The right to privacy refers to individuals' ability to control their personal information and protect themselves from unwarranted intrusions. It encompasses the right to be left alone and live free from surveillance and interference. This becomes especially crucial in the twenty-first century when everything about our lives is stored in a cloud and easily accessible.

In legal terms, privacy protects against the collection, use, and dissemination of personal information without consent. In the context of Indian law, the right to privacy was formally recognized as a fundamental right by the Supreme Court of India in the landmark case of Justice K.S. Puttaswamy (Retd.) vs Union of India in 2017. The Court ruled that privacy is an intrinsic part of the right to life and personal liberty under Article 21 of the Indian Constitution.

Since 2017, there have been plenty of developments in the technological field that have caused a gaping hole between the right to privacy and laws surrounding privacy. The best example is that of Artificial intelligence, countries around the world including India are struggling with how to maneuver around such a new landscape. Although India is one of the first few countries to issue a guideline, however, they are not binding and thus, do not raise any obligation on individuals, leaving individuals in a bind. In this article, I will be discussing the Right to privacy as a fundamental right and following its legal trajectory post-puttaswamy.

The Right to Privacy

To trace back the inception of the right to privacy, one would have to go back in history to the year 1890, when two writers namely Samuel D. Warren and Louis Brandeis published an article called "Right to Privacy" in the Harvard Law Review. The authors in their article go in-depth and explore various angles of the right to life and explain how with the advancement of civilisation, the development of law is inevitable. They mentioned, "...the scope of these legal rights broadened; and now the right to life has come to mean the right to enjoy life,- the right to be let alone; the right to liberty secures the exercise of extensive civil privileges;...".

Today, the right to privacy can be considered one of the most crucial aspects of life. In the lives of Indians, the right to privacy gained the status of a fundamental right under the ambit of Article 21 of the Indian Constitution in the landmark judgment of Justice K.S. Puttaswamy (Retd.) & Anr. vs. Union of India & Ors. (2017).

Background of the Puttaswamy Case

Circumstances Leading to the Case

After Facebook acquired WhatsApp in 2014, WhatsApp's new data-sharing policy was challenged in the Supreme Court, which had to decide if the right to privacy applied to private entities. A three-judge bench initially heard the challenge to the AADHAR law. The Union Government argued that the Right to Privacy was a statutory common law right and not a Fundamental Right. Due to conflicting past judgments by an eight-judge and a six-judge bench, Chief Justice Khehar referred the matter to a nine-judge bench. The nine-judge bench unanimously ruled that the Right to Privacy is a fundamental right under the Constitution.

Supreme Court's Verdict
A nine-judge bench ruled that the Right to Privacy is a fundamental right for Indian citizens, meaning no government legislation can unlawfully violate it. The court established a three-pronged test for any Article 21 right encroachment: legality (existence of law), necessity (legitimate state objective), and proportionality (the rational connection between the objective and the means).

This ruling prevents future dilution of the right by the government. The court emphasized that fundamental rights include individual liberty in digital spaces and the protection of privacy. The judgment clarified that the Right to Privacy can only be infringed for compelling state interests, aligning it with other fundamental rights.

Post-Developments: Legislative Changes and Judicial Pronouncements

Legal and Legislative Change:

The landmark Supreme Court ruling in the Puttaswamy case in 2017, which recognized the Right to Privacy as a fundamental right under the Indian Constitution, has spurred significant legislative changes and developments in India. One of the most prominent responses has been the introduction of the Personal Data Protection Bill. Here's an overview of the major legislative changes post-Puttaswamy:

1. Digital Personal Data Protection Act, 2023:
   The primary objective of the act is to provide a framework for the protection of personal data of individuals and establish a Data Protection Authority. Some of the key features of the act include:
   • Applicability to non-residents
   • Purposes of data collection and processing
   • Rights of users/consumers of data-related products and services
   • Obligations on data fiduciaries
   • Moderation of data localization requirements
   • Exemptions from obligations under the law
   • A new regulatory structure for regulating data privacy
      
2. Aadhaar and Other Laws (Amendment) Act, 2019:
   The amendment to the Aadhaar Act permits the verification of an individual's identification offline, eliminating the need for authentication techniques and rules previously established by the UIDAI. This verification can be conducted either online or offline as specified by UIDAI regulations. The act also stipulates that providing Aadhaar details will not be mandatory for accessing services.Under the original Aadhaar Act of 2016, Aadhaar-related information could be disclosed without stringent security and confidentiality measures, provided there was approval from a District Court or higher. However, the 2019 amendment revised this provision, allowing such disclosures only in response to court orders from a High Court or higher.
    
3. Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021:
   The Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021, introduced significant regulations for online platforms and digital media in India. These rules mandate that social media intermediaries undertake due diligence and publish clear user guidelines. Key points include:
   • Intermediaries must appoint a Grievance Officer to handle user complaints promptly.
   • Significant social media platforms are required to identify the originator of information when requested by legal authorities and appoint compliance officers based in India.
   • Online curated content must be classified by age appropriateness.
   • OTT platforms are required to implement parental controls and publish monthly compliance reports.
   These measures aim to enhance accountability, transparency, and user protection in India's digital ecosystem.
    
4. Draft Data Empowerment and Protection Architecture (DEPA):
   The Draft Data Empowerment and Protection Architecture (DEPA) is a framework proposed by the Indian government to enhance the management and protection of personal data. DEPA aims to empower individuals with control over their personal data while ensuring its safe and consensual use by various entities.
   • The architecture introduces the concept of "consent managers" – entities that help individuals manage their data-sharing consents in a secure and user-friendly manner.
   • It emphasizes the principles of data minimization, purpose limitation, and accountability.
   This framework is aligned with India's broader digital governance initiatives and aims to build trust and transparency in the digital economy by safeguarding individuals' data rights.

Judicial Pronouncements

Right to be Forgotten:

Cases: The concept of the Right to be Forgotten has been considered in several cases post-Puttaswamy, including X v. Union of India and Vishal Punj v. Union of India.

Impact: These cases emphasized the importance of protecting personal privacy by allowing individuals to seek the removal of their personal information from the internet, aligning with the principles laid down in the Puttaswamy judgment.

Constitutionality of Sections 377 and 497 of IPC:
Cases: Both Navtej Singh Johar and Joseph Shine's cases illustrate the far-reaching influence of the Puttaswamy judgment in expanding and protecting individual rights in India.

Impact: In the former case, the Court heavily relied on the Puttaswamy judgment, particularly the recognition of the right to privacy as a fundamental right. It emphasized that the right to privacy extends to personal choices and sexual orientation, thus safeguarding the dignity and autonomy of individuals. Similarly, in the latter case, the Court emphasized that the right to privacy includes the right to make intimate personal choices. Both Navtej Singh Johar and Joseph Shine's cases illustrate the far-reaching influence of the Puttaswamy judgment in expanding and protecting individual rights in India.

Surveillance Cases:

• Cases: The principles from the Puttaswamy judgment have been applied in cases challenging government surveillance practices, such as PUCL v. Union of India and Amit Sahni v. Union of India.
• Impact: The courts have stressed the need for stringent checks and balances, ensuring that surveillance measures are justified, proportionate, and subject to judicial oversight to prevent misuse and protect privacy.

Data Protection and Privacy Regulations:

• Legislation: The Puttaswamy judgment has catalyzed the formulation of comprehensive data protection laws in India, particularly the proposed Personal Data Protection Bill, 2019.
• Impact: The bill aims to establish a framework for protecting personal data, emphasizing consent, transparency, and accountability in data processing. It reflects the principles laid down in the Puttaswamy judgment, reinforcing the protection of individual privacy in the digital age.

Conclusion
These legislative and judicial measures signify India's commitment to protecting individual privacy in the digital age. The Personal Data Protection Bill, in particular, aims to create a robust framework for data protection, addressing the growing concerns about data privacy and security in a rapidly digitizing world. While these legislative changes are still evolving, they mark a crucial step toward aligning India's data protection standards with global practices.

More than a century later, the words of Warren and Brandeis are still relevant and what's more, is that they show that nothing is set in stone when it comes to legal rights, they were made for us, humans, and when we evolve, they evolve with us.