The question of how a constitutional democracy balances its imperative to ensure security of the State and public order with its obligation to protect the liberty of its citizens is not new. It has long occupied jurists, administrators, and scholars alike, often surfacing into sharp relief in times of a perceived crisis.
What is new, however, is the nature and scale of the power that the modern State now wields. Surveillance is no longer confined to the interception of letters or telephonic conversations, nor even to the discreet monitoring of suspected individuals. With the advent of digital technology, it has expanded into a pervasive, continuous, and largely invisible system of data extraction, aggregation and analysis. The contemporary State, aided by unprecedented technological capabilities, is in a position not merely to observe but to archive, reconstruct, and predict the lives of its citizens at the push of a button. This transformation compels a re-examination of the legal principles and mechanisms that govern the right to privacy against the State, and it demands that the older conceptualisations of surveillance be tested against the realities of current digital technology and governance.
This article aims to discuss how in this modern era of technology how can the right to privacy be protected while still enabling critical surveillance.
The State, particularly in jurisdictions such as India, operates within a complex and often hostile security environment. It is tasked with addressing threats that are diffused, decentralised, and frequently indistinguishable from ordinary civic activity. Terrorism, cybercrime, transnational financial fraud, money laundering and disinformation campaigns are not merely episodic occurrences but continuous processes that require constant vigilance.
It would be unrealistic, and indeed undesirable, to argue that the State must be deprived of the tools necessary to monitor and respond to such threats particularly when the criminals are so enabled. Surveillance, in its various forms, is therefore today an indispensable instrument of governance. The real difficulty arises not from the existence of surveillance powers but from their absence of clearly defined protocols, limits, their susceptibility to misuse, and the asymmetry they create between the State and the individual. The misuse of surveillance has in mature democracies led to not merely a violation of an individual but subversion of the democratic and constitutional systems as narrated hereinafter.
It is in this context that the concerns articulated in earlier experiences, both in India and abroad, acquire renewed significance. The history of surveillance in democratic societies demonstrates that the misuse of such powers is not an aberration but a recurring possibility.
In 1974 the US Senate decided to form a 11-member Committee headed by Senator Frank Church, to look into the way the various government agencies of the United States had been conducting their surveillance activities. The Committee had concluded that the US Government had engaged in numerous abuses of surveillance, often targeting people solely because of their political beliefs. The Government had often undertaken the secret surveillance of citizens merely on the basis of their political beliefs, even when they posed no threat of violence or illegal acts on behalf of any hostile foreign power. It came to light that successive US Presidents had given permission to engage in wiretapping of celebrities, writers, dissidents, Supreme Court Justices, and professors.[2] During the McCarthy era the object of attack were not just communists, but included members of civil rights movements and opponents of Vietnam War. These reports contained detailed information on finances, sexual activities, personal beliefs, and associations of famous people, as well as anonymous Americans.[3]
In the United States, besides statutory provisions, the constitutional framework governing surveillance is anchored in the Fourth Amendment, which protects against unreasonable searches and seizures. The traditional test articulated in Katz v. United States 389 U.S. 347 (1967) introduced the notion of a “reasonable expectation of privacy”, a formulation that has guided judicial reasoning for decades. In this case, the Court had held that what an individual seeks to preserve as private, even in an area accessible to the public, may be constitutionally protected. Secondly, it has also pointed out that even though the agents had acted with restrain and made a very precise and targeting phone tapping, the same being without an antecedent warrant from Court could not be validated.
However, the advent of digital communication, cloud storage, and location tracking, has blurred the distinction between private and public information in ways that the classical doctrine struggles to accommodate. It is in this backdrop that the US Supreme Court’s decision in Carpenter v. United States 587 U.S. 525 assumes importance. The Court held that access to historical cell site location information constituted a search requiring a warrant, thereby recognising that certain forms of digital data, even when held by third parties, reveal such intimate details of a person’s life that they deserve constitutional protection of the fourth amendment. However, it did not overrule Smith v. Maryland, 442 U. S. 735, 741 (1979) and Miller v. United States 425 U. S. 435 but distinguished them upon facts i.e the nature of data sought and not on any clear principle. This decision, a tight rope walk by the Court, signals a cautious recalibration of the Katz doctrine, acknowledging that the digital age necessitates a more nuanced understanding of privacy.
In the United Kingdom the enactment of the Investigatory Powers Act, 2016 represents an attempt to comprehensively regulate surveillance activities, including bulk data collection and interception. The framework introduced under the Act seeks to reconcile security needs with privacy rights by incorporating procedural safeguards such as the “double lock” mechanism, which requires both executive authorisation and approval by a judicial commissioner an oversight by an Investigatory Powers Commissioner. The importance of procedural safeguards has also been emphasised in the jurisprudence of the European Court of Human Rights. In the case of Big Brother Watch v. United Kingdom[4], the Grand Chamber held that bulk surveillance was not inherently incompatible with the European Convention on Human Rights, but its legality depends upon the existence of adequate safeguards governing authorisation, selection, storage, and oversight. The emphasis in this line of authority is not on prohibiting surveillance as such, but on ensuring that its exercise is circumscribed by transparent and accountable procedures.
When these comparative experiences are viewed together, a common pattern emerges. Advanced constitutional systems have moved towards recognising that the legitimacy of surveillance depends less on the existence of power and more on the structure within which that power is exercised. They have attempted, with varying degrees of success, to construct systems of prior authorisation, independent oversight, and post facto accountability. It is in this respect that the Indian position lags behind.
The recognition of privacy as a fundamental right, by the Supreme Court, in the judgement of Justice K.S. Puttaswamy v. Union of India 2017 (10) SCC 1, marked a significant doctrinal development in India. The Supreme Court located the right within the guarantee of life and personal liberty under Article 21 of the Constitution. While this judgment established the normative foundation for the right to privacy, however the practical impact of this recognition has been very limited. The absence of a comprehensive legislative framework governing surveillance has meant that executive practices continue to be regulated by colonial-era statutes such as the Telegraph Act, 1885, provisions of the Information Technology Act, 2000, Bharatiya Nagarik Suraksha Sanhita, 2023 which vest immense discretion with the executive without meaningful independent oversight. Much powers are vested in the executive without independent oversight at the pre-surveillance or investigation and post surveillance stages.
Judicial pronouncements cannot address these structural deficiencies. The case concerning the alleged use of Pegasus spyware raised serious concerns about the extent of State surveillance, yet the judicial response was cautious and limited. While the Court reiterated the importance of privacy and appointed a technical committee, it did not evolve a clear doctrinal or institutional framework to regulate surveillance. The result is a jurisprudence that acknowledges the problem but does not provide any meaningful much less comprehensive and systemic solution.
The inadequacy of existing remedies further compounds the difficulty. Judicial review in privacy cases is necessarily retrospective. It addresses violations after they have occurred, often long after the damage has been done. In many instances, individuals are unaware that they have been subjected to surveillance, making it impossible to seek redress. Even where a violation is established, the remedies available are limited and rarely sufficient to either compensate or deter future misconduct. The absence of effective mechanisms for accountability and deterrence for violation creates a situation in which the protection of privacy depends largely on executive self-restraint.
The central problem, therefore, lies not in the absence of legal recognition but in the lack of institutional design. Privacy cannot be protected merely by declaring it to be a fundamental right. It requires a legal framework that responds to evolving technology and regulates the exercise of surveillance powers at every stage, from authorisation to execution to retention of data and destruction of data. The experience of other jurisdictions demonstrates that such a framework must include independent authorisation, preferably by a judicial or quasi-judicial body, stringent conditions governing the scope and duration and target of surveillance, and robust oversight mechanisms capable of auditing compliance and addressing breaches.
The solution to the present imbalance lies in adopting a regulatory approach that acknowledges the necessity of surveillance while ensuring that its exercise is bound by the guardrails of law. This would require the enactment of a comprehensive surveillance statutes that clearly defines the circumstances in which surveillance/investigation may be conducted, the procedures that must be followed, and the safeguards that must be observed. Such legislation must establish an independent oversight authority(ies) empowered to sanction surveillance, review executive authorisations, monitor compliance, storage and deletion of private data and impose severe sanctions for misuse at both the Centre and State level. Parliamentary/Legislative supervision particularly by a standing committee would further enhance accountability, ensuring that the exercise of surveillance powers remains subject to democratic control.
The development of such a framework would not undermine the security interests of the State. On the contrary, it would enhance the legitimacy of surveillance by subjecting it to transparent and consistent standards. It would protect not only the rights of individuals but also the integrity of institutions by reducing the risk of misuse. Most importantly, it would restore the balance between power and liberty that lies at the heart of constitutional governance.
In the ultimate analysis, the challenge presented by modern surveillance is not one of choosing between security and privacy. It is one of ensuring that the pursuit of security does not erode the very freedoms it seeks to protect. The task before Indian law is to translate the abstract promise of privacy into a concrete system of protection, capable of responding to the realities of the digital age. Only then can the delicate balance envisioned by the Constitution be meaningfully preserved.
[1] Mr. Arjun Harkauli graduated from the National Law School of India University Bangalore. He has been practising law for over 23 years before the Supreme Court, the Delhi High Court on the commercial, arbitration and civil and constitutional side. He can be reached at arjunharkauli@ahchambers.com
[2] Whitefield Diffie and Susan Landau, “Privacy on the Line: The Politics of Wiretapping and Encryption” in Daniel J. Solve’s Nothing to Hide the false tradeoff between Privacy and security (1st Edn., Yale University Press, New Haven, 2011) pp. 7.
[3] Sam J. Ervin Jr., “Privacy and Government Investigations” in Daniel J. Solve’s Nothing to Hide the false Tradeoff between Privacy and Security (1st Edn., Yale University Press, New Haven, 2011) pp. 8.

