Supreme Court of India Declares Privacy a Fundamental Right

Last week, India’s Supreme Court unanimously ruled that individual privacy is a fundamental right under Article 21 of India’s constitution. The question arose as a result of a case involving constitutional questions about privacy issues raised by Aadhaar — the world’s largest biometric database.

The Court convened to resolve the specific question of the right to privacy, which the government argued against as being “too vague a concept to be considered a fundamental right,” and that fulfilling citizens’ rights to food and shelter (one of the original justifications behind Aadhaar) trumps privacy. The Court, however, disagreed and stated in its 547-page decision that privacy is “an intrinsic part of right to life” and “the constitutional core of human dignity.”

Chief Justice Jagdish Singh Khehar even invoked the words of former U.S. Supreme Court Justice Louis Brandeis, stating that “[t]he right to be let alone is a part of the right to enjoy life. The right to enjoy life is, in its turn, a part of the fundamental right to life of the individual.”

What’s Next?

According to the World Privacy Forum, the decision will very likely set a changed course for Aadhaar, as it sets a precedent for lower courts to consider when ruling on the privacy implications of Aadhaar in future cases, particularly whether Aadhaar violates this newly formed fundamental right to privacy. Technology companies that integrate their products and services with Aadhaar could also be affected.

While the news of this case is largely viewed as an important victory for human rights, there has not yet been a sea change. The decision is deeply affected by politics and it remains unclear how broadly it can or will be applied.

While the decision is monumental, the right to privacy has not yet been implemented via legislation — although the decision does make a call to action for the creation of a robust data protection regime — and any commercial impact will likely be delayed as the Court tasked a recently formed committee to lay down a data protection framework.

It is unclear when these change will take place, but the decision states that the “[f]ormulation of a regime for data protection is a complex exercise that needs to be undertaken by the state after a careful balancing of requirements of privacy coupled with other values…”

As always, OneTrust will continue to track these developments as they become available.

How OneTrust Helps

Powered by deep privacy research, our comprehensive and integrated platform includes readiness assessments, privacy impact assessments (PIA/DPIA), data mapping automation, website scanning and cookie compliance, subject rights and consent management, incident reporting, and vendor risk management. Our team of privacy experts continually track developments like these and update our products to align with global laws and regulations, industry programs and privacy frameworks.