As law students, we are taught various concepts of personal dignity, liberty, privacy and various other rights and duties in order to safeguard our individuality. However, in the world of digitalization and surveillance on every social media update, the liberties of citizens seem to be only limited to books, lacking practical implementation. This tension raises some central questions for a student of law: whether the increasing digital surveillance capitalism outlook seeks to protect civil liberties?, and Is there a need to strengthen our legal frameworks for data protection in the age of mass digital monitoring? 

Basics of Surveillance

The term surveillance refers to systematically scrutinizing someone’s actions, including financial, social  and personal. 

Bifurcation of Surveillance

Surveillance can broadly be classified into two types: state surveillance and corporate surveillance. 

  • State surveillance is all about the right of the state to interrupt, monitor, and decrypt any information for the protection of sovereignty and national integrity; whereas, 
  • Corporate surveillance revolves around the practice of businesses monitoring and extracting information from users, clients, or staff. It may consist of online browsing history, email correspondence, phone calls, location data, and other private details. 

Surveillance: A Boon or Burden? 

To address whether surveillance capitalism intrigues civil liberties, we need to first understand the term “surveillance capitalism.” The term was popularized by Shoshana Zuboff in her pioneering book, The Age of Surveillance Capitalism (2019). In the words of Shoshana Zuboff, “surveillance capitalism” means that human experience is considered mere material which could be used to convert behavioral data which, when fed to machine intelligence, can anticipate human action at present,  as well as at the later stage. In simple words, it creates a digital market, which can predict human behavior based on the current taste and preference which can be traded in the data-driven market for further use, without any hesitation to secure privacy. 

To clarify the idea of Surveillance Capitalism, consider how smart home devices like Alexa allow you to manage your environment through voice commands. While that sounds thrilling, the harsh truth is that these devices exchange your personal data and generate substantial profits.1

Tools of Manipulation

Budding innovations add to the increase of surveillance capitalism; these innovations include developing artificial intelligence (AI) and the core weapon of predictive analytics–commonly known as predictive policies. AI makes the work of supplying the data easily through tracking user interaction and targeting personalization preferences. Going hand in hand, predictive policies are the methods via which behavioral forecasting is done, working as a fuel to reinforce the system of surveillance capitalism. Supplementing this, cookies and tracking technologies help to extract detailed data and sell advertisements, which becomes a classic example of surveillance capitalism. Reliability becomes opaque when data brokers share personal data stored in cloud services, which can further risk as to when predictive policies can target and influence public opinion and pose a challenge to maintain transparency. 

Cultivating E-governance

Although Zuboff defines surveillance capitalism as an exploitative system, it can be viewed as a boon in disguise for India, as it has aimed to reach a $1 trillion economy by 2030 largely driven by online transformation. Adding to this, India has taken a historic step of commencing digital transactions by introducing UPI (Unified Payments Interface) by NPCI (National Payments Corporation of India) in 2016, which paved the path for instant financial services. For getting personalized health attention, apps such as Aarogya Setu were proven to guide during the health crisis of COVID-19, which sets an example of aiding in crisis management. Besides, the data analytics sector has noticed an increase in employment by nearly 36%, adding around 170 million jobs during 2022-23; hence, surveillance capitalism is creating opportunities for data scientists. Consequently, it is establishing a vibrant environment that promotes secure and progressive digital literacy in India.  

Civil Liberties

To first understand the substance of civil liberties, they constitute natural rights or freedoms that the government cannot pledge. The Fundamental Rights – embodied in Part III of the Constitution of India – guarantee liberties. The most significant issue to understand is how the constitutional protections and international human rights respond to the pressure of shielding the data in the era of mass digital monitoring. 

Need for Privacy as Right

The right to privacy has been compromised in a world that is driven by reels rather than reality. As a result, privacy comes with a  cost and a price is paid in the market to modify the algorithm and develop behavioral data. Thereby, privacy has become a luxury–affordable by a few. This has led to a culture of surveillance, where every move is tracked and monetized, eroding our sense of autonomy and freedom. The role of the data-brokers as intermediaries selling data to the highest bidder, leads to lack of transparency making it difficult for us to distinguish between participant data users and victims of intrusion. Apart from creating privacy issues, technological intervention has also given rise to economic disparities. As corporations make money from every click, search, or by depicting ads that push you to buy certain things, your autonomy and security of data is eroded, while the gig companies build profit. 

Recognition of Privacy as a Right

Civil liberties added the right to privacy after The Pegasus scandal, which exposed unauthorized tracking of prominent individuals’ data, and further intensified the scrutiny of India’s surveillance practices. 

The foundation of data preservation in India was the landmark decision of Justice K.S. Puttaswamy v. Union of India (2017)2. The petitioner challenged the policy of Unique Identification Authority of India (UIDAI), popularly known as the Aadhaar Scheme of Government of India. The scheme was constituted to create a unique identity for individuals by collecting their biometric data, consisting of their iris and fingerprint. The need of collection of data was to provide the direct delivery of welfare schemes to the people of India. However, this scheme was opposed on the grounds that collection of biometric data by government so that an individual can avail benefit of the welfare schemes is a violation of privacy and is against the democratic values which may lead to unnecessary surveillance of state in the lives of individuals. 

To resolve this issue, the bench of nine judges came forward and overruled the previous judgments of M.P. Sharma & Ors. vs. Satish Chandra, District Magistrate, Delhi & Ors.(1954)3

which failed to recognize the right to privacy as a fundamental right under Article 21. Thereby, the bench unanimously declared the right to privacy as a natural right which is inalienable and not a boon granted by the state; rather a tool to control the vital aspects of safeguarding autonomy. Hence, the right to privacy was recognised as a fundamental right of citizens under Article 21 of the Indian Constitution.4

Data as Earning Model

However, with the tremendous increase in technological advancements and growing digital economies of the world, there was an urge to enact a law that would both guard the privacy of individuals as well as monitor the surveillance of tech company models. 

In the context of the convergence between surveillance capitalism and civil liberties, the most pivotal question is the response of the law or legal framework towards this emerging issue. It is the mechanism through which the law guarantees to ensure the safety of the individual rights. Different countries’ legislations try to preserve these rights: the system of the European Union upholds the data encryption of the users through The General Data Protection (GDPR), the USA works by various sectorial approaches and deals with problems accordingly, while India guards data through the newly enacted Digital Personal Data Protection (DPDP) Law. 

Enacting and Revising DPDP, 2023, and Modifying Rules, 2025

To enhance and to strengthen the right to privacy, the Indian legislation enacted the Digital Personal Data Protection Act (commonly known as DPDP) in 20235. Later, on 14th November 2025, it notified the DPDP Rules completing the formation. The Act applies to all the Indian citizens (Data Principals), all organizations, government, startups (Data Fiduciaries) and personal data processed outside India if it involves offering goods or services to Indians. The Act is built on the SARAL Principles: 

S- Simple

A- Accessible

R- Rational 

A- Actionable 

L – Legally compliant 

Its objectives include: 

  • To safeguard individual privacy, that is, to protect the data from misuse, unauthorized access, data mining, and surveillance, to guarantee privacy under Article 21 of the Indian Constitution. 
  • To ensure that data can be processed only for lawful, specific, and clear purpose; and to ensure deletion of the data after the purpose is fulfilled. 
  • To create a consent-centric Act, meaning, the consent must be informed, specific, unambiguous, and revocable; and parents must give consent for children under the age of eighteen. 
  • The key feature is to enable the security of cross-border data transfer to government approved nations. 

Pragmatic Issues

The law on paper vs the law in practice varies, as the most complicated matter is when data moves across borders. For instance, if an Indian user’s data is stored in a US server, which law would apply? The law in such matters is ambiguous. 

Moreover, corporations like Google, Meta, and Amazon, can resist litigation; while individuals lack power to challenge such violations. Eventually the question arises–“Do individuals have meaningful remedies?” as the laws rely on “informed consent”, when, in fact, we as users barely understand those privacy policies under the name of digital surveillance. Companies themselves are often evasive, using vague terms and complex contracts to avoid compliance. Thus, regulators struggle with proving the malpractices. Gradually, the enterprises gain more benefit in the name of surveillance capitalism when governments themselves engage in mass surveillance for security reasons due to which the entrepreneurs may compromise data if both the government and company can benefit. Rapid technological changes such as AI, facial recognition, and voice modulation, worsen and heat up the tech battleground. 

The Aarogya Setu app, which was launched during COVID-19 for personalization of healthcare, was questioned for threatening the privacy of citizens by collecting data even after the pandemic. The DPDP Act was enacted in 2023, and it came into force with some provisions from November 2025 that laid strict obligations for private companies and broader exemptions for the government sector. 

While digital literacy is immortal in the world of growing economies, the cost should not be paid by civilians. Accordingly, maintaining a balance between the two is crucial. Digital advancement improves efficiency and provides personalization; however, transparency cannot be violated, so data minimization–that is collecting only necessary information–should be done. There should be in-built privacy in AI models and cross-border data transmission should be done with utmost care. 

Conclusion

For a leading democracy like India, digitalization will be perpetual; growth driven by tech upgrade has become normal. However, upgradation must come with clear limits on how data is used and clarity on who is accountable. Without this, civil liberties are at risk, including data security, protection against manipulation, and basic fairness. Hence, the prima facie focus should not be on the amount of data collected but rather on protection and preservation of dignity of user data that is collected.