Right to Privacy — Revision Notes
⚡ 30-Second Revision
- Right to Privacy: Fundamental Right (Article 21).
- K.S. Puttaswamy v. Union of India (2017): Landmark judgment, declared privacy fundamental.
- Overruled: M.P. Sharma (1954), Kharak Singh (1962) (partially).
- Proportionality Test: Legality, Legitimate State Aim, Proportionality (Necessity, Suitability, Least Intrusive, Balancing).
- DPDPA 2023: Digital Personal Data Protection Act.
- Key DPDPA terms: Data Fiduciary, Data Principal, Consent, Deemed Consent.
- Enforcement: Data Protection Board of India (DPBI).
- Dimensions: Informational, Bodily, Decisional, Communicational.
- Aadhaar Judgment (2018): Upheld Aadhaar, but restricted mandatory linking.
- Article 14, 19: Also contribute to privacy's scope.
- Not absolute: Subject to reasonable restrictions.
- Global comparison: GDPR (EU) - comprehensive; US - sectoral.
- Vyyuha PRIDE Mnemonic: Protection, Rights, Information, Dignity, Enforcement.
2-Minute Revision
The Right to Privacy is a fundamental right in India, recognized under Article 21 (Right to Life and Personal Liberty) by the Supreme Court in the landmark K.S. Puttaswamy v. Union of India (2017) judgment.
This decision overturned earlier conflicting rulings and established privacy as intrinsic to human dignity. Any state action infringing privacy must pass a three-fold proportionality test: it must be backed by a valid law, serve a legitimate state aim (like national security or public order), and be proportionate (necessary, suitable, and the least intrusive means).
To operationalize this right in the digital age, India enacted the Digital Personal Data Protection Act (DPDPA) 2023. This Act defines 'Data Fiduciaries' (those processing data) and 'Data Principals' (individuals whose data is processed), mandating explicit consent for data processing, though it includes 'deemed consent' for certain legitimate uses.
It also establishes the Data Protection Board of India (DPBI) for enforcement and outlines rights for data principals, such as access and erasure. Privacy encompasses informational, bodily, decisional, and communicational dimensions.
While a significant step, the DPDPA faces criticism regarding broad government exemptions and the scope of 'deemed consent,' highlighting the ongoing challenge of balancing individual rights with state interests and technological advancements.
5-Minute Revision
The Right to Privacy, a cornerstone of individual liberty, has a rich and evolving history in Indian jurisprudence. Initially, cases like M.P. Sharma (1954) and Kharak Singh (1962) denied it explicit fundamental status, though Justice Subbarao's dissent in Kharak Singh sowed the seeds for future recognition.
Govind v. State of M.P. (1975) marked a turning point, acknowledging a limited right to privacy as a facet of Article 21. The definitive moment arrived with K.S. Puttaswamy v. Union of India (2017), where a nine-judge bench unanimously declared privacy a fundamental right, intrinsic to Article 21 and flowing from human dignity.
This judgment established a crucial three-fold proportionality test for any state interference: legality, legitimate state aim, and proportionality (necessity, suitability, absence of less intrusive alternatives, and balancing).
Post-Puttaswamy, the need for a statutory framework became evident, leading to the Digital Personal Data Protection Act (DPDPA) 2023. This Act is India's first comprehensive law for digital personal data protection.
It defines key entities like 'Data Fiduciary' and 'Data Principal,' mandates free, specific, informed, and unambiguous consent for data processing, and outlines the rights of individuals over their data.
The DPDPA also introduces 'deemed consent' for certain legitimate uses and establishes the Data Protection Board of India (DPBI) as the enforcement authority, with provisions for significant penalties.
However, the Act has drawn criticism for its broad exemptions for government agencies and the potential implications of 'deemed consent' for individual autonomy.
Privacy is multi-dimensional, covering informational privacy (control over data), bodily privacy (autonomy over one's body), decisional autonomy (freedom of choice), and communicational privacy (confidentiality of communications).
These dimensions are constantly challenged in the digital age by surveillance technologies, big data analytics, and cross-border data flows. The Aadhaar judgment (2018) further refined the application of privacy in large-scale government projects.
Comparatively, India's approach balances comprehensive principles (like GDPR) with practical considerations and state interests (unlike the sectoral US approach). The ongoing challenge for India is to effectively implement the DPDPA, ensure robust enforcement by the DPBI, and continuously adapt its legal and technological safeguards to protect this vital fundamental right in a rapidly evolving digital landscape.
Prelims Revision Notes
The Right to Privacy is a fundamental right under Article 21 (Right to Life and Personal Liberty). Its journey began with M.P. Sharma (1954) and Kharak Singh (1962) denying explicit recognition, though Justice Subbarao's dissent in Kharak Singh was pivotal.
Govind v. State of M.P. (1975) first acknowledged a limited right. The landmark K.S. Puttaswamy v. Union of India (2017) judgment unequivocally declared it fundamental, overruling previous conflicting views.
The Puttaswamy judgment established the proportionality test for restricting privacy: legality (must be by law), legitimate state aim (e.g., national security), and proportionality (necessary, suitable, least intrusive, balanced).
The Digital Personal Data Protection Act (DPDPA) 2023 is the statutory framework. Key terms: Data Fiduciary (determines processing), Data Principal (individual whose data is processed). Core principles: Consent (free, specific, informed, unambiguous), but also 'deemed consent' for certain legitimate uses.
Enforcement: Data Protection Board of India (DPBI). Scope: Digital personal data, within India and extraterritorial for services offered in India. Exemptions: Broad for government agencies (national security, public order).
Penalties: Significant fines. Dimensions of Privacy: Informational, Bodily, Decisional, Communicational. Aadhaar judgment (2018) upheld Aadhaar but restricted mandatory linking, applying the proportionality test.
Privacy is not absolute and is subject to reasonable restrictions.
Mains Revision Notes
The Right to Privacy is a dynamic fundamental right, crucial for GS-2, GS-3, and Essay. Start with its constitutional evolution: from initial denial (M.P. Sharma, Kharak Singh) to limited recognition (Govind) and finally, the definitive declaration in K.
S. Puttaswamy (2017) as intrinsic to Article 21 and human dignity. Emphasize the Puttaswamy proportionality test (legality, legitimate state aim, proportionality – necessity, suitability, least intrusive, balancing) as the bedrock for evaluating state actions.
Transition to the statutory framework: the Digital Personal Data Protection Act (DPDPA) 2023. Discuss its objectives, key provisions (consent, deemed consent, Data Fiduciary/Principal, DPBI, cross-border data), and its role in operationalizing privacy. Critically analyze the DPDPA's challenges: broad government exemptions (potential for surveillance, lack of accountability), the implications of 'deemed consent' for individual autonomy, and the independence of the DPBI.
Discuss the various dimensions of privacy (informational, bodily, decisional, communicational) and illustrate with contemporary examples (e.g., facial recognition, health data, encryption debates). Connect privacy to broader themes: civil liberties vs.
state power, judicial activism, technology governance, cyber security, and international standards (e.g., GDPR comparison). Conclude with a forward-looking perspective, stressing the need for robust implementation, continuous judicial oversight, technological safeguards (PETs), and public awareness to navigate the complex privacy landscape in digital India.
Vyyuha Quick Recall
Vyyuha Quick Recall: PRIDE Framework
To remember the key aspects of the Right to Privacy for UPSC, think of PRIDE:
- Proportionality Test: Legality, Legitimate Aim, Proportionality.
- Rights (Fundamental): Article 21 (Life & Personal Liberty), also 14 & 19.
- Informational Privacy: Control over personal data (DPDPA 2023).
- Dignity: The core principle from which privacy flows (Puttaswamy).
- Evolution: From ambiguous (Kharak Singh) to explicit (Puttaswamy) and now statutory (DPDPA).
Application Tips: When analyzing any privacy-related issue, run it through the PRIDE framework. Does the state action pass the Proportionality Test? Is it infringing on any of the fundamental Rights? What dimension of Informational Privacy is affected? Does it uphold human Dignity? How does it fit into the historical Evolution of the right?