Constitutional Foundation

The modern framework of data protection and privacy law in India is constitutionally anchored in the recognition of the Right to Privacy as a fundamental right by the Supreme Court in Justice K.S. Puttaswamy (Retd.) v. Union of India (2017). In this landmark nine-judge bench decision, the Court unanimously held that the right to privacy is intrinsic to the right to life and personal liberty under Article 21 of the Constitution, and also flows from the freedoms guaranteed under Part III of the Constitution. The judgment overruled earlier precedents that treated privacy as a mere common law or statutory interest, firmly elevating it to a constitutional guarantee enforceable against the State.

The Court conceptualised privacy not as a narrow right against physical intrusion, but as a multi-dimensional right encompassing autonomy, dignity, and informational self-determination. Privacy was recognised as essential to individual autonomy the ability of a person to make personal choices free from unwarranted interference and as a core component of human dignity. Importantly, the judgment acknowledged informational privacy as a distinct and critical facet, recognising an individual’s right to control the collection, use, and dissemination of personal data in an increasingly digital and data-driven society.

This constitutional understanding laid the normative foundation for India’s data protection regime, directly influencing subsequent legislative developments, including the Digital Personal Data Protection Act, 2023. The principles articulated in Puttaswamy, such as legality, necessity, proportionality, and procedural safeguards now operate as constitutional guardrails against excessive data collection, surveillance, and misuse, and continue to guide judicial interpretation of privacy, data protection obligations, and State as well as private sector conduct in the digital ecosystem.