Author: Atharv Bhatkhande B.B.A LL.B(H), School of Law and Public Policy
Abstract
The pervasive deployment of surveillance cameras across India – from police body-worn devices and sprawling urban CCTV networks to AI-driven facial recognition systems – collides fundamentally with the Supreme Court’s landmark affirmation in Justice K.S. Puttaswamy (Retd.) vs. Union of India ((2017) 10 SCC 1) that privacy is intrinsic to the right to life and personal liberty under Article 21 of the Constitution. This article examines the uniquely Indian manifestation of the surveillance dilemma: the profound legal tension between the State’s compelling interests in security, crime prevention, and public order, and the citizen’s inviolable fundamental right to informational privacy and bodily autonomy. Through critical analysis of the post-Puttaswamy legal landscape, including the glaring legislative vacuum governing state surveillance, the nascent regulatory framework for private actors under the Digital Personal Data Protection Act (DPDPA) 2023, the unbridled rise of facial recognition technology, and pivotal judicial pronouncements, this work argues that India’s ad hoc and technologically accelerated surveillance expansion risks violating the core constitutional principle of proportionality, demanding an urgent, rights-centric legislative and oversight framework.
The Constitutional Crucible: Puttaswamy’s Legacy and the Surveillance Surge
The digital age has entered into the phase of unprecedented visibility driven by security measures, counter-terrorism objectives, and ambitious “Smart City” initiatives. Cameras are intrinsic parts of public places, transportation hubs, marketplaces, educational institutions, workplaces, and residential complexes. The rapid expansion was contrasted with the fundamental decision in K.S Puttaswamy VS Union of India by the Hon’ble Supreme Court of India , which established privacy as a fundamental right and mandated four key test required for state to restrict it Legality (a valid law authorising the intrusion), Legitimate State Aim (a permissible objective like national security or crime prevention), Proportionality (the measure must be suitable, necessary as the least restrictive means, and balanced in its impact), and Procedural Safeguards against abuse. The main dilemma is of using pervasive monitoring systems which are justified under broad, ancient statutes, executive orders, without specific parliamentary legislation defining their scope, limitations, and oversight mechanisms, which kind of violates the foundational nature of law. The absence of direct surveillance creates a very depriving effect on the constitutional development which is gained through the K.S Puttaswamy VS Union of India.
The jurisprudential framework of camera surveillance in India is perilously fragmented and inadequate. State agencies heavily rely on general powers under outdated state Police Acts, provisions of the Criminal Procedure Code (CrPC) such as Section 144 for ad hoc orders, municipal bylaws regulating traffic norms, or executive fiat-based schemes by organizations such as the Ministry of Home Affairs. This patchwork effectively fails to provide the fourth paradigm’s clear, specific, and rights-sensitive statutory mandate. Consequently, the onerous task of proving proportionality falls uniquely upon the judiciary for not withstanding individual challenges. According to the Supreme Court’s ruling in Ritesh Sinha vs. State of Uttar Pradesh ((2019) 8 SCC 1), that even forensic identification processes must be proportionate and not arbitrary, emphasizes the quantum of scrutiny to be applied to surveillance. Twenty-four-seven, blanket CCTV coverage, especially as part of networks that draw on analytics, harvests vast amounts of data, creating large “mosaics” of individual lives – tracking the movements, contacts, and routines of individuals over space and time. This aggregation effect, only recently officially recognized in Puttaswamy as a significant privacy threat, converts passive surveillance into a serious intrusion deserving of strict justification under the necessity and balancing requirements of the proportionality test. Lack of codified limitations on the duration of data retention, access processes, and limitation of purpose increases the threat of distorted and excessive surveillance by the state.
Governing the Private Gaze: From Gray Areas to the DPDPA
Private observation by players such as shopping malls, offices, employers, landlords, and Resident Welfare Associations (RWAs) exists in a dirty and normally under-governed terrain. Pre-DPDPA 2023, remedies were wanting. Section 66E of the Information Technology Act, 2000, criminalizes the recording or transmission of a recording of one’s private place without consent and provides some protection primarily against voyeurism but hardly anything to regulate huge areas of semi-public monitoring (e.g., office corridors or apartment lobbies). Tort remedies such as nuisance or trespass are negligible and largely illusory. The passing of the Digital Personal Data Protection Act (DPDPA) 2023 is a paradigm, though still entirely tested, change. The Act imposes a significant burden on private actors as “Data Fiduciaries”. The processing of personal data, which necessarily involves identifiable images or video recordings, will in the main involve the gaining of freely given, specific, informed, and unambiguous consent (Section 6), except for certain “legitimate uses” (e.g., property security).Most significantly, the DPDPA firmly establishes the principles of data minimization (only to the degree required for the objectives specified in Section 5(1)(a)) and purpose limitation (information collected for certain, well-defined purposes only). – Section 5(1)(b)) with particular notice to individuals (Section 5(1)(c)). Biometric data, clearly defined in the Act (Schedule, Sr. No. 1) including facial recognition templates, is classified as being within the special protection category (Section 10). Commercial processing of biometrics will typically require clear consent under new legislation, incurring onerous new compliance requirements and skewing the law towards private spying, although harsh application by the Data Protection Board is a significant unknown.
Contextual Friction Points: Where Cameras Collide with Rights
Surveillance proportionality and legality are highly context-. The Supreme Court’s ruling in Paramvir Singh Saini VS. Baljit Singh & Ors. (2021 SCC Online SC 213) required sweeping CCTV monitoring, such as in interrogation centres and lock-ups, to curb custodial torture and abuse. Specific guidelines required camera positioning (apart from washrooms), storage of data (at least for 18 months), complainant/victim access rights, and watchdog committees. This is but one example where surveillance as an accountability tool is proportionate on the basis of the power imbalance and vulnerability contained within custody, showing a case where proportionality tips in favour of monitoring to secure basic rights. Widespread CCTV and facial recognition technology (FRT) in public spaces like streets or markets, however, has high proportionality obstacles. Mass suspicion less surveillance of populations cannot easily apply necessity as the least intrusive means to amorphous objectives such as “crime prevention,” frequently failing the balancing test against extreme intrusion upon anonymity and freedom of movement in public life. Employers do have legitimate interests in security, asset and productivity protection in the workplace. However, the employee’s right to privacy is still based on the “right to be left alone” established in Gobind vs. State of M.P. ((1975) 2 SCC 148). Spying is least suspected, but overt surveillance must be overt, reasonable, and proportionate – not constant surveillance of workstations or taping of intimate acts. Audio taping is most invasive and will necessitate express consent under DPDPA regimes. Home deployment of surveillance devices such as smart doorbells causes a balance between the home owner’s right to safety and neighbourly privacy. Cameras that take up significant amounts of next-door houses, windows, or private activities amount to actionable invasion of privacy or nuisance and must be carefully positioned and must respect privacy expectations characteristic of the home setting.
Facial Recognition: The Constitutional Crisis Point
The use of Artificial Intelligence, in the form of Facial Recognition Technology (FRT), by state institutions such as the police takes the surveillance matter to the level of a constitutional crisis. Projects like the National Crime Records Bureau (NCRB) Automated Facial Recognition System (AFRS) or other state-based projects like Telangana’s TSCOP and Punjab’s PAIS run without parliamentary law authorizing the extent, manner, or protection of theirs, in bare contravention of Puttaswamy’s principle of legality. Mass, suspicion less screening of people in public places is perhaps the most invasive mode of surveillance invasion. Dragnet measures are faced with quasi-insurmountable obstacles to fulfilling the requirement prong of proportionality – to establish that they are the least intrusive measures necessary to prevent certain serious harms, and not tools to facilitate generalized social control. Cumulative with this are established problems of algorithmic bias, wherein FRT systems overall, and new evidence increasingly indicates in India as well and higher error rates for women and darker individuals, risking discriminatory enforcement against Article 14’s equality guarantee. Function creep is a particular threat, whereby data initially gathered for “security” purposes is subsequently employed for additional distinct functions such as profiling demonstrators, tracking political opposition, or surveillance of welfare recipients. Further, the chilling effect on common freedoms (speech, assembly, mobility) and risk of wrongful identification to harassment or detention are serious threats to individual liberty and due process, as reiterated by the Court’s thrust on non-arbitrariness in Anuradha Bhasin vs. Union of India ((2020) 3 SCC 637).
Judicial Guardrails: Case Law Drawing the Contours
Indian case law, especially post-Puttaswamy, offers changing, if at times cryptic, guardrails. The underlying cause continues to be simply Puttaswamy itself, privacy as the basis and proportionality as the test. Paramvir Singh Saini portrayed judicial acknowledgement of the role of monitoring in controls of the misuse of state authority in the most delicate cases such as police custody, comprising special safeguards. In R.M. Malkani v. State of Maharashtra (1973) 1 SCC 471, it was previously decided that recording a conversation on tape by an official without the speaker’s knowledge violated their right to privacy and subtly delineated limits on covert monitoring techniques. The statement is appealing even though it doesn’t specifically address modern CCTV. The groundbreaking ruling in the 2019 case of K.S. Puttaswamy (Aadhaar-5 Judge Bench) 1 SCC 1 further explained that proportionality is a balancing act, meaning that the state would bear a disproportionate amount of the burden of justification and any breach of privacy would have to be proportionate to state interest. These instances cumulatively create a jurisprudential foundation against mass surveillance, though lack of a clear Supreme Court ruling on mass public CCTV or FRT leaves plenty of jurisdictional ambiguity.
Conclusion
Navigating the Dilemma – An Urgent Call for Rights-Centric Frameworks
India is at a crossroads when it comes to the surveillance dilemma. The inevitable and unflinching conclusion is this: India’s present trajectory of broadly unregulated, technology-facilitated surveillance expansion, state use of facial recognition systems without strong legislative approval or strong protections, poses an existential threat to the constitutional right to privacy enshrined under Article 21 and reiterated in Puttaswamy. This unregulated expansion threatens to institutionalize a surveillance state rather than a constitutional democracy. It is unconstitutional to be depending on piecemeal police powers, outdated colonial statutes, or executive fiat to control invasive new technologies. To put an end to the crisis, there will need to be firm, rapid action: Implementing into law full, human rights compatible surveillance bills enacted into law by Parliament which clearly set out lawful purposes, apply strict necessity and proportionality tests, require prior judicial or adequate independent warranting for invasive methods such as FRT, incorporate strict data retention controls, and provide strong control authorities (such as a Surveillance Commissioner). It must explicitly ban suspicion less public facial recognition on a mass scale, allowing it only on judicial warrant to investigate identified serious crime where less intrusive methods demonstrably fail. At the same time, the Digital Personal Data Protection Act (DPDPA) 2023 must be pursued relentlessly to govern private surveillance, with the Data Protection Board adequately empowered as a single unifying powerful regulator making regulations on consent (particularly biometrics), purpose limitation, and transparency. Courts need to strictly apply the Puttaswamy proportionality test considering most importantly the “mosaic effect” of inflated data, to invalidate surveillance activities in the absence of express legal mandate or amounting to unreasonable invasion. Periodic mandatory independent audits for prejudice and accuracy have to be mandatorily imposed on any sanctioned AI-based surveillance. Ultimately, India has a choice to make: Will it use technology to security under a regime of constitutional rights, openness, and accountability, or will it make surveillance an instrument of control that undermines the very freedom it claims to safeguard? The path of constitutional fidelity requires the former.
FAQS
Q: Can my Resident Welfare Association (RWA) install CCTV cameras in building lobbies and elevators without requiring me to give them my express consent?
A: While RWAs do take genuine interest in security, the law is changing. It may no longer be enough to simply quote a majority vote under privacy provisions. The DPDPA 2023 demands a “lawful basis” of processing image data of residents. Protection of property is a settled “legitimate use” under the Act, and it would render individual consent unnecessary. But since the RWA is a Data Fiduciary, it has to make clear and public provision to all residents living there spelling out the purpose of the surveillance, place of the cameras, period of storage of data, and how the tenants can enforce their rights under the DPDPA. Hidden cameras would virtually always violate privacy. Installation must not entail the taking of the interiors of separate flats or rooms where privacy is anticipated.
Q: Can I refuse to examine CCTV footage to help identify a suspect?
A: Police can ask you as a witness to co-operate by examining footage.
But they cannot compel you to self-incriminate, which is guaranteed by Article 20(3) of the Constitution. If you are also an eyewitness, they can take your statement (under Section 161 CrPC) about what you can recognize from the footage. If you are a potential suspect, forcing you to identify someone from footage could go against your right against self-incrimination. Legal advice should be sought if you feel coerced. Police usually require a court order or warrant to confiscate privately owned video by force if its owner is reluctant to hand it over voluntarily, particularly as DPDPA.
Q: Surveillance of customers by shopping malls and stores using CCTV – is it lawful?
A: For the limited security CCTV observation of public spaces on the premises, clear prior consent from all customers is not usually necessary.
Visible and apparent notice (e.g., a notice showing “Premises Under Video Surveillance”) was generally adequate under the IT Act regime. The DPDPA 2023, however, completely changes this scenario. Stores and malls are now required to have a “lawful basis” for processing image data of customers. Security is a valid “use,” but they need to give adequate notice at the entrance that establishes the purpose for data collection, contact information of the Data Protection Officer (if applicable), and how to exercise your rights. Most importantly, where the company is employing Facial Recognition Technology or any biometric testing, express consent of people is likely to be necessary under the DPDPA provisions for sensitive personal data/biometrics, as addressed in the Act.
Q: Are there any constraints on employers monitoring employees by CCTV?
A: Employers do have legitimate interests in security, forestalling robbery, and maintaining productivity.
Employees do have privacy rights. Secret observation is highly questionable and probably illegal. Any observation should be open, with clear prior notice to employees of presence, purpose, and extent of surveillance. Observation should be proportionate: entrance/exit cameras or money-handling areas are easier to justify than constant surveillance of individual workstations, which can infringe on dignity and autonomy (Gobind principles). Monitoring in toilets or changerooms is categorically precluded. Audio monitoring is very intrusive and generally needs express consent. The DPDPA makes these standards into law, with a required lawful basis (e.g., legitimate interests, balancing very close against staff interests) and disclosure. Over-monitoring would be against human rights and DPDPA principles.
Q: Is current use by Indian law enforcement of Facial Recognition Technology (FRT) legal now?
A: Legality of existing deployments of FRT by police is most suspect and constitutionally dubious.
Supreme Court in Puttaswamy squarely stated that any state action involving invasion of privacy must be supported by a “law” – i.e., an Act of Parliament or State Legislature. There is no specific legislative law that legitimizes the gathering, processing, or use of face recognition data by police for mass surveillance or even routine criminal investigations. The type of systems such as NCRB’s AFRS or state-level systems such as TSCOP function based primarily on executive orders, police instructions, or imprecise provisions of existing law, which would presumably not meet the test of legality under Puttaswamy. Even assuming the existence of a valid statute, mass, suspicion less scanning of the public with FRT would be highly unlikely to satisfy the proportionate test under the Constitution because it is an exceedingly intrusive step seldom demonstrably necessary as a last resort to a particular, substantial interest of the state. Material objections to their deployments endure.
References
https://www.dataprivacyframework.gov/framework-article/5%25E2%2580%2593DATA-INTEGRITY-AND-PURPOSE-LIMITATION
https://theamikusqriae.com/paramvir-singh-saini-vs-baljit-singh-others
https://www.cambridge.org/core/books/public-reason-and-courts/question-of-constitutional-fidelity-rawls-on-the-reason-of-constitutional-courts/4FDD7F6A798207EC676E15D6B778FB0E
https://www.security-risks.com/post/punitive-response-compellence-and-escalation-india-s-perpetual-dilemma
https://www.lawreform.ie/_fileupload/Reports/rPrivacy.htm
