enforcement of the proposed Bill. It is a long-awaited legislation, as India did not have a comprehensive law to protect its citizens’ data, leaving citizens unarmed while being exposed to a world full of cyber-crimes.

While impressive on certain counts, the Bill also has disappointing aspects, such as putting a strong emphasis on harm without adequately identifying it, making it mandatory for businesses to exchange non-personal data. The major weakness in the Bill, however, for which it earned flak from many lawyers, academics, and politicians, is the clauses that grant exemptions to the Government, through which they can allow any Government agency to circumvent the proposed Act. This clause raised significant and relevant questions about the Government’s intentions, with Justice BN Srikrishna, whose committee prepared the draft law in 2018, calling it an attempt to turn India into an Orwellian State.

Today the internet has become an integral part of our lives. Almost all the things that we do, whether public or private, official or unofficial, include the use of the internet. A large amount of data is transferred whilst performing these activities. In such a situation, ensuring data security is important, because a person’s data in the wrong hands, can have serious repercussions. There are cases where users’ data privacy has been violated, knowingly or unknowingly, by social media sites like Facebook and WhatsApp.

Therefore, a law that seeks to protect citizens’ privacy is quintessential. The Personal Data Protection Act is intended to meet this obligation. However, it is mired with certain shortcomings that can end up offering very little of the protection that the legislation promises. But the Bill also has scope for change, as it has been referred to a Joint Parliamentary Commission. The panel is expected to discuss the Bill’s shortcomings and to come up with a Revised Draft Bill that will provide Indian people with a promising legislation that delivers on the data privacy promise.

Authors: Kadam Nikitha from Army Institute of Law & CH Suswani from DSNLU.

Editor: Astha Garg, Junior Editor, Lexlife India.

Aarogya Setu App: Right to privacy angle

Reading time: 8-10 minutes.

On May 1st, 2020, the Central Government mandated through a directive that all the employees of government and private companies download an app that had been made by the Indian Government called Aarogya Setu. This app was created by the government in order to be able to track patients of COVID- 19 and their contacts, upon an infection being reported. Further, people having their residence within all the containment zones created within the country would also be required to download the app.

The purpose of asking people to download this app on smartphones is simple. This App showcases the safety status in the area, and people would be permitted to go to work in the condition that the app displayed a ‘safe’ or a ‘low risk’ status. However, it is the other function of this App that calls into question the Right to Privacy of a person. The app also collects private information of a person without consent. The app uses Bluetooth and GPS tracking data of a person’s phone to track their movement and locate all people who have been within six feet of an infected patient’s vicinity, by scanning through a database containing the information of all infected patients.

A Petition was filed against the above-mentioned government Order on May 7th, 2020 alleging that the Order mandating the installation of the app on to the smartphones of all government and private company employees was violative of such people’s Right to Privacy. The Petitioners contended that the Aarogya Setu App compulsorily collects all the personal details of a person such as their name, age, phone number, sex, occupation, prior month’s travel history and the details of whether a person is smoker or not. Moreover, the app can continuously track the location of the person.

The 1st May Order also stated that the State Governments to file cases against violators of the lockdown rules, inclusive of not downloading the App, under Section 188 of the Indian Penal Code.

Prior to understanding the legal understanding of the right to privacy, one must understand the basic meaning of the word ‘Privacy’. Black’s Law Dictionary defines Privacy to be the “Right to be let alone or the right vested in a person to be free from unwanted publicity”. In the Indian legal paradigm, the right to privacy has been read under Article 21 of the Constitution of India, even though there is no explicit right that has been provided through the bare text of the Constitution.

Article 21 of the Constitution of India provides for a person’s Right to Life and Personal Liberty, and the Supreme Court of India in the year 2018 vide its judgement in the case of K S Puttuswamy v Union of India read the Right to Privacy to be a part of the person’s fundamental Right of Life and Personal Liberty. The Supreme Court of India included the Right to Privacy within the Constitutional Framework of the Country, since this right is part of the general principles of The Universal Declaration of Human Rights, 1948 under Article 12 of the Declaration and is an obligation to all the Parties of the International Covenant on Civil and Political Rights under Article 17. This is an important judgement because it recognises the right of a person to be left alone, at the choice of the person without there being any mandatory influence to share his information or associate with anyone. Moreover, with the increase in the online presence of people around the world, it becomes extremely important for people to be allowed to choose what information they are willing to share and what they are not willing to share.

Salient features of the right to privacy

Through the judgement in the case of K.S. Puttuswamy, the right to Privacy has become an inalienable right. Even though the same was not originally a part of the Constitution, the Right to Privacy is now protected under the Constitution of India and is Preserved by the Judiciary, which acts as the guardian of the Constitution. It has also been held by the judgement in the aforementioned case that the Right to Privacy is integral to other fundamental rights as well, such as the right to freedom of forming associations, right to equality etc., because the right to privacy has one common property to all the fundamental rights protected under the Constitution of India, i.e. the preservation of the dignity of a person.

The right to privacy is intrinsic to the protection of the dignity of a person because of the choice that needs to be afforded to them about maintaining their private information, private. The Right to privacy protects the privacy of the human body against any form of violation and/ or restraints of body movements. The Second right afforded herein is the right to privacy over a space such as personal relationships and family. The next form of Privacy that has been afforded to under the judgement is the right to privacy over communication, i.e. the right to have complete control of the communication and the right to protect and prevent access to their communications.

Another means of privacy that is offered under this fundamental right is that of decision making, and the right to make decisions that are intimate to a person, to the exclusion of all others. Moreover, people are also awarded the right to control activities that even occur in public. Associational Privacy is also something that is afforded to the people. People must have complete privacy over their choice of people to interact with. Lastly, privacy is also accorded to in terms of protection of intellectual property.

These forms of Privacy are accorded to by the judgement, with its reference to a diagram which is mentioned in an article which the judges have relied upon. Any alleged infringement of the fundamental right must pass the tests laid down under Article 14 and Article 21 of the Constitution of India i.e. the need for a law, express arbitrariness and proportionality of application.

Salient features of the Aarogya Setu app

Speaking of the several noteworthy clauses of the “Aarogya Setu App”, clause 1 (d) of the Policy of the app addresses the locational features of the individual for places which he has visited onto the Server. In the following provisions of clause 3(d), the information is proposed with two categorical alternatives, firstly, the information does not get uploaded onto the portal and is purged within thirty days. Secondly, in the event of negative coronavirus symptoms, the data will be purged from the server within forty-five days and on account of positive results, within sixty days. However, if any person’s information has been uploaded onto the App portal, there is no guaranteed deletion of the same and it will hold information indefinitely.

There exists a similar system in China which posits a much clearer algorithm of working out the colour coded signals of “yellow” and “orange”. The determination of the “yellow” colour indicating positive symptoms is marked arbitrarily making mandatory transfer of personal localised information on the Server. Clause 1 (a) and (d) which deal with very basic information about the individual are theoretically safeguarded by clause 2 of the policy which says in sub-clause 2(e), the basic information of the person will be used only in the ways mentioned in the clause and not in any other way as may be. Until that purpose is realised, it will remain on the Server for an indefinite period. The greatest flaw of this app when in comparison to the MIT and Singapore technology is that the data present on the App is not even encrypted into DiDs.

The Aarogya Setu app vis a vis right to privacy

The Aarogya Setu app is one that has a questionable premise. It is an app that can be used to track the movement of the people, more so, without asking for their consent. The Aarogya Setu App, and its current mandate of use do not offer a person the right to opt-in to the security and privacy violations that the app tends to commit to. With recent judicial luminaries such as Former Supreme Court Judge B N Srikrishna, the chair of the committee that drafted the Privacy Protection Bill 2011, stating that the government’s move was “utterly illegal” (as reported in Indian Express 12th May, 2020, 1:31:56 pm, by Apurva Vishwanath), the true ends of this right need to be justified. The protection of data is guided by the Aarogya Setu Data Access and Knowledge Sharing Protocol, which is considered to be an order that has been issued by the Empowered Group on Technology and Data Management. This body has been set up under the Disaster Management Act.

Critical analysis

This case of the Aarogya Setu app is one that has to be carefully noted and the extent of its capabilities fully understood. The app has been introduced to us at a time wherein the world is passing through a phase that is causing economies to collapse and entire legal systems to break down, due to the pandemic. Even though this battle seems like it can be won only through effectively tracing contacts and adopting social distancing measures, the facilitators of these mechanisms such as this app need to be studied carefully. Once a person has downloaded this app on to their phone, and given their personal details, their movements, the people they associate with and the activities they indulge, practically becomes government knowledge. It is important to consider whether such an aggressive means of the violation of the right to privacy is in fact, good for the country, or the population. Usage of the Aarogya Setu App directly points to the violation of the right to privacy of a person and this is an argument that cannot be refuted, especially considering how aggressive the measure is.

Whether the same is unconstitutional or not has a lot of factors affecting it. One of the most important tests to be applied herein is that of proportionality. It needs to be seen whether the restriction that has been imposed on the right to privacy is reasonable to the end it seeks to achieve, i.e. the prevention of the spread and containment of the COVID-19 virus. Without the development of a vaccine and practically no other way to tackle the virus, it seems that the only means of containing the spread of the virus is through aggressive contact tracing and social distancing, which are the main goals of this app. In this scenario, the reasonability of this app also highly hinges on whether the protection of data collected is comprehensive and strong. However, with a protocol being issued by a body set up under the Disaster Management Act, the standards of protection of data are not trustworthy. The same was vocalised recently by Hon’ble Justice Srikrishna as well. So the question one must ask herein is, if the security of their data gives them enough reason to believe in the proportionality of the measure.


The current times cannot be predicted. It is confusing, hard and taxing on every person due to the uncertainty that the situation has created for us. In times like this, it is the government’s job to ensure that the people of the nation are cared for. While fundamental rights violations such as these are bound to create fear about the legitimacy of governmental action, the intention behind the same must be noted. The intention behind the app is the containment of the spread of the virus. However, plausibly good intention without effective means of implementation simply means the endangering of the lives of every citizen in the country with a possible massive data leak. Checks and Balances are the language of a democracy, with words intentions being the building words of the language, and the effective implementation being the cohesiveness that binds the intentions together

Authors: Ajeeth Srinivas. K from School of Law, CHRIST (Deemed to be University) and Sonal Sinha from Symbiosis Law School, Hyderabad.

Editor: Muskaan Garg from Jindal Global Law School, O.P. Jindal Global University, Sonipat, Haryana.