top of page
  • Writer's pictureIRALR


This article has been authored by Amisha Sharma, a fourth year student at Amity Law School, Noida.

The Ministry of Home Affairs, on December 20th, 2018 promulgated an Order authorising ten governmental agencies- both intelligence and security, to intercept, monitor and decrypt data. The Order is passed in furtherance of Section 69(1) of Information Technology Act, 2000 (herein after referred to as “IT Act”). The aforementioned Section lays down certain circumstances as to when the stored information can be used, all of which can be categorised under the umbrella term of ‘national security.’ The constitutionality of the Order has been challenged in Allahabad High Court, by one, Mr. Sourabh Pandey citing reasons of breach of privacy of personal data and establishment of a covert surveillance system by the Government through such enabling provision. The PIL has been admitted for hearing and is still pending in the Allahabad High Court with an interlocutory application. The above case seems important again in these times as India is seeing a spree of unauthorised access to data through governmental applications like Aarogya Setu, which was alleged of policies similar to that of surveillance.

The provision of Section 69 of the IT Act (and not just the order) grants an unbridled discretion to the security and intelligence agencies to access and use information which amounts to breach of the fundamental right to free speech and expression under Article 19(1) (a) of the Constitution and right to privacy and liberty under Article 21 of the Constitution. When the question is about what privacy is, it is pertinent to mention the celebrated judgement of Justice (Retd.) K.S Puttaswamy & Ors. v. Union of India of India and Ors. (2018), wherein, the Court equated privacy and ‘living life with dignity’, and moved towards an artistic approach of recognising various facets of privacy, one of which is ‘Right to be Left Alone.’

In a narrower context, with such a right, it is on the desire of the people to choose freely under what circumstances and to what extent they will expose themselves, their attitude and their behaviour to others. But with a wider perspective, it is to be understood that ‘privacy has travelled far from right to be alone’[i] and to violate the fundamental right of privacy, no physical constraints are required but mere existence of an unregulated surveillance system in the name of national security seems adequate enough.

Violation of Constitutional Provisions

Rule 3 of IT Rules, 2009 provides for ‘unavoidable circumstances’ for which any order can be issued by a ‘competent authority’ under Section 69 (hereinafter referred to as “Section”) of the IT Act. The same legislation, in Rule 2(d) states the definition of a ‘competent authority’ which are Secretary to MHA, Central Government and Secretary to Home Department, State Government- both, and executive branches. Rule 2(q) prescribes of a Review Committee to be constituted under Rule 419A (Indian Telegraph Rules, 1951) but does not consist of any member from the judiciary or any other independent body and hence, the Review Committee is made up of members only from the executive. This further makes room for no judicial oversight.

The Hon’ble Supreme Court in Maneka Gandhi v. Union of India (1978) adopted the proportionality test with its two underlying principles: principle of just, fair and reasonableness and compelling state interest test. In K.S. Puttaswamy (Retd.) v. Union of India & Anr. (2018) the Court has postulated a more expressed and refined approach, and has laid down the four sub-tests of proportionality, which are as follows:

i. Legitimate goal stage,

ii. Suitable or rational connection stage,

iii. Necessity stage and

iv. Balancing stage.

When a right is restricted, the reason of restriction of such right has to be reasonable enough so that it achieves a correct balance. Here, the prima facie violation is of right to privacy which in turn, puts forth a surveillance process wherein reasons for such monitoring and investigation is not yet provided by the Government. Once the informational data is stored in the notified agencies, they will be possessed with an indefinite access to such data irrespective of the time constraints. In this regard, the impugned section seems tortious as the competent authorities are given unbridled discretion to determine the standard of security, sovereignty, limitation and usage of informational data stored with them. Also, when there is no presence of an overwhelming or exceptional circumstance where a right of privacy is to be curtailed, such an approval of interception seems to be a platform of unethical violation of citizen’s right.

To further elucidate on the test of proportionality, it is to state that the Courts have moved beyond the approach of considering rationality in a decision. Now, proportionality can be used to weigh the accords of a decision taken with interests and considerations (State of Madhya Pradesh v. Hazarilal 2008). The IT Rules are apparently termed to be the ‘procedural safeguards’ but certainly defy the literal meaning of ‘safeguard’ as the power rests upon the executive to review/neglect its decision in every possible way, hence, infringing the fundamental right provided under Article 19(1)(a) of the Constitution.

In another stance, the Section not only violates the Right to Privacy but also curtails a person’s right to constitutional remedy as the entire procedure is covert. The reason for this is that until an action is being taken against a person, the person in no way can confabulate that he is being watched upon which will make it difficult for him to put up a case against the State. This violates the right to live with human dignity and simultaneously violates Article 32 of the Constitution which in itself is a fundamental right (Ramesh Thappar v. State of Madras, 1950).

The Section pertains to the constitutionality of the executive action where it is pertinent to mention Article 14 of the Constitution and arbitrariness. From a positivistic point of view, equality is antithetic to arbitrariness (E.P. Royappa v. State of Tamil Nadu, 1973) and also, where an act is arbitrary, it is implicit that it is unequal both according to political logic and constitutional law and therefore, it violates of Article 14 of the Constitution. In Erusian Equipment & Chemicals Ltd. v. State of West Bengal (1975), the Supreme Court emphasized that the activities of the Government have a public element and therefore, fairness and equality must be observed in their exercise.

In another case of State of WB v. Anwar Ali (1952), the Court laid down the principle of striking down the legislation and went on to state that the reason for unconstitutionality of a legislation can be that it gives arbitrary and uncontrolled power to the authority which would enable it to discriminate between person or things similarly situated.

Section 69 consists of no feature of judicial oversight or legislative enquiry into the executive action. The Review Committee so constituted sincerely explains about the aforementioned transgression which makes the provision arbitrary, irrational and serves as a tool for blatant abuse of power. In the view of the provision, it is to also emphasize that there is no procedure as to how an executive action will be taken which defies the principle of rule of law and forms the basis of arbitrary action exercised by the executive which makes Section 69 of the IT Act draconian, calling for unwelcoming impacts on the right to privacy of the citizens.


Now, it is nobody’s contention that processing national security is an illegitimate state action but the key question is the safeguards that are to be taken while differentiating between the institution of genuine and false cases of national security. Hence, as much as we state that privacy has its reasonable restriction, it is important to realise that what needs restriction is the indefinite meaning attached to the terminology of ‘national interest’ during its interpretation. It is, now, the onus of the State to justify its actions which it has failed to do so far. The Government has continuously focused on the fact that the order limits the scope of the section, whereas such contention can easily be disregarded on a general reading of the order per se. But, it is to state that the order issued in furtherance of the provision gives a sweeping power to executive which is vague, disproportionate and suffers from the vice of excessive delegation.

With such acts of the Government, not only the need of Data Protection Laws come into play, but this also puts forth the context of re-analysing and re-defining the parameters of ‘national security’ and covert State actions in terms of surveillance policies which in-turn gives yet another intent to form full-fledged laws. If all this is invalidated and put to a non-justification, it will be but obvious to state that India is gradually moving towards the adoption of a cloak-surveillance system.

[i] Apurv Sardeshmukh, Data Protection: Law and Regulation 21 (Thomson Reuters, 1st Edn 2019).

bottom of page
ga('require', 'ipMeta', { serviceProvider: 'dimension1', networkDomain: 'dimension2', networkType: 'dimension3', }); ga('ipMeta:loadNetworkFields'); ga('send', 'pageview');