Encryption enhances privacy and cybersecurity and contributes to the growth of the digital economy. India is the second largest online market in the world and yet still lacks a comprehensive data protection law and a conductive regulatory approach towards encryption. Recent developments, particularly the 2021 Intermediary Guidelines, indicate the state adopting an approach aiming to restrict use of encryption, providing wide leeway for surveillance and introduce traceability.
The ‘Right to Privacy’ was first formulated in India in 2017, in the landmark Puttaswamy judgment by the Supreme Court. This imposes constitutional limitations on the scope of state intrusion into individual privacy.
This article critically examines three decades of the regulatory approach in India towards encryption and the expectations post the Puttaswamy judgment, the 2021 Intermediary Guidelines and the upcoming Data Protection Law. It examines whether a right to encryption can be said to exist in India and analyses various facets of the global encryption debate in the Indian context.
Global Privacy Law Review