Privacy Breaches
📌 What is a Privacy Breach?
A privacy breach occurs when personal, confidential, or sensitive information is accessed, used, disclosed, or stolen without consent or legal justification.
🧠 Types of Privacy Breaches:
| Type | Description |
|---|---|
| Data Breach | Unauthorized access or leakage of personal data (e.g., Aadhar, health data, banking details). |
| Surveillance Abuse | Illegal or excessive surveillance by state or private actors. |
| Identity Theft | Misuse of personal data to impersonate or commit fraud. |
| Information Misuse | Sharing personal information with third parties without consent. |
| Digital Snooping | Monitoring digital communications (e.g., emails, messages) without permission. |
⚖️ Legal Framework in India
Right to Privacy as a Fundamental Right under Article 21 (after Puttaswamy judgment, 2017).
Information Technology Act, 2000 – Sections 43A and 72A on compensation and punishment for data breach.
Indian Penal Code – Sections 403, 405, 409 (criminal breach of trust, theft of data).
Proposed Digital Personal Data Protection (DPDP) Act, 2023 – Comprehensive data protection law.
📚 Important Case Laws on Privacy Breaches
1. Justice K.S. Puttaswamy (Retd.) v. Union of India (2017) 10 SCC 1
Facts:
Aadhar was challenged as a violation of the right to privacy.
The government argued privacy was not a fundamental right.
Judgment:
The Supreme Court unanimously held privacy is a fundamental right under Article 21.
Overruled previous judgments like MP Sharma and Kharak Singh.
Significance:
Laid the constitutional foundation for privacy protection in India.
Privacy includes bodily integrity, personal autonomy, and informational privacy.
2. Govind v. State of Madhya Pradesh (1975) 2 SCC 148
Facts:
Surveillance of a citizen by the police was challenged under Article 21.
Court’s View:
Recognized that privacy is part of personal liberty, though subject to reasonable restrictions.
Relevance:
Early acknowledgment of privacy, even before it was officially declared a fundamental right.
3. PUCL v. Union of India (1997) 1 SCC 301 – Telephone Tapping Case
Facts:
PIL challenged the arbitrary and excessive use of telephone tapping by the government.
Court’s Ruling:
Held that telephone tapping violates the right to privacy under Article 21.
Laid down procedural safeguards to regulate surveillance.
Importance:
One of the first strong interventions against state surveillance abuses.
4. Aadhar Case – K.S. Puttaswamy (Aadhar-2) v. Union of India (2018)
Facts:
Challenge to mandatory linking of Aadhar to services like SIM cards, bank accounts, etc.
Judgment:
SC upheld Aadhar’s validity for welfare schemes but struck down linking with private services.
Found compulsory linking to telecom and bank accounts unconstitutional.
Relevance:
Protected citizens from data misuse and profiling by private entities.
Strengthened informed consent and purpose limitation.
5. Navtej Singh Johar v. Union of India (2018) 10 SCC 1
Facts:
Challenge to Section 377 IPC which criminalized same-sex relations.
Connection to Privacy:
Court said sexual orientation is an essential attribute of privacy.
Right to privacy includes decisional autonomy in intimate matters.
Impact:
Expanded the scope of privacy into sexual identity and dignity.
6. R Rajagopal v. State of Tamil Nadu (1994) 6 SCC 632 – Auto Shankar Case
Facts:
Magazine tried to publish autobiography of a prisoner (Auto Shankar) alleging police corruption.
Key Ruling:
Recognized the right to be let alone as part of privacy.
Held that publishing private facts without consent violates the right to privacy unless in public interest.
Precedent:
Landmark ruling on media ethics vs individual privacy.
7. Bennett Coleman & Co. v. Union of India (1973)
Facts:
Though primarily a case on press freedom, it also touched on state regulation over private content.
Relevance:
Highlighted need to balance state interests and individual freedoms, including privacy.
8. WhatsApp Privacy Policy Case – Karmanya Singh Sareen v. Union of India (2016–Ongoing)
Facts:
WhatsApp’s data sharing with Facebook challenged in Delhi High Court and later Supreme Court.
Issues:
Violation of user privacy and consent principles.
Legal Status:
Matter linked with the need for a national data protection law.
Court emphasized that privacy must be protected even in private digital contracts.
🧾 Summary Table of Cases
| Case | Key Issue | Outcome |
|---|---|---|
| Puttaswamy (2017) | Is privacy a fundamental right? | Yes, under Article 21 |
| PUCL (1997) | Phone tapping | Regulated under privacy safeguards |
| Rajagopal (1994) | Media vs personal life | Right to publish limited by personal privacy |
| Aadhar (2018) | Compulsory data collection | Upheld with limits |
| Navtej Johar (2018) | Sexual orientation privacy | Recognized as part of dignity |
| Govind (1975) | Surveillance | Allowed with restrictions |
| WhatsApp Case | Consent in data sharing | Pending; triggered push for data law |
🧠 Core Principles Established by Courts
| Principle | Explanation |
|---|---|
| Consent | Personal data can’t be used without free, informed, and explicit consent. |
| Purpose Limitation | Data must be used only for the purpose it was collected. |
| Right to Be Forgotten | (Implied) Individuals have a right to erase digital footprints. |
| Data Minimization | Only necessary data should be collected. |
| Transparency | Individuals must know how their data is used. |
🔚 Conclusion
Privacy breaches, particularly in the digital age, pose a direct threat to constitutional rights. Indian courts have progressively expanded the scope of the right to privacy, insisting on legal safeguards, proportionality, transparency, and stronger regulation of data handlers—both public and private.
The development of jurisprudence shows a clear shift toward individual autonomy and digital dignity, with more robust enforcement expected under upcoming data protection legislation.
RELATED Blog
0 comments