Author:  Dhruv Vijay, B.S. Anangpuria Institute of Law, Alampur, Dhauj, Faridabad

Nowadays, the connection between privacy and human rights is more complicated and disputed. This paper examines how digital privacy is legally recognised as an essential right for people and studies important conventions, constitutional protections and key court judgments that have influenced privacy in the digital age. Concentrating only on primary sources, the study carefully examines international and national laws, pointing out how emerging case law resolves issues raised by technological advances such as mass spying, data leaks and data profiling. It also looks at the ways in which laws seek to balance privacy against the state’s needs for security and development. The author concludes that strong and flexible laws based on human rights help to preserve digital privacy and support human dignity as the digital world continues to change.

Keywords: Digital Privacy, Human Rights, Legal Frameworks, Mass Surveillance, Data Protection, Jurisprudence

Thanks to digital technology, communication, business, governance and social life have all evolved in the 21st century. Thanks to the internet, smartphones, cloud computing and social media, personal data has become very important, helping economies and connecting many people worldwide. Still, the digitalization of information has also made privacy protection a bigger concern. Throughout history, privacy has been known as the right of individuals to decide what happens with their personal information and how they lead their private lives.

Digital technology creates new challenges for privacy protection. Privacy threats in the digital world focus on data that is created, gathered, handled and stored using electronic devices, not just on what happens offline or through letters. These information transfers go across countries, involve both public and private organisations and usually do not provide enough visibility or responsibility. Because of the risks of unauthorised access, mass surveillance, identity theft and unfair profiling, there is a stronger need for strong legal protections.

The paper will investigate the basis of digital privacy in the law, focusing on major international and national instruments that recognise privacy as a key right. It also studies important court cases that have adjusted privacy protections for the digital era. The study also looks at recent issues, for example, widespread use of surveillance, cyber threats and the ethics that come with big data analysis. In the end, the paper considers the efforts to update laws to better secure personal privacy online.

The study uses a qualitative method to study the main legal guidelines and current issues in digital privacy and human rights. The research predominantly involves doctrinal analysis of primary legal sources, including international human rights instruments (involving ICCPR, UDHR, ECHR), national constitutions, statutes, and landmark judicial decisions from jurisdictions like the United States(US), European Union, and India. It makes it possible to examine the way privacy rights are included, explained and upheld in different legal systems.

I use secondary sources like scholarly articles, legal commentaries and reports by human rights organisations to put the doctrinal findings into context and discover new topics in digital privacy, for example, mass surveillance, data breaches and profiling.

Also, a comparison of privacy laws between countries is done, spotlighting the differences and similarities in rules involving India’s Digital Personal Data Protection Act, 2023 and EU’s GDPR.

A pie chart shows how many landmark cases were studied in each privacy issue category.

It helps explain the major issues dealt with in digital privacy law.

The growing focus on digital privacy and human rights comes from the speed of new technology and more state surveillance. Scholars emphasize that privacy, historically conceived as the "right to be let alone," now encompasses control over personal data in the digital sphere. Kuner states that while the UDHR and ICCPR give basic privacy protections, they should be updated to suit today’s digital environment.

Law experts have examined how the courts have reacted to new privacy concerns. Digital privacy standards have been significantly shaped by ECHR (European Court of Human Rights), particularly through its Art. 8 jurisprudence. The Puttaswamy case in India updated the meaning of privacy in the constitution to address digital data gathering and monitoring programmes.

Also, the GDPR and similar laws show a move by lawmakers to ensure people have control over their personal data. Even so, some are concerned about mass surveillance, data security breaches and algorithmic profiling and some scholars are urging for worldwide regulations.

A. Universal Declaration of Human Rights (UDHR)

Adopted by the United Nations General Assembly in 1948, “UDHR (Universal Declaration of Human Rights)” represents a seminal international instrument that articulates fundamental human rights as well as freedoms applicable to every individual. Since the UDHR does not have the force of a treaty, it's not legally binding. Nonetheless, it has impacted numerous legally binding human rights treaties as well as is acknowledged as customary international law.

No one has the right to arbitrarily interfere with your correspondence, family, home, or privacy under Article 12 of the UDHR.

"Nobody should have their honour and reputation attacked or their privacy, family, home, or correspondence arbitrarily interfered with. Everyone is entitled to legal protection from these kinds of intrusions or attacks."

It lays out that privacy helps protect personal autonomy and human dignity. Although law was written before the rise of digital technology, the way it is written allows it to address problems like unauthorised data collection and interception of communications.

B. International Covenant on Civil and Political Rights (ICCPR)

The ICCPR, which was adopted in 1966 and came into force in 1976, requires state parties to defend the civil and political rights of all people who are under their authority. Article 17 specifically codifies right to privacy:

"1. No one shall be the target of arbitrary or illegal attacks on his honor and reputation, or interference with his family, home, correspondence, or privacy.

2. Everyone is entitled to legal protection from these kinds of intrusions or attacks."^2

The Human Rights Committee, which monitors ICCPR implementation, has interpreted Article 17 in the context of digital communications, emphasizing that states must regulate digital surveillance and data collection activities to prevent unlawful intrusions. According to the ICCPR, any privacy limits must be appropriate, required, and mandated by law to balance rights of people with legitimate interests of the state, such as national security.

C. European Convention on Human Rights (ECHR)

ECHR, drafted under auspices of the Council of Europe and effective since 1953, provides one of the most developed regional legal frameworks protecting privacy rights. Article 8 guarantees:

"1. People are entitled to respect for their privacy, their family, their homes and their correspondence.

2. There shall be no interference by a public authority with the exercise of this right except such as is in accordance with the law and is necessary in a democratic society..."

In light of technical developments, the ECHR has established a substantial body of jurisprudence interpreting Article 8. For instance, in Liberty and Others versus the United Kingdom (2008), the court held that blanket surveillance programs violated Article 8 because they lacked adequate safeguards and oversight mechanisms. Currently, in “Big Brother Watch and Others v. United Kingdom” (2018), the court scrutinized the UK’s mass surveillance laws, emphasizing that a clear legal framework needs moreover effective remedies for protecting privacy rights in digital context.

Globally, ECHR’s approach to privacy, which stresses proportionality, legality and supervision, is now widely considered best practice.

A. United States

1. Fourth Amendment to the U.S. Constitution

The Fourth Amendment stops the government from searching or seizing people in an unfair or unreasonable way. At first, warrants were only used for physical searches, but courts have now started to protect digital data and communications using them. The amendment articulates:

"The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated...’’

The digital world brings challenges for courts in managing the relationship between privacy alongside law enforcement work. The SC(Supreme Court) believes that digital devices retain extensive confidential information that should be carefully protected.

2. Landmark Case: Riley v. California (2014)

In “Riley v. California, 573 U.S. 373 (2014)”, the SC unanimously concluded that law enforcement must secure a warrant prior to examining digital data on a cell phone confiscated at arrest time.  The court pointed out that modern phones hold much sensitive information, which is why they must be safeguarded more by the Fourth Amendment. The ruling made it clear that digital privacy should not be violated by the government without a warrant.

B. India

1. Constitution of India - Article 21

Article 21 assures that each person is entitled to life and personal liberty.

"No person shall be deprived of his life or personal liberty except according to procedure established by law."

Even though term privacy isn’t found in the Indian Constitution, the SC viewed Article 21 broadly for comprising privacy as a basic right to personal liberty and dignity.

2. Landmark Case: Justice K.S. Puttaswamy (Retd.) v. Union of India (2017)

All 9 judges on the SC bench agreed that privacy has been a fundamental right recognised in Art. 21, reversing earlier conflicting decisions. As a result of this decision, privacy has been recognised as a fundamental right in India. It was held in court that privacy contains the right to control your own data and guard yourself from state monitoring.

Following the Puttaswamy judgement, India presented “Digital Personal Data Protection Act, 2023” for managing data processing and upholding digital privacy.

A. Mass Surveillance

With new technology, both governments and companies can now gather and study a huge amount of data. Because of concerns about national security, governments have sometimes put in place massive surveillance programmes, as the U.S. National Security Agency’s PRISM program by Edward Snowden in 2013 demonstrates. They showed that many digital communications were being intercepted without proper checks from judges, which sparked worldwide discussions about balancing privacy and security.

Mass surveillance breaks the rules of legality and proportionality required by human rights, which often leads to less freedom of expression and association. Because technology is advancing so quickly, laws have not been able to keep up, so changes and collaboration among countries are needed to set clear boundaries and oversight.

B. Data Breaches and Cybersecurity

Currently, many organisations experience data breaches that reveal personal information about millions. Attacks on corporations, governments and important infrastructure expose major weaknesses in systems. The Equifax data breach, 2017 which disclosed information on over 140million individuals, clearly shows the dangers of weak data protection.

They underline the requirement for laws that outline data security rules, require telling people about breaches and provide accountability to secure digital privacy and earn the public’s trust.

C. Big Data and Profiling

Big data analytics rise allows individuals to be analysed for use in business, politics or security. Although these practices make companies more efficient, they can lead to problems with discrimination, loss of anonymity and manipulation.

Because marginalised communities are more likely to be affected by profiling, it can create systemic biases. More privacy laws now focus on these topics by demanding clear information, consent and boundaries for automated decision-making, such as those in GDPR for profiling.

A. General Data Protection Regulation (GDPR) – European Union

GDPR was put into practice in May 2018 and marks a major change in data protection regulation. It covers any organisation handling personal information of EU residents, regardless of where it is located. Key features include:

• Lawful, fair, transparent personal data processing.

• Data subject rights, including rectification, access, right to be forgotten(erasure), along with portability.

• To process data,  consent is a key legal basis.

• Responsibilities regarding data processors as well as controllers to implement security measures.

• Significant non-compliance fines, upto 4%turnover globally.

GDPR has become a model for other countries to follow when drafting privacy laws.

B. India’s Digital Personal Data Protection Act, 2023

After the Puttaswamy ruling, India introduced “Digital Personal Data Protection Act” that directs data fiduciaries to get consent, secure personal data and address complaints from individuals. It further creates a Data Protection Board that checks for compliance and settles disputes.

This legislation is a major achievement in India’s understanding of privacy, as it follows global practices and also takes care of local issues.

C. Judicial Activism and Privacy Oversight

The role of courts is still very important in forming digital privacy protections. Decisions by the courts have created rules for state surveillance, defended whistleblowers and increased transparency. The U.S. SC has been expanding digital privacy rights, and India’s judges are carefully monitoring surveillance laws to prevent them from being misused.

Digital privacy is a key part of today’s human rights law. Based on the UDHR and ICCPR and further protected by laws in many countries, privacy rights have adapted to deal with the new issues caused by digital technology. Landmark judicial decisions, such as Riley v. California and Puttaswamy v. Indian laws, show that the judiciary is key in upholding privacy rights.

Advances have not solved the problems of mass surveillance, cyberattacks and the use of big data to profile people. The introduction of laws, including GDPR alongside India’s “Digital Personal Data Protection Act”, shows that the world is moving toward better data privacy protections.

It is important to keep trying to update the law, balance privacy with other interests and respect human dignity or autonomy in a virtual world. Only when regulations are strong, transparent, and consistent with human rights principles can digital privacy be protected as a human right.

1. Law Bhoomi, Human Rights in the Digital Era (Jan. 17, 2025), https://lawbhoomi.com/human-rights-in-the-digital-era/.

2. G.A. Res. 217 (III) A, Universal Declaration of Human Rights, art. 12 (Dec. 10, 1948), https://www.un.org/en/about-us/universal-declaration-of-human-rights.

3. International Covenant on Civil and Political Rights, art. 17, Dec. 16, 1966, 999 U.N.T.S. 171, https://www.ohchr.org/en/instruments-mechanisms/instruments/international-covenant-civil-and-political-rights.

4. European Convention on Human Rights, art. 8, Nov. 4, 1950, 213 U.N.T.S. 221, https://fra.europa.eu/en/law-reference/european-convention-human-rights-article-8-0.

5. Riley v. California, 573 U.S. 373 (2014), https://supreme.justia.com/cases/federal/us/573/373/.

6. Shreya Sharma, Case Studies: Privacy Rights in Digital Age (Apr. 5, 2024), https://lawarticle.in/privacy-rights-in-digital-age/.

7. Aishwarya Agarwal, Digital Personal Data Protection Act, 2023 (India) (Oct. 18, 2024), https://lawbhoomi.com/digital-personal-data-protection-act-2023/.

8. Tanveer Kaur, Right to Privacy in the Digital Age: A Study with Indian Context, https://eelet.org.uk/index.php/journal/article/view/2307.

9. Samuel D. Warren & Louis D. Brandeis, The Right to Privacy, 4 Harv. L. Rev. 193 (1890), https://groups.csail.mit.edu/mac/classes/6.805/articles/privacy/Privacy_brand_warr2.html.