The Right to Privacy in the Digital Age

The Right to Privacy in the Digital Age

The blog “The Right to Privacy in the Digital Age” , written by Mr Tapan Kumar Das, skill development officer and Mr Soumik Ask, the assistant professor of MIES R.M. Law College examines one of the most evolving and significant dimensions of constitutional law and human rights in contemporary society. In an era dominated by digital technologies, social media platforms, surveillance systems, and data-driven governance, the right to privacy has emerged as a cornerstone of individual liberty, dignity, and autonomy. From the historical foundations of privacy in Indian constitutional thought to its recognition as a fundamental right in K.S. Puttaswamy v. Union of India, this blog explores the legal, constitutional, and international perspectives shaping privacy jurisprudence today.

Understanding digital privacy is essential for law students, legal professionals, policymakers, and citizens navigating the complexities of data protection, state surveillance, and corporate accountability in the 21st century. At MIES R.M. Law College, Sonarpur, South Kolkata, one of the leading law colleges in West Bengal, students critically engage with emerging issues in constitutional law, cyber law, and human rights as part of the 3-year LL.B. programme, preparing them for legal practice in an increasingly digital world.

1. Introduction to The Right to Privacy in the Digital Age

The Nehru (Swaraj) Report was published in 1928. The report stated that “ No person shall be deprived of his liberty nor shall his dwelling or property be entered sequestered or confiscated save in accordance with the law. The right to privacy is a fundamental entitlement that supports many other human rights and is essential for personal autonomy and the safeguarding of human dignity. By allowing individuals to set limits and create barriers to protect themselves from outside influences, privacy provides us with the freedom to control our interactions with the external world and to define our own identities. Privacy facilitates the establishment of boundaries regarding who may access our bodies, spaces, and possessions, in addition to our communications and information.

The Right to Privacy refers to an individual’s capacity to decide when, how, and to what degree their personal information may be disclosed or communicated to others. This personal information can include a person’s name, location, contact details, and both online and real-world behaviours.

As defined by the Oxford Dictionary of Law, privacy is described as the “right to be left alone.” This concept can be understood to signify that the right to privacy encompasses the ability to keep our personal information confidential. Various aspects such as electronic communication, sexual orientation, professional endeavours, and even our emotions or intelligence can all be classified as types of personal information.

Just as an individual might wish to exclude certain people from their private conversations, a number of online users seek to manage or limit the collection of their personal data.

2. Development of the Doctrine of Right to Privacy: –

In ancient Hindu literature, the concept of privacy can also be seen as pragmatic. The Hitopadesh enumerates topics that ought to remain confidential from public scrutiny, such as religion, sexual matters, and family issues.

In the case of M.P. Sharma v. Satish Chandra AIR 1954, when considering the authority to search and seize documents from the Dalmia Group, an eight-judge bench of the Supreme Court dismissed the notion of a right to privacy, citing the intentions of the Constitution’s framers. Since there is no specific provision in the Constitution of India addressing the right to privacy, it cannot be infringed upon either.

After approximately ten years, our pursuit of a private life once again came before a six-judge Supreme Court panel in the case of Kharak Singh v. State of Uttar Pradesh, only to be rejected yet again. The Supreme Court determined that there is no inherent right to privacy; however, it did invalidate the provision that allowed night-time visits, citing that it infringed upon “personal liberty.” In dissent, Justice Subba Rao articulated that although the Indian Constitution does not explicitly acknowledge the right to privacy as a fundamental right, it remains an essential aspect of individual freedom. This notable dissent played a significant role in the evolution of the right to privacy.

Gobind v. State of Madhya Pradesh AIR 1975  1378

The Supreme Court determined in Gobind v. State of Madhya Pradesh AIR 1975  1378 that a fundamental right to privacy exists under Article 21. This ruling was issued by a smaller bench consisting of three judges. Although Gobind did not prevail, the concept of privacy triumphed for the first time, gaining limited acknowledgment within the Indian Constitution’s framework for personal liberty. The Supreme Court acknowledged the importance of the right to privacy but stated that it must yield to broader state interests.

At this point, our essential rights served as the cornerstone of privacy. It has faced no more significant challenge to its ongoing existence than in the 2017 case of K.S. Puttaswamy v. Union of India AIR 2017 SC 4161, where the ruling issued in 2018 by a bench of nine judges interpreted the right to privacy as falling under the scope of Article 21. In this case, the court unanimously affirmed the Right to Privacy as a fundamental right enshrined in the Indian Constitution. This case originated as Writ Petition (Civil) No. 494 of 2012 and was adjudicated by a nine-judge bench on August 24, 2017.

In its decision, the court articulated the following points:

1. Acknowledging the right to privacy does not require an amendment to the constitution; rather, it necessitates a reinterpretation of its current clauses.

2. Privacy encompasses the protection of personal relationships, marriage, procreation, sexual orientation, and various other dimensions.

3. Privacy may also be characterized as the capacity to enjoy solitude.

4. Accessing a public area does not inherently imply the relinquishment of one’s privacy rights.

5. The constitution ought to be interpreted in a manner that is expansive enough to embrace technological progress and promote growth and development.

6. While the right to privacy is indeed a fundamental right, it is not without limitations.

7. Recognizing the right to privacy as a fundamental right serves to protect an individual’s private life from intrusion by both governmental and non-governmental bodies.

3. Meaning of Digital Privacy: –

Digital privacy means the datas which are created while using internet as apps and digital devices. This includes things like people’s personal details massages & online activities. Digital privacy is very important today because people use the internet for many various tasks and needs.

4. International Reports and Conventions regarding Privacy in the Digital Era: –

4.1 Report of UN High Commissioner for Human Rights: –

In its report, the UN High Commissioner for Human Rights points out that, if not managed with care, technological advancements “carry very significant risks for human dignity, autonomy, and privacy as well as the exercise of human rights generally.”

4.2 Universal Declaration of Human Rights, 1948 & International Covenant on Civil and Political Rights, 1966

These two Conventions also recognized the right to privacy as human right.

4.3 California Consumer Privacy Act (CCPA), USA.

            This Act empowers consumers to know how their data is used, delete personal information, and opt out of data sales.

4.4 Brazil’s General Data Protection Law (LGPL)  

            It aligns with GDPR principles and applies to data processing activities involving Brazilian residents.

4.5 Australia’s Privacy Act, 1988.

            It covers data protection comprehensively, with amendments address  digital age challenges

4.6  GDPR (General Data Protection Regulation)

The General Data Protection Regulation (GDPR) is an extensive EU legislation that regulates data privacy, empowering individuals with control over their personal information and standardizing data protection throughout Europe. It applies globally to any entity that manages the data of EU residents. Enforced in 2018, it establishes stringent guidelines for the collection, processing, and transfer of data, highlighting principles such as consent, transparency, data minimization, and security, with substantial penalties for non-compliance. Essential features include strong rights for data subjects (access, deletion, portability) and rigorous breach notification obligations, establishing it as a fundamental global benchmark for privacy.

Key Ingredients of GDPR

Scope: This regulation applies to any organization that processes the personal data of EU residents, irrespective of the organization’s geographical location.

Core Principles: These include lawfulness, fairness, transparency, purpose limitation, data minimization, accuracy, storage limitation, integrity, and confidentiality.

Importance of GDPR

Harmonization: It provides unified data protection regulations across the EU.

Global Impact: It shapes data privacy legislation worldwide (for instance, CPRA).

Trust: It fosters customer trust through transparency and individual control.

Accountability: It imposes strong responsibilities on organizations regarding data management.

As technology becomes more deeply embedded in every facet of contemporary life, the concern regarding privacy has gained increased visibility. It is indisputable that we now inhabit a digital era where information is easily accessible on screens. Various industries, including data management, finance, entertainment, and trade, have all shifted to digital formats. Our personal and non-personal data is also being transferred in this digital age, where everything is stored on electronic devices. The widespread use of social media, smartphones, and other internet-connected devices results in individuals continuously generating large volumes of personal data, often without a complete understanding of the consequences of their actions.

5. Right to Privacy in India: –

5.1 Article 21 and Personal Liberty

The Constitution of India does not specifically state that “privacy” is a fundamental right. Nevertheless, the Supreme Court has construed the right to life and personal liberty enshrined in Article 21 as implicitly encompassing the right to privacy. Article 21 ensures that every individual has the right to live with dignity and to fully enjoy all facets of personal liberty, which inherently includes safeguarding personal space and autonomy.

5.2 Information Technology (IT) Act, 2000

The IT Act addresses cybercrimes and provides some protection for sensitive personal data through the IT Rules, 2011.

5.3 Telegraph Act, 1885

Governs communication interception but is considered outdated for modern technological challenges.

5.4 IT (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021

Imposes obligations on intermediaries like social media platforms to ensure data protection but has been criticised for vague provisions.

5.5 IT (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021

Imposes obligations on intermediaries like social media platforms to ensure data protection but has been criticised for vague provisions.

5.6 DPDP ACT (DIGITAL PERSONAL DATA PROTECTION ACT), 2023

In a world defined by technology in the 21st century, India’s current Data Protection regulation underscores the nation’s dedication to creating a strong data privacy framework. The Digital Personal Data Protection (DPDP) Act, 2023 regulates the management of digital personal information collected in India, whether online or offline, and subsequently converted into a digital format. This legislation governs not only the processing of digital personal data within India’s territory but also extends to data processed beyond its borders if it pertains to the provision of products or services to individuals residing in India.

The DPDP Act highlights the significance of user authority regarding their personal data, stressing that consent should be granted freely, specifically, informedly, unconditionally, and unequivocally, along with a distinct affirmative action. Users are required to voluntarily consent to the utilization of their data for a defined purpose, with complete comprehension and devoid of any coercive influence. Consent serves as the sole foundation for the processing of individuals’ personal data.

6. Challenges around Privacy in the Digital Age

6.1 State Surveillance

Government worldwide, including India, has increased surveillance activities to address security concerns. While national security is a legitimate objective, excessive surveillance often infringes upon individual privacy. Examples include as follows:

1. The Aadhaar Scheme: While aimed at streamlining services, concerns were raised about the collection and storage of biometric data without sufficient safeguards
2. Central Monitoring System (CMS): Enables real-time interception and monitoring of communications, raising fears of mass surveillance.
3. 2018 MHA Order: Authorised multiple central agencies to intercept and monitor digital communications, criticised for lacking adequate oversight.

The Puttaswamy judgment laid down a proportionality test to evaluate state actions that interfere with privасаy. Ноwеvеr, many surveillance measures fail to meet these standards.

6.2 Corporate Data Exploitation.

Corporations often collect and analyse consumer data for targeted advertising and market insights. Issues include as:

1. Cambridge Analytical Scandal: Highlighted how data misuse can influence democratic processes.
2. Terms of Service Agreements:  Long, convoluted agreements often lead to uninformed consent, enabling companies to exploit user data.
3. Data Localisation Requirements: Policies mandating local storage of data, while aimed at enhancing security, often expose data to domestic vulnerabilities.

6.3 Technological Vulnerabilities

Technological advancements, while beneficial, have created new vulnerabilities:

1. End-to-End Encryption (EZE): Protects communication privacy but faces challenges from government seeking backdoor access. For instance, the Five Eyes Alliance demanded such access, raising concerns about potential misuse.
2. Contact tracing Apps: During the Covid-19 pandemic Apps like arrogya Setu selected vast amounts of personal date retention and misuse.
3. Smart Devices: Always on devices like Amazon Eco and Google Home perpetually collect user data, often without explicit consent.

7. Conclusion

The right of privacy is a corner stone of individual dignity and autonomy, especially in the digital age where data is the new currency. While India has made significant strides by recognizing privacy as a fundamental right, much remains to be done. A robust legal framework, informed by global best practices and tailored to India’s unique challenges, is essential.

Balancing privacy with legitimate State interests is a delicate act that requires transparency, proportionality and accountability with technology continuing to evolve, the need for adapting policies and vigilant enforcement mechanisms is more pressing than ever. Ensuring privacy in the digital age is not just a legal imperative but also more responsibility to uphold the fundamental freedoms of every individual.

MIES R.M. Law College take on The Right to Privacy in the Digital Age

The right to privacy in the digital age is no longer a theoretical concept but a practical necessity that directly affects personal freedom, democratic governance, and social justice. While India has taken commendable steps by constitutionally recognising privacy as a fundamental right and enacting the Digital Personal Data Protection Act, 2023, challenges related to surveillance, data misuse, and technological vulnerabilities persist. Addressing these concerns requires a balanced approach rooted in transparency, proportionality, and accountability, supported by strong legal institutions and informed public awareness.

At MIES R.M. Law College, Sonarpur, South Kolkata, students are trained to analyse privacy laws, constitutional safeguards, and international data protection standards with a critical and ethical lens. As a Bar Council of India-approved law college affiliated with Vidyasagar University, the institution emphasizes quality legal education in constitutional law, cyber law, and human rights, empowering future legal professionals to protect digital freedoms and uphold the fundamental rights essential to a just and democratic society.