Author : M.Gomathi, Chennai Dr. Ambedkar Government Law College, Pudupakkam.
To the point
The landmark judgment in the Puttaswamy case (2017) recognized privacy as a constitutionally protected right under the guarantee of life and personal liberty.With the rise of digital platforms, large-scale data collection, and surveillance tools, protecting personal information has become a critical concern. Initially, the Information Technology Act, 2000 and the IT Rules, 2011 offered only limited safeguards for sensitive personal data. To create a stronger framework, Parliament passed the Digital Personal Data Protection Act, 2023. This law highlights informed consent, grants individuals rights such as correction, erasure, and access to their data, and imposes duties on entities handling such information. To monitor adherence and handle disputes, the Data Protection Board of India has been established. Key challenges include ensuring privacy while addressing national security, regulating cross-border data flow, preventing misuse of surveillance, and promoting digital literacy. Thus, India is building a comprehensive system, but success depends on strict enforcement and public awareness.
Use of legal jargon :
The 2017 Puttaswamy verdict marked a landmark shift in India’s constitutional approach, recognizing privacy as a core aspect of the right to life and personal liberty. This verdict elevated the protection of informational autonomy and personal data to the rank of a fundamental right. Before privacy was recognized as a fundamental right, India’s safeguards were confined chiefly to the IT Act, 2000.Section 43A held entities accountable for negligent handling of sensitive personal information, while the IT Rules, 2011 laid down procedural norms for data collection and management. Yet, these statutory measures proved inadequate for the challenges posed by an evolving digital economy. The DPDP Act, 2023 ushers in a new era of privacy and data governance. It institutes a consent-driven framework, codifies rights of data principals such as rectification, erasure, and access and mandates compliance duties upon data fiduciaries. Oversight has been entrusted to the Data Protection Board of India, which is empowered to adjudicate contraventions and levy penalties. Despite its progressive tenor, critical issues remain harmonizing privacy with national security imperatives, regulating transnational data transfers, and mitigating surveillance abuse. Ultimately, robust enforcement and citizen awareness are sine qua non for ensuring genuine data sovereignty.
The proof :
The 2017 Puttaswamy judgment recognized privacy as an essential aspect of Article 21, emphasizing personal control over one’s information. Legislative backing is provided by the Information Technology Act, 2000, with Section 43A imposing liability on entities for negligent handling of sensitive personal data. The IT Rules, 2011 prescribe clear procedures for collection, storage, and processing to safeguard personal information. The DPDP Act, 2023 provides stronger legal mechanisms to safeguard individuals’ personal data. It introduces a consent-centric approach, guarantees data principals rights such as access, correction, and deletion, and requires data fiduciaries to adopt robust security measures. Oversight is vested in the Data Protection Board of India, empowered to investigate breaches and levy penalties. Together, these judicial decisions, statutory provisions, and institutional mechanisms provide concrete evidence that India legally recognizes and enforces digital privacy and data protection.
Abstract
The rapid expansion of digital technologies has amplified the collection, processing, and storage of personal data, making digital privacy a key legal and social issue. In India, the Supreme Court in Justice K.S. Puttaswamy v. Union of India (2017) held that privacy is a fundamental right under Article 21, establishing judicial recognition of individuals’ control over personal information. Earlier legal safeguards were confined to the Information Technology Act, 2000 (Section 43A) and the IT Rules, 2011, which imposed basic obligations on entities handling sensitive personal data.Under the DPDP Act, 2023, personal data can only be processed with consent, while data principals are granted rights to access, correct, or erase their information, and fiduciaries are bound to maintain compliance. Oversight and grievance resolution are handled by the Data Protection Board of India. Challenges remain in reconciling privacy with national security, managing cross-border data transfers, and preventing surveillance misuse. Strong implementation, institutional oversight, and public awareness are essential to safeguard data privacy and enforce comprehensive protection in India.
Case laws
Justice K.S. Puttaswamy v. Union of India (2017)
The Supreme Court, in a historic ruling by a nine-judge bench, affirmed that the right to privacy is inherent under Article 21, covering both individual freedom and the safeguarding of personal data. It curtailed unwarranted state access to personal data and established the constitutional basis for data protection laws. The ruling highlighted the importance of consent, secure data management, and safeguarding individual digital freedoms in India.
People’s Union for Civil Liberties (PUCL) v. Union of India (1997)
The Supreme Court acknowledged that people have a legitimate right to privacy in their personal communications. It ruled that government surveillance or interception must comply with established legal safeguards. This decision laid the groundwork for privacy protection in India and served as a reference point for subsequent rulings on digital privacy and data protection.
Reve Systems Pvt. Ltd. v. Union of India (2018)
Delhi High Court. The Court highlighted that companies handling digital and personal data must adhere to the IT Act, 2000 and implement adequate security protocols. It stressed that organizations are legally responsible for safeguarding sensitive personal information and ensuring compliance with data protection norms, reinforcing accountability in the corporate sector for protecting individual privacy.
Shreya Singhal v. Union of India (2015)
The Supreme Court declared Section 66A of the IT Act, 2000 null and void, stating that it encroached upon the fundamental right to freedom of expression under Article 19(1)(a). It held that the government cannot impose arbitrary restrictions on online content and clarified the boundaries of digital regulation, reinforcing the protection of online expression and privacy rights in India.
Karmanya Singh Sareen v. Union of India (2019, Delhi HC)
The Delhi High Court addressed the legality of government directives on data localization and restrictions on transferring personal data abroad. The Court held that such measures must comply with constitutional privacy protections, ensure adequate safeguards, and be proportionate. The judgment highlighted that any interference with digital data by the state must be transparent, justified, and respect individual privacy rights.
Conclusion
India has made significant strides in guarding digital sequestration, especially following the
Supreme Court’s corner decision in Justice K.S. Puttaswamy v. Union of India( 2017), which honored sequestration as a abecedarian right under Composition 21. This ruling established a strong indigenous base for particular data protection. before, the Information Technology Act, 2000, along with the IT Rules, 2011, handed limited safeguards, substantially concerning sensitive particular data. The Digital Personal Data Protection Act, 2023, represents a major step forward by creating a concurrence- driven frame, defining rights for individualities similar as access, correction, and erasure of their data, and setting clear scores for data instructors. The Data Protection Board of India ensures proper enforcement, responsibility, and resolution of complaints. still, challenges remain, including maintaining a balance between sequestration
and public security, coveringcross-border data transfers, precluding abuse of surveillance, and adding public mindfulness. Strengthening institutional capacity, promoting digital knowledge, and encouraging responsible data practices are pivotal. Together, these enterprise reflect India’s ongoing commitment to securing particular autonomy and creating a secure, transparent, and responsible digital terrain.
FAQS
1. What does digital sequestration mean?
Digital sequestration is the safekeeping of particular and sensitive information in online and electronic platforms, giving individualities control over how their data is collected, stored, and participated.
2. Which laws regulate data protection in India?
The Digital Personal Data Protection Act, 2023 is the main legislation. It’s supported by the IT Act, 2000, and rules that concentrate on the protection of sensitive particular information.
3. What rights do individualities have under the law?
Data headliners are entitled to rights similar as penetrating, correcting, deleting, and transferring their particular data, empowering them to manage their digital information.
4. Who must misbehave with these rules?
Data fiduciaries, i.e., realities handling particular data, must follow legal scores, apply security safeguards, and gain concurrence before recycling data.
5. How is the law executed?
The Data Protection Board of India monitors compliance, investigates violations, and addresses grievances.
6. Why is it significant?
It ensures particular autonomy, prevents data abuse, and builds trust in India’s digital ecosystem.
