K. S. Puttaswamy Case (Right to Privacy)

The K. S. Puttaswamy v. Union of India judgment, delivered on 24 August 2017, arose from a constitutional challenge to the Aadhaar biometric identity programme filed by Justice K. S. Puttaswamy, a retired judge of the Karnataka High Court. When the matter reached the Supreme Court, the Union government argued that the Constitution conferred no fundamental right to privacy, relying on two earlier rulings—M. P. Sharma v. Satish Chandra (1954), decided by an eight-judge bench, and Kharak Singh v. State of Uttar Pradesh (1962), decided by six judges—which had been read as denying such a right. Because no smaller bench could overrule those decisions, a nine-judge Constitution Bench was constituted to settle the antecedent question of whether privacy is a fundamental right. The bench, led by Chief Justice J. S. Khehar, delivered a unanimous verdict through six concurring opinions, with the lead opinion authored by Justice D. Y. Chandrachud.

The Court held that the right to privacy is an intrinsic and inseparable part of the right to life and personal liberty guaranteed by Article 21, and is also distributed across the other freedoms recognised in Part III of the Constitution. The judgment expressly overruled M. P. Sharma and Kharak Singh to the extent that they held privacy was not constitutionally protected. The Court located privacy in the inviolable dignity of the individual, treating it as a natural right that the Constitution recognises rather than creates. It identified several zones of privacy, including bodily integrity, informational privacy, privacy of choice, and the privacy of the home, and it affirmed that informational self-determination—an individual's control over personal data—is a component of the broader right.

Crucially, the Court established that the right to privacy is not absolute and may be limited by the state only through a structured test of justification. Any intrusion must satisfy three requirements: there must be a valid law authorising the restriction (legality); the restriction must serve a legitimate state aim such as national security, prevention of crime, or protection of revenue (need); and the means adopted must be proportionate to that aim (proportionality). Justice Sanjay Kishan Kaul's opinion added a fourth element of procedural safeguards against abuse. This proportionality framework, drawn in part from German constitutional jurisprudence and the case law of the European Court of Human Rights, became the operative standard for adjudicating subsequent surveillance, data-collection, and identity disputes in India.

The judgment's consequences have been wide-ranging. The privacy reference was sent back to a five-judge bench, which in Justice K. S. Puttaswamy (Aadhaar) v. Union of India (September 2018) upheld the constitutional validity of the Aadhaar Act, 2016, while striking down Section 57, which had permitted private entities to demand Aadhaar authentication. The Puttaswamy privacy principle underpinned the decriminalisation of consensual same-sex relations in Navtej Singh Johar v. Union of India (2018), which read down Section 377 of the Indian Penal Code, and informed Joseph Shine v. Union of India (2018), which struck down the adultery offence under Section 497. It also provided the doctrinal foundation for India's data-protection legislation, culminating in the Digital Personal Data Protection Act, 2023, after the earlier Personal Data Protection Bill was withdrawn in 2022.

Puttaswamy must be distinguished from adjacent legal instruments and concepts. It is not a data-protection statute; rather, it is the constitutional source from which statutory data-protection obligations derive their legitimacy. It differs from the right to be forgotten, which is a narrower informational entitlement that Indian courts have since explored on a case-by-case basis without a comprehensive statutory grounding. It is also distinct from the freedom of information regime under the Right to Information Act, 2005, which governs citizens' access to state-held records rather than the state's intrusion into private life. Where the European Union's General Data Protection Regulation is a detailed regulatory framework, Puttaswamy operates at the higher level of constitutional principle, binding the legislature itself.

Subsequent developments have tested the reach of the judgment. The proportionality standard has been invoked in challenges to the Pegasus spyware allegations, prompting the Supreme Court in October 2021 to appoint a technical committee to investigate the use of the surveillance software against journalists, activists, and politicians. Critics have noted tension between Puttaswamy's robust privacy rhetoric and the Aadhaar verdict's acceptance of a vast biometric database, as well as concerns that the Digital Personal Data Protection Act, 2023 grants the Union government broad exemptions for state agencies that may dilute the proportionality safeguards the Court envisaged. The decision's silence on a horizontal application of privacy against private actors also remains a live question as data concentration in technology firms grows.

For the working practitioner, the Puttaswamy judgment is foundational reading. UPSC aspirants encounter it as the constitutional anchor of GS Paper II on rights and GS Paper III topics on internal security and data protection. Policy researchers and desk officers must understand its proportionality test when assessing the legality of surveillance programmes, interception orders under the Telegraph Act, and emerging frameworks on facial recognition and cross-border data flows. Diplomats negotiating data-adequacy arrangements with the European Union cite Puttaswamy as evidence of India's constitutional commitment to privacy. The judgment thus operates simultaneously as a milestone in Indian constitutional law and as the reference point against which every contemporary debate over surveillance and personal data in India is measured.