ARTICLE
29 July 2025

State Surveillance And Privacy Rights: Legal Frameworks And Challenges In India

Ka
Khurana and Khurana

Contributor

K&K is among leading IP and Commercial Law Practices in India with rankings and recommendations from Legal500, IAM, Chambers & Partners, AsiaIP, Acquisition-INTL, Corp-INTL, and Managing IP. K&K represents numerous entities through its 9 offices across India and over 160 professionals for varied IP, Corporate, Commercial, and Media/Entertainment Matters.
These permit real-time surveillance of phone calls, emails, and social media to be used and abused and to contravene the right to privacy.
India Privacy

These permit real-time surveillance of phone calls, emails, and social media to be used and abused and to contravene the right to privacy. Legal justification in India for surveillance mostly draws its force from enactments such as the Indian Telegraph Act, 1885, and the Information Technology Act, 2000. Section 69 of the IT Act allows the government to intercept, monitor, and decrypt any information based on grounds of sovereignty, security, and public order. This, however, has been criticized on account of inadequate safeguards or judicial oversight and transparency, thereby making the provisions vulnerable to exercise of misuse.

Information Technology Act, 2000

The IT Act 2000, and subsequent amendments to the act, form the overriding legislation governing electronic communication in India. Section 69 of the Act gives government wide powers to intercept, monitor, and decrypt information whenever it deems necessary for the safety of the nation, for public order, and even to prevent crime. This section, with the Information Technology (Procedure and Safeguards for Interception, Monitoring, and Decryption of Information) Rules, 2009 outlines the procedure for interception of online communications. The breadth of the Act has, however been the subject of raising concerns over vast governmental overreach. Under Section 69A, the government can issue directions to block content on grounds of national security or public order. This was upheld by the Supreme Court of India in Shreya Singhal v. Union of India, which held Section 69A constitutional while declaring Section 66A as unconstitutional because it overly restricted speech and expression. Critics argue that the IT Act's provisions allow for substantial room for arbitrary implementation and with lesser oversight and transparency over the interception process.

Indian Telegraph Act, 1885

The Indian Telegraph Act is the oldest legislation provided to the Government in India regarding the right to intercept any message transmitted through telegraph. Although it was initially meant to be for telegraphs only, with time its scope has been immensely expanded into advanced communication systems. Section 5(2) of the Telegraph Act authorizes interceptions of communications "on the occurrence of any public emergency" or in the interest of "public safety." Neither "public emergency" nor "public safety" has much definition, thus providing the government with much latitude. The legality of the surveillance under the Telegraph Act was challenged in People's Union for Civil Liberties v. Union of India, where the Supreme Court underlined procedural safeguards and ordered periodic review of interception orders to limit possible misuse. Nonetheless, the antiquated language of the Act and rather vague provisions continue to be a cause of concern from the standpoint of privacy advocates since the Act does not offer comprehensive relief against unwarranted surveillance.

Balancing Privacy and State Interests

Balancing privacy with state surveillance is a hard nut to crack in the assurance of legal frameworks that could help service both ends. Whereas the state has a right to a legitimate interest in national security and public safety, such should never be attained at the expense of constitutional rights. The Supreme Court in Puttaswamy emphasized the need for data protection legislation to safeguard citizens' privacy. In response, the Digital Personal Data Protection Act, 2023 was enacted, but it has faced criticism for providing broad exemptions for state surveillance activities, particularly in cases involving national security and public order. The wide exemptions given under the Act may itself vitiate the proportionality requirement enunciated by Puttaswamy because it allows for bulk data collection without proper check and balances. There have also been calls for increasing the oversight mechanisms, including the form of independent judicial review of surveillance orders and enhanced requirements of transparency.

Digital Personal Data Protection Act, 2023

Introduced first in 2019 by India, the Personal Data Protection (PDP) Bill came after realizing the necessity of an all-inclusive data protection regime for the country. The framework outlined governs the collection, storage, and processing by entities and the state of personal data in India. Most notably, the PDP Bill introduces the concept of "data fiduciaries" and tries to put checks on how data can be processed. The bill allows for processing of data by the state based on grounds of national security and public order, as long as it is "necessary" and "proportionate" to the purposes pursued. Whereas the PDP Bill has been said to present a better holistic approach concerning privacy and data protection, critics have lambasted that it has given too many exemptions to the state under the guise of national security to confer broad powers of surveillance. Added to that is that the bill lacks explicit provisions for government data misuse and individual redress in case one's private affairs have been infringed upon. Others argue that, given the speed of India's digital terrain, a privacy regime without restrictions on state surveillance will end up infringing privacy rights to a large extent.

Constitutional Framework: Puttaswamy Judgment

The Supreme Court concluded in Puttaswamy v. Union of India (2017), a unanimous verdict, that right to privacy is a part of Article 21 of the Indian Constitution, which covers the right to life and personal liberty. The Court also understood that privacy is central to dignity and autonomy, and it ruled that any violation of this right will have to pass three tests of legality, necessity, and proportionality. Puttaswamy raises the bar very high on what the state should do and not do under surveillance practices and makes it explicit that the actions of the state that impact privacy have to have a legitimate aim and have proportionality to the objective pursued. Simultaneously, the Court recognized that privacy is not absolute-it can be limited by countervailing state interests like national security or public order. While so doing, the Court instituted a judicial framework on the case-by-case assessment of privacy intrusions.

Aadhaar and National Security

Surveys and National Security: Aadhaar as a Test Case One of the most contentious questions regarding privacy and state security has emerged in the Aadhaar case. The Court upheld the constitutional validity of Aadhaar in this judgement while making it clear that it needs protection from the misuse of its power. It granted constitutional legitimacy to Aadhaar-the biometric identification system-by recognizing important state interests it serves in curtailing tax evasion and avoiding fraud in the social welfare schemes even while placing restrictions on the scope and use of the Aadhaar program to protect privacy. The Aadhaar judgment was, therefore, balanced in the sense that while it restricted the mandatory use of Aadhaar to essential government schemes and subsidies, it effectively forbade its requirement for services like bank account opening and mobile connections. This judgment has, therefore, underlined the effort to balance privacy rights vis a vis state interests, but it left a lot of questions concerning broader government surveillance and data collection.

Free Speech and Privacy: Shreya Singhal Case

Free Speech and Privacy: Shreya Singhal v. Union of India The Indian Supreme Court held Section 66A of the Information Technology Act to be unconstitutional and thus declared unconstitutional in Shreya Singhal v. Union of India for criminalizing offensive speech online. The Court declared Section 66A to be unconstitutional because it violated the right of freedom of speech and was both overbroad and vague, leaving open to misuse the power to suppress legitimate expression. While Shreya Singhal is first and foremost a free speech case, implications flowed regarding privacy as well, reinforces the need for narrowly tailored laws that do not arbitrarily infringe individual rights. The Court's emphasis on clarity and narrow applicability provided a precedent for privacy-related cases, suggesting that surveillance laws must be clearly defined and targeted to minimize potential overreach.

References (Bluebook Format)

  1. Justice K.S. Puttaswamy v. Union of India, (2017) 10 SCC 1 (India).
  2. People's Union for Civil Liberties v. Union of India, AIR 1997 SC 568 (India).
  3. Shreya Singhal v. Union of India, AIR 2015 SC 1523 (India).
  4. Indian Telegraph Act, 1885, No. 13, Acts of Parliament (India).
  5. Information Technology Act, 2000, No. 21, Acts of Parliament (India).
  6. Digital Personal Data Protection Act, 2023, No. 22, Acts of Parliament (India).
  7. Information Technology (Procedure and Safeguards for Interception, Monitoring, and Decryption of Information) Rules, 2009 (India).

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.

Mondaq uses cookies on this website. By using our website you agree to our use of cookies as set out in our Privacy Policy.

Learn More