Posts

Constitutional Limits on Digital Governance: A Study of State Power and Individual Rights

Constitutional Limits on Digital Governance: A Study of State Power and Individual Rights

/0 Comments/in /by

Constitutional Limits on Digital Governance: A Study of State Power and Individual Rights

 

 

Abstract

This study critically examines the constitutional limits on digital governance in India, investigating the escalating tension between expanding state authority and individual civil liberties in the digital realm. Employing a doctrinal research design, the study systematically analyzes primary legal sources, including the Constitution of India, the Information Technology Act, 2000, and the Digital Personal Data Protection Act, 2023. The research utilizes hermeneutic analysis and the four-pronged proportionality test established in Justice K.S. Puttaswamy v. Union of India to evaluate the validity of statutory frameworks governing surveillance, data collection, and content regulation. Data was retrieved from SCC Online using structured Boolean search strings to ensure methodological rigour.

Key findings indicate that existing laws often grant excessive discretionary power to the state through ambiguous terms like “national security” and “public order,” lacking adequate judicial oversight. The study highlights significant lacunae in protecting privacy under Article 21 and freedom of speech under Article 19 against mechanisms such as internet shutdowns and algorithmic profiling. Comparative analysis with the European Union’s GDPR reveals structural weaknesses in India’s consent standards and state exemption regimes. Furthermore, gap analysis identifies technological obsolescence where emerging tools like predictive policing operate beyond statutory scope. Significantly, the research underscores the urgency of updating colonial-era statutes like the Telegraph Act, 1885.

Ultimately, the dissertation argues that current mechanisms fail to meet constitutional standards of necessity and balancing. It proposes a reform-oriented framework to ensure digital governance aligns with fundamental rights, emphasizing legality, transparency, and judicial accountability. This research contributes to digital constitutionalism by offering normative recommendations for balancing security imperatives with liberty, ensuring state power remains subject to robust constitutional guardrails. The study concludes that without structural reforms, digital governance risks becoming an instrument of unchecked authority rather than public service, necessitating immediate legislative intervention to safeguard democratic values. The objectives of analyzing constitutional validity, evaluating judicial safeguards, and proposing a balanced framework were successfully achieved through this multi-dimensional analytical approach.

 

Keywords: Digital Governance, Constitutional Law, Right to Privacy, Proportionality Test, State Surveillance, Fundamental Rights

 

 

 

Chapter 1: Introduction

1.1 Introduction

In the last 20 years, unprecedented digitalization of the state functions has taken place around the world, with more governments using information and communication technologies (ICTs), data infrastructures, and algorithmic systems to design, deliver, and monitor public services (Muskan, 2025; NASSCOM, 2023, as cited in CDPP, 2024). This global transformation manifests in such segments of the state economy as welfare provision, state health, taxation, policing, and election management, where digital platforms, real-time dashboards, biometric authentication, and AI-enhanced analytics are the new primary generators of state power and administrative coordination (Invest India, 2024; Muskan, 2025). India is one of the most ambitious projects of this direction, and the vision of the digitally empowered society and knowledge economy is accomplished using flagship programmes like Digital India, Aadhaar-based digital identity, DigiLocker, and a growing digital public infrastructure currently encompassing hundreds of government departments (Government of India, 2025; CDPP, 2024; NeGD, 2026).

It is a structural shift in governance systems of the past, based on paper-based and face-to-face systems of governance to a digital form of governance, where the interactions between the state and the citizens are mediated by code, databases, and networked mediums (Invest India, 2024; IJIRL, 2024). On the one hand, digitization offers efficiency, transparency, and inclusion through simplifying bureaucratic procedures, lessening paperwork, and speedier and more convenient delivery of the services to widely spread citizens (IJIRL, 2024; SIMT, 2025). Conversely, it re- configures the modalities of state power – scaling up data gathering, surveillance, automated decision-making and exclusion via technological design and infrastructure decisions, which are not always transparent to those who are impacted (Muskan, 2025; India Forum, 2025). In that way, the constitutional order is faced with a qualitatively new ground on which the classical guarantees of privacy, equality, due process, and free expression should be viewed in connection with digital architectures that help to both guarantee and refuse the basic rights (Muskan, 2025; Vintage Legal, 2026; Vidhi, 2025).

The Aadhaar project, internet shutdowns, and digital exclusion are examples of emerging tensions between a more and more data-driven state and the constitutional aspiration of individual rights, which judicial and scholarly arguments and debates in the Indian context reveal. Decisions made by the Supreme Court in Justice K.S. Puttaswamy ( Privat ) and in the Aadhaar case held the essential right to privacy and at the same time supported most segments of the Aadhaar system, to the extent of proportionality and protection, hence recognizing both the usefulness and the threats of centralized digital IDs (Majmudar and Partners, 2022; Supreme Court Observer, 2023). Later jurisprudence and commentary has signified how the inability to obtain welfare benefits or be refused this right due to errors or design decisions in digital public infrastructures, including biometric authentication failures or compulsory linkages, can create problems of dignity, equality, and non-arbitrariness before the Constitution (Supreme Court Observer, 2023; India Forum, 2025). Simultaneously, the cases on internet shutdowns and the discussion of the digital access as the feature of Article 21 indicate that the access to, and the power over, the digital networks have become the part of the exercise of a variety of constitutional freedoms in the highly digitised society (Vintage Legal, 2026; Vidhi Centre for Legal Policy, 2025).

It is against this context that the main topic of this dissertation is the constitutional constraints of digital governance, which can be construed to mean the legal and normative constraints within which the state can use digital technologies without violating, but instead enforcing, individual rights. The evaluation presumes that digital governance is not an administrative upgrade of neutrality but a re-articulation of state power infrastructures that can become entangled with asymmetries of knowledge, control and vulnerability without being checked by strong principles in constitutions and institutional protection (Muskan, 2025; CDPP, 2024). The paper criticizes the way constitutional principles on privacy, equality, due process, and democratic participation are being challenged, strained, and, in certain instances, rethought in the digital era of governance by exploring how India is becoming more digital, its identity infrastructures, service delivery platforms, and regulatory regimes of data and content (Muskan, 2025; IJIRL, 2025; Vintage Legal, 2026). The less important question here is not whether the state can govern digitally, but under what constitutional terms such governance can be compatible with, and open to, the commitment of the state to the individual and the rule of law.

1.2 Background of the Study

Over the past decade the last ten years, digital governance in India has grown at a very high rate changing the way the state visualizes, categorizes, and regulates individuals and populations and bringing new constitutional challenges towards power and rights (Chander and Sun, 2023; GIGA, 2024; Human Rights Watch, 2018). It is a qualitatively new form of governance that datafication, algorithmic decision-making, and ubiquitous identification systems create a new constitutional site of inquiry through this expansion, including Digital India, Aadhaar, and an extensive ecosystem of surveillance technologies (GIGA, 2024; Human Rights Watch, 2018, 2019).

Rise of digital governance in India

The concept of digital governance in India can be seen as the means by which the state uses digital infrastructure, platforms, and data systems to provide services, control society, and use power in large scales (Chander and Sun, 2023). Digital public infrastructure (DPI) consisting of Aadhaar, United Payments Interface (UPI) and DigiLocker have become the Indian model around which welfare delivery, financial transactions, and administrative control converge (Ministry of Electronics and IT [MeitY], 2025; Press Information Bureau [PIB], 2024). The systems are positioned as efficiency, inclusion, and transparency tools, but their design puts data in state-controlled structures and introduces new ways of surveillance and control into normal governance (Chander & Sun, 2023; GIGA, 2024).

Since about 2014, digital governance changed direction to a consistent state agenda of transforming India into a digitally empowered society and knowledge economy (MeitY, 2025; NEXT IAS, 2025; Testbook, 2024). This transformation was accompanied by the focus on the real-time data flows, the use of biometric authentication, and cross-linking of databases, which collectively drastically expanded the potential of the state to monitor transactions and identities and movements in near real-time (Chander and Sun, 2023; GIGA, 2024). This has seen the Indian state no longer govern simply by law and policy, but also code, platforms, and databases, extending constitutional issues into new technological horizons.

Digital India as an architecture of state power

Introduced in 2015, the Digital India programme is the umbrella policy crown under which most of these changes have taken place (MeitY, 2025; NEXT IAS, 2025; Testbook, 2024). It is based on three pillars, which, in turn, include: (a) the digital infrastructure as the core utility to all citizens, (b) governance and on-demand services, (c) the digital empowerment of citizens (MeitY, 2025; NEXT IAS, 2025). These pillars have been realised in practice by broadband roll-out (BharatNet), platforms such as UMANG to access unified services, dematerialised paperwork in the form of DigiLocker, and various sectoral solutions such as e-Hospital and the National Digital Health Mission (NEXT IAS, 2025; Testbook, 2024).

Digital India makes the state more involved in the daily lives of citizens by making digital identity and connectivity prerequisites to access (NEXT IAS, 2025; Testbook, 2024). At the same time, the focus of the programme on information to everyone, e-Kranti (delivery of services online), and unified databases enhances transparency and monitoring and classification capabilities of the state (Akal Info, 2025; NEXT IAS, 2025). What seems to be administrative rationalisation, then, is a doubling of infrastructural power: the capacity of the state to act with networks and platforms, data infrastructures which citizens are forced to consume to access rights and entitlements (Chander and Sun, 2023; GIGA, 2024).

Aadhaar and biometric identification as the core of digital rule

Aadhaar and biometric identification as the central part of digital rule. Aadhaar, the largest biometric identification system in the world, has become the backbone of the system of digitalized governance in India and an important channel of the increase of the power of the state (GIGA, 2024; India Science and Technology, 2004/2021). Intended in 2009 and supported by law in 2016, Aadhaar will assign every resident a 12-digit number, which is associated with biometric and demographic records, first meant to streamline the process of welfare delivery and minimize leakage (GIGA, 2024; India Science and Technology, 2004/2021). As time has passed, Aadhaar became the quasi-mandatory infrastructure, which is associated with bank accounts, mobile SIMs, income tax filings, pensions, and a vast array of government services (GIGA, 2024; Human Rights Watch, 2018, 2019).

It is an architecture that establishes one, state-controlled layer of identities where citizens need to authenticate themselves to engage in the economy and receive key services (GIGA, 2024; India Science and Technology, 2004/2021). The legal and technical architecture of Aadhaar, scholars propose that the model of Aadhaar is based on the assumption that the state provides the custodianship of the data of its citizens and uses it as the asset of digital-economic development (Chander and Sun, 2023). Biometric identity, financial information, telecommunication data, and welfare databases overlapping around a single identifier greatly benefit the profiling, social sorting, and exclusion abilities of the state, even with legal protections in place (GIGA, 2024; Human Rights Watch, 2018, 2019).

The constitutional ramifications of Aadhaar were emphasized in the ruling of the case Justice K. S. Puttaswamy (privacy) and the Aadhaar judgment, when the Court simultaneously confirmed that privacy is an individual right and invalidated the very symbol of Aadhaar infrastructure, although it did not renounce some of the connections and provisions (Supreme Court Observer, 2023; Human Rights Watch, 2018, 2019). Though most people believed that Aadhaar did not necessarily establish a surveillance state, it still acknowledged the necessity of high proportionality, minimisation of data and retention and access preventions by the private sector (Supreme Court Observer, 2023; Human Rights Watch, 2018). These determinations define the constitutional landscape where digital governance operates today: the power of the state is permitted and limited by the very existence of fundamental rights, but the infrastructures beneath it are growing larger.

Surveillance technologies and the deepening of state visibility

In addition to Aadhaar and Digital India, there has been a rapid spread of digital surveillance instruments in India including CCTV networks, facial recognition systems, predictive policing tools, and integrated social registry databases through which India has gained greater visibility over space that was previously under the protective umbrella of relative anonymity (GIGA, 2024). Efforts to create a so-called 360-degree Social Registry Information System by connecting Aadhaar with demographic, housing, and welfare data to track a variety of aspects of the citizens have been reported in an investigative report (GIGA, 2024). At the same time, police units are testing massive facial recognition and data integration services that enable individuals to be tracked in the city and online (GIGA, 2024).

The reasoning behind such systems is usually conducted within the framework of efficiency, security, and better targeting of welfare and policing (GIGA, 2024). But, according to civil-liberties analyses, such technologies may become normalized, with the lack of strong data-protection protocols, independent oversight, and explicit legal limits, normalizing around-the-clock surveillance, chilling dissent, and weakening the freedoms of movement, association, and expression (GIGA, 2024; Human Rights Watch, 2018, 2019). The same digital means that distribute welfare in good time can be used to support timely welfare transfers, but also granular social sorting, blacklisting, and exclusion itself in combination with other programs like the National Register of Citizens and other citizenship-verification efforts (GIGA, 2024).

At least some of these risks have been recognised in the 2018 Aadhaar judgment, which voided the compulsory SIM Aadhaar linking and highlighted that unbalanced intrusions into privacy do not pass constitutional scrutiny (Supreme Court Observer, 2023; Human Rights Watch, 2018). The further growth of surveillance systems, however, typically through executive order or soft law demonstrates how fast technological potential can outpace constitutional orthodoxy and parliaments (GIGA, 2024). It is this gap that explain why it is necessary to reconceptualise the constitutional limits in a situation in which power is exercised not only by explicit legal commands but also by architectures of visibility and traceability.

Why constitutional limits have become critical

Digital governance in India has re-established the power system between the state and the individual where datafied identity and continuous authentication prerequisites to access basic rights, social protection, and market entanglement (Chander & Sun, 2023; GIGA, 2024). With the protection of access to food rations, bank accounts, and SIM cards by a single biometric identifier, the possibility of a violation of privacy is not only a risky outcome but also a structural dependence on the digital infrastructures of the state, where, in case of errors, omissions, or abuse, a lack of life and dignity may be transformed into direct consequences (Human Rights Watch, 2018, 2019; GIGA, 2024). The constitutional constraints in this regard should not only concern the traditional issues of reasonableness and procedure, but the architecture of systems, the rationales of data gathering and allocation of control over information.

The acknowledgment of privacy as a fundamental right and the further involvement of the Supreme Court with Aadhaar give a preliminary guide to the assessment of digital state power using the tests of legality, necessity, and proportionality (Supreme Court Observer, 2023; Human Rights Watch, 2018). Nevertheless, the line between the public and the private power is increasingly blurred as digital public infrastructures become increasingly entrenched and private actors receive controlled access to the core identity layers and authentication (Tech Policy Press, 2025; Chander and Sun, 2023). This emerges with new concerns regarding the horizontal exercise of basic rights, the responsibility of hybrid public-private governance patterns, and sufficiency of sectoral data-protection laws.

The research on the topic of constitutional constraints to digital governance in India should thus question how principles of privacy, equality, due process and free expression may be realised in a context of governance by obscure algorithms, databases, and real-time surveillance (Chander and Sun, 2023; GIGA, 2024). It also needs to pose the question of how the constitutionalism is also changed as the state power is exercised in the case of the code that is hard to challenge, comprehend or even visualize. Placing Digital India, Aadhaar, and digital surveillance in the context of this larger transformation of paper into platform, this type of study can be used to clarify both the dangers of unchecked digital state power and the opportunities of that state reasserting its constitutional limitations in the era of data-driven governance.

1.2.1 The Rise of Digital Infrastructure in India

The Indian digital infrastructure has also developed at a very high pace, and this is the basis of highly comprehensive state governance; this has cast doubts on the individual rights as per the constitutional boundaries. In this section, the author will look at some of the milestones in the early e-governance initiatives and flagship programs under Digital India.

Early Foundations

The digital drive of India started with the National e-Governance Plan (NeGP) adopted in 2006, which provided basic infrastructure such as State Data Centers and Common Service Centers to provide public services on an electronic platform (National e-Governance Plan, 2006). This project was comprised of 27 Mission Mode Projects to enhance the efficiency, transparency and accessibility of government services (Department of Administrative Reforms and Public Grievances, n.d.). NeGP also made it easy to integrate technology in the governance system where paper-based systems were replaced by an online platform.

Launch of Aadhaar

Unique Identification Authority of India (UIDAI) launched the Aadhaar project in 2009 whereby the first number was issued in 2010 to facilitate biometric-based identity authentication of more than 1.3 billion citizens (UIDAI, 2010). By 2026, Aadhaar had close to universal coverage among adult population enabling direct benefit transfers and saving billions of economic value in leaking into the system (Nasscom, 2024). Its growth in Digital India increased the surveillance skills of states and the question on the privacy was raised in reference to Article 21 of the Constitution.

Digital India Flagship

Digital India, a program to bring together the efforts to provide broadband infrastructure as a utility, the provision of on-demand governance, and empowerment of citizens digitally was launched on July 1, 2015, by Prime Minister Narendra Modi (Digital India Programme, 2015). BharatNet rural broadband, which will involve more than 2.18 lakh Gram Panchayats with 6.92 lakh km of optical fiber by 2025 are pillars (BharatNet Update, 2025). This initiative has increased internet subscribers, who were 251 million in 2014 to about 954 million in 2024, mostly in the rural regions (Wikipedia, 2024).

Key Pillars: UPI and BharatNet

In 2016, Unified Payments Interface (UPI) changed things and now it has 20 billion transactions every month with an ultimate target of 20 billion by August 2025, and this will greatly boost the GDP (NPCI, 2025). Under the name of BharatNet, which was launched in 2011 and stepped up in 2015, the widening gap between urban and rural areas was bridged, allowing e-health, e-education, and governance in the remote locations (PRS India, 2026). These stacks have become the Digital Public Infrastructure (DPI) of India, which affects 97% of the population but puts additional pressure on state power and individual rights such as privacy of data.

Implications for Governance

This network boom has enabled state control with real-time data analytics and AI integration, such as cloud expansions such as MeghRaj in serving 300 plus departments (PIB, 2025). Nevertheless, it puts constitutional balances to the test, and decisions such as Puttaswamy (2017) by the Supreme Court infer privacy as a fundamental right, but there are still loopholes in strong data protection.

1.2.2 The Shift from Administrative to Algorithmic Governance

Traditional Administrative Governance

The conventional administrative governance was based on the use of human bureaucrats who used rigid rules and discretion to make decisions in the face of the population. Several key elements of this model included procedural fairness, accountability by a hierarchical means of oversight and judicial review of discretionary actions. Human judgment provided opportunity to place it in context, but it was vulnerable to inconsistencies, corruption and delays (Sharma, 2025).

Emergence of Algorithmic Governance

The move towards data-based, automated, algorithmic governance is characterized by AI, machine learning, and predictive analytics to make decisions on such matters as welfare distribution, policing, and service delivery. It uses computational logic, pattern recognition and big data to process enormous inputs, unlike bureaucratic discretion, which offers scalability and minimized bias due to human error. The transformation restructures the work of the public institutions and tends to produce the micro-directives through past data instead of general rules (Katzenbach and Ulbricht, 2019).

Key Drivers of the Shift

The shift is dictated by the necessity of modernization in the context of complicated needs of people, and administrations turned to AI to predictive policing, biometric checks, and resource allocation. Infrastructure projects such as the Aadhaar in India are examples, which automate eligibility checkups but increase the chances of marginalized groups falling out of the net. The world pressures, such as efficiency requirements and demands of post-pandemic services, drive its adoption, but in many cases, without sufficient ethical frameworks (Sharma, 2025).

Constitutional Implications

This change undermines the jurisdiction of state power by creating opaque “black boxes” which cannot be subjected to conventional scrutiny, endangering such rights as privacy and non-discrimination, due process. The concept of algorithmic opacity contravenes the principle of audi alteram partem (hear the other side) and reasonableness as the ruling becomes incomprehensible and difficult to challenge. It is dangerous in enhancing biases of corrupted information, undermining human rights, and increasing state surveillance that cannot be accounted (Katzenbach and Ulbricht, 2019).

1.3 Statement of the Problem

The underlying legal issue of your dissertation, Constitutional Limits on Digital Governance: A Study of State Power and Individual Rights is that the modern structure of digital governance allows the state to extend its surveillance, data-processing and content-control authority in a manner that can be systematically used to sabotage constitutional guarantees of privacy, free speech, and due process and that the current statutory framework is technologically obsolete, disjointed and weak in institutions to effectively check it.

  1. The constitutional conflict in digital governance

The main opposition is the clash between the interests of the state to efficiency, security, and regulatory convenience on the one hand, and the basic rights of the citizen on the other hand. States are moving towards greater dependence on digital systems, including national identity databases, biometric systems, real-time surveillance grids, and algorithmic decision-making systems, to streamline their service delivery, improve policing, and fight terrorism or fake news (Faisal, 2026; Yadav and Tyagi, 2026).

Nevertheless, these same tools tend to be used with broad data-collection activities, opaque algorithms and little pre-hoc control, which may infringe on the rights safeguarded in the constitutional provisions. Particularly, the right to privacy ensured under the jurisdiction of Article 21 in India after the historic case Justice K.S. Puttaswamy (Retd.) v. Union of India (2017), where unbridled surveillance systems were major threats (Yadav & Tyagi, 2026; Faisal, 2026).

Likewise, the freedom of speech and expression in Article 19(1)(a) is infringed when the grounds sought under digital governance measures do not respond to the requirements indicated in the constitution as reasonable, necessary, and proportionate (Yadav and Tyagi, 2026). Moreover, equality principles and non-arbitrariness principles as implemented in Article 14 are at stake, especially the situation when algorithmic profiling or bulk-data surveillance is used against marginalised people on a disproportional basis (Yadav & Tyagi, 2026; Faisal, 2026). This intrusion goes as far as due process and effective remedies, including the right to know why a decision based on data-driven factors, like failure to receive welfare benefits, a predictive-police flag, a content-takedown, etc., was made, and the right to do so successfully (Yadav and Tyagi, 2026; Faisal, 2026).

The issue of law therefore is not about the presence of state digital power, but its functioning outside or outside the constitutional guardrails. It is practiced in a technically opaque, procedurally weak, and legislatively permissive way that generates a great disconnect between the possibilities of states and the protection of individual rights.

  1. State power and its digital expansion

The digital governance agenda of the state is typically supported by forceful demands that go as far as national security to efficiency in their welfare. The systems such as the National Intelligence Grid (NATGRID) developed in India are security-driven, and they compile data in travel, finance, telecom, and identity databases (Faisal, 2026). In line with this, the state aims at achieving welfare efficiency and service delivery via Aadhaar-connected databases, e-governance portals, and digital welfare schemes (Yadav and Tyagi, 2026).

Also, the regulation of content and maintenance of the order in the population are among the main reasons, particularly those related to hate speech, misinformation, and information connected with national security on the Internet (Yadav and Tyagi, 2026). As a matter of practice, though, these aims tend to turn into mass surveillance, algorithmic profiling, and preventive curtailment of online expression. This results in the establishment of a sort of permanent potential of surveillance as opposed to sporadic surveillance, thus chilling self-expression and associative privacy (Faisal, 2026). In addition, these systems allow automated or near-automated decision-making without any significant human review, transparency, and appeal, which does not align with due-process values (Yadav and Tyagi, 2026).

  1. Individual rights under strain

At the same time, the concept of individual rights in cyberspace is becoming more fragile since in the digital era, privacy is not only about the physical or bodily intrusion, but also about informational privacy, digital identity, and the power to oppose to mass surveillance and uncontrolled data aggregation (Faisal, 2026; Yadav and Tyagi, 2026). However, numerous executive-based surveillance and data-sharing activities do not contain clear, open, and strictly described statutory mandate. To make the matter worse, the freedom of speech and expression over the internet is subject to overlapping, frequently ambiguous, and over- broad restrictions in legislation including the Information Technology Act, 2000 (India), intermediary-takedown notices, and obscure content-moderation guidelines, which can be enforced as prior restraints (Yadav and Tyagi, 2026).

In addition to substantive rights, algorithmic prejudice and predictive policing systems tend to undermine equality and non-discrimination by supporting the status quo along social fault-lines (caste, religion, class, region) in the guise of being neutral technical systems (Faisal, 2026). Moreover, the lack of due process implies that citizens do not even know how decisions based on data are made, cannot challenge opaque profiling, and have no effective recourse to inaccurate and discriminatory decisions (Yadav and Tyagi, 2026; Faisal, 2026).

  1. Outdated, insufficient, or fragmented legal frameworks

It also adds to the legal difficulty, that the current laws and institutions are usually poorly placed to limit digital state power. Main tools of cyber-law, including the Information Technology Act, 2000, and the associated rules that have been developed in India, were historically written in a less technology-focused world and fail to govern the elements of algorithmic governance, platform-centric speech, and mass-data ecosystems (Yadav and Tyagi, 2026; Agarwal, 2020). Moreover, the data-protection and privacy legislation, including the Digital Personal Data Protection Act, 2023, India, or its earlier incarnations, Bills, are still in development. They have enforcement loopholes, institutional autonomy, and regulation of cross-border dataflows, which enable state agencies and non-state actors to utilize grey-zones (Yadav and Tyagi, 2026; Faisal, 2026).

Even though the constitutional rights to privacy (Puttaswamy) and proportionality of speech censorship (Shreya Singhal v. Union of India, 2015) are asserted. Courts, legislative and executive reactions have identified them with these principles usually being watered down or evaded by broad exemptions, imprecise benchmarks, or out-of-control executive authority (Yadav and Tyagi, 2026). Also, there is no consistent, intersectoral constitutional-cum-digital-rights framework to ensure that any legal, necessary and proportionate standards of legality, necessity and proportionality exist among the state-led digital systems (Yadav & Tyagi, 2026; Faisal, 2026), although there are industry-specific regulations (RBI, SEBI, UIDAI, etc.) that offer fragmented protections.

Overall, the legal issue of this dissertation is how state legitimate purposes in governance of digital processes (security, efficiency, law and order) can be balanced against the constitutional rights to privacy, free speech, equality and due process. This difficulty is encountered in the situation when the current legislation and institutions are either technologically backward, divided, or institutionally fragile to establish any significant restrictions on digital state power (Yadav and Tyagi, 2026; Faisal, 2026; Agarwal, 2020).

1.3.1 Expansion of State Surveillance Powers

Expansion Overview

Digital technologies have expedited the growth of state surveillance authority by facilitating the unlimited collection of data and the constitutional boundaries have been difficult in defending the rights of the individual. Laws that regulate this in India are developed during the colonial era such as Indian Telegraph Act of 1885 and new laws and amendments have been made in response to global disclosures such as the Snowden leaks (Mohanty, 2016). The expansion tends to put security above privacy leading to judicial questionability.

Historical Foundations

The powers to perform surveillance can be traced back to the Indian Telegraph Act, 1885  (§5), that permitted the interception in the conditions of the public emergency or the public safety and then was extended with the 1972 amendment to include the sovereignty and the public order without being clearly defined (Mohanty, 2016). This was replicated in the Indian Post Office Act, 1898 (§26), in relation to postal communications and the Information Technology Act, 2000 (§69), in relation to cyber networks, eliminating some of the emergency requirements (Record of Law, 2026). These laws, which were based on the colonial domination, continued even after independence with slight reforms until it was raised by the population.

Key Expansions and Mechanisms

Post-9/11 global trends influenced expansions, such as the U.S. PATRIOT Act’s Section 215 enabling bulk metadata collection, inspiring similar Indian provisions under FISA-like frameworks (ACLU, 2005). In India, Rule 419A (Indian Telegraph Rules, 1951) and IT Rules (2009) added procedural safeguards like review committees after the PUCL v. Union of India (1997) ruling, but allowed interception for up to 180 days with executive approval (Mohanty, 2016). Digital tools like Central Monitoring System (CMS) further centralized powers, bypassing telecom providers directly.

Constitutional Tensions

These extensions are inconsistent with Articles 19 (free speech) and 21 (privacy) of the Indian Constitution, and these were upheld by Justice K.S. Puttaswamy v. Union of India (2017), which required a proportionality test: legitimate goal, rational nexus, minimal intrusion, and balancing (IJLLR, 2026). Such ambiguous definitions as that of a public emergency allow arbitrary executive enforcement, not subject to judicial review in the first instance, as is the case with the U.S. Fourth Amendment warrants post-Carpenter v. United States (2018) obligating warrants on location information (ACLU, 2023). Critics believe that this puts the power in the hands of the state and rights are curtailed without proper checks.

Implications for Rights

The unregulated growth can lead to a surveillance society, profiling of opponents and vulnerable groups, which in case of an emergency has been alleged to be misused by politics (Brennan Center, 2024). Reforms such as the obligation to issue warrants, the independent control, and the notification after interception are recommended to be in line with privacy as a fundamental right (Record of Law, 2026).

1.3.2 Erosion of Fundamental Rights in the Digital Sphere

Although digital governance ventures are meant to enhance efficiency, they have since led to the promotion of basic rights like privacy, freedom of expression, and access to information by pervasive surveillance and repressive actions. In India, biometric information has been compromised by schemes such as Aadhaar, and they have been denied access to basic services, which is a right to privacy established as a fundamental right in Article 21 of Justice K.S. Puttaswamy (Retd.). v. Union of India (2017). Equally, regular internet outages, the highest in several years, suppress speech under Article 19(1)(a) and livelihoods under Article 19(1) (g) as declared unconstitutional in case of indefinite or disproportionate bans in Anuradha Bhasin v. Union of India (2020).

Privacy Violations via Mass Surveillance

The IT Act 2000 mass surveillance tools and exemptions in the Digital Personal Data Protection (DPDP) Act 2023 do not pass the proportionality test of legality, necessity, and balancing test of Puttaswamy that allows executive access to personal data indefinitely and without judicial checks and balances. The mandatory welfare-related Aadhaar has left millions of people without food rations and jobs because of authentication failures, an example of what is known as digital exclusion and is degrading to dignity and equality under Articles 14 and 21. Records of information spillage by government applications such as Diksha also subject children to unwarranted surveillance, a very low level of principles under data minimization.

Suppression of Freedom of Expression

Internet blockages cause such a chilling effect that they inhibit dissent, journalism, and protests by cutting the information flow, as in the 83-day internet blackout in the ethnic violence of Manipur, which postponed the reporting of abuse. The IT Rules enforce the idea of traceability, undermining end-to-end encryption in systems such as WhatsApp and giving government fact-checking departments the freedom to censor at will, endangering media free speech. In Kashmir after 2019, restrictions were in place that were violating Article 19 and the court ordered that the proportionality of restrictions should be reviewed periodically.

1.3.3 The Lag Between Technology and Constitutional Safeguards

One of the structural issues of particular persistence and importance in digital governance is the temporal and doctrinal gap between the rate of technological change and the creation of constitutional protections. The technologies of artificial intelligence, biometric surveillance, facial recognition systems, and algorithmic decision making develop very fast and constitutional frameworks, judicial precedents, and statutory protections are relatively stagnant, frequently based on assumptions of privacy, liberty and state power developed during the analog era (Skolnik, 2023; Rosen, 2016; Kolnik, 2024). This gap gives state and non-state actors the ability to use digital tools in grey zones in constitutional doctrines by existing rules and regulations that are underdeveloped when it comes to evaluating proportionality, necessity, or legality (Han, 2021; Skolnik, 2022; ForumIAS, 2025).

Practically both law making and judicial interpretation lag behind technology. Instead of adjusting the rights protections to the emerging architecture of digital governance, legislatures and courts habitually react to harms materialising, e.g. by mass surveillance, opaque profiling, or algorithmic discrimination (Snead, 2020; Kolnik, 2024; IJEDR, 2026). Consequently, technologies such as predictive policing and social credit type analytics and automated content moderation are more likely to increase state power and individual influence without undergoing full constitutional scrutiny on its reasonableness, proportionality, and due process (Han, 2021; Vision IAS, 2026; Civilsdaily, 2025).

Such a lapse can also be seen through the disintegration and outdatedness of current legal tools. In India, an example is that the Information Technology Act, 2000, and early stage data protection and privacy jurisprudence were never created to foresaw the consequences of AI driven surveillance, big data based profiling, or platform mediated censorship, with the fundamentals of commitment in Articles 14, 19, and 21 not being sufficiently operationalized in the digital domain (Supreme Court, 2017; Insight IAS, 2025; NSU Undergraduate Law Journal, 2025). According to scholars, this is the operation of a one-way ratchet where state and corporate authorities are expanding due to new technologies as the protection of rights is shrinking or stagnating, in the precise sense that the doctrine and the laws are not keeping up with the technological change (Skolnik, 2022; Kolnik, 2024; Snead, 2020).

This gap should be bridged by what is starting to be called digital constitutionalism: a normative and institutional initiative to provide explicit extensions of constitutional principles, including legality, necessity, proportionality, equal protection, and accountability, to the design, deployment, and oversight of digital governance systems (Fortier, 2022; Insight IAS, 2025; Vision IAS, 2026). This can include re interpreting constitutional guarantees (e.g. privacy in Article 21) in the context of digital surveillance and data driven decision making in the doctrinal form and independent oversight bodies, audit of algorithms, and rights-based design criteria that preempt other technological invasions into individual rights in the institutional form (Han, 2021; Insight IAS, 2025; Kolnik, 2024).

 

1.4 Research Questions

This dissertation was guided by the following core research questions:

  1. To what extent do existing constitutional provisions limit state power in digital governance?
  2. Are current statutory frameworks, particularly the Information Technology Act, 2000 (as amended) and the Digital Personal Data Protection Act, 2023, compliant with the constitutional standard of proportionality?
  3. How have Indian courts interpreted and enforced constitutional safeguards in cases involving digital surveillance, internet shutdowns, and intermediary regulation?
  4. Do existing oversight and remedial mechanisms sufficiently protect individuals against arbitrary or disproportionate digital intrusions?

1.5 Objectives of the Study

The main aim of the dissertation was to critically analyze the constitutional limits of digital governance in India and evaluate the sufficiency of the legal mechanisms in the country to balance state power with the civil liberties of individuals.

To Analyze the Constitutional Validity of Digital Governance Measures

The research intended to investigate whether the digital governance provisions, whereby surveillance laws, internet shutdown rules, intermediary guidelines, and data protection laws follow constitutional provisions of Part III, especially Articles 14, 19 and 21 of the Constitution.

To Evaluate the Efficacy of Judicial Safeguards

The study aimed at assessing the efficiency of judicial review in protecting the basic rights in the cyber space. It examined landmark precedents to establish whether the court has put any substantial limits on overly executive discretion.

To Propose a Framework for Balancing State Power and Individual Rights

The dissertation aimed to suggest some principled reforms based on the constitutional doctrine and best practices. The aim was to present a framework that will see digital governance measures meet the demands of legality, necessity and proportionality.

1.6 Hypothesis

The current legal framework governing digital governance in India grants excessive discretionary power to the State and, in several instances, fails to satisfy the constitutional standard of proportionality.

1.7 Scope and Limitations of the Study

1.7.1 Jurisdictional Scope

This case was limited to the Indian Constitutional Law. Although some comparative lessons were also adopted based on courts like European Union and other constitutional democracies, the fundamental analysis was based on the constitutional system, statutory framework and judicial precedents of India.

1.7.2 Thematic Scope

The thematic scope of the current paper was limited to three constitutional principles that were established under the digital environment: privacy, freedom of speech and expression, and due process and equality. This analysis took the focus of how these fundamental rights were invoked by state action in spheres of surveillance, data management, and regulation of the internet. It did not provide a thorough discussion of economic regulation, mechanisms of cybercrime enforcement, or even the purely technical aspects of cybersecurity, unless they directly or indirectly intersected with or impacted on constitutionally guaranteed rights.

1.8 Significance of the Study

This study has significance due to the increasing growth of the state power in digital space and the simultaneous susceptibility of individual rights.

1.8.1 Contribution to Constitutional Jurisprudence

The study fits in the constitutional literature by introducing the proportionality doctrine to the digital governance systems in a systematic manner. It drives the precision of doctrine on the boundaries of executive discretion in other fields like surveillance, data gathering and regulation of online speech.

1.8.2 Policy Implications for Digital Regulation

The results of this dissertation provided both practical and normative information to several stakeholders operating in the field of digital governance. The study was also helpful to policymakers who needed to draft constitutionally viable digital laws that would conform to basic rights and the proportionality norm. To the judiciary, it helped in perfecting the proportionality analysis to use in new technological disputes on the issues of surveillance, data protection, and regulation of online speech. The structured constitutional critique of the study was advantageous, as it assisted the civil society organizations in the advocacy and reform efforts based on rights. Also, the study enhanced the scholarly discussion as it enhanced inter-disciplinary interaction between constitutional law and technology governance. Generally, the dissertation served as a confessional critique of the current frameworks as well as a reform based road map on how to strengthen constitutional governance in the digital age.

1.9 Research Methodology

The research design used in this dissertation was a Doctrinal Research Design that was based on critical and analytical legal scholarship. Primary sources such as constitutional provisions, statutes, judicial precedents, executive notifications and policy documents were systematically located using complex Boolean search strategies in SCC Online.

The analytical framework incorporated:

  • Hermeneutic Analysis (statutory and constitutional interpretation),
  • The Proportionality Test (four-pronged rights adjudication),
  • Comparative Legal Analysis, and
  • Gap Analysis (identification of lacunae in existing law).

This multi-dimensional approach promoted the idea that the study was no longer descriptive exposition but has involved a normative assessment of whether the Indian digital governance regime is in line with the constitutional standards.

 

 

 

Chapter 2: Research Methodology

2.1 Research Design

This dissertation has adopted a Doctrinal Research Design. The choice of this design was due to the fact that the essence of the inquiry was the meaning of legal norms, constitutional provisions, and judicial precedents that determined the limit between state power in the digital space and civil liberties of an individual. The paper used a Critical and Analytical method in order to check the effectiveness of the existing constitutional protections in India. It was designed in such a way that it was possible to do a normative analysis of what the law should become in terms of digital rights and an ex post facto analysis of the existing statutes in order to see gaps in protection. An element of comparison was integrated to compare Indian constitutional practices against the world standards where applicable.

2.2 Data Collection Procedure

2.2.1 Database and Search Strategy

SCC Online is a leading commercial legal database, which is known to be of great coverage when it comes to the Indian case law, Indian statutes, and legal commentary. Primary and secondary sources of law have been sourced systematically through the SCC Online.

Structured Boolean search strings were used to conduct the data collection process in such a way that it guaranteed methodological transparency and replicability.

2.2.2 Inclusion and Exclusion Criteria

The documents were considered as part of the analysis when they: (i) directly engaged with constitutional and statutory approaches to the Indian judicial approach to the digital; (ii) critically reflect on how state power intersects with individual rights in the digital environment; or (iii) offered analogous analysis of other constitutional democracies when applied to the Indian context. Materials were filtered out that: (i) were technically or non-legal only (e.g. unverified blog posts, non-peer reviewed opinion pieces); (ii) where their subject matter did not have relevance to the constitutional structure of any particular jurisdiction in comparison with others; or (iii) did not have authoritative provenance (e.g. unverified blog posts, non-peer-reviewed opinion pieces).

2.2.3 Types of Sources Sought

The search strategy was retrieved to bring two levels of wide materials necessary in analysing doctrines. The primary sources included binding legal documents like constitutional texts, statutes and amendments, judicial precedents given by the Supreme Court and the High Courts of India, executive orders and policy documents by competent authorities. In addition to these, secondary sources were used to comment critically and offer a contextual analysis that included peer-reviewed journal articles, academic books, Law Commission and Parliamentary Committee reports, international human rights instruments, and reports by established civil society groups and think tanks. To ascertain methodological rigour, all the sources that were retrieved underwent relevance, authority, and currency screening before being available in the analysis framework.

2.3 Method of Analysis

The information obtained because of a systematic search procedure above was analysed and interpreted with the help of a multi-dimensional analytical structure. This strategy made sure that the doctrinal research did not only end up in description, but rather critical analysis on the constitutional soundness of digital governance in India. The analytic techniques used were as follows:

2.3.1 Hermeneutic Analysis (Statutory and Constitutional Interpretation)

This approach was used to decode the textual and contextual interpretation of the legal provisions regarding digital governance. The statutory interpretation principles (literal interpretation, purposive interpretation, and contextual interpretation) were used to find out whether existing laws conformed to constitutional requirements. The provisions of the constitution concerning the basic rights were construed based on the changing judicial doctrine where special references were made to the historic cases that transformed the concept of privacy, freedom of speech and due process in the digital world. The terms of the law that were not clear and used as justification to commit digital intrusions were carefully reviewed to determine whether they created sufficient legal clarity or put too much discretionary authority in the hands of the state.

2.3.2 The Proportionality Test

This is in accordance with the doctrinal change made in the case of Justice K.S. Puttaswamy (Retd.). v. Union of India, the proportionality test was applied as the main analytical tool of resolving conflicts between the state power and the rights of individuals. The Four-Pronged Proportionality Test was applied in a systematic manner to measures of digital governance found in the process of data collection. The measures under the Legitimate Goal prong were determined on whether they sought a valid state interest as stipulated in the constitutional law. The Suitability prong was used to determine the rational relation between the step and the stated purpose with the help of accredited judicial arguments, and the Necessity prong was used to find less restrictive ways of accomplishing the same aim. Lastly, the Balancing stage mandated that the relative weight of interest of the state be balanced with the weight of infringement of individual rights and resorted to judicial balancing in similar precedents.

2.3.3 Comparative Legal Analysis

India used the constitutional boundaries of digital governance in comparison to other constitutional democracies to avoid jurisdictional myopia and see what other transferable best practices they could be. This comparative exercise concentrated on determining jurisdictions that had strong data protection regimes and had well-established digital rights jurisdiction. In the analysis, it has been investigated how the same constitutional tensions like security and liberty, innovation and regulation had been resolved in other regions, so as to find out the safeguards that could be introduced to fortify the Indian framework without undermining its constitutional identity.

2.3.4 Gap Analysis (Lacunae Identification)

This approach entailed the overlay of the accelerating pace of digital technologies with the relatively slow pace of changes in constitutional text and existing laws to determine regulatory gaps. Three dimensions were analyzed: (i) technological obsolescence, where new tools like artificial intelligence, facial recognition, and predictive policing were acting outside of the views of current statutory provisions; (ii) extra-legal practices, where state surveillance or data collection was being done without an apparent statutory provision or judicial review; and (iii) remedial inadequacy, where the current constitutional or statutory remedies were found to be insufficient to mitigate new forms of digital harm. This analysis of gap informed the normative recommendations that were being developed in the final chapter

2.4 Analytical Structure

The study was structured in a thematic manner to make sure that there was a logical flow between the constitutional theory and its practical application and reform. The dissertation was divided into five separate chapters starting with Conceptual Framework which defined the background definitions of digital governance in constitutionalism and placed the discussion in the text and structure of Part III of the Constitution. The scope and boundaries of the powers of state surveillance and data collection were subsequently examined by the Power Axis within the existing statutory and executive structures. The Rights Axis then considered the issue of privacy, free speech and due process protection in the digital era, as to the changing judicial interpretation. The Judicial Response thereafter summarized the jurisprudential interpretations of constitutional restrictions on digital governance and found trends in the doctrines and missing contradictions. Lastly, the Recommendations chapter suggested some principles of a constitutionally sound framework of digital governance in India based on comparative insights and gap analysis outcomes.

2.5 Methodological Rigour and Limitations

A search log was kept maintaining methodological rigour which included records of database queries, filter applications, date of access and screening decisions. The analysis of the doctrines was provided with references to the order of the authority of laws and the precedence of the judgments and to the time-value of the statutory provisions.

The major flaw behind this doctrinal approach was that it used published legal materials, which are not necessarily a comprehensive source of extra-legal practice, implementation gaps, or lived experience of rights violations. Nonetheless, this drawback was alleviated by using authoritative reports by civil society organizations and parliamentary committees that recorded empirical realities into the analytical context. The research involved no human subjects or primary data gathering hence there was no need of ethical clearance of the empirical research.

 

 

 

Chapter 3: Review of Literature

3.1 Conceptualising Digital Governance within Constitutional Frameworks

3.1.1 From Traditional E-Governance to Digital Statecraft: Evolving Definitions

The use of information and communication technologies (ICT) in the delivery of government services, exchange of information, and system integration across the government-to-citizen (G2C), government-to-business (G2B), and government-to-government (G2G) interactions are the main characteristics of traditional e-governance. It is an evolution of the simple digitization and information distribution in the 1970s1990s that advances to phase levels of interaction, transaction, and transformation and may aim at efficiency, transparency, and access to citizens through portals and online services (Digital Statecraft Academy, 2025; Fourcade & Gordon, 2020).

Digital statecraft, in contrast, is a paradigm shift that is even greater than the digitalization of old processes to become the art, science, and practice of authoring and running public institutions in the era of AI, big data, and algorithmic systems. It focuses on active leadership to lead with technology, to predict disruptions, to incorporate ethical values, to create hybrid institutions, and to provide public value, rather than maximizing value, in constitutional structures, and deals with the state power relations and rights of individuals (Backus, 2001; Wikipedia contributors, 2026).

This development is symptomatic of the shift in service delivery practices towards being strategic and long-term in nature, which is governed by digital tools, where sovereignty, accountability, and democratic legitimacy are refracting the tension between state expansion and rights protections (Marche, & McNiven, 2003).

3.1.2 Constitutionalism in the Digital Age: Theoretical Perspectives

Constitutionalism modifies fundamental values, including the protection of rights and the restriction of power, to the digital issues of state surveillance and power of tech corporations. Theoretical approaches underline the necessity to develop such values during the era of Internet fragmentation, polarization, and hybridization (Celeste, 2020).

Core Concepts of Digital Constitutionalism

In digital constitutionalism, values of contemporary constitutionalism rule of law, democracy, separation of powers and human dignity are applied to the digital society, remedying the power imbalances of both states and tech giants. It is a new constitutional moment in which the analogue norms are ineffective to withstand the digital complexities, leading to the realization of the multilevel normative responses such as data protection laws. Contrary to constitutionalisation (a process), constitutionalism is an ideology that has been changing over time, now not only on the scale of states but also on the global and private scales (De Gregorio & Radu, 2022).

Fragmentation and Rights Protection

Internet fragmentation, through national firewalls or protocol alternatives such as the New IP in China, is a danger to the enjoyment of uniform rights leading to splinternets with freedom depending on jurisdiction. This calls into question the universality of constitutionalism with surveillance states gaining power and liberal states attempting to exercise restraint privately. To protect privacy and expression, theorists support multilevel protections (state, regional, global) as the solution to such balkanization (Insights on India, 2025).

Polarization and Sovereignty

US-led models of decentralization are pitted against Chinese models of centralization, which have ideological differences embedded in such standards as 5G or cyber protocols. The discourses of digital sovereignty, both EU autonomy and authoritarian controls, push constitutional boundaries of state authority, and may lead to mass surveillance without a proportional increase in its value. Such views as societal constitutionalism consider it to be a criticism, calling for norms that would reconcile sovereignty and individual autonomy (Redeker et al., 2022).

Hybrid Powers and Accountability

The process of hybridization erases the border between the public and the private, and algorithms on platforms have the effect of performing quasi-sovereign roles, bypassing the conventional checks. In non-liberal conditions, companies such as Huawei facilitate state surveillance; in liberal ones, GAFAM apply self-regulation to the content, which influences speech without regulation. Digital constitutionalism will require remedies, audits, and rule-of-law submission in a bid to curtail unaccountable hybrid powers (Ullrich, 2023).

3.1.3 The Tension Between Efficiency and Liberty: Scholarly Debates

The academic discourse on the dilemma between effectiveness and freedom in the digital administration exposes the way condition states seek to streamline their administrative procedures and surveillance to ensure security at the cost of the individual right to privacy and free expression. Digital constitutionalism can be viewed as a system to redress such balances, carrying the conventional constitutional boundaries to the more private technological forces competing with the state (De Gregorio and Radu, 2022). This section will discuss some of the main arguments, efficiency-oriented models versus liberty protection.

Efficiency Imperatives in Digital Statecraft

AI, big data, and surveillance are used by governments to gain more opportunities in their work, including better implementation of policies and detection of threats by justifying that these measures increase the capacity of states and improve the welfare of people (Estonian e-Governance Report, 2025). Researchers observe that a centralized cyberocracy has short-term benefits to speed and cost-saving but poses a vulnerability in the long term because of the lack of democratic controls (Snower et al., 2020). In India, digital technologies such as Aadhaar are an example of efficiency in the service delivery process, but the systems raise apprehension about the scale of data collection at the expense of privacy (Vidhi Centre, 2025).

Liberty’s Erosion Under Surveillance

Opponents argue that efficiency excuses socialize widespread surveillance to establish a chilling effect of dissent and association, whether through biometric systems or internet blackouts (Ada Lovelace Institute, 2021). Online surveillance removes the state-corporate distinction, and websites like Meta have become pseudo sovereigns regarding speech, and rule-of-law is no longer accountable to them (De Gregorio and Radu, 2022). Habermas-related approaches define privacy as a structural right of the democratic discourse and threatens that uncontrolled data exploitation disintegrates the rights within polarized technospheres (Surveilled Democracy Study, n.d.).

Balancing Paradigms and Proposals

The turn of debate is based on qualitative priority, where liberty takes precedence in cases where surveillance impairs democracy as an institution, where authoritarian models impose control in the protocol such as the New IP in China (De Gregorio and Radu, 2022). The transparency and subsidiarity of democratic designs, as well as, the control of user data, provide a better holistic efficiency than an authoritarian centralization (Estonian e-Governance Report, 2025). Such EU laws as the DSA are digital constitutionalism, as they introduce horizontal rights impacts on platforms, limiting hybrid powers (Ada Lovelace Institute, 2021).

Instead, the democratic design school advocated distributed digital structures and institutional checks as the means of creating resilience, openness and popular confidence. This strategy was based on constitutional protections, system oversight, and participatory governance in digital systems. Researchers, such as Estonian researchers (2025) claimed that including accountability mechanisms in technological design enhanced the legitimacy and improved the basic rights protection at the same time as enabling the efficiency of functions.

In contrast, the democratic design perspective promoted distributed digital architectures and institutional checks as mechanisms for fostering resilience, transparency, and public trust. This approach prioritized constitutional safeguards, independent oversight, and participatory governance in digital systems. Scholars, including Estonian researchers (2025), argued that embedding accountability mechanisms within technological design strengthened legitimacy and better protected fundamental rights while maintaining functional efficiency.

The platform hybridity approach focused on the increasing importance of commercial technology firms in content control and online regulation. It recognized that with the help of automated moderation systems, the platforms were able to handle content on a large scale, which increased the efficiency of operations. This model was however criticized to enable the circumvention of traditional democratic accountability to the influence of the private norms and the algorithmic decision-making processes. The issue of privatized government has been noted as dangerous by de Gregori and Radu (2022), and establish better regulations and transparency requirements to protect the rights of individuals.

 

3.1.4 The Concept of “Digital Constitutionalism” in Indian Jurisprudence

Digital constitutionalism can be defined as the extrapolation of the fundamental constitutional concepts on privacy, equality, dignity, and due process become relevant in the digital realm, and hold state and non-state forces in data collection, surveillance, algorithms, and platforms to constitutional standards (Sharma, 2025). This notion has developed within the Indian jurisprudence by the landmark cases of the Supreme Court that have redefined basic rights in Articles 14, 19 and 21 as a response to the challenges of the digital age such as Aadhaar biometrics, internet blockages, and e-KYC exclusion (StudyIQ, 2025)

Foundational Judgments

The Supreme Court in Justice K.S. Puttaswamy v. Union of India (2017) incorporated privacy in Article 21 as inherent right to life and personal liberty, so that any digital intrusion, i.e. biometric data gathering, must pass a three-fold test of legality, necessity and proportionality (Sharma, 2025). This decision gave the conceptual foundation of digital constitutionalism by overturning unrestricted state surveillance and requiring data minimization, and has informed future legislation, such as the Digital Personal Data Protection (DPDP) Act, 2023 (Global Freedom of Expression, 2023).

In Anuradha Bhasin v. Union of India (2020), deemed that unrestricted internet shutdowns do not comply with the freedom of speech and expression (Article 19(1)(a)) and trade (Article 19(1)(g)) and that internet access and access to the internet are facilitators of fundamental rights and that such actions need a proportionality review (Global Freedom of Expression, 2023).

Recent Developments on Access and Inclusion

Recent cases like Amar Jain v. Union of India (2025) and Rajive Raturi v. Union of India (2024) declared digital access—essential for e-governance, welfare, and KYC processes—a facet of Article 21’s right to life with dignity, directing inclusive reforms for persons with disabilities under the Rights of Persons with Disabilities Act, 2016 (Vidhi Centre for Legal Policy, 2025). These resolutions highlight that the concept of digital constitutionalism is oriented to the narrowing of the digital gap, the prohibition of exclusionary technologies, and the implementation of substantive equality (Articles 14 and 15) in digital ecosystems (Vision IAS, 2026).

Legislative Integration

The DPDP Act, 2023, operationalizes the principles of Puttaswamy by consent-led data processing, limiting data purposes, and a Data Protection Board but has been criticized to have state exemptions that challenge the constitutional accountability (Sharma, 2025). In general, constitutionalism in digital governance has been creatively applied to Indian courts that have balanced the goals of innovation with the protection of rights (Kathmandu School of Law Review, 2025).

3.2 The Evolution of State Power in the Digital Realm

3.2.1 Legislative Frameworks: The IT Act, 2000 and Subsequent Amendments

IT Act, 2000 Overview

The Information Technology Act, 2000 (IT Act) is the constitutional law of regulating the digital transactions, cybercrimes, and electronic governance in India that was enacted on June 9, 2000, and notified on October 17, 2000 (India Code, 2000; Ministry of Electronics and Information Technology, n.d.). It accepts electronic documentation and digital signatures under Part 4 and 5 as this allows legal validity of e-governance with revisions to existing laws such as the Indian Penal Code and the Evidence Act to accept digital evidence (India Code, 2000; The Law Institute, 2025). Previously, the Act had 94 sections in 13 chapters but extends to crimes involving Indian networks both domestically and internationally (Wikipedia contributors, 2026; ClearTax, 2026).

Key Provisions on Governance and Rights

By empowering the government filings and publications in electronic format, Chapter III (Sections 6-10) promotes efficiency within the sphere of the institutions of the state (India Code, 2000; The Law Institute, 2025). Chapter XI includes sections 65-74 that establish cybercrimes such as hacking (Section 66), breach of privacy (Section 72), and cyberterrorism (Section 66F) and provide a balance between state enforcing and the punishment of up to life imprisonment (India Code, 2000; ClearTax, 2026). Section 69 gives the powers of interception and decryption with justification of national security but posing the threat of privacy under Article 21 (Ministry of Electronics and Information Technology, n.d.; Vision IAS, 2026).

Major Amendments

In 2008 (effective 2009), cybercrime was increased with new Sections 66A-F of the offenses such as identity theft and child pornography, and a new Section 43A of the data protection compensation (ClearTax, 2026; Wikipedia contributors, 2026). The clause of 66A, which criminalised messages that were deemed to be offensive, was criticised as being too vague and was invalidated in Shreya Singhal v. Union of India (2015) as violative of Article 19(1)(a) free speech (Wikipedia contributors, 2026). The next set of rules is the IT (Intermediary Guidelines) Rules, 2011 and 2021, that govern due diligence and content moderation of platforms in accordance with the Section 79 (Ministry of Electronics and Information Technology, n.d.; DD News, 2025).

Constitutional Tensions

The IT Act enhances the authority of the state to spy on individuals (e.g., 69A to block), but the judiciary has been restraining excessive actions to ensure the safeguarding of rights (Section 66A was overruled and its overreach to restriction of expression was noted as a disadvantage in 69A) (Wikipedia contributors, 2026; Vision IAS, 2026). The issue of privacy still exists, as the forced decryption or bans of apps have been criticized, which may contradict the Puttaswamy (2017) right to privacy (Vision IAS, 2026). The 2025 changes in IT Rules focus on openness in takedowns, which is proportional to Articles 14 and 19 (DD News, 2025).

3.2.2 Surveillance Laws and Executive Overreach: Telegraph Act and CERT-In Directions

Judicial interpretations have played a crucial role in defining the balance between state authority and state rights to privacy and freedom of speech relating to the IT Act with the Supreme Court overturning unclear language in the act and adding proportionality tests.

Free Speech: Shreya Singhal Case

In Shreya Singhal v. Union of India (2015), Supreme Court ruled that Section 66A of the IT Act was unconstitutional because of its vagueness and overbreadth, which violated Article 19(1)(a) (Supreme Court of India, 2015; Columbia Global Freedom of Expression, 2023). The Court established that such words as annoying or offensive did not have clear boundaries, chilling and had no appropriate restrictions to protection of speech as required by Article 19(2) such as the distinction of public order (Supreme Court of India, 2015). It also made clear the Section 79 intermediary liability, which mandates that takedown orders have to be issued by the court or government to stop the censorship of that initiated by the individual (Columbia Global Freedom of Expression, 2023).

Privacy: Puttaswamy Judgment

Justice K.S. Puttaswamy (Retd.) v. Union of India (2017) established privacy as a fundamental right in Articles 14, 19, and 21, under which the surveillance of IT Act such as 69 and 69A were subjected to tests of legality, necessity, and proportionality (Supreme Court of India, 2017). The nine-judge panel reversed the previous decisions and required procedural protection against unreasonable decryption or interception (Supreme Court of India, 2017; Cyril Amarchand Mangaldas Blogs, 2019). This model condemns wide access to data without judiciary control.

Surveillance and Blocking: Recent Cases

The Delhi High Court affirmed national security blocking in Section 69A, X Corp. v. Union of India (2025), however, stipulated that affected users must face hearings to restrict account-wide blocks to proportional ones (Columbia Global Freedom of Expression, 2025). Individuals Civil Liberties v. People. United Kingdom Union of India (1996, reaffirmed after Puttaswamy) construed certain preconditions to IT surveillance such as a public emergency in a narrow way to safeguard privacy (Cyril Amarchand Mangaldas Blogs, 2019). These decisions underscore protection against executive usurpation in the cyberspace.

3.2.3 Data Collection and Welfare Delivery: The Aadhaar Ecosystem

The Aadhaar ecosystem allows the collection of biometric (fingerprint, iris scan) as well as demographic (name, address, date of birth) data of over 1.3 billion residents in a single place by the Unique Identification Authority of India (UIDAI) itself, via the enrolment agents and support organizations (Unique Identification Authority of India [UIDAI], n.d.; State Platform for Relief and Finance [SPRF], 2024). Such a network performs the authentication of welfare delivery, mostly via the Direct Benefit Transfer (DBT) that is connected to the JAM Trinity (Jan Dhan-Aadhaar-Mobile), which has incorporated 314 schemes in 51 ministries and decreased the leftovers of the previous times when it was only 15% of the funds reaching beneficiaries (SPRF, 2024)

The data is collected at the enrolment centres where people provide the documents of proof-of-identity and address that create a 12-digit unique ID that is kept in the Central Identities Data Repository (CIDR) organized by UIDAI (UIDAI, n.d.). In the case of welfare initiatives such as Pradhan Mantri Awas Yojana, MGNREGA, and Ujjwala Yojana, the bank account and job card seeding with Aadhaar will be essential to facilitate directed disbursal, followed by authentication through the eKYC, OTP, or biometrics at the point-of-sale (ePoS) terminals (SPRF, 2024). Nevertheless, there are authentication failures associated with weak biometrics (e.g. worn fingerprints of older women), network problem in rural locations, and seeding errors, which exclude 1.13 crore MGNREGA workers and 31 lakh Ujjwala beneficiaries during COVID-19 (SPRF, 2024).

The Supreme Court, Justice K.S. Puttaswamy v., constitutionally. Articles 14, 15, 19, and 21 Union of India confirmed the validity of Aadhaar to ensure efficient welfare but, on the one hand, invalidated such clauses as Section 57 (use by private entities) and Section 47 (limited complaints) to curb state overreach (Majmudar and Partners, 2022; Supreme Court Observer, 2021). This sets state authority in data control against a person’s rights, whereas data breaches (e.g., 81 crore records in 2023) and unassessed rural exclusions point to current tensions (SPRF, 2024).

3.3.4 Intermediary Liability and State Control: The 2021 Intermediary Guidelines

Overview of 2021 Intermediary Guidelines

The new Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021, which came into effect on February 25, 2021, under the Information Technology Act, 2000, supersedes the 2011 rules and governs the activities of intermediaries, such as social media platforms (Ministry of Electronics and Information Technology, 2021; PRS Legislative Research, 2021). They have due diligence requirements to stay under safe harbor when there is third-party content on its site, such as increasing timeframes of content removal and adding bans on content that is harmful to children or misleading information (PRS Legislative Research, 2021).

Intermediary Liability Framework

Intermediaries can be relieved of liability in case they exercise due diligence, including barring users who post content that poses a threat to the sovereignty, public order or decency of India and removing it within 36 hours of a court or governmental order (PRS Legislative Research, 2021). Major Social Media Intermediaries (SSMIs) which have users exceeding a specified limit are required to designate India-based chief compliance, nodal which is grievance officers, and allow tracing of source of messages in case of serious crimes such as national security violations upon a court order (Ministry of Electronics and Information Technology, 2021). These necessities spill over to technology-based proactive recognition of child sexual abuse content or court-blocked content, but proportional to the human oversight (Internet Society, 2021).

State Control Mechanisms

According to the rules, the central government has the power to classify SSMIs, require other compliances and issue emergency block orders of the content of online publishers due to reasons such as public order, which are considered by an inter-departmental committee (Cyril Amarchand Mangaldas, 2024). Messaging services are traceable, which may necessitate the retention of message metadata, which, according to critics, facilitates extensive surveillance without minimizing the data (Internet Society, 2021). The agencies of the government are allowed to request information of the users to aid an investigation without the procedural protection that was present in the previous interception regulations (PRS Legislative Research, 2021).

Constitutional Challenges and Rights Implications

The guidelines have been criticized as going beyond delegated authority under the IT Act due to the establishment of new types of intermediaries (e.g., SSMIs) and new responsibilities such as originator tracing, which may need revision in legislation (Cyril Amarchand Mangaldas, 2024). Categories like “insulting on the basis of gender” or a patently false statement are over broad content restrictions that may discourage free speech in violation of Article 19(1)(a) because online platforms may overreact to keep safe harbor (Internet Society, 2021). Traceability compromises privacy (Article 21) because it requires mass metadata to be stored, which is inconsistent with the principles of proportionality as provided by Justice K.S. Puttaswamy v. Union of India (2017) (Software Freedom Law Centre, 2023).

There are challenges, such as a petition to the Kerala High and Delhi High Courts claiming violations of Articles 14, 19 and 21, some of which were transferred to the Supreme Court; a split decision of a Bombay High Court highlighted ultra vires issues of Articles 14 and 19 (Software Freedom Law Centre, 2023).

3.2.5 Internet Shutdowns and Public Order: Legal Justifications and Critiques

Legal Framework

In India, Internet blockage can be issued mostly based on Section 5(2) of the Telegraph Act, 1885, which authorizes the temporary suspension of telecom in the case of public emergencies or in the name of public safety, including public order (Bhardwaj et al., 2020). Other authorities are based on the Section 144 of the Code of Criminal Procedure, 1973 which permits district magistrates to impose a restriction to deter a threat to the order and the Information Technology Act, 2008 (Bhardwaj et al., 2020). These actions should be in accordance with the Constitution in Article 19(2), which limits the freedom of speech on such grounds as excellent order, yet there must be a publication of orders, which will increase transparency required by the Supreme Court (Supreme Court of India, 2020).

Justifications for Public Order

The governments also use the excuse of a need to control hate speech, rumours, and incitement through social media that may result in violence or riots and generally blame it on the fear of anti-social elements in such a region, as is the case in Manipur (Human Rights Watch, 2023). In Anuradha Bhasin v. Union of India (2020), the Supreme Court did not reject the possible application on national security but noted that the threat to public order should be proven to be imminent risk, and that internet access was considered a right of Article 19(1)(a) (Supreme Court of India, 2020). The shutdowns are also positioned as commensurate to stop any large-scale chaos, particularly during protests or examinations (Bhardwaj et al., 2020).

Key Critiques

Critics claim that shutdowns usually do not pass the proportionality test and are too broad, open-ended, and not the least restrictive alternative, such as tagging or throttling are not considered (Internet Freedom Foundation, 2024). Orders not being published is against natural justice and prevents judicial review, as observed in 428 orders of 2020–2024 where most states defied Bhasin orders (Internet Freedom Foundation, 2024). They have disproportionately affected free access to livelihood (Article 19(1)(g)) rights, access to information, and economic activity, and obscure review committees enhance executive overreach (Human Rights Watch, 2023; Software Freedom Law Center, 2025).

Judicial Oversight

The Supreme Court in Anuradha Bhasin mandated that shutdowns should be necessary and proportional stricto sensu and time-based so that it would be periodically reviewed and publicized (Supreme Court of India, 2020). Section 144 has been maintained by High Courts such as the one in Gaurav Sureshbhai Vyas, of Gujarat but reasoned orders have been emphasized (Bhardwaj et al., 2020). Continued non-adherence after the 2024 elections only indicates loopholes, and centralized databases would facilitate accountability (Internet Freedom Foundation, 2024).

3.4 The Trajectory of Individual Rights in Cyberspace

3.4.1 The Right to Privacy: From Kharak Singh to Puttaswamy

The concept of right to privacy is developed by the Indian Supreme Court, which in Kharak Singh denied the existence of this right, and then in Puttaswamy, endorsed the right to privacy as a fundamental right, which redefines the connection between the state and individual autonomy in the era of digital technologies (Columbia Global Freedom of Expression, 2023; Wikipedia, 2017).

Early judicial reluctance: Kharak Singh and its legacy

In Kharak Singh v. State of Uttar Pradesh (1962), the Court in the case State of Uttar Pradesh (1962) addressed the issue of the legality of police surveillance in accordance with the U.P. Police Regulations, which provided domiciliary visits at night, shadowing, and reporting a suspect to the police in a dacoity case (Columbia Global Freedom of Expression, 2023; Dhyeya Law, n.d.). The petitioner claimed that this invasive surveillance infringed his rights according to Article 19(1)(d) (freedom of movement) and Article 21 (life and personal liberty) and based his argument on an implied right to privacy (iPleaders, 2024).

Most of them overturned domiciliary visits as unconstitutional but expressly refused to acknowledge that privacy was any fundamental right under Part III, as the Constitution did not specifically provide a right to privacy and that the regulations, with the exception of night visits, were appropriately limiting liberty (Privacy Law Library (CCG NLUD), n.d.; Testbook, 2025). The powerful dissent of Justice Subba Rao, though, considered privacy to be inherent in life and individual liberty under Article 21 and associated surveillance to a chilling effect on free expression and movement under Articles 19(1)(a) and 19(1)(d), and thus established the seeds of a wider privacy doctrine that was to be developed in subsequent judgments (Oxford Human Rights Hub, n.d.).

This ambivalent position created a disjointed jurisprudence in the years after Kharak Singh, as some benches started to treat privacy claims with scepticism and others began to broaden the meaning of personal liberty in Article 21, which preconditioned a rethink of the doctrines (Granthaalayah Publication, 2024). The legacy of earlier cases like M.P. Sharma and the Kharak Singh majority, which had either placed little weight on or had openly denied the existence of privacy, was a doctrine challenge that would not be directly challenged by a larger court until it was touched upon once again (International Journal for Multidisciplinary Research, 2025).

Doctrinal shift: Puttaswamy and the recognition of privacy

Justice K.S. Puttaswamy (Retd.) v. Union of India (2017) was a case that emerged after disputes on the Aadhaar scheme, yet the nine-judge bench first identified and resolved the underlying issue as to whether privacy in itself was a fundamental right (Manupatra Academy, 2017; Byju’s, 2022). It was unanimously ruled that the right to privacy is an inseparable constitutional right inherent in Part III and was found in the protection of the right to life and personal liberty in Article 21, as well as had established a relationship with the freedoms in Articles 14, 19, and other protections (Oxford Human Rights Hub, n.d.; Wikipedia, 2017).

The court directly referred to M.P. Sharma and its majority as having been overruled, to the extent that they implied that the Constitution contains no right to privacy and thus decided the decades of doctrinal confusion (Free Law, 2025). Privacy was theorised in various overlapping aspects (spatial, home, and body), decisional (personal choices related to the self), and informational (control of personal information) and confirmed to be a key to dignity and autonomy and free personality development (Byju, 2022).

Notably, Puttaswamy did not agree with the notion of privacy being limited to intrusion of a physical nature but rather harms could be caused by the state as well as the non state actors, specifically through the process of data collection, profiling and surveillance in technologically mediated settings (International Journal for Multidisciplinary Research, 2025). The decision therefore established a constitutional base on how digital governance (including biometric identification schemes, data driven welfare delivery and platform-based information flows) would be regulated in the future (Free Law, 2025)

Privacy, restriction and proportionality: the physical into the informational.

Although the Court ruled that privacy is fundamental, in Puttaswamy, it was clear that privacy is not absolute, and it is prone to reasonable restrictions to address legitimate state objectives (Byju’s, 2022). The Court proposed a structured standard, commonly known as a triple test, and the restrictions on privacy should meet (i) legality, or a valid law that authorizes the action; (ii) a legitimate state purpose, such as national security, crime prevention, or provision of welfare; and (iii) proportionality, or that the intrusion is no greater than necessary (Oxford Human Rights Hub, n.d.).

This framework re-places previous surveillance-oriented cases by requiring such any invasion of privacy be justified on any clear constitutional benchmarks and not as a simple matter of administrative discretion. Conversely, Kharak Singh had valued police surveillance mostly regarding physical trespass and legal correctness without necessarily delving into its impacts on the discretionary choice, mental safety, and informational self-determination (Granthaalayah Publication, 2024).

The proportionality test is specifically important in the digital context because it demands the state to not only show that a scheme is fulfilling a legitimate aim, but also to show that the design, remit, and protection of data collection/retention is precisely targeted and rights-compliant (Free Law, 2025). By positioning informational privacy as an essential element of constitutional liberty, Puttaswamy causes the legislature and the executive to design comprehensive data protection regimes and to incorporate privacy by design concepts into the digital infrastructure (International Journal for Multidisciplinary Research, 2025).

From Kharak Singh to Puttaswamy: implications for state power and digital governance

The constitutional evolution of the movement by Kharak Singh to Puttaswamy is the passage of a narrow, spatial perception of privacy, bound to the home, physical surveillance, to the broad, dignitarian, and informational perception that involves bodily integrity, the freedom of choice, and the autonomy of data (Columbia Global Freedom of Expression, 2023; Wikipedia, 2017). In contrast to Kharak Singh where he accepted routine police surveillance with minimal limitations to the individual, Puttaswamy redefines the individual as a rights bearing subject in which the individual has the power to control personal information and intimate life as a pre-condition to having any meaningful citizenship in a data driven polity (Oxford Human Rights Hub, n.d.).

To the digital governance, there are two consequences linked to this evolution. To begin with, it constitutionalises privacy as a structural check of state power, imposing that digital ID systems, surveillance architecture, and AI-driven decision making must be justified by the tripartite test and that such mechanisms also be supplemented by protections, oversight, and redress (Byju’s, 2022). Second, it allows privacy claims to be brought against non-state actors, as platforms, financial intermediaries and data rich corporations can also practice privacy threatening practices that could be subject to statutory regulation in line with the normative vision of privacy by Puttaswamy (International Journal for Multidisciplinary Research, 2025).

The right to privacy therefore no longer serves as a personal safeguard to unjustified nutsing but as a constitutional prism, after which the viability of modern digital governance initiatives, including Aadhaar based identification, mass databases, and algorithmic profiling, should be evaluated (Free Law, 2025). This change expands the discussion of constitutional boundaries within the digital state: the very digital resources that can make governance more effective give much increased surveillance capabilities, and the insistence of legality, legitimate aim, and proportionality as the focal point of the future jurisprudence of state authority and individual rights in the computer world is suggested by Puttaswamy (Oxford Human Rights Hub, n.d.).

3.4.2 Freedom of Speech and Expression Online: Article 19(1)(a) Interpretations

The Indian constitution in article 19 (1) (a) assures citizens the right to the freedom of speech and expression, which has been clearly applied by the Supreme Court to the internet as a primary means of communication, dissemination of information, and discourse (Constitution of India, 1950, article 19.1(a)). Article 19(2) does not prohibit any reasonable restrictions on this right but must be limited to narrow and proportionate and not ambiguous to prevent a chilling effect on the expression (Drishti Judiciary, 2024). According to the Court in the digital sphere, it has stressed that on-line speech enhances the voice, yet it can also serve as the cause of widespread dissemination of damage, so a balance needs to be made between the rights of the individual and the interests of the society, such as dignity under Article 21 (CJP Team, 2025)

Landmark Judicial Interpretations

The Supreme Court’s watershed ruling in Shreya Singhal v. Union of India (2015) struck down Section 66A of the Information Technology Act, 2000, which contained such vague terms as offensive and annoying, was declared by the Union of India (2015) as an unconstitutional section because it had an indirect nexus with the grounds of Article 19(2) and did not punish incitement but simply advocacy (Supreme Court of India, 2015). This affirmed that internet access falls under the Article 19(1)(a), which is rigorous enough to ward off the implementation of laws controlling online speech to avoid arbitrary censorship (LawCurb, n.d.)). Thereafter, Anuradha Bhasin v. Union of India, (2020) reiterated that internet shutdowns must be temporary, proportional, and publicly reasonable because restrictions over the long term, under Articles 19(1)(a) and 19(1)(g), are against the free expression and trade (LawCurb, n.d.).

Recent Developments in Digital Contexts

In 2025 cases like Wazahat Khan v. Union of India, Justice Nagarathna brought forward the horizontal aspect of free speech, understanding the harm to individual citizens (not to state only) and encouraging restraint and finding a constitutional boundary to promote fraternity and unity (CJP Team, 2025)). Equally, SMA Cure Foundation v. Article 21 dignity was valued above unmitigated Article 19(1)(a) claims by Union of India, especially on content ridiculing marginalized groups, and indicated greater accountability of influencers (CJP Team, 2025). Cases Hemant Malviya v. State of Madhya Pradesh secured the freedom of speech on satirizing people who are not considered as incitement to violence but emphasized the principle of proportionality in investigations (CJP Team, 2025).

Intermediary Liability and Ongoing Challenges

To obtain the intermediaries safe harbour in terms of 79 of the IT Act, the Court considers actual knowledge through court orders rather than proactive monitoring to prevent privatization of censorship as defined in Shreya Singhal (LawCurb, n.d.) ). But, the active uses of the 2021 IT Intermediary Guidelines are also under criticism because of its overactive responsibility to chill speech by excessive compliance (LawCurb, n.d.)). Algorithms amplification and hate speech are emerging topics, and the Court is attempting to come up with guidelines that do not violate the right to dissent (CJP Team, 2025; LawCurb, n.d.).

These readings indicate the responsive nature of the judiciary in digital governance, which protects online speech but limits the misuse of freedom that undermines constitutional principles.

3.4.3 Due Process and Algorithmic Accountability: Emerging Rights Discourses

Introducing algorithmic systems into the digital governance has shaken the classical concept of due process and brought forth new rights discourses of algorithmic accountability (Zuboff, 2019; Mittelstadt et al., 2016). The constitutional democracies have traditionally held due process that state choices in the areas of liberty, property, or dignity should be procedurally just, open, and reviewable (Dworkin, 1985; Thompson, 1975). With automated decision-making substituting or reinventing human decision making in welfare distribution, policing, and justice, scholars are beginning to understand algorithmic due process as a constitutional dilemma of its own (Binns, 2018; Selbst et al., 2019). The section follows how the emergent rights discourses re-arrange the due process normative in the situation of state powered algorithms and what this does suggest concerning the boundaries of state-provided digital governance.

Algorithms Due process as a Constitutional Issue.

The term algorithmic due process means the procedural protections that are necessary in cases when the state makes decisions, which are mediated or generated through opaque, data driven processes (Pasquale, 2015; Citron, 2008). In the United States, the discussions about the risk assessment tools like COMPAS have highlighted the way black box algorithms in sentencing make the Sixth and Fourteenth Amendment rights to confront evidence and to receive meaningful notice and an opportunity to be heard difficult (Barabas et al., 2017; Macak, 2018). Those concerns in India are being directed by the Article 21 and, where life and liberty are at issue, Articles 14 and 19, which combined have the notion that procedures that touch life and liberty be fair, just and reasonable and non-arbitrary. Union of India, 2017; Olga Tellis v. Corporation of Bombay, 1985. The algorithms employed in policing, welfare gate keeping, or surveillance may be vulnerable to being challenged constitutionally based on due process and equality when they are deprived of those features (Ghosh, 2022; Thakur, 2023).

Some researchers claim that the means to restrain the purely algorithmic state power already lie in the constitution, particularly in the forms of human like discretion being robotized without sufficient explanations (Balkin, 2016; Solove and Citron, 2021). On one occasion, the administrative action must be speaking and reasoned (State of Orissa v. Binapani Dei, 1967) as a pre-cursor to the requests of the explainability of algorithms and effect measures (Suvarna & Chakravarty, 2021). This perspective suggests that it does not necessarily mean that algorithms are bad, but that procedural safeguards are lacking that would make algorithmic judgments subject to debate and redress by humans and the courts (Wachter et al., 2017; Yeung, 2017).

Emerging Rights Discourses: Transparency, Contestability, and Redress

The literature on algorithmic governance has been emerging around three main demands: transparency, contestability, and effective redress (Burrell, 2016; Mittelstadt, 2019). First, transparency-oriented rights discourse demands that one finds out whenever an algorithm applies to them and the reasoning, data sets, and constraints of that system are adequately available to exercise a meaningful critique (Citron, 2008; Selbst et al., 2019). This is a convergence with the Digital Personal Data Protection Act, 2023, which foresees rights to information and the possibility of a grievance by the right-holders, the data principals, against automated decisions (Digital Personal Data Protection Act, 2023; CLPR, 2022).

Second, contestability requires that algorithmic decisions should be contestable, appealable, and correctable, which frequently need to be reviewed by humans (Binns, 2018; Wachter et al., 2017). This echoes the human in the loop model, which is presented in both Indian and comparative scholarship, where the final coercive choices should be taken by responsible human actors based on the automation of recommendations (Gurumurthy and Chakravarty, 2021; Thakur and Reddy, 2023). Within the criminal justice and cyber policing frameworks, researchers caution that predictive or profiling algorithms that result in the formation of so-called automated suspicion without reasonably explaining it or providing a channel of redress undermine the due process provision of a requirement of a reason to believe, which is personally expressed (Kumar and Ravi, 2025; Algorithmic Policing and Due Process in India, 2025).

Third, redress centred discourses highlight the importance of specific institutional measures, like independent audit organisations, algorithmic impact assessment, and liability schemes, to make sure that people wrongly or unfairly impacted by unethical or biased algorithmic decision-making can receive compensation and systemic redress (Yeung, 2017; European Commission, 2021 on the AI Liability Directive; AI Accountability Framework for India proposals, 2026). Such mechanisms are presented as a constitutional remedy extension like India Article 32 and 226, however, they are modified to the realities of dispersed, private, and code driven enforcement (Ghosh, 2022; LawGiCo, 2025). By doing so, the so-called emerging rights discourses are not recreating the proceduralism of the 20 th century per se but aim to institute accountability through architectural design into the digital governance (Pasquale, 2015; Zuboff, 2019).

Tensions and Limits of Algorithmic Accountability

Although there has been an increasing doctrinal and policy momentum, there are a number of tensions that have been left. To start with, the trade secret of proprietary algorithms and the due process transparency requirement are structurally at odds with each other (Citron, 2008; Barabas et al., 2017). The secrecy of code or model parameters may be motivated by states and private platforms due to their competitiveness or security, but secrecy can transform algorithmic instruments into a matter-of-fact instrument of unregulated state power (Pasquale, 2015; Zuboff, 2019).

Second, researchers warn against procedural fetishism, i.e. the use of rituals of notice or anodyne explanations that promise merely an illusion of fairness but make no change to substantive allocation of state power (Yeung, 2017; Selbst et al., 2019). The third category of boundaries is based on the dimension of private order of algorithmic governance where rules and norms are enforced by intermediaries and platforms by the algorithmic content moderation or risk scoring (Gillespie, 2018; Algorithmic Enforcement Tools, 2023). The traditional concepts of constitutional due process, designed to be useful in the context of state actors, might not be able to provide a clear picture of the hybridity of algorithmic enforcement in the meeting point of the state interest and the private power (European Commission, 2021; Digital Services Act, 2022). However, rights-based discourses are attempting to extend due process logic into these areas by imposing demands of transparency, independent supervision and appeal-oriented architectures (Gillespie, 2018; Yeung, 2017).

The empirical research on algorithmic welfare systems, policing, and credit scoring indicates that despite the presence of transparency and audit, most of the time their actualisation is disproportionate, technocratic, and lack of direct connection with the operational experiences of marginalised users (Eubanks, 2018; Mohan and Jain, 2023). Therefore, the new rights discourses will need to be complemented by participatory and deliberative forms of algorithmic governance that involve the affected communities in designing and evaluating systems (Gurumurthy and Chakravarty, 2021; NLIU Law Review, 2025). Overall, the concept of due process in the era of algorithms is becoming a multi layered rights concept that re imagines procedural fairness, accountability and redress in the reference of code driven state power, an evolution that directly informs the constitutional boundaries of digital governance.

3.4.4 The Right to Internet Access: Connectivity as a Fundamental Right

The right to internet has developed as a continuation of the basic rights under Articles 19(1)(a) and 21 of Indian Constitution especially a freedom of speech and personal liberty. In Anuradha Bhasin v. Union of India (2020), the Supreme Court decided to accept the idea of the unrestricted access to the internet as part of these rights (Anuradha Bhasin v. Union of India, 2020; India Today, 2020). This court expansion concerns digital addictions in education, trade, and the information flow as state-imposed shutdowns increase (iPleaders, 2024).

Key Judicial Precedents

The landmark cases confirm that connectivity is the vital infrastructure to exercise the rights. The Kerala High Court in Faheema Shirin RK v. State of Kerala (2019) the right to education and privacy in Article 21 prohibited arbitrary hostel action against the use of phones, which included internet access (Faheema Shirin RK v. State of Kerala, 2019; Software Freedom Law Centre, 2023). Anuradha Bhasin scrutinized Jammu & Kashmir’s 2019 internet blockage after Article 370 abrogation, and required orders of people, necessity, proportions, and revision to avoid endless suspensions (Bhasin v. Union of India, n.d.).

Case Core Holding Constitutional Link

Anuradha Bhasin v. Union of India (2020)

The shutdown of the internet should be reasonable; the access allows both speech and trade. Articles 19(1) (a), 19(1) (g) 21 (Anuradha Bhasin v. Union of India, 2020).

Faheema Shirin v. State of Kerala (2019)

Access involved in education/privacy; random prohibitions nullified. Art.19(1)(a), 21  (Faheema Shirin RK v. State of Kerala, 2019).

Global influences (e.g., Estonia, France)

Legal status of human right in a few countries (Vidhi Centre for Legal Policy, 2025). N/A (comparative)

State Power Limitations

Section 144 CrPC and IT Rules permit state authorities to temporarily shut down in the name of the public order, but they are likely to be subject to a very rigid scrutiny. Courts are asking to see threats such as misinformation, or security threats, not blanket bans that do not have a substitute such as selective blocking (iPleaders, 2024). Prolonged closure, such as in Manipur 2023, threatens the rights, through disruption of important services, and requires parliamentary scrutiny and compensation (Vidhi Centre for Legal Policy, 2025).

Balancing Rights and Governance

Online governance should be between the rights and safety of the individual, where the constitution should be changed to suit technology. Indefinite prohibitions invalidate the rights of offline in a digital society, leading to the need to amend Article 21F to provide access by name (Vidhi Centre for Legal Policy, 2025). The Indian system is partly aligned to UNHRC resolutions but is still behind in enforcing them as there is a high rate of blackouts (Bhasin v. Union of India, n.d.).

3.5 Judicial Mediation: Constitutional Limits and Proportionality

 

3.5.1 The Puttaswamy Judgment: Establishing the Privacy Framework

The right to privacy was unanimously declared as a fundamental right in and of itself inherent in Article 21 (right to life and personal liberty) and Part III of the Constitution, in the Puttaswamy judgment of August 24, 2017, by a nine-judge bench of the Supreme Court of India (Justice K. S. Puttaswamy (Retd.) & Anr. vs. Union of India & Ors., 2017; Puttaswamy v. Union of India, 2017). It struck down previous cases such as M.P. Sharma v. Union of India (1954) and Kharak Singh v. State of U.P. (1963), the privacy as a fundamental right had been rejected (Puttaswamy v. Union of India (I), n.d.). It was a decision that developed out of the Aadhaar scheme challenges, where privacy is formed as coinciding with dignity, autonomy, and liberty (Puttaswamy v. Union of India, 2017).

Key Holdings on Privacy

The Court believed that privacy guarantees individual autonomy (decisional privacy) as well as information privacy (data and choices) and applies to the digital world (Puttaswamy v. Union of India (I), n.d.). It reiterated that privacy does not have an absolute value but must have restrictions through a three-pronged proportionality test; legality (supported by law), legitimate aim (e.g. national security), and proportionality (rational nexus and least intrusive means) (Justice K.S. Puttaswamy Judgment: The Foundation of India’s Data Privacy Framework, 2025). It is a balance between state authority and personal rights that is essential to the digital governance where a state can easily violate control over the amount of collected data (The right to privacy in India’s digital era: A post-Puttaswamy perspective, 2025).

Implications for Digital Governance

In the realm of digital technologies, Puttaswamy obligates protection against mass surveillance and compulsory biometrics, which would affect subsequent cases, such as the Aadhaar one (Puttaswamy v. Union of India (II), n.d.), held this by invalidating some of the linking requirements on the grounds that they were disproportionate (Puttaswamy v. Union of India (II), n.d.). It provided the foundations of the Digital Personal Data Protection Act, 2023, in India, obliging the minimum use of data and consent (The right to privacy in India’s digital era: A post-Puttaswamy perspective, 2025). In dissertations on constitutional boundaries, it puts state digital projects (e.g. surveillance, IDs) in the position of being subject to the test of infringement of privacy (Justice K. S. Puttaswamy (Retd.) & Anr. vs. Union of India & Ors., 2017).

3.5.2 Application of the Proportionality Test in Digital Rights Cases

The proportionality test offered by Puttaswamy offers a systematic and structured approach to the state limitations on privacy in cases of digital rights, which would guarantee legality, legitimate purpose, necessity, appropriateness, and balancing (Puttaswamy v. Union of India, 2017).

Proportionality Framework

This was put forward in Justice K.S. Puttaswamy v. Union of India (2017), the developed to a four-pronged doctrine: legitimate goal, rational connection, necessity (least intrusive means), and balancing of rights (Puttaswamy v. Union of India, 2017). It questions the use of data collection, surveillance and authentication on privacy in digital contexts in terms of Article 21 (The right to privacy in India’s digital era: A post-Puttaswamy perspective, 2025). It is used by courts to stop excessive state authority through minimal intrusion and alternatives where possible (Puttaswamy v. Union of India, 2017).

Aadhaar Case Application

In Puttaswamy II (K.S. Puttaswamy v. Union of India, 2018), the Supreme Court affirmed the essence of Aadhaar in regards to 7 on subsidies as being proportional: supported by law, intended to deliver welfare, rationally related, necessary (no less intrusive ID), and balanced privacy with dignity (K.S. Puttaswamy v. Union of India (Aadhaar case), 2018; K.S. Puttaswamy v. Union of India (II), 2018). Nevertheless, it invalidated private entity requirements (Section 57), bank/SIM connection, and metadata storage over six months as unnecessary and balancing, and posing the threat of surveillance (K.S. Puttaswamy v. Union of India (II), 2018).

Internet Shutdowns and Surveillance

Anuradha Bhasin v. Union of India (2020) applied to Jammu & Kashmir shutdowns held indefinite internet curfews to be disproportionate even when targeting public order, and should be periodically reviewed and determine proportionality. (Anuradha Bhasin v. Union of India, 2020). This was reinforced by MediaNet Communications v. Union of Territory (2023) which required the minimum actions to restrict access to the digital world (The right to privacy in India’s digital era: A post-Puttaswamy perspective, 2025). Such instances restrict state digital regulation, and place other solutions such as targeted blocks first priorit (Anuradha Bhasin v. Union of India, 2020).

Broader Digital Governance Impact

Since the post-Puttaswamy era, the test affects data protection, as evidenced in the challenges to the Digital Personal Data Protection Act, 2023, which is all about the issues of consent and minimization (The right to privacy in India’s digital era: A post-Puttaswamy perspective, 2025). It regulates excessive surveillance legislation, and so the digital governance does not interfere with people rights and does not threaten the security of the state (Puttaswamy v. Union of India, 2017).

3.5.3 Judicial Review of Surveillance and Data Protection Mechanisms

The Supreme Court of India has a strong judicial review on surveillance and data protection processes, and the action of the states must not violate against the proportionality test introduced in Puttaswamy (People’s Union for Civil Liberties v. Union of India, 1997; Puttaswamy v. Union of India, 2017). After Puttaswamy, interception orders are questioned by the courts on the basis of the Indian Telegraph Act of 1885 under the section of 5(2) which mandates stringent requirements of a public emergency or a public safety and procedural protection such as that of authorization of a high level and destruction of intercepts that are unfair (Vinit Kumar v. Central Bureau of Investigation and Ors., 2019).

Surveillance Review Framework

In order to eliminate arbitrary surveillance, courts use the three-pronged test of legality, legitimate aim and proportionality to rule out the application of PUCL guidelines codified in Rule 419A which require reasoned orders and restrict duration (People’s Union for Civil Liberties v. Union of India, 1997). Various courts of Bombay in Vinit Kumar v. Central Bureau of Investigation and Ors. investigation had its taps over economic offences declared invalid due to not meeting the public Safety requirement, with the evidence being considered inadmissible and because of post-Puttaswamy examination (Vinit Kumar v. Central Bureau of Investigation and Ors., 2019). This restricts digital governance technology such as mass data interception in the times when scandals are on the rise (e.g. phone-tapping scandals) (Puttaswamy v. Union of India, 2017).

Data Protection Judicial Oversight

Article 226 of the Data Protection Board in relation to the violation of fundamental rights and Article 32 of the Digital Personal Data Protection Act, 2023 (DPDP Act) require that High Courts can appeal the orders of the Data Protection Board, which include penalties of up to 250 crore rupees or the destruction of data ( Data Protection Board in Connection with Data Protection under the Digital Personal Data Protection Act, n.d.). Courts guarantee independence, proportionality, and natural justice of the DPB, construing exemption (e.g., Section 17) to ensure executive overreach in digital governance (Judicial Review and Appeals under India DPDP Act, 2023, 2025). The constant threats to DPDP provisions bring out issues of tension between state functionality and privacy (Judicial Review and Appeals under India DPDP Act, 2023, 2025).

Balancing State Power and Rights

Judicial review limits the scope of the constitution and brings the surveillance requirements into line with the privacy of the article 21, where Puttaswamy progeny were confirmed (Puttaswamy v.). Union of India, 2017). This framework limits and restricts unregulated digital state authority requiring limited intrusion and alternatives evaluation (People’s Union for Civil Liberties v. Union of India, 1997).

3.5.4 Courts vs. Executive: Trends in Digital Governance Litigation

The Supreme Court of India has increasingly intervened in digital governance disputes, checking executive overreach through privacy and proportionality tests post-Puttaswamy (RIGHT TO PRIVACY POST PUTTASWAMY: EVOLVING JURISPRUDENCE IN INDIA, 2025). Key trends show courts mandating judicial oversight, independent probes, and data safeguards amid rising surveillance challenges (Supreme Court digital privacy judgment 2025, 2025).

Landmark Cases

Aadhaar expansions, internet shutdowns, and spyware have been discussed in such cases as  Justice K.S. Puttaswamy (Retd.) v. Union of India (II), that affirmed Aadhaar, but struck down mandatory private linkages arguing they were disproportionate invasions (Justice K.S. Puttaswamy (Retd.) v. Union of India (II), 2019). In Anuradha Bhasin v. Union of India (2020), the Court decided that the internet shutdowns should be temporary, necessary, and periodically reviewed so that it prevents the violation of free speech under the Article 19 (Anuradha Bhasin v. Union of India, 2020). Pegasus spyware applications in Manohar Lal Sharma v. Union of India (2021) the Supreme Court refused to allow executive-led inquiries into illegal surveillance and ordered an expert committee appointed by the Supreme Court to investigate the matter, based on the grounds of impartiality and neutrality (Manohar Lal Sharma v. Union of India, 2021).

Ongoing Litigation Trends

In March 2026, a bigger bench is hearing in connection with recent petitions, which claim that Sections 17 and 36 in the Digital Personal Data Protection Act, 2023 (DPDP Act) permit surveillance without protection, in violation of Articles 14, 19 and 21; a constitutionality hearing is taking place in March 2026 (Constitutionality of the Digital Personal Data Protection Act, 2023, 2026). Courts are more assertive on transparency and less aggressive on claims of national security, developing a more stringent proportionality in data regimes (Supreme Court digital privacy judgment 2025, 2025). This case law restricts the discretion of the executive in such digital applications as biometrics and tracking (RIGHT TO PRIVACY POST PUTTASWAMY: EVOLVING JURISPRUDENCE IN INDIA, 2025).

3.6 Comparative Constitutional Perspectives

3.6.1 Data Protection Regimes: India’s DPDPA vs. EU’s GDPR

Both the Digital Personal Data Protection Act (DPDPA), 2023, in India and the General Data Protection Regulation (GDPR), that was enacted in the EU in 2018 seek to protect personal data amid the growing digital governance issue, yet they vary in its scope and mechanisms as well as enforcement (AZB & Partners, 2023; Cloudian, 2023). Table 1 in DPDPA is focused on consent as the main lawful basis of processing digital personal data in India or internationally to deliver goods/services to Indians, where the concept of legitimate interest Both the Digital Personal Data Protection Act (DPDPA), 2023, in India and the General Data Protection Regulation (GDPR), that was enacted in the EU in 2018 seek to protect personal data amid the growing digital governance issue, yet they vary in its scope and mechanisms as well as enforcement (AZB & Partners, 2023; Cloudian, 2023). Table 1 in DPDPA is focused on consent as the main lawful basis of processing digital personal data in India or internationally to deliver goods/services to Indians, where the concept of legitimate interest (PRS Legislative Research, 2026; C-Konnect, 2025). Conversely, GDPR applies to more types of personal data (including non-digital in structured systems) that have various grounds such as the need to sign a contract or the interest of the population, and sensitive personal data (e.g., health, biometrics) needs more severe regulations (Cloudian, 2023).

Table 1. Key Comparison

Aspect DPDPA (India) GDPR (EU)
Scope Digital data only; extraterritorial for India-targeted services All personal data; extraterritorial for EU residents
Lawful Basis Primarily consent (free, specific); no legitimate interest Consent, contract, legal obligation, legitimate interest, etc.
Sensitive Data No separate category; uniform treatment Explicit categories (e.g., health, race) with heightened protections
Data Subject Rights Access, correction, erasure, grievance; no portability or objection Access, rectification, erasure, portability, objection
Children’s Data Consent age 18; bans tracking/ads Consent age 13–16; parental consent required
Transfers Abroad Allowed except to restricted countries (govt notifies) Adequacy decisions, SCCs, BCRs
Penalties Up to ₹250 crore (~€28M) per breach Up to €20M or 4% global turnover
Enforcement Data Protection Board of India (quasi-judicial) Independent DPAs per member state

DPDPA focuses on simplicity and government control (e.g. exemptions of state security), which is appropriate to the digital economy of India, whereas GDPR prioritizes full and inclusive rights and accountability, with an impact on international standards (Seqrite, 2025; C-Konnect, 2025). In constitutions, DPDPA is more consonant with the proportionality of Puttaswamy’s s it obliges data minimization and protection, although the larger state exemptions of it concern privacy as compared to a greater balance of GDPR (AZB & Partners, 2023; PRS Legislative Research, 2026).

3.6.2 Surveillance Oversight: Lessons from Roman Zakharov v. Russia and US Jurisprudence

The Roman Zakharov v. Russia case (2015) and the major rulings of the United States Supreme Court can teach important lessons regarding restricting the powers of the state surveillance to safeguard the rights of individuals to their privacy within the constitutional orders. (Case of Roman Zakharov v. Russia (Grand Chamber), 2015). Zakharov appealed to the SORM system of Russia (a system allowing the secret interception of mobile communications without proper judicial control) and the European Court of Human Rights (ECtHR) declared that Article 8 (right to privacy) was violated (Zakharov v.). Russia, 2024). The jurisprudence of the U.S., especially, Carpenter v. United States (2018) is a development of earlier lenient precedents of the third-party doctrine, into which a warrant is now necessary to access cell-site location data (Carpenter v. United States, 2018).

Zakharov v. Russia: Key Lessons

In Zakharov v. Russia, the ECtHR the Court determined that the Russian legislation was not protecting against abuse, such as the availability of specific criteria on the basis of which surveillance was authorized, judicial control, the maximum allowed duration of data storage, and notification about surveillance (Case of Roman Zakharov v. Russia (Grand Chamber), 2015; Zakharov v Russia: Mass Surveillance and the European Court of Human Rights, 2015). The Court stressed on independent judicial authorization, verifiable reasonable suspicion and good remedies despite permitting abstract challenges without having to demonstrate personal victimization (Roman Zakharov v. Russia: The Strasbourg follow-up to the Luxembourg courts’ saga on data retention, 2015). These tenets identify dangers of the demise of democracy due to mass surveillance, which requires proportionality and openness of digital surveillance. (Zakharov v. Russia, 2024).

US Jurisprudence Insights

U.S. cases like Smith v. Maryland (1979) the court did not expect any privacy when dialing phone numbers and the third-party doctrine was used. However, Carpenter v. United States revisited prolonged cell-site location information (CSLI), and it found that the government access was a Fourth Amendment search that had to be warranted because of the highly personal disclosures of movements (Carpenter v. United States, 2018). This is a limited case emphasizing the minor intrusion and probable cause, which shapes digital governance through the reduction of warrantless data scoops by providers This is a limited case emphasizing the minor intrusion and probable cause, which shapes digital governance through the reduction of warrantless data scoops by providers (Carpenter v. United States, 2018).

Comparative Lessons for Digital Governance

Both jurisdictions emphasize judicial oversight, target narrowness, and proportionality to balance security needs of the state and rights; Zakharov requires systemic protection unavailable in broad access regimes and limits the broad access exceptions to the U.S. evolution of statutes in digital environments (Case of Roman Zakharov v. Russia (Grand Chamber), 2015; Carpenter v. United States, 2018). In the case of constitutional boundaries, they promote a notification policy, data-destruction policy, and standing of the victim in the absence of direct evidence, notifying the control authorities such as proposed surveillance regulators in India (Roman Zakharov v. Russia: The Strasbourg follow-up to the Luxembourg courts’ saga on data retention, 2015). These frameworks avert the arbitrary state authority in the sphere of digital power that is heavy-handed in surveillance  (Zakharov v Russia: Mass Surveillance and the European Court of Human Rights, 2015).

3.6.3 Freedom of Expression Online: Comparative Approaches to Intermediary Liability

The freedom of expression in the internet is dependent on the intermediary liability system that protects the platform against the liability of the user contents to promote open discussions that tackle damages such as hate speech or misinformation (Dara, 2011). The Indian structure that is informed by the development of judicial and regulatory systems is seen in contrast with the more platform-protective US and EU ones (Directive 2000/31/EC, 2000).

India’s Approach

Section 79 of the Information Technology Act, 2000 of India grants safe harbour to the intermediaries when they do so based on actual knowledge of the illegality of the content, as understood after Shreya Singhal v. Union of India (2015) as to prevent over-censorship, the court or government orders are necessary (Shreya Singhal v. Union of India, 2015). The The Supreme Court invalidated unarticular Section 66A of the chilling speech, as well as struck down intermediary rules to require judicial review to protect the rights of Article 19(1)(a) of the rights (Shreya Singhal v. Union of India, 2015). Nevertheless, 2021 IT Rules bring on more significant obligations, such as takedowns 36 hours in response to complaints and active surveillance, potentially causing automated over-removal and executive abuse (Electronic Frontier Foundation, 2021). Cases like Super Cassettes Industries Ltd. v. Myspace Inc. also influenced the interpretation of the intermediary obligations by defining what is meant by actual knowledge and due diligence (Super Cassettes Industries Ltd. v. Myspace Inc., n.d.).

US Framework

Communications Decency Act, 230 provides extensive immunity to user-generated content hosting sites, forbidding its liability as publishers and permitting its own regulation without requiring government takedown notices (47 U.S.C. § 230). This is a DMCA style of copyright based on a notice-and-takedown model, which is focused on limiting interference to free speech rather than quick state action (Dara, 2011). Its proponents mention that critics believe it allows harmful content to flourish without restrictions as opposed to the proactive demands in India (Electronic Frontier Foundation, 2021).

EU Model

The E-Commerce Directive differentiates conduit, caching, and hosting intermediaries having horizontal safe harbours, and the actual knowledge and immediate removal without proactive surveillance are required (Directive 2000/31/EC, 2000) in Table 2. This Digital Services Act (2022) introduces transparency and risk assessments of large platforms, but still with notice-based liability, which is more focused on expression and harm reduction compared to India’s grievance timelines (Directive 2000/31/EC, 2000). The regimes of the EU impacted India, yet placed fewer demands on smaller intermediaries (Dara, 2011).

Table 2. Comparative Analysis

Aspect India US EU
Safe Harbour Trigger Court/govt order (post-2015); 36-hr complaints (2021 Rules) Actual knowledge; voluntary moderation Actual knowledge; expeditious action
Proactive Monitoring Mandated for some content Prohibited Generally prohibited; DSA for systemic risks
Chilling Effect Risk High (over-removal observed) Low (broad immunity) Moderate (notice-based)
Judicial Oversight Required for takedown Minimal Case-by-case

The regime in India is more towards state control, which may restrain the excess of digital governance at the cost of expression through intermediary caution, as opposed to the US libertarianism or the EU proportionality (Electronic Frontier Foundation, 2021; Dara, 2011).

3.6.4 International Human Rights Instruments: UDHR and ICCPR Influences

The basic international standards on privacy, as codified in the Universal Declaration of Human Rights (UDHR) and International Covenant on Civil and Political Rights (ICCPR), established international norms on privacy that have influenced the constitutional judicial reasoning of India on digital governance (Universal Declaration of Human Rights, 1948; International Covenant on Civil and Political Rights, 1966). Article 12 of the UDHR (1948) forbids the unreasonable interference with the privacy, family, home, or correspondence, and Article 17 of the ICCPR (1966), which India had ratified in 1979, undergoes the unlawful or unreasonable interference in privacy, which applies to the analogue context, such as surveillance, and to the digital realm, such as data protection (Global privacy protections: Understanding the ICCPR and international conventions, 2025).

Influence on the Indian Privacy Framework

These tools shaped pioneer cases such as the case of People’s Union for Civil Liberties v. Union of India (1997), where the Supreme Court invoked ICCPR Article 17 where the Supreme Court applied ICCPR Article 17 to secure telephone privacy (The right to privacy in India and UN human rights instruments, 2023), and culminated in Puttaswamy v. Union of India (2017), the Court has also made direct reference to UDHR and ICCPR to stress on privacy as an inseparable part of Article 21 (Puttaswamy v. Union of India, 2017; Puttaswamy v. Union of India: Upholding the right to privacy as a fundamental right, 2025). Puttaswamy followed the ICCPR derivatives of proportionality tests (legality, necessity, balancing) to restrict state digital authorities, including Aadhaar biometrics, to fit the Indian law with the international provisions in Article 51(c) of the Constitution (Puttaswamy v. Union of India: Upholding the right to privacy as a fundamental right, 2025). It is an empowerment of individual rights over the mass collection of data and the check of state overreach in digital governance (The right to privacy in India and UN human rights instruments, 2023).

Digital Governance Implications

The Digital Personal Data Protection Act, 2023, was based on post-Puttaswamy, UDHR/ICCPR norms, which require consent and minimization, but in practice, there are still issues with exemptions around surveillance (Global privacy protections: Understanding the ICCPR and international conventions, 2025). On the international level, they strengthen restrictions on state authority and affect the interpretations of the UN Human Rights Committee, which can be applied to the digital ecosystem in India (Universal Declaration of Human Rights, 1948; International Covenant on Civil and Political Rights, 1966).

3.7 Critical Debates and Scholarly Gaps

3.7.1 The Implementation Gap: Law on Paper vs. Practice on the Ground

The legal environment of digital privacy in post-Puttaswamy India offers very powerful security measures, but in practice, it has been found that there is a wide gap between the law and reality (Singh, 2025; The digital right to privacy in India, 2026). Although legislation, such as the Digital Personal Data Protection Act (DPDPA), 2023, requires consent, minimisation, and supervision, enforcement fails because of insufficient infrastructure, general exemptions, and accountability (An empirical evaluation of the implementation challenges of the Digital Personal Data Protection Act, 2024; George, 2025).

Key Discrepancies Identified

Mass surveillance systems like the Central Monitoring System (CMS) and NETRA facilitate the surveillance of masses of data without the supervision of a court, which violates the proportionality test outlined in Puttaswamy although the legal justification of the necessity and balance of such surveillance is a requirement of the law (Puttaswamy v. Union of India (II), n.d.; George, 2025). Section 17 of the DPDPA gives exemptions to the government over national security, and the lack of a national security exception, but the Data Protection Board is not independent, which is also reflected in Aadhaar, where the entitlement to enforce a safeguard and protection guaranteed by the court was constantly evaded (Towards a robust digital data protection regime in India, 2025; Singh, 2025). The recent cases, such as the Pegasus spyware one and the Aadhaar data leaks, reveal weaknesses, and the old laws (e.g., IT Act, Telegraph Act) do not prevent misuse (George, 2025; The digital right to privacy in India, 2026).

Contributing Factors

The institutional gaps are a lack of timely DPDPA regulations, insufficient staffing of regulators, and excessive compliance costs on smaller organizations, which prevent issues of nationwide implementation (An empirical evaluation of the implementation challenges of the Digital Personal Data Protection Act, 2024). Poor digital literacy only worsens the situation, with citizens experiencing difficulties with the consent mechanisms amid unclear actions of the state and non-governmental actors (The digital right to privacy in India, 2026). Relative to the stringent implementation of GDPR, the framework of the Indian setting gives preference to the interests of states, which creates a chilling effect on the freedom of expression without a remedy (Towards a robust digital data protection regime in India, 2025).

Implications for State Power and Rights

This asymmetry allows excessive state authority over digital governance, at the expense of individual rights and a lack of trust in systems such as Aadhaar and NATGRID (Singh, 2025; George, 2025). Reforms require autonomic accountability, reduced exemption, and privacy-by-design incorporation to conform practice with the constitutional boundaries (Puttaswamy v. Union of India (II), n.d.).

3.7.2 Underexplored Areas: AI, Facial Recognition, and Predictive Policing

The poorly studied fields in the constitutional boundaries of digital governance are AI-powered facial recognition and predictive policing, which threaten the Puttaswamy privacy model due to mass surveillance and algorithm bias (Uppal et al., 2026; Digital surveillance and the threat to civil liberties in India, 2024). They increase state authority without proper legislative support and threaten to violate Articles 14, 19, and 21 (AI tools are powering the expansion of state control in India, 2025).

Facial Recognition Challenges

It uses facial recognition technology (FRT) as it allows biometric monitoring in real-time regardless of consent, which does not pass the legality prong of Puttaswamy because there are no specific laws that govern the use of facial recognition technology or the storage of data or audits (Facial recognition technology & fundamental right to privacy: Legal analysis, 2025). Used to police such cities as Delhi and Hyderabad, it runs the risk of function creep, to be used as a tool of detecting crimes, but used to track protests instead, impairing proportionality and informational privacy (Facial recognition technology in India: Socio-legal debates on privacy and human rights, 2025). The direct constitutionality of it has not been decided on yet by the courts, which have created a loophole in its oversight due to the prejudice against minorities (Uppal et al., 2026).

Predictive Policing Issues

An example of predictive policing is the profiling of high-risk individuals or areas, such as in the case of Tamil Nadu and Maharashtra, when the high court considered it unconstitutional as a substitute for probable cause or human supervision (State of Tamil Nadu v. Karthik, 2019; Judicial precedents on predictive policing and profiling, 2025). It poses Article 14 equality issues in the form of the discriminatory algorithm and Article 21 liberty issues in the form of preemptive arrests according to risk scores (Digital surveillance and the threat to civil liberties in India, 2024). The transparency, redress rights, and the additional use of judicial precedents are limited to demands, but the national expansion is not bound by any guidelines (Judicial precedents on predictive policing and profiling, 2025).

Research Gaps and Implications

There are not a lot of empirical studies on FRT accuracy among different Indian groups or the influence of predictive tools on disadvantaged populations, which do not allow conducting proportionality measurement (Facial recognition technology in India: Socio-legal debates on privacy and human rights, 2025). There has not yet been a holistic framework that deals with AI opaqueness or state exemptions to the Digital Personal Data Protection Act, 2023, which calls on the Supreme Court to step in (Uppal et al., 2026; AI tools are powering the expansion of state control in India, 2025). Such spheres require interdisciplinary studies to achieve stability between security and rights in digital governance (Digital surveillance and the threat to civil liberties in India, 2024).

3.7.3 Lack of Comprehensive Doctrinal Analysis on Constitutional Limits

The Indian constitutional thought on digital governance shows a significant lack in the doctrinal analysis, tending to concentrate on the individual rulings such as Puttaswamy or Shreya Singhal without integrating a single model of the boundaries of state power (Iyer, 2026; Yadav & Tyagi, 2026). The recent research points out that the proportionate and privacy tests are commonly explored, but there have been few exceptions about their application to algorithmic governance, surveillance under IT Rules 2021, or DPDP Act exemptions, and executive overreach has been doctrinally unexamined (Algorithmic governance and the future of administrative discretion in India, n.d.). Such fragmentation does not answer the question of how Articles 14, 19, and 21 limit digital state activity, such as content blocking or data localization, in favour of descriptive over prescriptive analysis (Iyer, 2026).

The courts have judicial reactions like in Anuradha Bhasin, where the principles have been stated, but not enforced, emphasizing the lack of comparative doctrinal instruments of EU GDPR or US First Amendment examples suited to India (Yadav & Tyagi, 2026). Opponents focus on regulatory opaqueness in 69A blocking and AI decision-making as undermining accountability in the absence of doctrinal standards of minimal impairment or transparency requirements (Algorithmic governance and the future of administrative discretion in India, n.d.). In turn, there is a lack of theory of digital constitutionalism in the literature, which makes it difficult to establish solid boundaries to state digital power against individual rights (A growing shadow over digital constitutionalism, 2025).

3.7.4 The Need for a Unified Framework for Digital Governance

India’s digital governance landscape features fragmented regulations across ministries and laws, creating overlaps and gaps that undermine constitutional protections for individual rights (Maheshwari, 2025). A unified framework is essential to harmonize state power with privacy and proportionality principles from Puttaswamy (Digital constitutionalism, 2026). This addresses inefficiencies in areas like data protection, cybersecurity, and AI oversight (Maheshwari, 2025).

Fragmentation Challenges

Existing organizations separate duties between ministries like the Communications, Electronics, and Information Technology (MeitY), Information and Broadcasting, which causes confusion in regulation and redundancy of efforts (Maheshwari, 2025). An example is competition regulation in which the Competition Commission of India (CCI) and Telecom Regulatory Authority of India (TRAI) participate, whereas cybersecurity is managed by various agencies (Maheshwari, 2025). This patchwork will slow down innovation, add compliance costs, and invite the possibility of an imbalanced intervention by states in digital space (Protecting India’s digital rights, 2026).

Elements of a Unified Framework

One unified theory might be a 3Cs (Carriage (infrastructure), Content (data flows), and Conduct (regulation)) lens under a single Ministry of Digital Ecosystem (MoDE) and one law, one regulator, and one tribunal (Maheshwari, 2025). It would combine the Digital Personal Data Protection Act (2023) regulations, AI missions, and telecom acts, with the constitutional restrictions, such as privacy under Article 21 and non-arbitrariness under Article 14 (Digital constitutionalism, 2026). Proportionality and accountability of algorithms through independent bodies could be enforced by the autonomous Data Protection Board, which is answerable to Parliament (Protecting India, 2026).

Constitutional Imperative

Digital constitutionalism applies Part III rights to cyberspace, which limits state surveillance and Big Tech through judicially developed standards (Digital constitutionalism, 2026). The fragmented governance demeans dignity and equality, without unification, as is observed in specific challenges such as the forced installation of apps that create consent problems (Protecting India’s digital rights, 2026). One solution can be seen as consistent with the privacy framework presented by Puttaswamy to enable responsible digital public infrastructures and allow Viksit Bharat objectives (Digital constitutionalism, 2026).

 

 

Chapter 4: Conceptual Framework & Legal Analysis

  1. Primary Sources

The research found the binding legal frameworks and authoritative instruments that constituted the constitutional analysis of the digital governance in India.

Constitutional Texts:

The linkage to the present study was the Constitution of India, which was used as the template for analyzing digital rights. Article 21, which provides the Right to Life and Personal Liberty, was understood to extend to the Right to Privacy, and as such, it has also enlarged its boundaries to encompass informational and digital autonomy (Bansal, 2021). The paper looked at the development of constitutional jurisprudence in the development of privacy as an implicit part of dignity and individual freedom in the online realm.

Articles 19(1)(a) and 19(2) were discussed under the analysis as the key articles that regulate the freedom of speech and expression and allowable reasonable limitations by the State. These were investigated within the context of internet censorship, content regulation, and social media regulation, and the tensions of free expression versus state control had become a significant issue (Kaur, 2024; Rasool, 2024).

Moreover, Part III of the Constitution was considered the overall constitutional protection against state intrusion. It was the normative context in which the digital governance measures were evaluated so that any legislative or executive action regarding the rights on the internet was subject to the evaluation of fundamental rights (Biswal, 2023).

Statutes and Legislation:

The digital surveillance and intermediary liability framework in the current analysis comprised the Information Technology Act, 2000, and the Information Technology (Amendment) Act, 2008. Special focus was made on Sections 69, 79, and 84A that explored the area of governmental interception authority, intermediary exemptions, and encryption control (Kumar, 2022; Shrivastava and Kejriwal, 2021; Singh and Agarwal, 2021). Also, the Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021, were examined concerning the implications on freedom of speech and traceability requirement, particularly concerning content management and platform responsibility (Shreya, 2021; Tiwari and Sharma, 2021).

The Digital Personal Data Protection Act, 2023, was pointed out as the largest binding privacy law in India on personal data processing. It was compared with other comparative standards like the General Data Protection Regulation and the Cyber Security Law of the People’s Republic of China that served as a benchmark in determining the strength of the consent standards, data localization standards, and state exemptions (Gupta, 2025; Mukhija and Jaiswal, 2023; Tiwari and Sharma, 2021).

The power of telecommunication and surveillance was further discussed under the Indian Telegraph Act, 1885, and Section 144 of the Code of Criminal Procedure, 1973, which were regularly used to justify the internet blockage and mass surveillance. These laws were examined based on their discretionary terms of application and frequent application to limit access to digital capabilities and communications (Gupta, 2022; Mandal, 2021).

Judicial Precedents:

Privacy rights were upheld in the historical nine-judge bench pronouncement of Justice K.S. Puttaswamy (Retd.) v. Union of India, which made privacy a fundamental right in Article 21 of the Constitution. The case was discussed as a conceptual turning point that changed the perspective between the state surveillance and individual autonomy (Biswal, 2023; Revathi, 2018). In addition to this, the Justice K.S. Puttaswamy (Aadhaar-5J.) v. Union of India (Aadhaar Verdict) was evaluated to determine the constitutional admissibility of massive biometric gathering and the organization of state spying tools (Padmanabhan and Singh, 2019; Sharma, 2022).

The judicial precedents of free speech and regulation of the internet were also questioned. Decisions such as K.A. Abbas v. Union of India and Brij Bhushan v. State of Delhi were examined to track down the historical background of allowable restrictions of expression (Rasool, 2024). The ruling in Kaushal Kishor v. State of U.P. was studied to comprehend the modern understanding of the rights of free speech and state accountability (Ishwaryah, 2023). Also, the internet shutdown measures had been reviewed by means of Modern Dental College and Research Centre v. State of Madhya Pradesh, where proportionality principles were judicially tested (Gupta, 2022).

The international jurisprudence was also deemed to offer comparative lessons on the digital privacy and surveillance standards. Cases such as Soering v. United Kingdom, Roman Zakharov v. Russia, and Biao v. Denmark were considered to understand the meaning of privacy, digital borders, and algorithmic profiling in the context of international human rights law (Sharma, 2025).

Executive Orders and Policy Documents:

Government messages and executive tools were reviewed as an essential expansion of state power in the area of digital government. CERT-In Cyber Security Directions (April 28, 2022) imposed on VPN service providers the entitlement to hold their personal user data within specific time frames, which increases the access of states to digital data (Gupta, 2022; Singh, 2023). Likewise, the Temporary Suspension of Telecom Services (Public Emergency or Public Safety) Rules, 2017 were examined to have the procedural ground of the legally sanctioned shutdowns and temporary suspension of the services.

Guidelines governing data were also assessed critically. India’s Data Accessibility and Use Policy was designed to ease the publication of High-Value Datasets (HVDs) to promote economic growth and innovation, but it was analyzed in terms of the ability to facilitate aggregation of data and monitoring activities on a large scale (Ashish & Anmol, 2023).

Surveillance frameworks at the state level were evaluated using assessments in the form of practices that were regulated by the Punjab Police Rules. These regulations were revisited to comprehend how law enforcement surveillance works and the implications of this surveillance on civil liberties (Luthra, 2015).

  1. Secondary Sources

The secondary sources were used to give critical doctrinal, empirical, and comparative information to put the primary materials into context.

Academic Literature:

The given data included a wide range of peer-reviewed literature that investigated the cyber law, technology regulation, and constitutional governance in India. The ongoing tension between the need to ensure state security and the rights of individuals, primarily the surveillance and the monitoring of the digital sphere, was noted by several academic studies (Luthra, 2015).

Another aspect of the literature that was analyzed was how artificial intelligence is becoming increasingly implicated in criminal justice systems, in particular, the application of algorithmic decision-making and predictive policing applications. These articles highlighted the issues of algorithmic bias, violation of due process, and lack of open accountability regulation (Abhivardhan, 2019).

In addition, comparative scholarly criticisms were conducted against the information technology framework of India in comparison with the global regulatory regimes to determine the structural gaps and inconsistencies of the protection measures regarding data protection, intermediary liability, and state regulation (Tiwari and Sharma, 2021).

Law Commission and Committee Reports:

The efforts of data protection reform were analyzed via essential reports of the committees that determined the legislative path of India. The original Personal Data Protection Bill, 2018, was drafted by the Justice B.N. Srikrishna Committee and examined in terms of its background recommendations on consent, the fiduciary aspect of data, and state exemptions (Hashmi and Ahmad, 2023; Sharma and Panda, 2021). The report was seen as a solemn prelude to the later data protection laws and was appraised on its forward-looking benefits as well as its structural constraints.

The Joint Parliamentary Committee on the Personal Data Protection Bill draft report was also consulted in order to learn the deliberation of the parliament on data governance. It addressed the concerns of the regulation of social media, the responsibility of the intermediary, and the extent of governmental exemption and, therefore, had a profound impact on the outlines of the final law (Surya, 2022).

International Instruments:

Global human rights tools were considered as normative standards in measuring digital governance systems. The Universal Declaration of Human Rights and the International Covenant on Civil and Political Rights were compared in the context of defining the main principles of privacy, dignity, equality, and non-discrimination. These tools were regarded as leadership principles to be used in assessing constitutional safeguards in the realm of the digital world (Revathi, 2018; Sharma, 2025).

The international month rules and regional treaties were also examined to give a comparative jurisprudential background. The human rights convention of Europe and the refugee convention were reviewed to see the changing definitions of privacy, freedom, and international safeguards in technology-mediated practices (Sharma, 2025). As well, the Organisation for Economic Co-operation and Development Privacy Principles was used as a soft-law standard to assess the emerging technology, like facial recognition systems, and data protection and accountability implications (Sengupta and Bang, 2021).

Reports by Civil Society, Think Tanks, and Media Context:

Even though direct publications by organizations like the Electronic Frontier Foundation or Access Now were not included in the dataset directly, similar civil society sources and empirical data sources were analyzed. Specifically, the Transparency Report that Google provides was examined as a factual document that serves as a record of government surveillance requests of user data and post deletions. The report was applied to put patterns of state action on digital platforms in perspective and evaluate trends in the surveillance and censorship practice (Luthra, 2015).

More analytical work was also conducted on investigative disclosures to give an insight into extra-legal and transnational surveillance practices. The NSO Group was investigated into its role in the global Pegasus spyware probe, which represented the argument of the use of technologically advanced surveillance software and was allegedly used against journalists, activists, and political individuals. Likewise, it was in response to revelations produced out of the revelations made by Edward Snowden that the scale of mass surveillance operations and the problematic oversight aspect of intelligence practice were assessed (Kumar, 2022; Mark and Pandey, 2023).Top of Form

Bottom of Form

  1. Method of Analysis

The information gathered through the primary and secondary sources mentioned above was analyzed and evaluated by applying a multi-dimensional analysis framework. This way, the research on the doctrines left the plane of descriptive exposition and advanced to a critique of the constitutional legitimacy of the digital governance in India.

The five approaches to methodology were used in an analytical manner, and each one was applied systematically to evaluate the relationship between constitutional guarantees and the statutory provisions, executive actions, and judicial interpretation.

  1. Hermeneutic Analysis (Statutory and Constitutional Interpretation)

This was used to decode the textual and contextual meaning of legal provisions of digital governance. The study employed the concept of statutory interpretation to ascertain the conformity of the current laws to the constitutional requirement on the mandates and protection of fundamental rights.

Constitutional Interpretation:

The analysis has explained Article 21 (Right to Life and Personal Liberty), considering the change in doctrinal interpretation that was held in Justice K.S. Puttaswamy (Retd.) v. Union of India. The enlarged scope of privacy found in the constitutional jurisprudence was defined and contextualized based on commentary by Bansal (2021) and Biswal (2023). On the same note, Articles 19(1)(a) and 19(2) were hermeneutically examined to determine the limits of freedom of speech and expression in the digital era, using the critical frameworks established by Kaur (2024) and Rasool (2024).

Statutory Scrutiny:

The study was a dissection of ambiguous statutory provisions in the Information Technology Act, 2000 (especially Sections 69, 79, and 84A) and the Indian Telegraph Act, 1885. In line with the criticisms made by Kumar (2022) and Shrivastava and Kejriwal (2021), the notion of national security and such concepts as public order and sovereignty were reviewed to identify whether they offered sufficient legal certainty or excessive discretionary powers to the State.

Policy Interpretation:

The analysis of executive documents, such as the CERT-In Cyber Security Directions and the India Data Accessibility and Use Policy, was examined as not only administrative regulations but also a reflection of the increased state authority in the digital realm. Ashish and Anmol (2023) provided a critical evaluation of these policies in terms of the dangers of mass surveillance and systemic surveillance.

  1. The Proportionality Test

In line with the doctrine change made in Justice K.S. Puttaswamy (Retd.) v. Union of India, the proportionality standard was introduced as the primary judicial application of legalizing rights violations. The Four-Pronged Proportionality Test was used in this dissertation to evaluate specific measures of digital governance recognized in the primary sources.

Legitimate Goal:

The study assessed the existence of a valid and constitutionally permissible state interest in the measures, including the framework of internet shutdown, which is the Temporary Suspension of Telecom Services (Public Emergency or Public Safety) Rules, 2017, and exemptions in the Digital Personal Data Protection Act, 2023. This evaluation was based on the studies given by Gupta (2022) and Mandal (2021).

Suitability:
Using judicial reasoning in Modern Dental College and Research Centre v. State of Madhya Pradesh, the research paper determined the rationality of digital surveillance mechanisms for valid purposes like crime reduction or national security. Here, the technological devices, including the Pegasus spyware, which Kumar (2022) mentions, were also considered as to whether this met the suitability requirement.

Necessity:
The analysis examined the availability of a less restrictive alternative. Specifically, it looked into whether the traceability requirements in the Information Technology (Intermediary Guidelines and Digital Media Ethics Code), 2021, were absolutely required or the encryption protection could have delivered similar regulatory objectives with minimal violation of privacy (Shreya, 2021).

Balancing (Proportionality Stricto Sensu):

Applying Padmanabhan and Singh (2019) to the Justice K.S. Puttaswamy (Aadhaar-5J) v. Union of India judgment, the study, which was based on the case of the Union of India judgment, merged the advantages that the State advocated in its digital delivery of welfare benefits and the potential harm of exclusion, profiling, and surveillance to an individual. This step evaluated the value of societal benefits over the level of violation of rights.

  1. Comparative Legal Analysis

In order to prevent jurisdiction myopia, as well as to find out the best practices, the research compared the constitutional restrictions in India with those of the world as found in the secondary sources.

Data Protection Regimes:

Digital Personal Data Protection Act, 2023 was critically contrasted with the General Data Protection Regulation and the Cyber Security Law of the People of China, referring to the comparative approaches to the methodology developed by Gupta (2025) and Tiwari and Sharma (2021). This comparative study revealed those aspects where the Indian law seemed to be weak in terms of providing strong protection, especially in the sphere of informed consent requirements, data localization requirements, and state exemption restrictions.

Jurisprudential Benchmarking:

Indian judicial precedents, including Kaushal Kishor v. State of U.P., were compared to international jurisprudence, Roman Zakharov v. Russia, and Soering v. United Kingdom (Sharma, 2025). This comparison evaluated the approach of Indian courts to the interpretation of digital privacy and the protection of free speech in comparison with the norms established in the European Convention on Human Rights framework.

Surveillance Oversight:

The controls and checks and balances of the Indian system, such as the styles of the Punjab Police Rules (Luthra, 2015), were contrasted with the privacy protection principles of the Organisation for Economic Co-operation and Development Privacy Principles (Sengupta and Bang, 2021). This analysis considered the question of whether there were sufficient institutional constraints on the law enforcement agencies to limit any arbitrary or disproportionate surveillance practices.

  1. Gap Analysis (Lacunae Identification)

This approach entailed charting the fast-paced technology development versus the comparatively stable constitution text and the current legislation in a bid to discover regulatory gaps and structural loopholes in the Indian digital governance system.

Technology vs. Law:

The study identified the lack of relationship between the emerging technologies, including artificial intelligence, facial recognition systems, and predictive policing, and relatively old statutory patterns like the Information Technology Act, 2000. Based on the contributions of Abhivardhan (2019), the discussion has illustrated how the mechanisms of algorithmic policing revealed gaps in the current provisions of the law, especially in the areas of algorithmic bias, transparency, and procedural due process protections.

Extra-Legal Surveillance:

The research, based on investigative revelations, such as the Pegasus spyware inquiry of the NSO Group and the disclosures of Edward Snowden, found various spheres in which the practices of state surveillance seemed to exist outside of clear statutory empowerment or adequate judicial supervision (Mark & Pandey, 2023). The disclosures were examined to demonstrate structural weaknesses in accountable mechanisms.

Remedial Deficits:

The discussion was whether any remedy under Part III of the Constitution of India was adequate to deal with any digital harms occasioned by mass data collection, profiling, and surveillance. The Justice B.N. Srikrishna Committee Report was referred to identify areas where legislation drafts lacked decisive protection of certain rights or offered insufficient measures to rectify (Hashmi and Ahmad, 2023).

  1. Chapterization Logic

The analysis was thematically organized so that there was a logical flow of the constitutional theory to the practical application and the recommendations for reforms. The dissertation was structured in a thematic axis that is linked together to give doctrinal consistency and analytical clarity.

Conceptual Framework:

The paper has introduced Digital Governance and Constitutionalism as the basis of the discussion, which is a derivative of Article 21 of the Constitution of India and its interpretive broadening in Part III of the Constitution of India. It was an area that laid the normative bases of the jurisprudence of digital rights (Biswal, 2023).

The Power Axis:

The study then analysed the powers of State surveillance and data collection, specifically the Information Technology Act, 2000, the Information Technology (Amendment) Act, 2008, the Indian Telegraph Act, 1885, and CERT-In Cyber Security Directions. These tools were examined to see how the executive power in the area of digital regulation is structurally expanded (Singh, 2023).

The Rights Axis:

The dissertation then reviewed the aspects of privacy, freedom of speech, and due process, based on Article 19 jurisprudence and the Digital Personal Data Protection Act, 2023. In this section, the interrelation of the statutory frameworks and the constitutional guarantees was assessed (Mukhija and Jaiswal, 2023).

Judicial Response:

These constitutional and statutory restrictions were then judicially construed with major cases like Justice K.S. Puttaswamy (Retd.) v. Union of India, Justice K.S. Puttaswamy (Aadhaar-5J.) v. Union of India, and Kaushal Kishor v. State of U.P. Such cases were examined to determine the understanding and the application of constitutional protections in the digital age by the courts (Ishwaryah, 2023).

Lastly, the research suggested a constitutional approach to the digital future based on Law Commission reports and the discussions of the Joint Parliamentary Committee of the Personal Data Protection Bill (Surya, 2022). General Data Protection Regulation and International Covenant on Civil and Political Rights were also used as comparative sources to inform the recommendations related to the reforms in accordance with the international human rights standards (Revathi, 2018).

 

 

 

Chapter 5: Discussion

The main aim of the research was to critically assess the constitutionality of the digital governance systems in India, namely, to check the tension between the increase of state power and the safeguarded individual rights. A doctrinal examination of primary legislative tools and secondary legal commentary was used to find out whether the current statutory tools and executive practices complied with the fundamental rights guarantees under Part III of the Constitution. The study sought to establish regulatory loopholes and suggest a constitutionally viable framework that will address the needs of national security and civil liberties in a balanced way by using such methods as hermeneutic analysis and the proportionality test.

As it was found, whereas the Constitution has solid safeguards in Article 21 and Article 19, the regulatory processes of digital governance did not tend to adequately address these constitutional provisions. Critical observations revealed that such laws as the Information Technology Act, 2000, and the Indian Telegraph Act, 1885, had such ambiguous clauses as the national security and the public order that put the discretionary powers into the hands of the state too much. As a result, internet blocks and massive surveillance were often adopted without sufficient procedural protections or judicial supervision, thus violating the proportionality principle, as provided in Justice K.S. Puttaswamy (Retd.). v. Union of India.

In addition, the research established a significant gap between the high rate of technological change and the lack of flexibility of current laws. New technologies like algorithmic policing, facial recognition, and predictive analytics worked in regulatory gaps and, in many cases, were not subject to due process. The Digital Personal Data Protection Act, 2023, was analyzed, and it was noted that, although it created a benchmark on data privacy, there are broad exemptions by the government, and weak enforcement mechanisms restricted its effectiveness in curbing state monitoring. Therefore, it was discovered that the legal system was both technologically outdated and institutionally insufficient to bind the digital state power in any significant way.

These results were consistent with the intellectual community concerning the growth of privacy rights. The Article 21 interpretation of informational privacy was in line with the doctrinal change observed by Bansal (2021) and Biswal (2023), according to whom digital autonomy is part and parcel of human dignity. The focus of the study on the Puttaswamy decision as a game changer supported the opinion that any intrusion by the state in digital privacy must meet stringent constitutional review. This supported the thesis that privacy is not just a common law privilege, but it is a fundamental assurance that prevents data aggregation practices by the state.

In the context of the freedom of expression, the findings were similar to the claims made by Kaur (2024) and Rasool (2024), who failed to clarify the chilling effect of ambiguous censorship legislation on online expression. The discussion on intermediary liability under Section 79 of the IT Act was reminiscent of Shreya (2021), who cautioned that the end-to-end encryption would be jeopardized by the traceability requirement. Moreover, the discovery of overbroad restraints reflected the anxieties expressed by Kumar (2022) of the application of cyber-law tools to censor dissent in the name of security, which confirmed that the language in the statute was inadequate in the accuracy demanded in Article 19(2).

The literature provided on the security imperatives supported the observations made in the study regarding surveillance mechanisms. The everyday use of the Telegraph Act and Section 144 CrPC to legitimize the state’s imposition of internet blocks had been previously reported by Gupta (2022) and Mandal (2021), and this finding justified the conclusion that the statutes that were used in colonial times to control people were being reused to control the internet. Also, the analysis of the state-level regulations, including the Punjab Police Rules, contributed to the claim made by Luthra (2015) that surveillance systems at the operational level did not have an open overview. This was an affirmation that the executive orders, like the CERT-In Directions, were in fact extensions of state authority, which lacked adequate legislative support.

Lastly, the specified regulatory gaps were in line with the comparative studies that were carried out by Tiwari and Sharma (2021) and Gupta (2025). Their article illuminated the fact that the data protection rule in India was outdated when compared to other international regulations, such as the GDPR, especially with regard to agreement and the localization of data. The results of the study regarding algorithmic bias reflected the work of Abhivardhan (2019), who highlighted the danger of due process in relation to predictive policing. These academic views unanimously confirmed the finding that the absence of a coherent cross-sectoral framework would result in a divided digital governance, which is easily violated.

Although there were these contributions, the study had some limitations that were caused by its doctrinal design. The study failed to provide empirical information on the lived experience of citizens who experience a digital right infringement, as it solely sought empirical data based on published legal texts, such as case law, statutes, and secondary commentary. The validity of the analysis was limited by access to the written judicial grounds and formal government announcements, which are not always an accurate representation of the loopholes in implementation or even the unofficial rules of enforcement agencies in the field.

Moreover, the dynamic character of the law was a challenge to the legal analysis, as it was not dynamic. The appearance of new technologies like generative artificial intelligence and deepfakes was outpacing the legislative process, which implied that specific findings were founded on the legal principle of the day, utilized on new technologies, but not on established jurisprudence. Also, although investigative revelations, including that of the Pegasus spyware, were examined, due to the extralegal character of such surveillance, broad information regarding the extent to which the state was intrusive was not entirely visible. These shortcomings were alleviated using reports on civil societies and parliamentary committees, but they also emphasize the necessity of an empirical study in the future to supplement doctrine results.

 

 

Chapter 6: Conclusion and Recommendations

The dissertation concludes that even though the Constitution of India, especially Articles 21 and 19, offers a very solid normative framework of digital rights, the current statutory architecture is still not aligned with these constitutional provisions. In the analysis, it is proven that such tools as the Information Technology Act, 2000, and the Digital Personal Data Protection Act, 2023, usually leave too much discretionary power in the hands of the state. By applying the proportionality test, it became clear that actions like internet restrictions and widespread surveillance requirements more often than not prove ineffective in meeting the necessity and balancing tests by focusing on security needs and not addressing the freedom of individuals. Through the hermeneutic analysis, it was found that vague statutory words such as national security and sovereignty are often used as a way of avoiding fundamental rights questioning to allow state authority to work without any restraint to do so.

Additionally, the judicial reaction, which is transformative in Justice K.S. Puttaswamy (Retd.) v. Union of India, is not an exception. The executive has been irregular in the application of the Union of India. The gap analysis has shown that there are significant gaps in which new technologies, such as artificial intelligence and predictive policing, are not covered by the outdated laws. The current digital surveillance relies on the outdated colonial laws, such as the Telegraph Act of 1885, which highlights an obsolescence in regulation that is predisposed to opaque algorithmic decision-making and extra-legal surveillance, as the sustained investigative revelations around technologies such as Pegasus show. There is, therefore, a gap in the present system to defend the rights to privacy, free speech, and due process against the extensive domain of digital governance.

In order to balance state power and individual rights, the new legislation should be more focused on the clarity of the statutes and institutional autonomy. Information Technology Act needs to be amended in detail to exchange ambiguous concepts, such as the concept of public order, with strictly determined norms to be reviewed by the court in advance. Also, the Data Protection Authority should be made a self-governing regulatory body without executive interference to facilitate the imposition of the consent requirements and restrict state exemptions under the DPDPA, 2023.

Inspired by the experience of the GDPR, it is argued that effective data localization and purpose limitation provisions are necessary to ensure that state data aggregation does not creep towards additional functions. The proportionality test also must be codified in the legislative frameworks so that any limitation on the rights over the digital content can be proven as being necessary and the least restrictive alternative. Lastly, the procedural due process must be incorporated into the system of digital governance to prevent unreasonable state action. The citizens should be given the right of notice and appeal on decisions made depending on data, which should be enforceable, especially in welfare delivery and content moderation, where the possibilities of being left out are very high. The frameworks in the future must require transparency and algorithmic audits as a way of dealing with bias and accountability in automated systems to address the gaps observed in the gap analysis of AI and predictive policing. Further, by building upon the proportionality standard as the foundation of digital governance and enhancing remedial mechanisms, India can create a constitutional digital future where technology is in the service and not against democracy, a constitutional digital future comprising the fundamental rights of privacy, free speech, and equality.

 

 

Thank you for read our Dissertations

I hope this Dissertations is helpful to you, if you have any question feel free Call / WhatsApp: +91.9830529298 || Email: dissertationshelp4u@gmail.com

 

 

 

 

 

#ConstitutionalLaw, #DigitalGovernance, #DataPrivacy, #IndividualRights, #TechPolicy, #CyberLaw, #StatePower, #CivilLiberties, #DigitalDemocracy, #LegalTech, #LLB