Author: Kashish Varshney, a student at Barkatullah University, Bhopal
Linkedin Profile: https://www.linkedin.com/in/kashish-varshney-a881a8214?utm_source=share&utm_campaign=share_via&utm_content=profile&utm_medium=ios_app
To the Point
With the rise of digital technology, the concerns about data protection, government surveillance, and commercial abuse of personal information have become critical. Balancing privacy with national security, governance, and technological advancements is a decisive challenge in a digital period. Governments and corporations must take on transparent policies and cybersecurity measures to avert data abuse. Strengthening the legal framework and public awareness is essential to safeguard this right in a democratic society.
Use of Legal Jargon
In the contemporary jurisprudence of informational autonomy, challenging robust data protection frameworks to safeguard personal freedoms. While digitalization fosters effective governance, profitable modernization, and flawless public service delivery, it concurrently raises critical concerns regarding unauthorized data aggregation, surveillance capitalism, and challenging judicial scrutiny.
Key legislative instruments, such as the Digital Personal Data Protection Act, 2023, define principles for personal data collection, processing, and protection. Ensures consent-based data handling and rights of individuals over their personal information; it also emphasized that privacy restrictions are admissible when aligned with clear legislative objects. The Information Technology Act, 2000, establishes legal recognition for electronic transactions and cybersecurity regulations, including provisions for data protection and penalties for unauthorized access.
The Proof
National Position – The Digital Personal Data Protection Act, 2023 (No. 22 of 2023), commenced on 11th August 2023 to cover mechanisms for the protection of personal data. The act aims to give protection of the privacy relating to the data, specify the flow and operation of personal data, produce a relationship of trust between persons and entities processing the personal data, and protect the fundamental rights of individuals. In this act there is consent-based data collection – personal data can only be collected after obtaining explicit and informed consent from users. Users have the right to withdraw consent at any time as per Sec 7(3) of this act. In the landmark Aadhaar judgment, the Hon’ble Supreme Court held that the state must ensure that information is not used without the consent of users and that it is used for the purpose and to the extent it was disclosed. Whereas indeed Rule 5 of the Information Technology Rules, 2011, requires that before the collection of sensitive personal data, the body corporate must obtain consent. The right to privacy is not an absolute right; it must be balanced against state interests. The right is subject to some restrictions that are necessary for guarding moral, social, and potential public interests. In ADM Jabalpur v. Shivakant Shukla, the Supreme Court ruled that certain fundamental rights may be reasonably curtailed for larger public welfare.
International Position – Numerous international human rights instruments, including Article 12 of the Universal Declaration of Human Rights, 1948; Article 17 of International Covenant on Civil and Political Rights, 1966; and Article 8 of European Convention on Human Rights, all deals with the right to privacy.
In the report of the UN High Commissioner for Human Rights acknowledged that, if not handled precisely, technology advancements “carry veritably significant pitfalls for human dignity, autonomy, and privacy as well as the exercise of human rights generally.”
In the Article 5 of General Data Protection Regulation, 7 principles are given relating to the processing of the personal data, which are (a) legality, fairness and transparency; (b) purpose limitation; (c) data minimization; (d) accuracy; (e) storage limitation; (f) integrity and confidentiality (g) Accountability. GDPR is a European Union law that protects user data and ensures privacy rights.
Abstract
In today’s digital era, the surge in big data, AI, and online transactions has made data protection and digital privacy paramount. Personal information is continuously collected, reused, and stored, frequently without explicit user consent, raising significant concerns about abuse and unauthorized access. The vast quantum of data generated daily becomes a rewarding target for cybercriminals, emphasizing the need for robust security measures. Recognizing these challenges, India legislated the Digital Personal Data Protection Act in 2023, aiming to regulate data handling practices and ensure user rights.
Individuals must be educated about their digital rights and the importance of safeguarding personal information. Organizations, on their part, should prioritize transparent data practices and invest in advanced security infrastructures.
They must ensure secure storage of personal data and prevent unauthorized access. They ensure that data can only be collected for specified and lawful purposes. They cannot use data beyond what is necessary for the stated purpose. Encryption plays a pivotal role in safeguarding privacy by securing data transmissions. Social media platforms and tech companies track user behavior for targeted advertising. Cookies, metadata, and AI – based profiling raise privacy concerns. Individuals must have the right to access, correct, and erase personal data and have the right to know how their data is being processed. Balancing technological advancement with ethical data operation is vital to maintain trust and protect individual freedoms in the digital age. Achieving equilibrium requires visionary cybersecurity measures and public awareness. Finding balance between both remains an urgent global challenge.
Case Laws
1. Justice K.S. Puttaswamy (Retd) and Ors. v. Union of India A.I.R. 2017
– The Right to Privacy was legally recognized as a fundamental right in the landmark case of J.
Puttaswamy. The Supreme Court, in a 9-judge bench, ruled Privacy has been held to be an intrinsic element of the right to life and personal liberty under Article 21 and as a constitutional value that is embodied in the fundamental freedoms embedded in Part III of the Constitution. This right includes the individual’s right to informational self- determination – the freedom to control how personal data is collected, processed, and used. The Hon’ble court also affirmed privacy as a fundamental right, and in the age of growing technologies, the informational privacy of a person needs to be protected more efficiently.
The ruling emphasized the need to protect individual’s personal data from misuse by both the state and private establishments. It laid the foundation for future data protection laws like the Digital Personal Data Protection Act, 2023.
Court also emphasized that privacy is not absolute. The restrictions that operate on the right to life and personal liberty would operate on the right to privacy. For a restriction on fundamental rights to be valid, it must satisfy the test of reasonability, ensuring it meets legality, necessity, and proportionality standards, as specified under this case.
2. People’s Union for Civil Liberties v. Union of India A.I.R. 1997
– Commonly referred to as the Phone Tapping Case, the Supreme Court held that right to life and personal liberty includes right to privacy, and right to privacy includes telephone conversations in the privacy at home or office. This case is setting a foundation for digital privacy rights in the modern era. The principles laid down in this case extend beyond telephonic conversations and apply to modern digital communications, including emails, online messaging, and social media interactions.
3. Shreya Singhal v. Union of India A.I.R. 2015
– In this case, the Supreme Court struck down Section 66A of the IT Act, which criminalized online speech, ruling that it was vague, arbitrary, and unconstitutional, thereby reinforcing freedom of expression and digital privacy protections.
Legal Protection Against Arbitrary Digital Controls – As governments and corporations increasingly use AI, digital IDs, and data analytics, policies must ensure data protection without stifling individual freedoms. The judgment reminds legislators that digital laws must align with constitutional protections, ensuring citizen autonomy in digital spaces.
Conclusion
The Puttaswamy judgment marked a turning point in Indian jurisprudence by setting strong constitutional safeguards for privacy in the digital age. The Right to Privacy is crucial for democracy and for human dignity. However, challenges remain in implementing effective laws and balancing privacy with security and governance needs. National security measures must ensure minimal infringement on personal freedoms. Stronger data protection laws, judicial oversight, and independent regulatory bodies are needed to uphold privacy rights.
FAQS
1. What is Digital Privacy?
It is the right of individuals to control how their personal data is collected, stored, and used online. It ensures protection against unauthorized access, data leakage, and surveillance.
2. Why is Digital Privacy important in today’s era?
Digital Privacy is important because it prevents personal information from being exploited by government entities, corporations, and online websites. Strong digital privacy ensures autonomy, security, and freedom of expression, allowing people to interact online without fear of misuse of data.
3. What is the difference between privacy and security?
Privacy refers to an individual’s right to control their personal information. It ensures freedom from unauthorized surveillance into personal spaces. Security, on the other hand, is the technical and procedural measures taken to protect data from cyber threats, or unauthorized access.
4. Which is a major challenge to privacy in a data – driven world?
A major challenge to privacy in a data-driven world is mass surveillance and unauthorized data collection. Governments entities, corporations, and digital platforms increasingly collect vast amounts of personal data, often without clear consent or transparency. This raises concerns about data misuse.
5. What is the biggest challenge in balancing digitalization and privacy?
It is obvious that government, corporations need data for efficiency, security, and for welfare, but excessive surveillance can violate right to privacy. Striking the right balance requires strong legal frameworks, transparent governance, and user-centric protections, ensuring privacy is preserved without hindering innovation.
