Merriam-Webster defines "surveillance" as "keeping a close watch on
someone or something"  in the relevant context, this would refer to
real-time surveillance or interception - particularly of data and communication
in the electronic sphere or internet - intercepted through telecommunication
systems which is conducted by a government with legal approval, with private
entities not being entitled to conduct surveillance.
In India, the Indian Telegraph Act, 1885, and Information Technology Act, 2000,
largely govern surveillance, dealing with call interception and data
interception respectively. As for the organizations that primarily conduct
surveillance in India, government agencies such as the Central Bureau of
Investigation, National Intelligence Grid, and others are the main actors in
The IT (Procedures and Safeguards for Interception, Monitoring, and Decryption
of Information) Rules of 2009  laid out guidelines for the interception of
communication, to be read alongside section 69(2) of the IT Act .
Correspondingly, Rule 3 states that only certain competent authorities can issue
orders for interception or monitoring of any information of any computer
resource or mobile phone.
The protection of personal data is enshrined under the Right to Privacy, which
is assured under Article 21 of the Constitution of India which states the right
to life and personal liberty  ; the analysis that this provision includes the
right to privacy was held by the Supreme Court of India in Justice K.S.
Puttaswamy v. Union of India (2017)  , wherein privacy was established as
a facet of personal liberty, thus confirming it as a fundamental right which
must be protected whilst engaging in necessitated surveillance.
However, the lack of a data protection legislation in India further deepens the
grey area that remains regarding ensuring the balance of the right to privacy
with the surveillance of private communication - an issue faced globally, though
with less safeguards in some countries than others. This is demonstrated by the
survey, conducted in October 2019 by UK-based security firm Comparative, that
assessed 47 countries and their methods of conducting surveillance whilst
protecting privacy .
Only five countries were found to have suitable safeguards; meanwhile, most were
found to be actively conducting surveillance on their citizens and further
sharing the gleaned information, with India being one of the most noted
offenders due to the data protection bill being yet to take effect.
In Justice K.S. Puttaswamy v. Union of India (2017) , the Right to
Privacy was stated by the Hon'ble Supreme Court to be a fundamental right under
Articles 14, 19, and 21 of the Constitution of India. As such, any actions which
restrict the right to privacy - such as surveillance - can only be justified
through being prescribed by law, which would require the surveillance to be
necessary to achieve a legitimate aim and proportionate to that pursued aim.
Restrictions to the fundamental right to privacy certainly exist, noted by the
Supreme Court in multiple instances: restriction by a just, reasonable, and fair
procedure established by law is valid, as is restriction due to an important
counteracting interest which is either superior or if there is a compelling
state interest that must be served ; further, a person voluntarily entering
controversy may not be able to avail the protection of the right to privacy
Thus, the gray area that exists in maintaining a just balance between instances
which require surveillance and the right to privacy - particularly in terms of
private communication - is clear.
The Right To Privacy Under Surveillance Allowances In India
As for legislation regarding Internet surveillance in India, the Information
Technology Act, 2000, contains the related provisions; considering that in this
contemporary age, communication over the internet encapsulates the majority of
what would be considered "private communication" in terms of vulnerable data,
this form of interception is the most relevant with regards to surveillance of
The IT Act authorizes the Government under Section 69 to conduct surveillance of
internet data, on various broad grounds relating to the nation's interests. In
due succession, the Information Technology (Procedure and Safeguards for
Interception, Monitoring and Decryption of Information) Rules, 2009,lay down the
procedural law related to the surveillance conducted under Section 69.
Section 69 of the IT Act allows for the interception, monitoring, and decryption
of digital information as long as it is done in the interest of India's
sovereignty and integrity and other such goals, or the prevention of or
investigation of an offense; however, it notably includes the addition of "the
occurrence of public emergency of the interest of public safety", which largely
broadens the ambit of power allowing for surveillance by discretion.
Whilst the IT Interception Rules stipulate the procedure that must be followed
for a valid issuance of interception directions, there is a lack of provision
for judicial authorisation or surveillance oversight, despite their being the
best-suited for carrying out legal tests and ensuring interference with privacy
carried out in this manner is compliant with the principles of proportionality
In terms of consent prior to the collection of personal data specifically, Rule
5 of the IT Rules 2011 does require the consent of the subject to be delivered
in writing; however, this rule does not apply to all forms of personally
identifiable data, but purely to sensitive personal data or information - which
significantly narrows the application of the rule necessitating consent before
personal data collection.
Nevertheless, in a step which affirms the protection of privacy, the High Court
of Bombay in the case of Vinit Kumar v. Central Bureau of Investigation (2019)
 observed that in the absence of risk to the people or the interest of
public safety, orders for interception of phone calls and tapping cannot be
justified. This offers a strong backing to the principle of protecting privacy
with regard to phone tapping and interception, which are particularly concerning
forms of surveillance, in all circumstances other than specific risk to the
public at large � a necessary judgment, as it vastly reduces the scope of
discretion which surveillance authorities may take in deciding whether call
interception or tapping is warranted, which previously likely led to
circumstances wherein unnecessary interception of data was justified under the
reasoning of discretion in surveillance.
Comparative Analysis with surveillance laws of the United Kingdom, European
Union, and South Africa
In the United Kingdom, the Regulation of Investigatory Powers Act, 2000
governs investigation and surveillance conducted by governmental bodies, as well
as providing guidelines for public authorities, such as these governmental
bodies, other departments, or the police force pertaining to the correct process
for the obtaining of any private information, with the main causes allowing
surveillance and investigation involving crime, terrorism, or other public
safety or emergency needs. As for the continent of Europe, member countries of
the European Union have tended to also follow the Regulation of Investigatory
Powers guidelines as a guiding legislation; the Data Protection.
Directive established for the protection of data additionally ensures the right
to privacy of individuals is not violated, as it regulates the processing of
data in the European Union. A particularly notable recent development
internationally which has gained prominence for its pronouncement on the
surveillance of private communication infringing on the right to privacy is the
case of AmaBhungane Centre for Investigative Journalism v. Minister of
Heard by the Constitutional Court of South Africa; this case also held certain
provisions of the South African legislation on surveillance i.e., the Regulation
of Interception of Communications and Provision of Communication-Related
Information Act 2002 (RICA), as unconstitutional. This case arose when the
Petitioners approached the Court to challenge the constitutionality of a number
of provisions of RICA, with the Court holding the concerned provisions
The above judgment was made due to the lack of legal provisions ensuring the
notification of subjects of surveillance as soon as would be possible without
jeopardizing the surveillance itself, as well as safeguards as a whole; this
includes safeguards to address that the interception-granting decrees are
obtained ex parte, to ensure that the obtained data is managed lawfully with no
unlawful interference, and notably to provide adequate safeguards where the
subject of surveillance is a journalist or practicing lawyer to avoid the risk
of infringing the confidentiality of client communications or a journalist's
Various sections were noted to be necessarily included in revisions to the law,
mandating disclosure of the subject's profession if they are a practicing lawyer
or journalist to the judge allowing for specific directions regarding
confidentiality to be issued, as well as mandating a post-surveillance
notification to be issued to subjects within ninety days of the expiry of
It is also notable that RICA does not discriminate between intimate personal
communication and ordinary private communication which would not lead to
objections regarding disclosure. It is important to note that the right to
privacy grows in importance and intensity as the intimate nature of the personal
information increases; a lack of distinction between ordinary and intimate
communication allows for highly invasive privacy violations to take place
without repercussion - not only on the subjects, but the third parties whose
communication with them has been intercepted.
As such, the post-surveillance notification mandate allows for the subject to be
afforded the opportunity to ensure the interception was lawful as well as hinder
illegally-obtained interceptions from taking place. This was significantly noted
in the legal community worldwide, as a strong stance on protecting the right to
privacy and the intimate personal information of individuals whilst accepting
the need for surveillance in certain scenarios.
The progressive understanding of data protection and right to privacy exuded by
the South African Constitutional Court is pioneering as an example for courts
worldwide in recognising the cognisant approach necessary to create legislation
and issue judgements relating to technology, personal data, the right to
privacy, and boundaries to surveillance.
Whilst the scenario in South Africa and to an extent, European Union nations, is
comparatively more progressive and advanced in proactively protecting privacy
and overseeing surveillance of private communication where it is necessitated,
the Indian sphere mainly lacks a comprehensive legislation to govern data
protection, post which it would be relatively at par considering that the right
to privacy has been established as a fundamental right and the need for
justified reasoning behind any surveillance has been noted by the judiciary, as
Considering that topics in relation to data are ever-evolving with the
fast-paced progress of technology and relatively recent in themselves, it is
important that legislative and judicial authorities in India and worldwide
ensure that a progressive stance is taken towards these issues and an
understanding of their importance is obtained to allow for laws and courts to
protect people and their privacy with any surveillance activity being closely
monitored and rigorously accountable to supervision.
Overall, there has been increasing recognition that surveillance ought to
require a judicial order to be conducted; this, along with certain
additional safeguards, would have a great effect on validating the right to
privacy to the extent of protecting private communication as far as possible
while under surveillance.
The establishment of an oversight mechanism to monitor all stages of
interception for legal compliance and domestic and international obligations:
As well as an independent accountability system to guarantee monitoring and
transparency of the process would aid this goal, as would the institution of an
independent national data protection authority for investigation and redressal
where necessary. Further, the need for a comprehensive and enforceable data
protection legislation to be passed is significant; however, with these steps,
the balance between the right to privacy and surveillance of private
communication can be struck in an effective and sustainable way.
- Surveillance, Merriam-Webster Dictionary (11th ed. 2003).
- Rule 3, Information Technology (Procedures and Safeguards for
Interception, Monitoring, and Decryption of Information) Rules, 2009.
- Section 69 (2), Information Technology Act, 2000.
- India Const. art. 21.
- Justice K.S. Puttaswamy v. Union of India (2017), 10 SCC 1.
- Data privacy laws & government surveillance by country: Which countries
best protect their citizens? (2019).
- Justice K.S. Puttaswamy v. Union of India (2017), 10 SCC 1.
- Maneka Gandhi v. Union of India (1978).
- Gobind v. State of Madhya Pradesh (1975), AIR 1378.
- R. Rajagopal v. Union of India (1994), 6 SCC 632.
- Vinit Kumar v. Central Bureau of Investigation (2019) Bom 3155.
- Regulation of Investigatory Powers Act 2000.
- AmaBhungane Centre for Investigative Journalism NPC v. Minister of
Justice and Correctional Services (2021) ZACC 3.
- UN High Commissioner for Human Rights, Report on the Right to Privacy in
the Digital Age, UN A/HRC/27/37, 30 June 2014