Contact Us
Journal Statistics & Approval Details
Recent Published Paper
Our Author's Feedback
 •  SJIF Impact Factor: 8.067       •  ISRA Impact Factor 7.894       •  Hard Copy of Certificates to All Authors       •  DOI by Crossref for all Published Papers       •  Soft Copy of Certificates- Within 04 Hours       •  Authors helpline No: +91-8813907089(Whatsapp)       •  No Publication Fee for Paper Submission       •  Hard Copy of Certificates to all Authors       •  UGC Approved Journal: IJRASET- Click here to Check       •  Conference on 18th and 19th Dec at Sridevi Womens Engineering College     
ISSN: 2321-9653
Estd : 2013

Ijraset Journal For Research in Applied Science and Engineering Technology

Privacy and Data Protection in India’s Legal Framework

Authors: Sanjay A. Mulik, Dr. R K Gupta

DOI Link: https://doi.org/10.22214/ijraset.2025.73824

Certificate: View Certificate

Abstract

Globally, privacy has become a fundamental human right, and the Indian Constitution recognizes it as such under Article 21. As society digitizes, along with technological advancements, safeguarding personal data and privacy has become increasingly difficult. In India, privacy rights have been acknowledged through judicial interpretations and legislative measures, such as the Information Technology Act and the proposed Digital Personal Data Protection Bill, but comprehensive protection against data misuse and breaches remains a challenge. In this paper, we examine the evolution of privacy as a legal right in India, analyze the existing legal framework, and discuss its limitations. The study compares India\'s approach to data protection with international standards such as the European Union\'s General Data Protection Regulation (GDPR). The report emphasizes the necessity of robust mechanisms to ensure accountability, secure sensitive information, and address emerging privacy concerns in the digital age, improving the legal framework for privacy and data protection in India.

Introduction

1. Privacy as a Fundamental Human Right

  • Privacy is globally recognized under Article 12 of the Universal Declaration of Human Rights and other international covenants (ICCPR, ICPRAMW, IJNCRC).

  • It includes the right to be left alone, bodily privacy, family life, sexual orientation, and private communications.

  • However, it excludes public records and data of public interest.

  • With digital growth, privacy is increasingly threatened by cybercrimes, data misuse, and third-party access.

2. Need for Data Protection Regulations

  • Data protection laws aim to limit unauthorized collection, storage, and sharing of personal information.

  • In India, comprehensive data protection legislation is still evolving.

  • Existing legal protections stem from:

    • The Constitution of India (Article 21)

    • Information Technology (IT) Act, 2000

    • Indian Contract Act, 1872

    • Intellectual Property Laws

    • Credit Information Companies Regulation Act (CICRA), 2015

3. Judicial Recognition of the Right to Privacy in India

  • Initially, the right to privacy was not considered a fundamental right.

    • MP Sharma v. Satish Chandra and Kharak Singh v. State of UP did not affirm it.

  • Later judgments began to recognize it:

    • Govind v. State of MP, Malak Singh v. Punjab & Haryana, R. Rajagopalan v. TN, and PUCL v. Union of India broadened the understanding of privacy.

  • In 2017, K.S. Puttaswamy v. Union of India, a 9-judge bench declared the Right to Privacy as a Fundamental Right, embedded in Article 21 of the Constitution.

4. Major Privacy-Related Cases in India

A. Aadhaar Case

  • Aadhaar collects biometric and demographic data.

  • Concerns: privacy breaches, misuse of data by private agencies, absence of safeguards.

  • Supreme Court upheld the Aadhaar Act (majority 4:1) but struck down sections allowing private access to Aadhaar data.

  • Justice Chandrachud dissented, calling the Act unconstitutional as a Money Bill.

B. Section 377 IPC

  • Dealt with criminalization of homosexuality.

  • In 2018, the SC struck down parts of Section 377, affirming that consensual sexual activity between adults is protected by the Right to Privacy.

5. Existing Legal Framework for Data Protection in India

A. Constitutional Protection

  • Article 21 (Right to Life) now includes Right to Privacy post-Puttaswamy.

  • Subject to reasonable restrictions under Article 19(2) for public interest.

B. Statutory Protections

  1. IT Act, 2000 (Amended in 2008)

    • Sections 43A, 65, 66, 69A deal with unauthorized data access, cybercrime, and government surveillance.

    • Establishes corporate liability for data leaks.

  2. IPC (Indian Penal Code), 1860

    • Addresses privacy breaches indirectly through criminal misappropriation and trust violations.

  3. Intellectual Property Laws

    • Protects data compiled using significant effort under copyright law.

  4. CICRA, 2015

    • Regulates credit-related personal information and holds entities accountable.

  5. Indian Contract Act, 1872

    • Allows inclusion of confidentiality clauses in contracts to prevent unauthorized disclosure.

6. Recent Initiatives and Reforms

  • IT (Amendment) Act, 2008 added new data protection measures.

  • Privacy Rules, 2011 outline:

    • What constitutes Sensitive Personal Data (SPD): biometrics, passwords, financial/health info.

    • Obligations for corporate bodies to maintain privacy policies and obtain informed consent.

  • Data Protection Bills:

    • Multiple bills have been introduced over the years (2009, 2010, 2016, 2019), with the 2019 Bill pending.

    • These aim to establish a central Data Protection Authority and enforce stricter rules on data handling.

Conclusion

Due to a few translations made by the Legal Executive, the Right to Privacy has become a Fundamental Right in India. However, if we observe our current situation, we will find that globalization has led to enormous mechanical advancements. In addition, with the advancement of innovation, a question arises: do we have privacy in our everyday lives? In order to proceed with an honorable existence, to make a choice of our own, and to foster ourselves, such a right becomes essential. As we can see in this day and age, innovation has become a part of our daily lives, which has benefited us generally. However, it has also turned into a danger, as numerous issues have developed with the advancement of technology, including cybercrimes, data theft, data abuse, and so on, which directly affect our privacy. As we probably are aware, that at present we need to impart our own data or data to a party whether it could be an Administration or confidential substance to profit any sort of administrations, while sharing such data might build the gamble of data burglary or abuse of data on the grounds that in India there is an absence of satisfactory Data Protection Regulations despite the fact that it has specific regulations which however not straightforwardly yet in a backhanded manner is managing Data Protection. Among these are the IT Act, Criminal Regulations, and Protected Innovation Regulations. An outsider\'s wrongdoing in spilling or abusing such data is often treated as a breach of privacy. Further, numerous escape clauses should have been included in the current regulations, such as those for web administration. As data mediators are not responsible for data handling violations if they demonstrate that the data was handled without their knowledge, we need a severe Data Protection Regulation to protect data privacy. A fundamental right natural to privacy has been established by the High Court in Craftsmanship 21 of the Constitution, as we are probably aware. However, merely having this perspective is not sufficient, because one ought to know one\'s rights, and if those rights are violated, one should know that the more significant position can be accessed for redress. In the event that they were not discovered, they may go unrepressed. People can create or have a noble existence only when they are notable for their rights. In the past, only private privacy was considered, however with time it became important to consider data privacy as well. The Public Authority should, therefore, embrace such a productive system that allows them to act as quickly as possible. Besides this, councils should establish specific principles, guidelines, or regulations that can confirm that the gathered data are true. The database where the data is stored ought to be outlined with tight security that, in any case, for the specialists it becomes difficult to get to it, which means it may only be accessible to those with the authority to do so, and that too for the government\'s assistance. Additionally, only those who gather, cycle, and store data should be made more aware. Furthermore, any regulation should include a punishment system, such as monetary and detention penalties, that is so severe that the unapproved person reconsiders misusing others\' data. Few experts recommend using smart cards as an alternative to collecting biometric data, which would be a discretionary option. As biometric data is permitted to perspective people regardless of whether they constitute recognized, brilliant cards that require pins will ask residents to cooperate during the ID cycle. Discarding brilliant cards makes it impossible to distinguish between people. Using brilliant cards would reduce the risk of crooks and psychological militants, unfamiliar government using biometric data to recognize Indians.

References

[1] Atulsingh, Data Protection: India in the Information Age, 59 JILI 78 (2017). [2] Bijan Brahmbhatt, Position and Perspective of Privacy Laws in India, available at http://www.lawctopus.com/academike/postion_perspective_laws_india/. [3] Dr. Payal Jain & Ms. Kanika Arora, Invasion of Aadhaar on Right to Privacy: Huge Concern of Issues and Challenges, 45(2) Indian I.L.R. 33 (2018). [4] Kasim Rizvi & Ranjit Rane, High Time India Had a Right to Privacy Law: A Private Member Bill Tabled Recently Ticks Most of the Boxes That One Would Expect from a Strong Data Privacy Law, LIVEMINT, available at http://www.livemint.com/opinion/eoRER0qfjdocTiTwFzdVJfHigh4imindia-had-a-right-to-privacy-law.html. [5] Krishnadas Rajagopal, Section 377 Will Not Apply to Consensual Same-Sex Acts, Says Supreme Court, The Hindu, available at http://www.thehindu.com/News/national/section-377-will-not-apply-to-consensual-same-sex-acts-say-supreme-court/article24878751.ece. [6] Latha R. Nair, Data Protection Efforts in India: Blind Leading the Blind, 4 I.J.L.T.I. 23 (2018). [7] Rukhmini Bobde, Data Protection and the Indian BPO Industry, 2 Law Rev. GLC 79 (2002-03). [8] S.S. Rana & Co. Advocates, India: Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011, available at www.mondaq.com/India/data/information-technology-reasonable-security-practices. [9] Shrikant Ardhapurkar, Privacy and Data Protection in Cyberspace in Indian Environment, available at https://www.researchgate.net/publication/50273874/Privacy-and-Data-Protection-in-Cyberspace-and-Indian-Environment. [10] Soni Mishra, Justice Chandrachud: The Lone Dissenting Voice in Aadhaar Judgment, The Week, available at https://www.theweek.in/news/justice_chandrachud_lone_dissenting_voice_aadhaar_judgment. [11] Vaibhabi Pandey, Data Protection Laws in India: The Road Ahead, STNGHS & Associate (2015). [12] Vijay Pal Dalmia, India: Data Protection Laws in India—Everything You Must Know, available at www.mondaq.com/India/data-protection-laws-in-india.

Download Paper

Paper Id : IJRASET73824

Publish Date : 2025-08-25

ISSN : 2321-9653

Publisher Name : IJRASET

DOI Link : Click Here

Whatsapp Submit Paper Online