Right to Privacy as a Fundamental Right in India: The Constitutional Bedrock for Data Protection

Posted On - 22 September, 2025 • By - Jidesh Kumar

Executive Summary

The recognition of the Right to Privacy as a Fundamental Right by the Supreme Court in Justice K.S. Puttaswamy v. Union of India (2017) transformed India’s constitutional and digital landscape. Alongside earlier decisions such as Shreya Singhal v. Union of India (2015), which safeguarded online free expression against arbitrary state action, the judiciary has laid the foundation for a citizen-centric data protection regime. Together, these rulings underpin the Digital Personal Data Protection Act, 2023 (DPDP Act), India’s first comprehensive privacy law.

Evolution of Privacy Jurisprudence in India

Early Judicial Reluctance

  • M.P. Sharma v. Satish Chandra (1954) – The Court held that the Constitution does not expressly guarantee a right to privacy.
  • Kharak Singh v. State of U.P. (1962) – Surveillance provisions were upheld, though Justice Subba Rao’s dissent hinted at privacy as part of liberty.
    For decades, privacy remained a statutory or policy issue, not a constitutional guarantee.
  • Shreya Singhal v. Union of India (2015): Protecting Online Freedoms
    • The Supreme Court in Shreya Singhal struck down Section 66A of the IT Act, 2000 for violating the freedom of speech and expression under Article 19(1)(a). The Court held:
    • Vague and overbroad restrictions on online speech chill free expression.
    • Privacy, autonomy, and speech in the digital realm are closely connected.
    • Citizens must have constitutional protection from arbitrary state surveillance and censorship.
      Although Shreya Singhal was framed primarily as a free speech case, its emphasis on freedom in the digital space laid critical groundwork for the recognition of privacy in Puttaswamy.
  • Puttaswamy v. Union of India (2017): Privacy as a Fundamental Right
    In a unanimous nine-judge decision, the Supreme Court held that:
    • Privacy is intrinsic to Article 21 (right to life and liberty) and is interlinked with Articles 14 and 19.
    • Privacy encompasses informational privacy, bodily integrity, and decisional autonomy.
    • In the digital age, control over personal data is an essential aspect of dignity and autonomy.
      This decision explicitly overruled M.P. Sharma and Kharak Singh, establishing privacy as a core constitutional guarantee.

Informational Privacy and Data Protection

The Court in Puttaswamy acknowledged informational self-determination — an individual’s right to control the dissemination and use of their personal data. This principle is the backbone of the DPDP Act, which requires:

  • Consent-based processing of personal data.
  • Rights of access, correction, and erasure for individuals.
  • Accountability measures for data fiduciaries and significant data fiduciaries.

Balancing State Interests and Individual Rights

Both Shreya Singhal and Puttaswamy emphasized that rights are not absolute. The Court introduced a proportionality test for privacy restrictions:

  • Legality – must have a valid legal basis.
  • Legitimate Aim – the State must pursue a constitutionally valid objective.
  • Proportionality – the means must not be excessive.

This balance is critical when considering surveillance, Aadhaar, or exemptions granted to government agencies under the DPDP Act.

The DPDP Act reflects constitutional jurisprudence by:

  • Embedding consent and purpose limitation as legal safeguards.
  • Providing data principal rights (access, correction, erasure, nomination).
  • Establishing the Data Protection Board of India for enforcement.
  • Recognizing children’s data and sensitive processing as requiring stricter standards.

Without the constitutional legitimacy of Shreya Singhal and Puttaswamy, the Act may have lacked both judicial backing and democratic acceptance.

Challenges Ahead

  • Government Exemptions – Broad powers may dilute constitutional protections.
  • Technology and AI Risks – Automated surveillance, profiling, and algorithmic bias test the boundaries of privacy.
  • Balancing National Security and Civil Liberties – a recurring tension in policy-making.

Key Takeaways

  • Shreya Singhal (2015) protected free speech in the digital domain, implicitly reinforcing online privacy and autonomy.
  • Puttaswamy (2017) elevated privacy to a Fundamental Right under Articles 14, 19, and 21.
  • Together, these cases form the constitutional bedrock of the DPDP Act, 2023.
  • Privacy is not absolute; restrictions must meet the legality-legitimate aim-proportionality test.
  • The DPDP Act’s validity and future interpretation will continue to be guided by these landmark rulings.

Contributed By – Aurelia Menezes