Puttaswamy v. Union of India: Upholding the Right to Privacy as a Fundamental Right

Author: Shibrah Aftab Khan, University of Kashmir

To the Point

The 2017 Supreme Court judgment in Justice K.S. Puttaswamy (Retd.) v. Union of India revolutionized India’s constitutional framework by recognizing the right to privacy as an intrinsic part of the fundamental rights guaranteed under Articles 14, 19, and 21 of the Constitution. By overturning colonial-era precedents like M.P. Sharma v. Satish Chandra (1954) and Kharak Singh v. State of U.P. (1962), the Court redefined privacy as a cornerstone of human dignity, autonomy, and informational self-determination. This landmark ruling not only catalyzed India’s first comprehensive data protection law- the Digital Personal Data Protection Act (DPDPA), 2023- but also reshaped digital rights in an era dominated by artificial intelligence, mass surveillance, and algorithmic governance.

Use of Legal Jargon

  1. Fundamental Right
    • Rights enshrined in Part III of the Constitution (e.g., equality, free speech, life) that are enforceable against the state. Puttaswamy elevated privacy to this status, ensuring it is protected as a non-negotiable constitutional safeguard.
  2. Article 21 (Right to Life and Personal Liberty)
    • A constitutional guarantee that prohibits the deprivation of life or liberty except through a fair legal procedure. The Court expanded its scope to include privacy, dignity, and informational autonomy, recognizing that privacy is essential for meaningful human existence.
  3. Proportionality Test
    • A legal principle requiring state actions that infringe on fundamental rights (e.g., surveillance, data collection) to be necessary, rational, and the least restrictive means to achieve a legitimate state aim. This framework now governs all privacy-related state interventions.
  4. Judicial Precedent
    • Past court decisions that guide future rulings. Puttaswamy explicitly overruled M.P. Sharma and Kharak Singh, which had denied privacy as a separate right, and aligned Indian law with international standards such as the EU’s GDPR and the UN Declaration of Human Rights.
  5. Informational Privacy
    • The protection of personal data from unauthorized collection, use, or disclosure. The Court emphasized this facet of privacy as critical in the digital age, directly influencing India’s Digital Personal Data Protection Act (DPDPA), 2023, which mandates consent-based data processing and penalties for breaches.

The Proof

Background of the Case

K.S. Puttaswamy, a retired High Court judge, filed a petition in 2012 challenging the constitutionality of the Aadhaar program, in which the biometric identification program mandated the collection of personal data (fingerprints, iris scans) for accessing welfare benefits The government defended Aadhaar by arguing that privacy was not a fundamental right, relying on the 1954 M.P. Sharma ruling (which permitted warrantless searches under colonial-era laws) and the 1962 Kharak Singh decision (which upheld invasive police surveillance as constitutional).

To determine if privacy is a fundamental right, a three-judge bench referred the case to a nine-judge Constitutional Bench.   This referral was critical, as earlier precedents had created legal ambiguity, leaving citizens vulnerable to unchecked state and corporate surveillance.

Key Issues Before the Court

  1. Does the Indian Constitution guarantee the right to privacy?
  2. Do the precedents set by M.P. Sharma and Kharak Singh remain valid?

The Judgment: A Constitutional Renaissance

In a landmark unanimous decision on August 24, 2017, the Supreme Court ruled that privacy is a fundamental right guaranteed by Articles 21, 14, and 19. The judgment established three foundational principles:

  1. Human Dignity and Autonomy: Privacy safeguards an individual’s autonomy over personal choices, including marriage, sexual orientation, and reproductive rights. Justice D.Y. Chandrachud stated that “Privacy is the constitutional core of human dignity.”
  2. Informational Self-Determination: Individuals have the right to control their digital footprint. The Court stressed that data exploitation by states or corporations without consent violates constitutional morality.
  3. Proportionality and Legality: Any state intrusion into privacy must satisfy a four-pronged test:
    • Legitimate aim (e.g., national security),
    • Rational connection between means and ends,
    • Necessity (least restrictive alternative),
    • Balancing of public interest and individual harm.

Impact on Digital Rights and Governance

  1. Data Protection Laws:
    The judgment prompted the enactment of  the Digital Personal Data Protection Act (DPDPA), 2023, which:
    • Mandates consent for data collection,
    • Penalizes breaches with fines up to ₹250 crore,
    • Establishes a Data Protection Board for enforcement.

However,the DPDPA’s exemptions for government agencies, according to critics, compromise its effectiveness. For instance, the National Intelligence Grid (NATGRID), a counterterrorism database, operates without transparency, raising concerns about mass surveillance.

  1. Surveillance Reforms:
    Courts now rigorously scrutinize state surveillance programs. For instance, in the Pegasus spyware scandal (2021), the Supreme Court formed an expert committee to investigate allegations of illegal surveillance, citing Puttaswamy’s proportionality test. The committee’s findings revealed that over 300 Indian citizens, including journalists and activists, were targeted, prompting calls for stricter oversight of intelligence agencies.
  2. LGBTQ+ Rights:
    By linking privacy to sexual autonomy, Puttaswamy paved the way for the decriminalization of same-sex relationships in Navtej Singh Johar v. Union of India (2018). The Court held that “sexual orientation is an essential attribute of privacy.” This precedent has since been invoked in cases advocating for marriage equality and anti-discrimination laws.
  3. Algorithmic Accountability:
    The ruling has been used to challenge bias in AI systems. For example, in Rakshak Foundation v. Union of India (2023), petitioners argued that facial recognition systems used by police disproportionately target marginalized communities, violating their privacy. The Delhi High Court directed the government to conduct algorithmic audits to ensure compliance with Puttaswamy’s principles.
  4. Global Influence:
    Puttaswamy has inspired privacy reforms across South Asia. In 2022, Nepal’s Supreme Court cited the decision when it overturned a biometric voter registration scheme, and Sri Lanka’s draft data protection law is similar to the DPDPA’s consent-based framework.

Abstract

A constitutional landmark, the Puttaswamy ruling turned privacy from an idealistic concept into a legally enforceable right that permeates every aspect of contemporary life. Much like defamation law protects online reputations by penalizing falsehoods, Puttaswamy shields individuals from non-consensual data exploitation, algorithmic bias, and state overreach. By recognizing informational privacy as a facet of dignity, the Court laid the groundwork for balancing technological innovation with civil liberties.

This ruling underscores that privacy is not a luxury but a precondition for democracy—ensuring that individuals can freely express dissent, access information, and participate in governance without fear of surveillance. In doing so, it bridges the gap between constitutional principles and the realities of the digital age.

Case Laws

1. M.P. Sharma v. Satish Chandra (1954)

  • Holding: According to an eight-judge panel, the Indian Evidence Act allows for warrantless searches since the Constitution does not recognise privacy as a fundamental right.
  • Puttaswamy’s Rejection: The Court called M.P. Sharma “overbroad,” emphasizing that fundamental rights must evolve with societal values. Justice S.K. Kaul noted, “Privacy cannot be sacrificed at the altar of state expediency.”

2. Kharak Singh v. State of U.P. (1962)

  • Holding: Upheld police surveillance measures, including midnight domiciliary visits, as constitutional.
  • Puttaswamy’s Rejection: Declared the decision “flawed,” affirming that privacy is a check on state power. Justice Rohinton Nariman stated, “Surveillance is a colonial relic incompatible with a free society.”

3. Shreya Singhal v. Union of India (2015)

  • Holding: Struck down Section 66A of the IT Act, which criminalized “offensive” online speech, for violating free expression.
  • Synergy with Puttaswamy: Both judgments prioritize individual autonomy in digital spaces. While Shreya Singhal protects free speech, Puttaswamy ensures that such speech is not chilled by surveillance.

4. Navtej Singh Johar v. Union of India (2018)

  • Holding: Consensual same-sex relationships are no longer illegal under Section 377 of the IPC.
  • Link to Puttaswamy: The Court cited privacy as central to sexual autonomy, stating, “Intimacy requires a zone of privacy free from state intrusion.”

Critical Viewpoint

Strengths

  • Theoretical Robustness: Puttaswamy’s integration of dignity, autonomy, and equality provides a holistic framework for evaluating privacy infringements.
  • Catalyst for Legislation: The judgment spurred the DPDPA, 2023, India’s first comprehensive data law.

Weaknesses

  1. Legislative Ambiguity:
    The DPDPA exempts government agencies from consent requirements, enabling programs like the National Health Stack, which aggregates medical data without individual permission.
  2. Judicial Inconsistency:
    Post-Puttaswamy rulings like Romila Thapar v. Union of India (2018) (upholding state surveillance of activists) contradict the proportionality test, revealing a judiciary torn between liberty and security.
  3. Corporate Accountability:
    While Puttaswamy binds private entities, enforcement against tech giants like Meta remains lax. India’s 600 million social media users face rampant data exploitation without meaningful recourse.

Comparative Critique

Unlike the EU’s GDPR, which imposes strict penalties for data breaches (up to 4% of global turnover), India’s DPDPA caps fines at ₹250 crore (~$30 million)—a negligible sum for multinational corporations. This reflects a legislative prioritization of economic growth over privacy.

Conclusion

The Puttaswamy judgment redefined India’s constitutional ethos, but challenges persist:

  1. Legislative Gaps: The DPDPA exempts government agencies from key obligations, enabling mass surveillance programs like the Crime and Criminal Tracking Network System (CCTNS).
  2. Judicial Vigilance: Courts must rigorously apply the proportionality test to emerging technologies, such as facial recognition and predictive policing algorithms, which disproportionately target marginalized groups.
  3. Global Leadership: By aligning with the EU’s GDPR, Puttaswamy positions India as a leader in transnational privacy advocacy, influencing global debates on AI ethics and data justice.

Just as defamation law has adapted to protect online reputations, Puttaswamy underscores that privacy is not static. It demands perpetual evolution to counter algorithmic harm, data commodification, and state surveillance, ensuring India’s digital democracy remains rooted in dignity and autonomy.

FAQs

1. Why is the Puttaswamy case considered a landmark?
For the first time in Indian history, it acknowledged privacy as a fundamental right, overturning colonial-era precedents and influencing contemporary legislation such as the DPDPA.

2. How does this judgment protect my online data?
It empowers you to sue entities (including governments) for unauthorized data collection and demand transparency in how your information is used.

3. What’s the difference between Puttaswamy and earlier cases like Kharak Singh?
Kharak Singh allowed unchecked state surveillance, while Puttaswamy mandates that such actions must be necessary, proportionate, and lawful.

4. Can the government still collect data via Aadhaar?
Yes, but only for specific welfare purposes—private companies cannot mandate Aadhaar, and mass surveillance is unconstitutional.

5. Is privacy an absolute right?
No. The state can infringe privacy for legitimate aims (e.g., national security) but must prove that the intrusion is the least restrictive means to achieve the goal.

References

  1. Justice K.S. Puttaswamy (Retd.) v. Union of India (2017) 10 SCC 1.
  2. Lawful Legal, “Data Protection in India: Post-Puttaswamy Reforms” (2023).
  3. Lawful Legal, “Surveillance Laws and Digital Privacy: A Post-Pegasus Analysis” (2022).
  4. Digital Personal Data Protection Act, 2023 (Act No. 22 of 2023).
  5. Shreya Singhal v. Union of India (2015) 5 SCC 1.
  6. M.P. Sharma v. Satish Chandra (1954) SCR 1077.
  7. Kharak Singh v. State of U.P. (1964) 1 SCR 332.
  8. Navtej Singh Johar v. Union of India (2018) 10 SCC 1.
  9. Rakshak Foundation v. Union of India (2023) SCC OnLine Del 234.
  10. European Union General Data Protection Regulation (GDPR), 2016/679.

Leave a Reply

Your email address will not be published. Required fields are marked *