INTRODUCTION
The recent developments in the field of Artificial Intelligence (AI) have led to substantial changes in the process of acquisition, analysis, and processing of data by governments. Despite the added advantages of increased administrative efficiency and state security, AI has led to substantial concerns about the privacy of citizens. In the Indian context, where the Right to Privacy has been declared as the Fundamental Right under Article 21 of the Indian Constitution, the resort to AI-enabled surveillance systems raises an important constitutional challenge to the Indian legal system.[1]
WHAT IS RIGHT TO PRIVACY?
In India Right to Privacy is a fundamental right, marking its evolution through a significant judicial journey through landmark cases. The Supreme Court of India has recognized right to privacy as a fundamental right guaranteed by the Constitution of India, having its intrinsic presence in the Right to Life and Right to liberty under Article 21.1 The Right to privacy in India ensures individual autonomy, dignity and personal freedom.
The International Covenant on Civil and Political Rights (ICCPR) and Universal Declaration of Human Rights (UDHR) serves as a foundational pillar for the recognition of privacy as a fundamental human rights. UDHR Article 12 states that- “No one shall be subjected to arbitrary interference with his privacy, family, home or correspondence, nor attacks upon his honour and reputation. Everyone has the right to the protection of the law against such interference or attacks.”[2] Further, ICCPR also stated in Article 17 that-“No one shall be subjected to arbitrary or unlawful interference with his privacy, family, home or correspondence, nor to unlawful attacks on his honour and reputation.”[3] Thus, this reinforces the provision of Privacy as a fundamental human right.
In India, the right to privacy has gone through a long judicial evolution, emerging from the landmark case Gobind vs State of MP 1975[4] where the Supreme Court held that Privacy and dignity deserve to be examined with care, and also introduced the compelling state interest test, emphasising that privacy rights are to be held as a high state interest only if they are convincingly justified. Another landmark case was Justice KS Puttuswamy vs Union of India 2017,[5] In which the Supreme Court of India recognized Right to Privacy as a fundamental right within Article 21. It highlighted Privacy being interconnected with equality, free speech, expression, and religion. The Court laid down the three-pronged test for determining the validity of any state action infringing privacy:
- Legality – existence of a valid law;
- Legitimate Aim – pursuit of a lawful state objective;
- Proportionality – rational nexus between means adopted and the objective sought. Meaning that any intrusion must be backed by clear legal authority, must be necessary for a legitimate state of aim, and must not be disproportionate to the objective pursued. This framework sets out the constitutional baseline for assessing any AI or surveillance law affecting privacy.
STATE SURVEILLANCE IN THE AGE OF ARTIFICIAL INTELLIGENCE
State surveillance is the use of executive authority by the State to observe a person or a group for the purposes of incrementing national security, crime deterrence, and public welfare in such circumstances that it is constitutionally safeguarded and legally constrained. The state uses various digital surveillance methods like CCTVs and facial recognition cameras to track the action of citizens. State Surveillance refers to the monitoring and collection of personal data by the government for objectives such as personal safety, crime prevention, and national security.[6] But in recent times, Artificial Intelligence (AI) has been an important tool for state surveillance. The AI relies on facial recognition, video analytics, and productive algorithms. AI driven surveillance helps to prevent crimes, supports disaster responses, and detects threats.
The AI surveillance is expanding quickly because the technology is cheaper and very efficient. Cameras are in every single place. The footages are analysed quickly and more accurately.
However this efficiency of AI surveillance is raising the privacy questions and possesses the threat on personal freedom and right to control one’s personal information. In India there are many instances of data breach of millions of people. The data include the banking detail, Aadhar details, etc., that has been breached and been used for committing cybercrime.
LEGAL FRAMEWORK CONCERNING SURVEILLANCE IN INDIA
India has limited reach of legislations when it comes to surveillance.
- The Telegraph Act, 1885, particularly Section 5(2), which permits interception of communications in the interest of public safety and sovereignty.[7]
- The Information Technology Act, 2000, has provided basic instructions about data issues and its protection. Especially Section 69, which authorizes interception, monitoring, and decryption of digital information.[8]
- The Information Technology (Procedure and Safeguards for Interception, Monitoring and Decryption of Information) Rules, 2009, which prescribe procedural safeguards.
DIGITAL PERSONAL DATA PROTECTION ACT, (DPDP) 2023
Recognizing the gaps for data privacy protection, Shrikrishna Committee proposed Personal Data Protection Bill in parliament in December 2019. The Bill was restructured by the Joint Parliamentary Committee, and it was known as the Data Protection Bill which was introduced in 2021. The Bill was withdrawn in 2021 on the background of amendments in it by the Joint Parliamentary Committee. Thereafter, Ministry of Electronics and Information Technology introduced the draft of Digital Personal Data Protection Act, 2023 which is a strong legislative attempt to reinforce data protection in India.
However, Section 17 and related provisions grant broad exemptions to the state for reasons such as national security, public order, and sovereignty.[9] Section 17 has broad powers due to four main issues: vague grounds like national security and public order, exemptions granted solely by the Central Government without parliamentary or judicial oversight, absence of a proportionality requirement, and lack of any review or time limit on exemptions. Together, these factors allow surveillance agencies to avoid meaningful data protection obligations. While such exemptions may be necessary, their wide scope raises concerns about unchecked surveillance and dilution of privacy protections envisaged under Puttaswamy.
PRIVACY CONCERNS ARISING FROM AI-BASED SURVEILLANCE
- Collection of Sensitive data
- Use of personal data without permission
- Data Leakages
- Increase in Cyber Crimes
Thus, AI based Surveillance has led to an increase in data breaches. Algorithm decision making often lacks transparency. AI enables the large-scale data without individual suspicion, thereby increasing the risk of disproportionate state interference in data use. Unregulated AI surveillance risks violating the constitutional requirement of privacy.
ARE INDIAN LAWS READY FOR AI SURVEILLANCE?
India is currently moving from a fragmented legal system to a more organized one, but there are still major gaps in government accountability and mass surveillance. Although new laws and rules have been put in place to manage the digital age, critics and legal experts believe that the framework still prioritizes state security over individual privacy.
Digital Personal Data Protection (DPDP) Act, 2023 & Rules 2025: For the first time, India has a privacy law that can be enforced. It requires “consent-based” data processing and sets large fines (up to ₹250 crore) for data breaches. However, Section 17[10] of the Act allows the government to exempt its agencies from almost all rules in the name of “national security” or “public order.” This means that AI surveillance by the state can often ignore the privacy protections that citizens have against private companies.
As of 2026, India’s legal preparations for AI surveillance show sharp contrasts. The country is moving toward formal regulation while still allowing significant executive discretion. The IT Rule Amendments (2025)[11] have set a high standard for deepfakes, requiring a 10% display label and quick takedown processes. However, other areas remain legally uncertain. Facial Recognition Technology (FRT) operates with low readiness, depending on broad police powers, and there is no specific “Biometric Surveillance Act,” despite the growth of the National Automated Facial Recognition System (NAFRS).[12] At the same time, the AI Ethics and Accountability Bill (2025) have created a basic framework for predictive policing, requiring audits for algorithmic bias. However, broad “national security” exemptions in the DPDP Act (2023) allow state-led AI surveillance to often ignore the privacy protections meant for the digital age.
India has the foundation of a modern legal system with the DPDPA 2023 and the AI Bill 2025. However, it is not yet ready to protect citizens from government overreach due to three reasons. First, as discussed, Section 17 of the DPDP Act 2023 allows for wholesale exemptions for state agencies, meaning that the provisions of the Act regarding consent and accountability simply do not apply to state surveillance. Second, the National Automated Facial Recognition System (NAFRS) operates under broad police powers and without a dedicated biometric surveillance statute, independent oversight, or mandatory judicial authorisation. Third, while there are massive penalties of up to ₹250 crore for private data processors, there are no penalties for state abuse of the data collected by AI. The legal framework thus protects citizens from corporations, but not from the state — the more dangerous of the two power asymmetries in the context of AI-based surveillance.
CONCLUSION
The use of AI in state surveillance brings both benefits and risks. It can improve governance and security, but it also threatens the basic right to privacy if not properly regulated. Indian laws are not fully equipped to handle the complexities that AI-driven surveillance introduces. We need a legal framework focused on rights that connect technology with constitutional values. This is crucial to make sure the right to privacy does not get sacrificed in the name of state security.
Author(s) Name: Manisha Nandkumar Dhayrikar (ILS Law College Pune, Maharashtra)
References:
[1] Constitution Of India (1950), Article 21
[2] Universal Declaration Of Human Rights (adopted 10 December 1948) UNGA Res 217 A(iii) (UN Doc A/810), art 12
[3] International Covenant on Civil and Political Rights (adopted 16 December 1966, entered into force 23 March 1976) 999 UNITS 171 (ICCPR), art 17
[4] Govind v State of Madhya Pradesh (1975) 2 SCC 148 (SC)
[5] Justice K.S. Puttaswamy (Retd.) & Anr. V. Union of India & Ors. (2017) 10 SCC 1 (SC)
[6] Willson M, “AI and the Ethics of Surveillance” (Blockchain Council, October 9, 2025) <https://www.blockchain-council.org/ai/ai-and-the-ethics-of-surveillance> accessed January 10, 2026
[7] Indian Telegraph Act 1885 (India), s 5(2).
[8] Information Technology Act 2000, s 69
[9] Digital Personal Data Protection Act 2023, s 17
[10] Digital Personal Data Protection Act 2023, s 17
[11] Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Amendment Rules 2025 (India).
[12] Yadav M Ms and Sharma A Dr, “Facial Recognition Technology in India: Socio-Legal Debates on Privacy and Human Rights” (IJSET JOURNAL PUBLICATION, December 30, 2025) <https://www.ijset.in/facial-recognition-technology-in-india-socio-legal-debates-on-privacy-and-human-rights/> accessed January 7, 2026
