Invasion of Privacy as a Tort (Article 21 – Puttaswamy Case)

Abstract

The recognition of the right to privacy as a fundamental right under Article 21 of the Constitution of India by the Supreme Court in Justice K.S. Puttaswamy (Retd.) vs Union of India (2017) marked a watershed moment in Indian jurisprudence. This landmark judgment did not merely affirm a constitutional guarantee; it acted as a catalytic converter for the evolution of civil law, explicitly mandating the development of a common law tort of invasion of privacy. Prior to Puttaswamy, Indian law offered fragmented protection against privacy invasions through statutes like the Information Technology Act, 2000, or via tangential actions in trespass, defamation, or breach of confidence. There was no unified, principled tort addressing the multifaceted nature of privacy harms. This article provides a detailed examination of the jurisprudential journey leading to the Puttaswamy verdict, an analysis of the opinion’s core reasoning that necessitates the creation of this tort, and the subsequent judicial and scholarly developments in fleshing out its contours. It explores the essential elements of the tort, potential defences, the nature of remedies, and the challenges in its application in an increasingly digital society. The article concludes that the judicial creation of this tort is not just a legal necessity but a societal imperative to protect individual autonomy and dignity against both state and non-state actors in the 21st century.

Introduction

Privacy, in its simplest essence, is the right to be let alone. However, in a complex, interconnected world, this definition expands to encompass control over personal information, bodily integrity, autonomy in personal decisions, and protection from unwarranted intrusions into one’s personal space, physical or virtual. For decades in India, the right to privacy existed in a penumbral zone—inferred but not explicitly recognised, contested by the state, and inconsistently protected by courts. The legal remedies available to a person whose privacy was violated were scattered, often inadequate, and rooted in legal frameworks designed for different purposes.

The nine-judge bench unanimous verdict in Justice K.S. Puttaswamy (Retd.) vs Union of India irrevocably changed this landscape. The court held definitively that the right to privacy is an intrinsic part of the right to life and personal liberty under Article 21, and an inherent facet of the fundamental freedoms guaranteed by Part III of the Constitution. This constitutional declaration had an immediate and profound implication for civil law: if privacy is a fundamental right, its violation by any entity, private or public, must entail an actionable claim for damages. The court explicitly noted that the civil law in India must evolve to recognize a tort of invasion of privacy, providing remedies for unauthorized intrusion into a person’s private affairs.

This article delves into the intricate details of this development. It begins by tracing the pre-Puttaswamy legal position, highlighting the gaps in protection. It then provides a comprehensive analysis of the Puttaswamy judgment itself, focusing on the reasoning that lays the foundation for the tort. Following this, the article constructs the potential architecture of the tort of invasion of privacy in India, drawing from comparative common law (particularly from the United States and the United Kingdom), obiter dicta from Indian judgments, and scholarly work. It will examine the different forms of privacy invasion (intrusion upon seclusion, public disclosure of private facts, false light, and appropriation of likeness), the elements to be proven, applicable defences, and the range of remedies. Finally, the article addresses contemporary challenges, including digital privacy, data breaches, and the intersection with statutory laws, arguing for a harmonious and robust interpretation to give true effect to the constitutional promise of Puttaswamy.

Part I: The Pre-Puttaswamy Landscape – Privacy in a Fragmented Mosaic

Before the constitutional bedrock was laid in 2017, the protection of privacy in India was a patchwork of statutory provisions and common law actions that indirectly addressed privacy concerns.

» Statutory Provisions: Certain statutes provided specific, situation-based privacy protections.

» The Indian Penal Code, 1860: Sections like 509 (word, gesture or act intended to insult the modesty of a woman) offered limited protection, primarily focused on sexual harassment or outraging modesty rather than a broad right to privacy.

» The Code of Criminal Procedure, 1973: Sections 91 to 101 and others regulate search and seizure, providing procedural safeguards against arbitrary state intrusion into homes.

» The Information Technology Act, 2000: This was the most significant pre-Puttaswamy legislation concerning informational privacy. Section 43A provided for compensation for failure to protect sensitive personal data. Section 66E punished violation of bodily privacy (capturing private images). Section 72 addressed breach of confidentiality and privacy. However, these were narrowly crafted and did not encompass the full spectrum of privacy harms.

» The Copyright Act, 1957: Protected against the unauthorized use of a person’s photograph or portrait for commercial gain under certain circumstances.

» Common Law Actions: Individuals often had to fit their privacy grievance into existing torts, which were imperfect fits.

» Defamation: If a private fact disclosed was also false and damaging to reputation, an action for defamation could lie. However, the disclosure of true private facts, which can be equally devastating, fell outside the scope of defamation.

» Breach of Confidence: If private information was shared in a confidential relationship (e.g., doctor-patient, lawyer-client) and then disclosed, this action was available. It failed, however, when the information was obtained without any pre-existing relationship of confidence, such as by a stranger through hacking or surreptitious recording.

» Trespass to Land/Goods: Physical intrusion into one’s property could be challenged, but this did not cover intangible intrusions like eavesdropping from outside the boundary or cyber-intrusion.

» Negligence: In rare cases, a duty of care could be argued for safeguarding personal data, but this was an underdeveloped and uncertain path.

This fragmented approach left significant lacunae. There was no clear remedy for a neighbour who constantly spies into one’s bedroom with a telescope, for a media outlet that publishes deeply embarrassing but true medical records of a public figure, or for an ex-partner who threatens to disseminate intimate images (where the threat itself is the harm). The law was reactive, compartmentalized, and failed to recognize privacy as an independent legal interest worthy of protection in itself.

Part II: The Puttaswamy Judgment – The Constitutional Big Bang

The case arose as a challenge to the constitutional validity of the Aadhaar biometric identity project. To adjudicate on Aadhaar, the Court first had to settle the foundational question: Is there a fundamental right to privacy under the Indian Constitution? This required re-examining two older bench decisions (M.P. Sharma vs Satish Chandra (1954) and Kharak Singh vs State of Uttar Pradesh (1962)) which had held, in the context of search and seizure and surveillance respectively, that privacy was not a guaranteed right.

The nine-judge bench’s unanimous decision was a monumental exercise in constitutional interpretation. Key facets of the judgment that directly inform the creation of a tort are:

» Privacy as an Inalienable Fundamental Right: The court authoritatively overruled the portions of M.P. Sharma and Kharak Singh that denied privacy as a right. It held privacy to be an intrinsic and inseparable part of Article 21 (“life” and “personal liberty”) and also arising from the guarantees of freedom of speech (Article 19(1)(a)), freedom of movement (Article 19(1)(d)), and the right against self-incrimination (Article 20(3)). Privacy was declared to be a natural, inalienable right, essential for the exercise of other freedoms and for the preservation of human dignity.

» The Multidimensional Nature of Privacy: The court rejected a monolithic definition. It endorsed a pluralistic understanding, recognizing several overlapping zones of privacy:

» Spatial Privacy: Protection of physical spaces like the home from intrusion.

» Informational Privacy: Control over the collection, use, and dissemination of one’s personal data.

» Decisional Privacy: Autonomy over intimate personal choices (relating to marriage, procreation, sexual orientation, etc.).

» Bodily Privacy: Integrity and autonomy over one’s own body.

» The Horizontal Application (Drittwirkung): Crucially, the court emphasized that fundamental rights are not merely negative rights against the state but also permeate the fabric of civil society. While discussing the role of privacy in tort law, the judgment (particularly in the opinion of Justice Nariman) noted that the constitutional recognition of privacy would “inform” and “reshape” common law. It explicitly stated that the courts must evolve the law on torts to provide an actionable claim for damages for unlawful invasion of privacy. This provided the direct mandate for lower courts and future benches to develop this new civil wrong.

» Privacy is Not Absolute, but Invasions Must Pass a Test: The court held that like other fundamental rights, privacy is not absolute. The state can impose reasonable restrictions. However, any invasion (whether by the state or, by implication, a private actor seeking a defence) must satisfy a three-fold test: (i) it must be backed by law; (ii) it must pursue a legitimate state aim (like national security, prevention of crime, etc.); and (iii) it must be proportionate—the invasion must be necessary and the least restrictive means to achieve the aim. This proportionality standard provides a framework for evaluating defences in tort cases.

In essence, Puttaswamy did not create a new right from scratch but unveiled an existing constitutional truth. By doing so, it created an imperative for the legal system to furnish effective remedies for its violation across all domains of law, including private law of torts.

Part III: Constructing the Tort of Invasion of Privacy – Elements, Forms, and Defences

Post-Puttaswamy, the task for courts and scholars is to give concrete shape to this tort. Drawing from comparative law and emerging Indian cases, the following architecture can be envisaged.

A. General Elements of the Tort:

For a successful claim of invasion of privacy, a plaintiff would generally need to establish:

» A Reasonable Expectation of Privacy: The claimant must show that in the given situation, society would recognize their expectation of privacy as objectively reasonable. This is a context-specific inquiry. One has a high expectation of privacy inside one’s bedroom, but a lower one in a public park.

» An Act of Intrusion or Disclosure by the Defendant: This is the core wrongful act. It could be physical intrusion, surveillance, unauthorized collection or disclosure of information, etc.

» The Intrusion/Disclosure would be Highly Offensive to a Reasonable Person: This is the key standard to distinguish trivial annoyances from actionable invasions. It filters out claims based on undue sensitivity.

» Causation and Harm: The plaintiff must show that the defendant’s act caused the violation. Importantly, harm in privacy torts can be intangible—emotional distress, mental anguish, anxiety, and injury to feelings. Proof of economic loss is not mandatory.

B. Specific Forms of the Tort (following the widely accepted American Restatement framework):

» Intrusion upon Seclusion or Solitude: This covers intentional, physically or technologically mediated intrusion into a private place, affair, or matter.

» Examples: Secretly installing CCTV in a changing room; hacking into a personal email account; persistent telephonic harassment; peeping through windows.

» Indian Application: In R. Rajagopal vs State of T.N. (1994), the SC had already recognized that a citizen has a right to be free from unauthorized intrusions into their privacy. Post-Puttaswamy, cases involving stalkers, voyeurs, or unauthorized data scraping would squarely fall here.

» Public Disclosure of Private Facts: This involves the widespread dissemination of true, but highly private, information that is not of legitimate public concern and which would be offensive to a reasonable person.

» Elements: (a) Disclosure is public (to a large number of people, not just one person); (b) The facts disclosed are private (not already public); (c) The matter publicized would be highly offensive to a reasonable person; (d) It is not of legitimate public concern (i.e., it is not newsworthy).

» Examples: Publishing details of an individual’s sexual orientation, medical history, or financial debts without consent, where the person is not a public figure in a relevant context.

» Defence: The primary defence is newsworthiness or public interest. Balancing privacy with Article 19(1)(a) rights of the media is critical here. The R. Rajagopal case had held that a public figure’s privacy is narrower, but even they can claim protection for aspects of life unrelated to their public role.

» False Light Privacy: This involves publicity that places a person in a false light in the public eye, which would be highly offensive. It differs from defamation in that the focus is not on damage to reputation per se, but on the offense caused by the distortion or fictionalization.

» Example: Using a person’s photograph to illustrate an article about substance abuse, implying they are an addict, when they are not.

» Note: This tort is closely related to defamation and Indian courts may initially be cautious in adopting it distinctly, often preferring to address such claims under defamation law.

» Appropriation of Name or Likeness: Unauthorized use of a person’s identity, name, image, or likeness for commercial or other exploitative benefits.

» Examples: Using a celebrity’s photograph in an advertisement without permission; creating a deepfake video for commercial gain.

» Indian Application: This has statutory recognition under the Copyright Act for photographs. The tort would expand this to non-photographic uses and for non-celebrities, protecting against the commercial misappropriation of one’s persona.

C. Potential Defences:

A defendant in a privacy tort action may plead:

» Consent: Express or implied consent of the plaintiff is a complete defence.

» Lawful Authority: Acts done under statutory or judicial authority (e.g., a valid search warrant, lawful surveillance as per procedure).

» Public Interest/Newsworthiness: For disclosure-based torts, if the information is of legitimate concern to the public, especially concerning public officials or figures, it may be protected. The test is one of proportionality and relevance.

» Incidental Use: Minor, non-exploitative use of someone’s image in a crowd scene or background of a film.

» Truth (for Intrusion & Appropriation): Truth is not a defence to intrusion (the wrong is the prying itself) or appropriation (the wrong is the unauthorized use). It is primarily a defence in defamation and is irrelevant to the disclosure of true private facts tort, where the very truth is the problem.

Part IV: Judicial Developments and Remedies Post-Puttaswamy

Since 2017, Indian courts have begun to actively employ the Puttaswamy mandate to grant relief in privacy cases.

» Interim Injunctions: Courts have readily granted injunctions to prevent imminent invasions of privacy, such as restraining the publication of private photographs or videos (e.g., in cases involving intimate images or “revenge porn”).

» Compensatory Damages: The primary remedy is monetary compensation for the distress, humiliation, and mental suffering caused. Indian courts are quantifying damages based on the gravity of the intrusion, the status of the parties, and the manner of violation. For instance, in 2021, the Delhi High Court, in a case involving the unauthorized publication of a woman’s personal details, awarded significant damages recognizing the tort of invasion of privacy.

» Exemplary/Punitive Damages: In cases of egregious, malicious, or profit-driven invasions, courts may award punitive damages to deter the defendant and others from similar conduct.

» Declaratory Relief and Apology: Courts may declare that the defendant’s actions constituted an invasion of privacy and order a public apology.

» Destruction of Material: Orders for the deletion/destruction of private data, images, or recordings obtained or held by the defendant.

The development is still nascent and inconsistent. Some courts boldly apply the new tort, while others revert to older statutory provisions. However, the trajectory is unmistakably towards consolidation.

Part V: Contemporary Challenges and the Road Ahead

The digital age presents novel challenges for the tort of invasion of privacy:

» Data Breaches and Cyber-Intrusion: When a corporation negligently allows a data breach exposing millions of customers’ personal data, does each individual have a tort claim? Establishing causation and “offensiveness” in mass-scale, impersonal breaches is complex. Class-action suits may be needed.

» Intermediary Liability: To what extent are platforms like social media sites or search engines liable for privacy-invasive content posted by users? The tort principles must interface with the “safe harbour” provisions of the IT Act (Section 79).

» Convergence with Statutory Law: India is on the verge of enacting a comprehensive data protection law (the Digital Personal Data Protection Act, 2023). The tort and the statute will coexist. The tort will cover harms beyond data protection (like intrusion into solitude), while the statute will provide a specific regulatory framework for data processing. The tort can provide a residual remedy for violations even of the statutory standards.

» Technological Neutrality: The principles of the tort (intrusion, offensiveness, reasonable expectation) must be applied technology-neutrally to cover evolving methods from spyware to facial recognition misuse to AI-driven profiling.

Conclusion

The recognition of invasion of privacy as a tort in India is a direct and necessary consequence of its elevation to a fundamental right in Puttaswamy. It represents the democratization of a constitutional value, making it enforceable not just vertically against the state but horizontally against powerful private entities and individuals. The tort fills a critical gap in the legal system, providing a tailored remedy for the unique harm of having one’s private realm violated. While the precise doctrinal boundaries are still being drawn by courts, the foundational pillars are firmly in place: the protection of human dignity, autonomy, and the right to a private self.

The journey from Puttaswamy to a mature, consistently applied tort law will require continued judicial craftsmanship, scholarly engagement, and legislative synergy. It demands a sensitive balancing of competing rights—privacy with free speech, with security, and with technological innovation. Nevertheless, this evolution is imperative. In an era of ubiquitous surveillance, data commodification, and digital exposure, the tort of invasion of privacy stands as a vital civil law bulwark, empowering individuals to seek redress and affirming the fundamental truth that every person, in the words of the Puttaswamy court, has an “inviolable zone” of life that must be protected from unwarranted intrusion. The development of this tort is thus not merely a legal technicality; it is the ongoing realization of the constitutional promise of a life of liberty with dignity.

Here are some questions and answers on the topic:

1. Question: What was the central legal question addressed by the Supreme Court in the Justice K.S. Puttaswamy (Retd.) vs Union of India case, and what was its historic holding?

Answer: The central legal question before the Supreme Court was whether the Constitution of India guarantees a fundamental right to privacy. This was a foundational question that needed to be settled by a larger bench before adjudicating on the specific challenge to the Aadhaar scheme. The Court's historic and unanimous holding was that the right to privacy is indeed a fundamental right. It is intrinsic to the right to life and personal liberty under Article 21, and is also inherent in the freedoms guaranteed by other fundamental rights like freedom of speech and movement. The Court explicitly overruled its own previous judgments in M.P. Sharma and Kharak Singh to the extent they held that privacy was not a protected right under the Constitution.

2. Question: How did the Puttaswamy judgment transform the legal remedies available for a person whose privacy has been violated by another private individual or entity?

Answer: Prior to the Puttaswamy judgment, an individual whose privacy was invaded had to rely on a patchwork of indirect legal remedies, such as filing a suit for defamation, breach of confidence, or trespass, or seeking relief under specific statutes like the Information Technology Act. These actions often did not fully address the core harm of privacy invasion itself. The Puttaswamy judgment fundamentally transformed this by mandating the development of a direct and independent civil wrong. It held that since privacy is now a fundamental right, the common law must evolve to recognize a specific tort of invasion of privacy. This provides a direct cause of action where the plaintiff can sue specifically for the violation of their privacy, claim compensation for emotional distress and mental anguish, and seek remedies like injunction and damages tailored to the privacy harm suffered.

3. Question: Explain the concept of "horizontal application" of fundamental rights as established in Puttaswamy and its significance for tort law.

Answer: The "horizontal application" of fundamental rights, also known as Drittwirkung, refers to the principle that these constitutional rights are not merely enforceable against the state (vertical application) but also permeate and regulate legal relationships between private individuals and entities. In the Puttaswamy judgment, the Supreme Court affirmed this principle for the right to privacy. The significance for tort law is profound. It means the constitutional value of privacy must "inform" and "reshape" private law. Consequently, courts are under a constitutional obligation to develop common law principles, including the law of torts, to provide an effective remedy for violations of privacy committed by private parties like corporations, media houses, or individuals. This bridges the gap between constitutional promise and civil remedy.

4. Question: Describe the tort of "Public Disclosure of Private Facts" as it would be understood post-Puttaswamy. What is the key defence available against such a claim?

Answer: The tort of "Public Disclosure of Private Facts" involves the widespread publication of true, but highly private, information about an individual that is not of legitimate concern to the public and the disclosure of which would be highly offensive to a reasonable person. For example, publishing someone's medical records, sexual history, or details of a traumatic personal family crisis without consent could constitute this tort. The key element is that the facts are genuinely private and their disclosure causes offense by violating societal norms of decency. The primary defence available against such a claim is that of public interest or newsworthiness. If the defendant can demonstrate that the disclosed private facts were of legitimate concern to the public, especially if the plaintiff is a public figure and the information relates to their public role or conduct, the disclosure may be protected. This defence requires a careful balancing act between the right to privacy under Article 21 and the right to freedom of speech and expression under Article 19(1)(a).

5. Question: What are the major contemporary challenges in applying the newly recognized tort of invasion of privacy in the digital age, post-Puttaswamy?

Answer: Applying the tort of invasion of privacy in the digital age presents several major challenges. First, addressing mass data breaches where a corporation's negligence leads to the exposure of millions of users' personal data; establishing individual harm and causation in such impersonal, large-scale events is complex. Second, determining the liability of online intermediaries like social media platforms for privacy-invasive content posted by users requires reconciling tort principles with the statutory "safe harbour" immunities under the IT Act. Third, the tort must be applied in a technology-neutral manner to cover novel intrusions like misuse of facial recognition technology, deepfakes, AI-driven profiling, and persistent online tracking. Finally, there is the challenge of convergence, where the common law tort must operate in harmony with upcoming comprehensive data protection statutes, with the tort providing a residual civil remedy for harms that may not be fully addressed by regulatory frameworks.

Disclaimer: The content shared in this blog is intended solely for general informational and educational purposes. It provides only a basic understanding of the subject and should not be considered as professional legal advice. For specific guidance or in-depth legal assistance, readers are strongly advised to consult a qualified legal professional.