Abstract
This research paper explores the evolving intersection between artificial intelligence (AI) and the right to privacy in India. It examines how AI systems, while improving efficiency and enabling convenience, also pose significant risks to personal data and privacy. Through an in-depth analysis of India’s constitutional provisions, judicial pronouncements, and recent legislative measures such as the Digital Personal Data Protection Act, 2023, the study evaluates the adequacy of India’s current legal framework in safeguarding individual rights. It also investigates issues surrounding AI liability, surveillance, and the ethical deployment of technology. By comparing national and international legal developments, this paper highlights both the potential and the challenges posed by AI to privacy rights and emphasizes the need for adaptive, transparent, and enforceable regulations in the digital era.
Introduction
The rise of artificial intelligence has transformed the landscape of digital governance, personal data processing, and privacy rights across the globe. In India, the legal understanding of privacy has developed significantly, especially after the landmark Supreme Court judgment in Justice K. S. Puttaswamy v. Union of India, which recognized the right to privacy as a fundamental right under Article 21 of the Constitution. However, this recognition comes at a time when technological advancements, particularly AI, increasingly encroach upon individuals’ private domains.
AI systems now influence a broad range of activities—from facial recognition and surveillance to predictive analytics and data profiling—raising unprecedented concerns over how personal data is collected, stored, and used. With the increasing reliance on AI-powered tools and platforms, the threats to privacy have become more nuanced and pervasive. While India has taken progressive steps with the introduction of the Digital Personal Data Protection Act, 2023, significant gaps and implementation challenges persist.
This paper delves into the legal, ethical, and practical implications of AI on privacy rights in India. It assesses the current legislative approach, identifies liabilities associated with AI misuse, and compares India’s stance with international practices. The goal is to foster a comprehensive understanding of the emerging dynamics between privacy and artificial intelligence within the Indian legal context.
Right to Privacy and Data Protection in India
Technology and the evolving regulatory landscape have highlighted privacy and data protection concerns. Privacy is crucial as it prevents intrusion into another's life and protects people's freedom from compromised information. The Indian Constitution places less emphasis on obligation than right, making privacy a rights-based approach to data security. The main areas of attention on data protection include Indian laws of crimes, national security, intellectual property, corporate affairs, consumer rights, right to privacy, and the right to information. The right to privacy is one of the most important and admirable rights, as it regulates third-party access to private matters or sensitive information. This right is recognized in international treaties such as the Convention on the Rights of the Child, the International Covenants on Civil and Political Rights, and the Universal Declaration of Human Rights. The right to privacy is considered the most fundamental feature of human existence and is seen as fundamental to other rights, such as life, freedom, and free speech in India. Each individual has the right to a “personal domain”, free from arbitrary state or third-party surveillance. Despite a universal acknowledgement of the responsibility to preserve privacy, precise nature of this right has not been comprehensively elaborated by global safeguards for human rights. As the right to privacy is conditional, determining how it should be applied presents difficulties in defining public interest and structuring the private sector. Because of this, implementing and upholding it has been challenging. As a subject of public concern, violation of human rights occurred in the realm of mass communication. According to the ‘privacy of communications’ theory, people can have conversations and share information in a setting that is shielded from prying eyes from the general public, businesses, and the state. These protections only apply inside a particular communication system and do not extend to the Internet as large.
The purpose of this research is to explore the legal standing of privacy and data protection landscape in India. There has been a lot of discussion over the legality of privacy and data protection laws, of late. For this reason, efficacy of the present legislative framework must be studied if high-level privacy protection is to be provided. The article looks at how data protection has been approached conceptually, in comparison to other laws, and how it has impacted people's rights.
The right to privacy was first recognised as such in the middle of the twentieth century. As technology has become more accessible to the masses, its importance has grown. Technology has permeated every area of human life. Modern technology increasingly intrudes on everyday lives. It may happen when someone knowingly or unknowingly shares information or acquires knowledge about another individual or entity. Powerful computer systems' surveillance capabilities prompt calls for more stringent regulations around the acquisition and use of personally identifiable information. The concept of rights theory treats data security as a fundamental human right. The first data protection law in the world was inspired by the need to preserve the privacy of individuals; and it is considered as the progenitor of contemporary laws in this field. The right to privacy is inextricably linked to the right to data security. We may easily see the importance of data security growing as a result of recent technical developments across the globe.
AI AND PERSONAL DATA
Majority people nowadays have at least one social media account per person, and most of them update it often with information about their day, whereabouts, etc. By disclosing this information publicly, social media account-holders make it simpler for criminals to harm them in the future, maybe by kidnapping them after they learn their locations, or simply through hacking etc. Hacking has sadly become so common that even government agencies' websites are vulnerable, let alone individual users' social media profiles! Majority of hacks occur when a hacker gives a victim a link through email or a social media account, and the victim clicks on the link, allowing the hacker access to the victim's computer. For instance, sometimes, we may get unsolicited e-mails claiming that we have won a large sum of money, requesting for our banking information in return. Even the well-informed can fall into this trap. Cybercrimes of this kind are unfortunately commonplace. The vast majority of Internet users (about 80%) have fallen victim to snares of such criminals at some point, according to studies.
A self-proclaimed cyber expert, Syed Shuja, once claimed that EVMs could be hacked, which, if true, could disrupt the foundation of democracy! The only computer-related crimes in the early days were those involving direct physical damage. There were no actual cases of cybercrime. One of the first incidents of cybercrime in India includes the case of Yahoo v. Akash Arora. This incident took place in 1999. Permanent injunction was requested because of allegations that defendant Akash Arora had engaged in trademark infringement using the domain name “yahooindia.com.” Judgment was delivered in favour of Yahoo.
In Shreya Singhal v. Union of India, the ruling given by the Supreme Court may be broken down into three categories: consideration, advocacy, and provocation. It was argued that the very act of arguing or defending a position, no matter how widely held, lies at the core of the right to free speech. It seems that Section 66A does not differentiate between the advocacy or discussion of a specific subject that is objectionable to certain people and the provocation of such words leading to a causal tie to public unrest, safety, etc. Therefore, it might be used to limit any kind of communication. In response to a question about whether or not Section 66A was meant to shield individuals from defamation, the court said that it was designed to punish harsh language that may upset listeners but not harm their reputation.
In yet another matter, Kent RO filed a complaint with eBay alleging that a seller on eBay's platform had infringed upon its intellectual property rights, and the company asked for eBay to check the legitimacy of items before allowing them to be listed. According to the court, all that's required of an IT intermediary under the rules is that it declare its privacy policy and rules, and warn anybody using its servers against posting or distributing anything that violates intellectual property laws. As an intermediary, eBay is bound by the IT Rules to remove infringing content from its site within 36 hours of receiving written notice from a plaintiff alleging that a product listed on its site infringes on the plaintiff's patent, trademark, or copyright rights. The court ruled that the hosting of data on such portals is automated and that eBay is not required to check all data until it is brought to its attention. Hence, it would be an unreasonable interference with the rights of an intermediary to oblige it to do such screening.
.jpeg)
