Digital Privacy Concerns: Citizens Demand Stronger Data Protection and Surveillance Oversight
Letters to the editor highlight public concerns over digital privacy, data protection, and the need for robust legal frameworks to prevent misuse of personal data and surveillance.
Photo by Smartupworld Affordable Website Management
Quick Revision
Public concern over digital privacy and data protection.
Worries about misuse of personal data by private entities and government.
Need for a strong legal framework (e.g., Digital Personal Data Protection Bill).
Demand for transparency and accountability in data collection and usage.
Balancing national security with the right to privacy.
Visual Insights
Evolution of Digital Privacy & Data Protection in India
This timeline illustrates the key milestones in the development of India's legal framework for digital privacy and data protection, highlighting the journey from judicial recognition of privacy to the enactment of a dedicated data protection law amidst ongoing surveillance concerns.
The journey of digital privacy in India began with limited judicial recognition, evolving significantly with the landmark Puttaswamy judgment in 2017. This paved the way for a dedicated data protection law, culminating in the DPDP Act, 2023. However, public concerns about government surveillance and the balance between national security and individual rights remain at the forefront, driving demands for stronger oversight.
- 1950Indian Constitution adopted (Right to Life & Personal Liberty under Article 21)
- 1954M.P. Sharma v. Satish Chandra: SC ruled against general right to privacy
- 1962Kharak Singh v. State of UP: SC recognized limited privacy aspects (bodily integrity)
- 1996PUCL v. Union of India: SC laid down guidelines for telephone tapping
- 2000Information Technology Act enacted (includes provisions for electronic surveillance)
- 2009IT (Procedure and Safeguards for Interception, Monitoring and Decryption of Information) Rules notified
- 2017K.S. Puttaswamy v. Union of India: SC declares Right to Privacy a Fundamental Right under Article 21
- 2018Justice Srikrishna Committee submits draft Personal Data Protection Bill
- 2019Personal Data Protection Bill, 2019 introduced in Parliament
- 2021Pegasus Spyware Controversy erupts, raising concerns about government surveillance
- 2022Joint Parliamentary Committee report on PDP Bill, 2019, followed by withdrawal of the bill
- 2022Digital Personal Data Protection Bill, 2022 introduced
- 2023Digital Personal Data Protection Act, 2023 enacted into law
- 2024Public concerns persist over DPDP Act exemptions for government & surveillance oversight
Exam Angles
Constitutional provisions related to Right to Privacy (Article 21)
Landmark Supreme Court judgments (Puttaswamy case)
Legislative framework for data protection (DPDP Bill, IT Act, Telegraph Act)
Government policies on surveillance and national security
Ethical dilemmas in technology and governance
International best practices in data protection (e.g., GDPR comparison)
View Detailed Summary
Summary
A collection of letters to the editor reflects growing public concern over digital privacy and data protection in India. Citizens are worried about the potential for misuse of personal data by both private entities and the government, particularly in the context of surveillance.
The letters emphasize the need for a strong legal framework, like the proposed Digital Personal Data Protection Bill, to safeguard individual rights. They also call for greater transparency and accountability from authorities regarding data collection and usage, underscoring the importance of balancing national security with fundamental rights like the right to privacy.
Background
The right to privacy has gained significant attention in India, especially after the Supreme Court's landmark judgment in K.S. Puttaswamy v. Union of India (2017), which declared it a fundamental right under Article 21.
This judgment underscored the need for a robust data protection law. Prior to this, data protection was largely governed by the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011, under the IT Act, 2000, which were deemed insufficient.
Latest Developments
Practice Questions (MCQs)
1. With reference to the Digital Personal Data Protection Bill (DPDP Bill), consider the following statements: 1. It applies to the processing of digital personal data outside India if it involves offering goods or services to data principals in India. 2. It mandates that a Data Fiduciary must obtain explicit consent from the Data Principal for processing their personal data, except in certain legitimate uses. 3. It establishes a Data Protection Board of India to adjudicate disputes and impose penalties. Which of the statements given above is/are correct?
- A.1 and 2 only
- B.2 and 3 only
- C.1 and 3 only
- D.1, 2 and 3
Show Answer
Answer: D
Statement 1 is correct: The DPDP Bill has extraterritorial applicability, covering processing of digital personal data outside India if it relates to offering goods or services to data principals within India. Statement 2 is correct: The Bill emphasizes consent as a primary basis for data processing, though it also provides for 'legitimate uses' where consent may not be required. Statement 3 is correct: The Bill proposes the establishment of a Data Protection Board of India as an independent body to ensure compliance and adjudicate disputes related to data protection.
2. In the context of surveillance and the right to privacy in India, consider the following statements: 1. The Supreme Court in K.S. Puttaswamy v. Union of India (2017) declared the right to privacy as an absolute right under Article 21 of the Constitution. 2. Interception of communications by the government is primarily governed by the Information Technology Act, 2000, and the Indian Telegraph Act, 1885. 3. Any restriction on the right to privacy must satisfy the triple test of legality, legitimate state aim, and proportionality. Which of the statements given above is/are correct?
- A.1 and 2 only
- B.2 and 3 only
- C.3 only
- D.1, 2 and 3
Show Answer
Answer: B
Statement 1 is incorrect: The Supreme Court in Puttaswamy judgment declared the right to privacy as a fundamental right but not an absolute one. It is subject to reasonable restrictions. Statement 2 is correct: These two acts provide the legal framework for lawful interception of communications by authorized government agencies. Statement 3 is correct: The Puttaswamy judgment laid down the 'triple test' (legality, legitimate state aim, and proportionality) that any state action infringing on privacy must satisfy.
3. Which of the following principles is NOT a core component of a robust data protection framework, as generally understood globally and reflected in modern data protection laws?
- A.Data Minimization: Collecting only necessary data for a specified purpose.
- B.Purpose Limitation: Using collected data only for the purpose for which it was collected.
- C.Data Localization: Mandating that all personal data must be stored and processed within the national borders.
- D.Accountability: Data fiduciaries being responsible for compliance with data protection principles.
Show Answer
Answer: C
Data Localization (C) is a specific policy choice adopted by some countries, but it is not a universally accepted 'core principle' of data protection frameworks. While some laws might include it, core principles generally revolve around individual rights and responsible data handling. Data Minimization (A), Purpose Limitation (B), and Accountability (D) are widely recognized as fundamental principles of data protection globally (e.g., GDPR, and reflected in India's DPDP Bill).
Source Articles
Letters to The Editor — December 3, 2025 - The Hindu
Contact Us | The Hindu Learning Corner
Letters to The Editor — December 5, 2025 - The Hindu
The Hindu appoints Subhash Rai as Digital Editor - The Hindu
Letters From Readers, Readers Opinion, Readers Letters, Opinion Column - The Hindu