ABSTRACT
1Justice Louie Brandise was famous for saying in his article “THE RIGHT TO PRIVACY” (1890) that privacy is a right that could be summed up in six words, “the right to be let alone”. The right to privacy is crucial in the digital age because it protects individual’s data and information from misuse and exploitation. With the vast amount of data generated online, privacy ensures that sensitive data, such as financial details and personal communications, remains confidential. It protects attributes that can identify a person, such as their name, photograph, voice, signature, likeness, or any distinctive characteristics that can be harmed. But it is unclear whether the right to privacy continues to exist after an individual’s passing. A man dies, but leaves behind troves of his online assets from personal images to financial records and medical records, which are essential to protect the data and private information of the deceased, as it can result in a violation of the dignity and moral values of the deceased and its family members. The age of Artificial Intelligence and digital advancement has led to an increase in a vast amount of personal data and information stored in social media platforms, due to which there are high chances that the data stored can be violated and intrused by someone, so it become necessary to make proper legal provisions to protect the personal information of an individual both while alive and after death. Though there are provisions like the Digital Data Protection Act, 2023 and right to privacy as included in article 21 after the K.S.Puttaswamy judgment to protect the privacy rights of the people while they are alive, but the rights for the deceased person are silent till now. The privacy right being a personal right dies with the person. This is based on the legal latin maxim called actio personalis moritur cum persona (a personal right of action dies with the person). There is a lack of legal and definite definition and provision that how the digital assets and personal information of a deceased can be handled after their death. The recent cases on this subject has also raised the question of whether such rights continue to survive after an individual’s death. The objective of this paper is to analyse the importance of the posthumous right to privacy and the impact of digital assets after death. This paper has adopted the doctrinal as well qualitative method of research. It had also suggested the concern about how the data should be managed after the death of a person, to whom it should be made and handled as a legal heir. The study also compares the privacy rights between different countries like UK, USA and Germany along with the constitutional foundation of privacy in India.
Keywords: posthumous privacy, digital assets, digital footprint, deceased, DPDP Act, Article 21, succession.
Introduction
Privacy is the state of being alone and keeping one’s personal and digital data confidential. In India, the right to privacy has become an essential asset of individuals’ liberty, dignity, and autonomy. With the rapid advancement of technology, protecting our data from unwarranted surveillance has become increasingly essential. India has the second-largest number of Internet users after China around world. According to data from 2024, the number of internet users in India are 460 million from which 227 million are from rural areas and 205 million are from urban areas. Thus, a huge amount of personal information of a person is going beyond the invisible world of the digital world, which is still unimaginable that what would happen with it. People share their intimate data and personal information in various social media platforms as well as clouds, e-mails. In an age where personal identity, memories, emotions, and intellectual property are digitally preserved, the question is no longer whether the deceased have a right to privacy—but how that right should be protected and enforced. Therefore it become necessary to protect their privacy rights in order to prevent from exploitation and intrusion. Although privacy was declared as a fundamental right in the case of Justice K.S. Puttaswamy (Retd) & Ors v. The UOI & Ors.(2017 10 SCC 1), popularly called the Aadhar Case under Article 21 of the Indian Constitution, including the enactment of the Digital Data Protection Act, 2023, but still India lacks the recognition of privacy rights after death. Posthumous privacy refers to the protection of a person’s personal information, reputation, and legacy even after their death. It encompasses the idea that while a person’s physical existence may end, their digital footprint remains alive and should be protected from unwanted exploitation and intrusion. The public disclosure of causes of death, health records, and personal information often causes the exploitation of the deceased and its family members. For example, the leaks of medical and personal records of actor Late Sushant Singh Rajput after his death sparked a nationwide debate on ethics and privacy and I – generated explicit content misusing the likeliness of deceased celebrities like Sridevi. In the absence of clear legal norms, such incidents continue unchecked, revealing a gaping constitutional void.
Research methodology
This paper has adopted both doctrinal as well as qualitative method of research methodology, along with the systematic usage of primary and secondary sources. Primary sources include the Indian constitutional Provision, judicial pronouncement, and statutes such as DPDP Act, 2023. Secondary sources include legal commentaries, scholarly articles and comparative legal literature with other countries. The analyses also focuses on the examination of constitutional provision with special reference to Article 21, analysis of the Digital Data Protection Act, 2023, review of Indian case law related to privacy, dignity and posthumous rights and the comparative study of international data protection laws of United Kingdom, Germany, India, USA to advocate for statutory reform.
Review of literature
Several legal scholars have discussed and explored the right to privacy, but the posthumous right has always remain unexplored. The former Chief Justice D.Y. Chandrachud gave the K.S. Puttaswamy judgement, emphasizing the dignity as a lifelong right, but did not address the posthumous right extending after death. Legal scholars in India has primarily focused on surveillance, informational privacy, and bodily autonomy. This paper fills a gap in the status of posthumous rights to privacy in Indian constitutional law of India. Internationally, the debate on digital legacy and posthumous rights has more nuanced, especially in EU and Germany.
Methods
5.1. Constitutional foundation of privacy in India
The right to privacy is free from all kinds of intrusion into personal life. With the dramatic increase in the use of social media, there has been a huge increase in personal data collection. Scholars have begun to debate what must be done to secure the data we hold and ensure that no one interferes with a person’s privacy rights. Earlier, the Indian Constitution did not guarantee the right to privacy. Even in the cases of MP Sharma v. Satish Chandra (1954) and Kharak Singh v. State of UP (1962), the Supreme Court held that there is no such concept of a right to privacy in the Indian Constitution and rejected privacy as a constitutional right. But in 2017, in the case of Justice K.S. Puttaswamy v. UOI, 2017 also called popularly as the Aadhar case took a transformative turn, the bench of nine judges gave a unanimous decision that the Indian citizens do have a right to privacy while they are live implicit in article 21. Article 21 of the Indian Constitution, which guarantees the right to life and personal liberty, the Supreme Court interpreted to include the right to privacy in Article 21 as a fundamental right after the Puttaswamy Judgement in 2017. The Supreme Court recognized multiple facets of privacy, including bodily integrity, decisional autonomy, and informational privacy. Importantly, the judgment observed that privacy is essential to dignity, and dignity underpins the constitutional promise of a meaningful life.
India has accepted the Universal Declaration of Human Rights 1948, which includes provisions where the privacy of an individual can be protected, and also desires that member states protect these laws, which ultimately deal with the right to privacy of individuals and protect their privacy. Article 12 of UN Declaration of Human Rights states that no one shall be subjected to arbitrary interference with his privacy, family, home or correspondence, nor to attack upon his honour and reputation. Everyone has right to the protection of the law against such interference or attacks.
5.2. Legal silence on posthumous right to privacy
Posthumous privacy is defined as protecting the reputation, secrets, morals, dignity and digital assets of a person after his death. The privacy of a dead person is as important as that of the alive. What happens to a person’s private data and public image has become an essential concern today. Digital assets have produced the greatest amount of personal information the world has ever seen, and we are struggling to determine whether and to what extent they should protect the privacy of these accounts both in life and after death. However, courts have refused to extend privacy rights beyond death and state that personal rights die with the person (actio personalis moritur cum persona). In 2017 the Apex court in Puttaswamy judgement stated that right to privacy of an individual remains with being till he breathes last said by Justice Abhay Manohar Sapre. It is born with the human being and extinguishes with the human being”. This raises critical constitutional questions. Similarly, constitutional privacy rights do not persist after death. Also the Hon’ble High Court of Delhi in Ruba Ahmed & Ors v. Hansal Mehta (2022) held that the right to privacy is essentially a right in personam and therefore it is not inheritable by mothers or legal heirs of the deceased. Further, in Krishna Kishore Singh v. Sarla Sarofi & Ors (2021), the Hon’ble High Court of Delhi held that the right to privacy, right to publicity, and personality rights are not heritable and the same dies with the death of the Bollywood actor, Sushant Singh Rajput. The social media or internet companies assert the privacy of the users by prohibiting the inheritance, but currently, there is no legal provision to protect privacy after death. Yet with the advancement of digital assets and the immense amount of information stored in them, we should reconsider posthumous privacy interests in a legal world. India is witnessing a large increase in digital data generation, celebrity and culture and media trials. The absence of a legal mechanism to protect the privacy of a dead person has resulted in leaked autopsy photos, deep fake photos and videos, public disclosure of medical records, etc, which can harm the dignity of the individual as well as their family. There are fragmented provisions in Indian law which address the dignity of the dead, like Section 356 of Bhartiya Nyaya Sanhita, which is replaced by Section 499 of Indian Penal Code, states that the defamation of a deceased person is punishable if it affects their reputation among the living and section 20 of the Registration of the Birth and Death Act, 1969 provides issuance of the death certificate but there is no safeguard against the misuse of posthumous data till now and Information Technology Act, 2000 contains provisions for data protection but is not extended to deceased person. Thus, the legal framework is fragmented and ineffective in protecting the dignity and data of the deceased in the digital age.
5.3. Comparative analysis
1. United States: There is no constitutional posthumous privacy right in the US Constitution. However, a combination of sector – specific federal statues and state level laws provides some protection for the data of a deceased Health Insurance Portability and Accountability Act (HIPAA)protects the medical records of the deceased for 50 years post death. Public figures enjoy limited posthumous rights via tort law in some jurisdictions (e.g. California, Indiana and New York) and can be enforceable by legal heirs often lasting for up to 70 – 100 years after death. Revised Uniform Fiduciary Access to Digital Assets Act adopted by many US states grant Fiduciaries the authorities to manage digital assets like emails, social media, and cloud storage after the death of the user.
2. United Kingdom: UK law does not expressly recognise a right to posthumous privacy to protect person’s name, image and likeliness from unauthorised use in constitutional or statutory sense. However, intellectual property rights and tort law provide limited protection for publicity rights, such as passing off or copyright infringement in personal works like photos, writing, recordings). With respect to posthumous publicity rights, the estate of the deceased personalities does not have the right to sue for the alleged damage to the reputation of the deceased. However, anyone using the deceased person’s copyright or well-known mark such as a photograph or footage must first obtain prior permission from the deceased estate for commercial exploitation. Platforms like Facebook and Google have developed “memorialization policies” allowing family members to request account deletion or memorialization. English law does not allow defamation claims to be brought on behalf of deceased individuals.
3. Germany: Germany has recognised the posthumous personal privacy rights under constitutional principles anchored in constitutional values. The federal Constitution recognizes posthumous personality protection has upheld the dignity and personality right of the deceased enforceable by legal heirs and successors. The German Basic Law gaurntees under Article 1, which extends beyond the death. Article 1(1) enshrines human dignity as an inviolable.
4. India: The law for posthumous privacy is silent in India. It stands behind many developing nations. The Right to Information Act, 2000, DPDP Act, 2023 do not extend beyond the right to privacy after death. No central authority exists to manage digital assets or enforce ethical norms in media representation of the deceased.
SUGGESTIONS
The privacy rights are essential for both a living and a dead person. As it can suffer the moral and ethical values of the family of the deceased. In the context of India, several incidents have taken place in the past, due to which it became necessary to bring out legal provisions for the right to privacy of a deceased. The leaked autopsy and personal images shared on platform of social media of Sushant Singh Rajput’s death. Deceased actresses like Sridevi are targeted by AI-generated pornographic content, etc.
The common law had failed to address the protection and privacy after death. The fate of social media, social networking, emails, etc, carries a vast amount of personal information of a person, which if it goes viral, can result problem for the family of the deceased. Thus, it becomes very essential to bring proper legislative provisions to protect the digital assets and private information of a deceased. There are three ways the digital accounts can be treated after death. Firstly, these accounts should be deleted at the account holder’s death to protect the individual’s privacy and morals. Secondly, the family of the deceased could claim ownership of the account under the succession law. Thirdly, in terms of a private contract. Along with the amendment of Article 21 and the digital personal data protection should be updated to include provisions for handling the data of the deceased. Furthermore, it is essential to amend DPDP Act to include rules for data management after death, to consent framework allowing users to designate data heirs. The Information Technology Rules should also be amended to mandate data controllers to delete or archive data after death. Media houses and digital platforms should adopt ethical guidelines to prevent the exploitation of deceased individuals. Self-regulation through media watchdogs should be strengthened to penalize the publication of private information of deceased persons without family consent. Personality rights, reputation and legacy can be brought within the purview of fundamental right through PILs or constitutional litigation. Platforms like Google, Facebook, Instagram should enable digital legacy tools and memorialization policies that comply with Indian law.
CONCLUSION
The right of privacy is not merely a legal entitlement but also a moral and ethical imperative grounded in human dignity. The right to privacy, being the most important right, should not end at death. India has witnessed an increase in the age of technology and AI advancement, due to which a lot of personal information is stored on different social media platforms and websites. Therefore, it becomes essential to have a legislative as well as constitutional provision for the right to privacy in India. Although India had adopted different provisions regarding the right to privacy of a person while they are live but it still lacks a posthumous right under Article 21 or statutory law. A combination of judicial innovation and legislative foresight is required to bridge this constitutional gap. It is important to have a definite legal rights for the deceased person so that their personal and private information would not violate. Ignoring the posthumous privacy right can create opportunities for violation, exploitation, misinformation and digital and moral harm to family of the deceased. Therefore, it becomes important to recognize the posthumous right as a fundamental human right enforceable through legislative reform and constitutional interpretation. It is imperative for Indian lawmakers to rethink about the rigid application of the legal latin maxim actio personalis moritur cum persona. In today’s data-driven world, privacy is not just about protecting secrets during one’s lifetime—it is about safeguarding the digital soul of the individual, preserving their posthumous dignity, and preventing commercial or malicious misuse.
________________________________
[1] Justice K.S. Puttaswamy (Retd.) v. Union of India, (2017) 10 SCC 1 (India)
[2] M.P. Sharma v. Satish Chandra, (1954) 1 SCR 1077 (India)
[3] Kharak Singh v. State of Uttar Pradesh, (1964) 1 SCR 332 (India)
[4] Digital Personal Data Protection Act, No. 22 of 2023, Act of Parliament 2023 (India)
[5] Indian Penal Code, 1860, § 499, No. 45, Act of Parliament 1860 (India)
[6] India Const. art. 21
[7] Registration of Births and Deaths Act, 1969 § 20, No. 18, Act of Parliament 1969 (India)