For 67 years after the Constitution's adoption, the Indian Supreme Court was equivocal about whether the right to privacy was a Fundamental Right. M.P. Sharma v. Satish Chandra (1954, 8-judge bench) and Kharak Singh v. State of UP (1962, 6-judge bench) had held that privacy was not a Fundamental Right. Various subsequent judgments — Govind v. State of MP (1975), R. Rajagopal v. State of TN (1994) — had recognised privacy in specific contexts but the constitutional question remained open. The 2017 judgment in Justice K.S. Puttaswamy v. Union of India by a 9-judge bench resolved the question definitively. Privacy is a Fundamental Right protected primarily under Article 21. The 2021 and 2018 Prelims tested aspects of privacy. Hold the constitutional architecture, the Puttaswamy reasoning, and the Aadhaar implications.
Pre-Puttaswamy — uncertain status
The right to privacy has had a chequered history in Indian constitutional law.
M.P. Sharma v. Satish Chandra (1954). An 8-judge bench held that the Constitution does not expressly recognise a right to privacy. The Indian framers had considered including a privacy right but had decided against it. The Constitution's framers, the Court reasoned, would have explicitly mentioned privacy if they intended it as a Fundamental Right.
Kharak Singh v. State of UP (1962). A 6-judge bench held that the right to privacy is NOT a guaranteed Fundamental Right. The case involved police surveillance practices. The majority held that the U.P. Police Regulations permitting domiciliary visits were valid, though they read down some excessive provisions.
However, Justice Subba Rao's minority view held that privacy is essential to "personal liberty" under Article 21. This minority view became the foundation for later expansion.
Govind v. State of MP (1975). A 3-judge bench took a more nuanced view. Justice K.K. Mathew suggested that there might be a "limited right of privacy" emanating from various Fundamental Rights — Articles 19(1)(a), (d), and 21. The right was not absolute and could be limited.
R. Rajagopal v. State of TN (1994). Justice Jeevan Reddy held that the right to privacy is implicit in the right to life and liberty under Article 21. Privacy includes the right to be let alone. However, public officials' actions, when in the public domain, do not enjoy privacy protection.
PUCL v. Union of India (1997). Telephone tapping case. The Court held that telephone conversations are within the ambit of right to privacy. Wiretapping requires statutory backing and must follow specified procedures.
The constitutional doubt. Despite these judgments, the constitutional question remained unresolved:
(i) M.P. Sharma (8-judge bench) and Kharak Singh (6-judge bench) had explicitly denied privacy as Fundamental Right.
(ii) Subsequent judgments (Govind, Rajagopal, PUCL) had recognised privacy in specific contexts.
(iii) None of these later judgments was by a bench larger than M.P. Sharma; they could not formally overrule it.
(iv) The result was constitutional ambiguity — privacy was sometimes protected but not as a clearly recognised Fundamental Right.
The Aadhaar challenge — context. The Aadhaar programme (Unique Identification project) created urgent need to resolve the privacy question. Aadhaar required collection of biometric data — fingerprints, iris scans, photographs — from over a billion residents. Was this constitutional?
The Aadhaar challenge in Binoy Viswam v. Union of India (2017) raised privacy concerns. The Court referred the privacy question to a larger bench. A 9-judge bench was constituted to decisively resolve the constitutional question.
Puttaswamy v. Union of India (2017)
Justice K.S. Puttaswamy v. Union of India (2017) is a landmark Supreme Court judgment. The 9-judge bench unanimously held that the right to privacy is a Fundamental Right protected under the Constitution.
Composition of bench. The 9-judge bench: J.S. Khehar (CJI), J. Chelameswar, S.A. Bobde, R.K. Agrawal, R.F. Nariman, A.M. Sapre, D.Y. Chandrachud, S.K. Kaul, and S. Abdul Nazeer. Six separate opinions, but all concurring on the central holding.
Holding — main propositions.
One — Privacy is a Fundamental Right. The right to privacy is protected as an intrinsic part of the right to life and personal liberty under Article 21 and as part of the freedoms guaranteed by Part III of the Constitution.
Two — Overruled M.P. Sharma and Kharak Singh. To the extent these judgments held that privacy is NOT a Fundamental Right, they are no longer good law. Govind and other subsequent judgments recognising privacy were affirmed.
Three — Privacy is multifaceted. The right covers:
(i) Bodily integrity — protection from physical invasions.
(ii) Mental autonomy — protection of thoughts, beliefs.
(iii) Decisional autonomy — including reproductive choices, marriage choices.
(iv) Informational privacy — control over personal information.
(v) Spatial privacy — protection of personal spaces.
(vi) Communication privacy — protection of correspondence and conversations.
Four — Privacy is intrinsic to dignity. Privacy is essential to human dignity, which is the foundation of all Fundamental Rights. The Court emphasized: "Privacy ensures that a human being can lead a life of dignity by securing the inner recesses of human personality from unwanted intrusion."
Five — Privacy is not absolute. Like other Fundamental Rights, privacy can be limited by:
(i) A law (legality requirement).
(ii) For a legitimate State aim (necessity).
(iii) Through proportionate means (proportionality).
This is the proportionality test for limitations on privacy.
Six — Constitutional sources. Privacy is grounded primarily in Article 21 (life and personal liberty), but also in:
(i) Article 14 (equality before law — protection from arbitrary State action).
(ii) Article 19 (six freedoms — speech, assembly, association, movement, residence, profession all have privacy dimensions).
(iii) Implicit in the Preamble's commitment to dignity, liberty, and equality.
Justice Chandrachud's opinion (writing for himself, CJI Khehar, Agrawal, and Nazeer JJ). Wrote that privacy is essential to:
(i) Liberty — a person needs privacy to make autonomous choices.
(ii) Dignity — exposure of personal aspects diminishes human dignity.
(iii) Identity — privacy enables one to be oneself.
(iv) Autonomy — privacy protects against State and private invasions.
Chandrachud J also overruled ADM Jabalpur v. Shivkant Shukla (1976) — the infamous emergency-era judgment that had held Article 21 could be suspended.
Justice Nariman's opinion. Privacy connects to Articles 14, 19, and 21. Reasonable restrictions must follow the proportionality test.
Justice Kaul's opinion. Strong defence of privacy as fundamental to liberty and democracy. Concerns about surveillance State, data protection.
The 2018 and 2021 Prelims — privacy questions
The 2018 Prelims tested privacy as part of right to life:
The 2021 Prelims tested the specific Article:
Both questions establish:
(i) Right to privacy is a Fundamental Right.
(ii) Its primary constitutional source is Article 21.
(iii) It also draws from other Fundamental Rights in Part III (Articles 14, 19).
(iv) It is intrinsic to right to life and personal liberty — not a separate enumerated right but a derived right.
The recognition of privacy as Fundamental Right has had wide-ranging implications:
(a) Aadhaar architecture — affected by privacy considerations (see next section).
(b) Decriminalisation of homosexuality — Navtej Singh Johar v. Union of India (2018) — Section 377 IPC struck down on Article 21 (privacy) grounds.
(c) Adultery decriminalisation — Joseph Shine (2018) — Section 497 IPC violates dignity and privacy.
(d) Right to die with dignity — Common Cause v. Union of India (2018) — privacy includes dignity in death.
(e) Personal Data Protection Bill / Digital Personal Data Protection Act 2023 — legislative response to privacy as Fundamental Right.
Aadhaar judgment (2018) — operational implications
The privacy holding in Puttaswamy (2017) had immediate operational implications for the Aadhaar programme. The 5-judge bench in Justice K.S. Puttaswamy v. Union of India (Aadhaar case) 2018 applied privacy doctrine to Aadhaar.
Holdings on Aadhaar.
One — Aadhaar Act 2016 is constitutionally valid. The Court upheld the basic Aadhaar architecture, including biometric collection, on grounds of:
(i) Legitimate State aim — providing welfare benefits, preventing leakage.
(ii) Proportionality — biometric data limited to specified purposes.
(iii) Privacy safeguards — though the Court found some provisions inadequate.
Two — Section 7 (welfare benefits) is valid. The Government can require Aadhaar for welfare benefits funded out of the Consolidated Fund of India. The Court held that linking Aadhaar to subsidies is a legitimate exercise of State power. The 2020 Prelims tested this.
Three — Mandatory linkage to bank accounts is INVALID. Section 57 of the Aadhaar Act, which permitted the Government to mandate Aadhaar for purposes other than welfare (including bank accounts, telecom services, etc.), was struck down. Private entities cannot mandate Aadhaar.
Four — Section 33(2) (national security disclosure) is INVALID. The provision permitting disclosure of Aadhaar information for national security purposes by joint secretary-level officers, without judicial oversight, was struck down as inadequate safeguard.
Five — Children's Aadhaar enrolment. Children below 6 cannot be subjected to Aadhaar requirements for school admission or other services. They retain right to opt out at 18.
Six — Data retention. Authentication records cannot be retained beyond 6 months (the Court held the original 5-year retention excessive).
Seven — Metadata. The Court restricted Aadhaar metadata retention. The 2020 Prelims tested this.
The 2020 Prelims tested Aadhaar provisions:
- Aadhaar metadata cannot be stored for more than three months.
- State cannot enter into any contract with private corporations for sharing Aadhaar data.
- Aadhaar is mandatory for obtaining insurance products.
- Aadhaar is mandatory for getting benefits funded out of the Consolidated Fund of India.
The 2018 Prelims tested Aadhaar card use:
- Aadhaar card can be used as a proof of citizenship or domicile.
- Once issued, Aadhaar number cannot be deactivated or omitted by the Issuing Authority.
Personal data protection and surveillance
The Puttaswamy judgment created urgency for legislation on personal data protection. The constitutional recognition required statutory implementation.
Justice B.N. Srikrishna Committee (2017-18). The Government appointed Justice B.N. Srikrishna to recommend a data protection framework. The Committee's 2018 report proposed comprehensive data protection legislation.
Personal Data Protection Bill 2019. Based on the Srikrishna Committee report. Key provisions:
(i) Categories: personal data, sensitive personal data, critical personal data.
(ii) Data principal rights: access, correction, erasure, portability, withdrawal of consent.
(iii) Data fiduciary obligations: lawful basis for processing, purpose limitation, minimisation.
(iv) Cross-border data transfer restrictions.
(v) Data Protection Authority — for enforcement.
(vi) Penalties for violations.
The Bill faced controversies — particularly over Section 35 (Government exemptions) and data localisation requirements. It was withdrawn in 2022.
Digital Personal Data Protection Act 2023. The replacement legislation. Came into force after Presidential assent on 11 August 2023. Key features:
(i) Applies to processing of digital personal data within India.
(ii) Consent-based framework for processing.
(iii) Data Principal rights — access, correction, erasure.
(iv) Data Fiduciary obligations — purpose limitation, security safeguards, breach notification.
(v) Data Protection Board of India — adjudicatory body.
(vi) Cross-border data flows — generally permitted, with restrictions on specified countries.
(vii) Government exemptions — broader than international standards.
(viii) Penalties — up to ₹250 crore for major violations.
The DPDP Act 2023 is the principal data protection law. Implementation is ongoing — the Data Protection Board is being constituted; rules under the Act are being framed.
Surveillance and privacy. The constitutional framework affects various surveillance practices:
(i) Telephone surveillance — under Indian Telegraph Act 1885 and Information Technology Act 2000. Requires authorization at home secretary level (or equivalent). Subject to oversight committee review.
(ii) Email and electronic surveillance — IT Act 2000 Sections 69 and 69B. Similar safeguards.
(iii) CCTV and video surveillance — varies by State and context. Privacy considerations apply.
(iv) Facial recognition — emerging area. Privacy concerns about deployment by police, schools, employers, etc.
(v) Social media monitoring — by Government for various purposes. Privacy implications.
The proportionality test. Post-Puttaswamy, surveillance and data collection must satisfy:
(i) Legality — backed by valid law.
(ii) Legitimate aim — protection of national security, prevention of crime, etc.
(iii) Necessity — least intrusive means.
(iv) Proportionality — balanced against privacy interests.
Courts review surveillance schemes against this test. Several challenges to surveillance practices are pending or have been decided since 2017.
What students must hold
Six points carry the weight. One, pre-Puttaswamy: M.P. Sharma (1954, 8-judge bench) and Kharak Singh (1962, 6-judge bench) had held privacy NOT a Fundamental Right. Subsequent judgments (Govind 1975, R. Rajagopal 1994, PUCL 1997) recognised privacy in specific contexts. Constitutional ambiguity persisted.
Two, Justice K.S. Puttaswamy v. Union of India (2017) — 9-judge bench, unanimous. Right to privacy IS a Fundamental Right. Grounded primarily in Article 21 (life and personal liberty); also draws from other Part III freedoms. Privacy is multifaceted — bodily integrity, decisional autonomy, informational, spatial, communication.
Three, limitations on privacy require: (i) legality (law-based); (ii) legitimate State aim; (iii) necessity (least intrusive means); (iv) proportionality. The proportionality test applies to all privacy intrusions.
Four, the 2018 Prelims (Q24): privacy is intrinsic part of right to life and personal liberty — Article 21 AND freedoms guaranteed in Part III. The 2021 Prelims (Q22): privacy is protected under Article 21.
Five, Aadhaar judgment (5-judge bench, 2018): Aadhaar Act 2016 valid; Section 7 (welfare benefits) upheld; Section 57 (private use) struck down; Section 33(2) (national security disclosure) struck down. The 2020 Prelims (Q11): statements 2 and 4 correct (cannot share with private corporations; mandatory for Consolidated Fund benefits). The 2018 Prelims (Q4): Aadhaar NOT proof of citizenship/domicile; CAN be deactivated.
Six, statutory implementation: Digital Personal Data Protection Act 2023 — replaces earlier PDP Bill 2019; consent-based framework; data principal rights; Data Protection Board of India; penalties up to ₹250 crore. Surveillance under Indian Telegraph Act 1885 and IT Act 2000 must satisfy proportionality test. For more, see Right to Freedom and Aadhaar and Fundamental Rights.