India's Constitution recognizes privacy as a fundamental right in Article 21
. Since there was no legislation pertaining to data protection at first, there
were claims of violations of private rights. To address these issues, Indian
courts have nevertheless issued precedent-setting rulings and guidelines. It is
crucial to examine these legal developments to determine the level of protection
afforded to citizens' right to privacy.
Even though the Indian legal system has acknowledged the right to privacy and
taken action to stop data theft and misuse, more can be done to improve data
protection. In the current digital era, ongoing efforts are required to
guarantee that the privacy rights of Indian citizens are completely protected.
The goal of this article is to examine the legal aspects of data privacy in the
digital age, covering both recent and seminal case laws that have influenced the
Data protection laws are required to protect the right to privacy. The goal of
these laws is to lessen the invasion of privacy that results from the
distribution, gathering, and storage of personal data. Information that can be
used to identify a person is referred to as personal data, regardless of whether
it is gathered by the government or an organization.
Since inception, people have acknowledged privacy as an essential component of
To live a dignified life, privacy is essential. The ease with which data can be
accessed and shared through technological advancements raises the possibility of
misuse. Attacks by cybercriminals such as spam, hacking, and phishing is common.
Tight data protection regulations are required to stop these kinds of attacks.
The gathering, storing, and use of personal data has become essential to modern
life in the digital age. There are benefits and drawbacks to our growing
reliance on technology, especially when it comes to data privacy. The
safeguarding of a person's private data against unlawful access, use, or
disclosure is known as data privacy. The increasing exchange and digital storage
of personal data has made it imperative to tackle the legal issues related to
The Right to Privacy and its Evolution:
A fundamental human right, privacy gives people or groups the ability to remain
anonymous and to keep their information private. According to Article 12 of the
UDHR , it is acknowledged globally. Individuals are shielded from interference
with their family, friends, privacy, honor, and reputation by this article.
Treaties pertaining to international human rights also recognize privacy as a
Over the past few decades, the idea of the right to privacy has undergone
significant change. The right to privacy was acknowledged as a fundamental human
right when the United Nations General Assembly adopted the Universal Declaration
of Human Rights in 1948. However, the significance of data privacy did not
really become apparent until the advent of the digital era.
Concerns about the
protection of personal information arose because of people sharing an
unprecedented amount of information with each other after the internet and
electronic devices became widely used.
Legal Framework for Data Privacy:
To tackle the issues surrounding data privacy in the digital realm, numerous
nations have passed laws that govern the gathering, archiving, and utilization
of personal information. The GDPR , which the European Union (EU) implemented in
2018, is among the most notable instances. Organizations must adhere to strict
guidelines set forth by the GDPR for the protection of personal data. These
guidelines include obtaining consent, protecting data security, and granting
individuals the right to be forgotten.
The Supreme Court of India first upheld the right to privacy in several
instances, including M.P. Sharma v. Satish Chandra and Kharak Singh v. State of
. But it was not until the case of Justice K.S. Puttaswamy (Retd.) v. UOI
2017 that the Supreme Court of India unanimously ruled privacy is fundamental
India passed the Personal Data Protection Bill, 2019 (PDPB), which is presently
being reviewed by the Indian Parliament, to regulate data privacy. The purpose
of the PDPB is to safeguard personal information and provide a thorough
framework for its handling, archiving, and transmission. The bill delineates
fundamental principles that include informed consent, the right to be forgotten,
and the creation of an enforcement body known as the Data Protection Authority.
Google Spain SL versus the Spanish Agency for Data Protection
The European Union's Court of Justice (CJEU) acknowledged the right to be forgotten in this historic case. It decided that people might ask search engines to take down links pointing to personal data that was rendered illegible, out-of-date, or no longer needed. This instance brought to light how the public's interest in information access must coexist with the right to privacy.
The 2020 Schrems II
The Privacy Shield framework, an agreement between the EU and the US for the transfer of personal data, was declared unconstitutional by the CJEU in the Schrems II case. The EU citizens' data was not sufficiently protected under the framework against possible surveillance by U.S. intelligence agencies, according to the court. This case highlights how crucial it is to guarantee adequate protection for personal data moved to third nations.
Justice K.S. Puttaswamy (Retd.) v. Union of India
In this historic decision, the Indian Supreme Court's nine-judge panel unanimously upheld the right to privacy as a basic freedom guaranteed by the Indian Constitution. The court stressed that privacy protects a person's dignity and autonomy and is necessary to exercise other fundamental rights. This case established the framework for India to recognize data privacy as an essential component of an individual's right to privacy.
Union of India v. Justice Kamlesh Vaswani
The Union Government was ordered by the Bombay High Court to act in this matter to protect privacy and prevent the illegal sharing of personal information on social media sites. The court acknowledged that internet companies have an obligation to take proactive measures to block and eliminate any offensive or illegal content that violates someone's right to privacy. This case brought to light the obligation of internet platforms to safeguard their users' privacy.
G20 meet expected to address big challenges of digital world
India's Minister of External Affairs, S. Jaishankar, emphasized during the G20
how critical it is to solve issues with data security and privacy in the digital
age. He underlined how important it is to protect private data and encourage
safe internet connectivity as technology develops.
He emphasized that digital was one of the novel elements at work, saying "We
still have not fully appreciated it but digital has changed our lives. Every
time you look at the screen, you are learning something but somebody is also
learning something about you, your habits, your likes, dislikes, demands, and
To fortify cybersecurity measures and create strong data protection frameworks,
Jaishankar urged cooperation amongst G20 members. Through a unified approach to
these problems, the G20 hopes to establish a more secure digital landscape that
upholds people's right to privacy.
A complete legal viewpoint is necessary to secure the security of personal
information in the digital environment, which poses several obstacles to data
privacy. A strong legal framework is essential to achieving a balance between
individual privacy rights and the advantages of the digital age. This may be
seen by examining the changing legal environment, significant case laws, and the
difficulties brought about by technology. We can only confront the intricacies
of the digital environment and protect data privacy by appropriate law.
Digital Personal Data Protection Act
On August 3, 2023, the Digital Personal Data Protection Bill, 2023 was presented
to the Lok Sabha. On August 7, the Parliament passed it, and on August 9, the
Rajya Sabha gave its approval. The President signed the bill on August 11.
An essential legislative framework that controls the gathering, use, and
preservation of personal data is the Data Protection Act of 2023. Its goal is to
safeguard people's rights to privacy and data by controlling how businesses
handle this information. Transparent data practices, consent for data
processing, and stringent security measures to avert breaches are mandated by
law. People have more control over their information because they may access it
and ask for it to be deleted. Data security is crucial in the digital era since
noncompliance can result in hefty fines. In a society where data is used more
and more, this act enhances privacy and data protection.
A genuine attempt to secure personal data or a ruse to get lawful control and
While the Act appears to protect personal data in its current form, there may be
technical issues with how the requirements are implemented. For example, CG is
authorized under Section 36 to request "such information" from the Board or any
intermediary or data fiduciary. When examined through a legislative lens, the
expansive authority and inclusive language revealed the deeply ingrained
intention of the CG's monitoring program.
Additionally, any State instrumentality may be exempted from the strictures of
the laws pertaining to the processing of personal data by the CG under Section
17(2)(a) . A Public Information Officer (PIO) can now reject an application made
under the Right to Information Act, 2005 (RTI Act) on the grounds that the
information sought relates to personal data, effectively widening their power.
This means that the balance between privacy and informational rights struck by
the RTI Act will be lost. This is because Section 8(1)(j) of the RTI Act is
amended by Section 44(3) of the Act.
In the digital age, data privacy poses several difficulties that necessitate a
strong legal framework to safeguard people's personal data. Obstacles include
lack of awareness, challenges with enforcement, and the dynamic nature of
technology. People must share their personal information with greater caution,
and companies and governments must cooperate to maintain data privacy as a
The future of data privacy in Digital India is both exciting and challenging. It
is important for the government, businesses, and individuals to work together to
protect personal data. By implementing strong data protection measures and
raising awareness about digital privacy rights, we can make safe place to live.
The Personal Data Protection Bill, 2019, and the skilled IT workforce in India
provide opportunities for businesses to gain the trust of their customers. As
India embraces digital technologies, it is crucial to address challenges and
seize opportunities to create a secure and inclusive digital future.