The functions of the state and the right to privacy have to be balanced. National security is essential for the state, and the privacy of the citizens in matters of national security should not be inference in performing its functions. However, the question that arises is to what extent can this infringement of privacy be invalidated in the interest of national security.
The development of technology was given a spark in the late 20th century, which led the way to the technological boom and introduction of artificial intelligence. Ever since then, technology has always been one step ahead of the laws that govern the extent to which personal information and data can be collected. Due to this, cyber-crimes have been rapidly growing, and involvement and the misuse of this digital technology have always been part and parcel of these crimes. The state, on the other side, claims to be dealing with the problem by invading the privacy of individuals to ensure the security of the state. The motive behind this is to ensure national security and the protection of the public at large. The parody between the right to privacy and the right to security has been debated and interpreted, and many judgments regarding privacy and the constitutional powers given to the state to ensure national and individual security have collapsed into one another. Therefore, this paper will look into the extent to which the state can invade an individual’s privacy and where the borderline can go up.
Security of the state and its citizens is obviously very important, but the collateral damage that it comes with raises the question as to whether these measures are used is necessary to ensure this security since misuse of power to feed the needs of the economy cannot be one of them. With the advancement of technology, electronic data has become widely accepted even in the judiciary, but the collection of these electronic devices, which have personal data, is vastly misused due to the lack of proper legal framework and enforcement. This lack of clarity between the state and its citizen on what data exactly is being taken or watched over and what it’s been used for. This leads to the next question as to whether this collection of data is actually helping in fighting crime and ensuring the security of the state. Or whether the overuse of data privacy and data protection is hindering the state’s ability to protect its citizens.
What is national security?
The national security of the state has no clear definition as to what amounts to security, but we know that it means the protection of the government, its people, economy, and institutions from an internal or external threat either from an organization or person within the territory of India or from outside. This security is essential since, without it, the citizens of the country and the government as a whole would be at risk. For example, any attack on the public or the government through the ways of bombing, mass firing, or hacking into the government data for terrorist activities. All of which can cause great damage if not prevented.
The supreme court has recognized that the internet is a source of both personal and public information. It is structured in a way where it can easily be exploited by terrorists to cause destruction to society. While it is understood that the right to privacy is a fundamental right under articles 19 and 21 of the constitution, the courts have emphasized that the right is not absolute and it is to be balanced with the needs of the state. The extent to which the right to privacy has to be given up is to be calculated on the bases of necessity and proportionality.
How does the state ensure the security of the state by collecting data?
Through the advancement of artificial intelligence collection of data has never been easier, data is said to be the new oil, and therefore the state, as well as 3rd party organizations, strive to seek this data for their own benefit. The new data privacy bill understands the value of this and refers to data as a person’s personal property. And therefore, it has strict laws governing the acquisition of this data. For the state, however, it is necessary as the sovereignty and integrity of the state are at stake. The state does this in the following ways such as the collection of data, storing it, and then structuring it for alteration and combination for gaining inside information to prevent catastrophic incidents that may happen. Further, the state can also restrict and delete information for the same when it concerns national security. This means the state has access and an advantage when it comes to foreseeing crimes. The inside information that is granted to the state works as an advantage in their favor, and this will lead to gaining vital information that could possibly prevent the entire crime from happening.
Laws that govern the state in acquiring personal information
When it comes to the laws that govern the state from acquiring data, the new data protection bill ensures that the state can only look into personal information with proper reasoning and procedure. Once this bill comes into force, it will replace section 43A of the information technology act 2000. Basically, the new bill gives rights to the individual or the principal for the data that is being processed and additional duties such as providing reasons for which the data is being processed, and enterprises will have further fiduciary duties that will have to be followed. this will bring about transparency between the state, enterprises and the individual. This will ensure the prevention of possible exploitation by the state.
In the case of KS Puttaswamy, the justices reaffirmed the fundamental right to privacy. Although the judgment justice DY Chandrachud stated that “creation of such a regime requires a careful and sensitive balance between individual interests and legitimate concerns of the state.” 
Going back to the data protection bill 2021, the bill is silent when it comes to providing provisions for surveillance reforms. In 2018 Justice BS Srikrishna’s committee had constituted the first draft of the data protection bill, and back then, it had stated that there was no law in India that authorized non-consensual access to personal data and had further criticized that as to what was the purpose behind the data protection bill if it had not regulated the mass surveillance organizations such as the Crime and Criminal Tracking Network and Systems (CCTNS), the Central Monitoring System (CMS) or the National Intelligence Grid (NatGrid).
Further, there is the exemption the central government gives to departments to not necessarily follow the provisions of the data protection bill. Clause 35 of the bill provides for the exemptions for the bill where in the 2018 bill it had conservatively exercised it by using the words legality, necessity, and proportionality, after which in 2019 it was changed to “necessity” and “expediency”  which had further put the privacy of the individual at great risk. And in the 2021 draft, instead of rectifying the issue, it completely exempted these government surveillance departments from any liability.
National security and data privacy are two integral parts of the constitution. One is protected under article 21 and the other under article 51. Although both of them condescend to each other at face value, each of them has to be balanced by the laws that govern them to the implementation of these laws by the executive. From the above research, the author has concluded that with regard to the laws that govern the state from data collections, there is more immunity given to the state, and due checks and balances in cases of exploitation are not implemented. Further, the author has also concluded that the security of the state is essential to the protection of its people, and there should be no interference when it comes to doing their job. Although, unlike the laws in India, where there is complete exemption from any liability, the author suggests the laws that are currently being followed by the UK. Where although there is no interference, it provides for due process and authorization from the minister of the crown.
By Bevin Pereira
 Justice K. S. Puttaswamy and Anr. vs. Union Of India And Ors, (2017) 10 SCC 1.
 ‘National security, at the cost of citizens’ privacy,’ Apar Gupta, Vrinda Bhandari, 2021.
 Clause 35, Data Protection Bill 2018.
 Clause 35, Data Protection Bill 2019.