Abstract
In India, smart devices like fitness bands, smart speakers (like Amazon Alexa), and smartphones are now widely used in homes and offices. These gadgets are made to hear, gather, and save user information. A smart speaker, for instance, may record conversations even when not in use, which raises questions about ongoing, covert surveillance. This situation raises significant ethical and legal issues in a nation where Article 21 of the Constitution guarantees the right to privacy as a fundamental right. This study looks at how smart devices gather data and how much it might violate people’s right to privacy. It also makes recommendations for how to strengthen data security and raise user awareness. In recent years, smart devices like mobile phones, smart TVs, and voice assistants have become part of daily life. This research paper explores how these devices work, the legal rules in India about privacy, and what can be done to protect people.
Keywords
Smart Devices, Right to Privacy, Surveillance, Data Protection, Internet of Things (IoT)
Introduction
Smart devices are now widely used in offices and homes. They promote access to the internet, home appliance control, interaction, and data storage. CCTV cameras, smart speakers, fitness bands, and smartphones are a few examples. Regardless of being useful, these devices often accumulate information about contacts, voice, location, and habits. Users often are unaware of how much data is being gathered. Silent surveillance is the term used to describe this type of covert data collection. It has been noticed that the most recent advances in technology, referred to as the internet of things (IoT), including fitness trackers, smart speakers, and video doorbells, are “listening” to our conversations or “recording” our actions without our authorisation or knowledge.
The network of things that have been equipped with sensors, software, and other technologies to communicate and exchange data with other systems and devices via the internet is known as the Internet of Things (IoT). IoT essentially makes it possible for everyday objects to be linked to the internet and to one another, enabling data collection and sharing that results in greater automation, efficiency, and new features. It raises a significant query: Do these gadgets infringe upon our right to privacy? This paper aims to answer this question by looking at how smart devices work, what the law says in India, and what changes are needed to protect privacy.
With smart gadgets like smartphones, smart TVs, digital assistants (like Alexa and Google Assistant), fitness trackers, and even smart refrigerators becoming commonplace in homes, the digital age has brought about a surge of innovation. These gadgets provide unmatched convenience and functionality thanks to their sensors, microphones, cameras, and internet connectivity. Their capabilities, however, also allow for ongoing and frequently secret monitoring of users’ private lives, which results in privacy violations.
In the 2017 case of Justice K.S. Puttaswamy (Retd.) v. Union of India, the Supreme Court of India acknowledged the right to privacy as a fundamental right. Even though this historic decision changed how the constitution is interpreted, privacy enforcement in practice is still unclear and uncertain, particularly in the digital economy. With the recent enactment of the Digital Personal Data Protection Act, 2023, the Indian data protection framework is still developing and has not yet been put to the test against intrusive technologies. The purpose of this paper is to assess whether smart devices in India violate the constitutional right to privacy and serve as instruments of covert surveillance. It looks into the legitimacy, extent, and ramifications of these kinds of activities and makes legal recommendations to protect citizens from the swift advancement of technology.
Research Methodology
This research is based on doctrinal (secondary) research, using information from legal blogs, reports, legal articles, and government publications. It also includes analysis of Indian laws like the Constitution of India, Information Technology Act, 2000, and judgments related to the right to privacy.
Review of Literature
1. Justice K.S. Puttaswamy (Retd.) v. Union of India, (2017) 10 SCC 1 – This case is the cornerstone of India’s privacy jurisprudence. The nine-judge bench unanimously declared privacy a fundamental right under Article 21 of the Constitution.
2. Digital Personal Data Protection Act, 2023 – India’s first comprehensive data protection law that aims to regulate the processing of personal data by both government and private entities.
3. Srikrishna Committee Report, 2018 – Provided critical groundwork for India’s data protection framework, emphasizing principles like informed consent, data minimization, and purpose limitation.
4. Pew Research Centre & Mozilla Reports – These studies indicate that users often remain unaware of the extent of data collection by smart devices.
While the literature provides a strong foundation, gaps remain in exploring how Indian smart devices interact with existing privacy protections and whether regulatory bodies are equipped to handle privacy violations arising from technological advancements.
Right to Privacy in India
Article 21 of the Constitution, which protects the right to life and personal liberty, is the primary source of India’s recognition of the right to privacy as a fundamental right. In the 2017 case of Justice K.S. Puttaswamy (Retd.) v. Union of India, the Supreme Court of India declared that Article 21 of the Constitution guarantees the right to privacy. Personal liberty and life are protected in this article. The Court said that privacy includes:
- Body privacy (like protection from forced medical tests),
- Home privacy (freedom inside one’s home),
- Information privacy (control over personal data).
Test of proportionality:
The 2017 Puttaswamy judgment laid down the test of proportionality. The test lays down the following criteria-
- The law must sanction such an act of interference, and there should be a due legal procedure for such interference. The law and the legal procedure must be just, fair, and reasonable, and they must be free from arbitrariness.
- The law should be backed by a legitimate and reasonable state interest to avoid unnecessary state interference.
- The method and nature of interest must be proportionate to the objects, needs, and purposes sought to be fulfilled by the law.
What Are Smart Devices and What Do They Do?
Smart devices are gadgets that use the internet and software to do their work. They collect and store user data. Some common devices include:
Smartphones: Track location, call records, photos, and app usage.
Smart TVs: Record what users watch.
Fitness Bands: Collect health data like heart rate and steps.
Smart Speakers (like Alexa or Google Home): Listen for commands and record audio.
CCTV Cameras: Watch and record people’s movements.
Most of these devices are always “on” and connected to the internet. They silently collect personal data, even when not actively in use. This leads to the concept of silent surveillance.
Are Smart Devices Silent Spies?
With the use of voice commands, facial recognition, GPS tracking, and behavioural predictions, smart devices are made to communicate with their users continuously. Because of complicated privacy policies or default permissions, users frequently agree to data collection without fully understanding the implications.
For instance:
Smart speakers (like Alexa or Google Home) are always listening for wake words, meaning they passively collect ambient sound.
Smart TVs track user viewing habits to deliver targeted ads.
Wearables monitor health data, including heart rate, sleep cycles, and physical location.
A 2021 report by Mozilla found that many IoT devices in India lacked end-to-end encryption, had vague data usage disclosures, and failed to offer opt-out mechanisms
The idea of privacy has changed as a result of the rapid advancement of information technology. Digital records, such as social media tracks, internet usage logs, and biometric information, now comprise personal data in addition to physical documents. The extent of privacy rights has been reconsidered by lawmakers and courts alike as an outcome of this evolution.
Example:
Ms McGowan from Avast took a close look at the Ring video doorbell from Amazon. “Ring is, first and foremost, a surveillance tool. It’s marketed as helping you survey your surroundings, but don’t forget that it’s keeping track of you and your family as well. Ring – and Amazon, its parent company – knows your name, email, postal address, and phone number. It also knows the geolocation of your phone, information about your Wi-Fi network and signal strength, and your product’s model, serial number, and software version. If you use Facebook or another third-party login, it can also “obtain information” from that third party.”
Legislative Developments
Significant legislative efforts have been made in India in response to growing concerns about data misuse:
- Information Technology Act, 2000: This Act, which initially sought to tackle cybercrime and electronic commerce, contains clauses (such as Section 69A) that give the government the authority to intercept digital communications. However, some sections, such as Section 66A, have faced judicial scrutiny and have been struck down.
- Digital Personal Data Protection Act, 2023: This Act, which was just passed, attempts to offer a thorough framework for safeguarding people’s digital personal information. Important characteristics include:
o Consent Requirement: Processing personal data is only permitted with the individual’s express consent.
o Data Fiduciaries: Organisations that decide how and why to process data are subject to stringent regulations.
o Data Protection Board: To oversee adherence and handle complaints, a statutory body has been set up.
Challenges
- Lack of Awareness Among Users
Many Indian users are unaware of the extent to which their smart devices gather data and the ways in which that data is used. Because of this lack of digital literacy, businesses can take advantage of personal information without raising any red flags. - Weak Consent Procedures
Without reading the terms and conditions, the majority of users accept them. Giving informed consent is challenging because these documents are frequently lengthy, intricate, and written in legalese. - Inadequate Legal Framework
Despite being a constitutional right, India’s current data protection laws (such as the Digital Personal Data Protection Act, 2023) are still in the early stages of development and do not have robust enforcement measures or severe sanctions for misuse. - Cross-Border Data Transfers
There is a risk of foreign surveillance and data misuse because many smart devices send data to servers outside of India, where Indian privacy laws might not apply. - Constant Monitoring Without Explicit Triggers
Passive but persistent surveillance may result from gadgets like smart speakers or cameras that are “always listening” or “always watching” without providing any obvious alert.
Suggestions
- Devices must have Privacy Labels
Smart devices ought to have a “privacy label” that explains the types of data that are gathered, how they are stored, and whether they are shared. This would make privacy policies clear to regular customers. - Streamlined Consent Procedures
Businesses should explain data usage to users with visual icons and “plain language” summaries. In order to accommodate Indian non-native English speakers, multilingual options could also be implemented. - On-Device Data Storage Options
In order to lower privacy risks, manufacturers should be encouraged to create technology that processes and stores data locally on the device rather than sending it to the cloud. - Public Awareness Campaigns
Government and tech companies should launch large-scale awareness drives, especially in regional languages, to educate people about digital rights, privacy, and safe use of smart devices. - Smart Device Certification Program
Introduce a Privacy Compliance Certification for smart devices in India, approved by a regulatory body, to ensure they meet minimum privacy standards before being sold. - Strengthening Data Protection Law Enforcement
Establish a robust, independent Data Protection Authority that can actively monitor, audit, and punish manufacturers and tech companies that misuse personal data.
Conclusion
Although smart devices are very efficient and comfortable, there are unstated costs associated with them, such as privacy risks. Unchecked data collection by these devices can result in silent surveillance, which is a violation of an individual’s fundamental right to privacy in a digital age where information is power. India can strike a balance between innovation and individual privacy through more robust legislation, easy-to-use consent procedures, raised awareness, and ethical technology design. People should be more conscious, laws should be more robust, and businesses should behave responsibly. A fundamental component of human freedom and dignity, privacy is not merely a legal concern.
References-
1. Justice K.S. Puttaswamy (Retd.) v. Union of India, (2017) 10 SCC 1
2. Indian Constitution, art. 21
3. Digital Personal Data Protection Act, No. 22 of 2023, § 6 (India).
4. Shivani Kumari, Right to Privacy, iPleaders (July 15, 2025, 6:55 PM), https://blog.ipleaders.in/different-aspects-of-right-to-privacy-under-article-21/
5. Aishwarya Agrawal, Right to Privacy in India, LawBhoomi (July 15, 2025, 7:43 PM), https://lawbhoomi.com/right-to-privacy/
6. Yogesh Sapkale, Fraud Alert: Beware of Privacy Breach, Security Risks of ‘Smart’ Gadgets, Moneylife Advisory (Jan. 06, 2023), https://mas360.moneylife.in/cyber-awareness/fraud-alert-beware-of-privacy-breach-security-risks-of-smart-gadgets/4394.html
Tanvi Aote
Government Law College