WATCHING THE WATCHERS IN THE ALGORITHMIC AGE: Digital Surveillance, AI-Driven Monitoring, and the Crisis of Constitutional Safeguards in Contemporary India

Authors

  • Priti Priyadarshi

Keywords:

security, surveillance, metadata, authentications, privacy, jurisprudence

Abstract

At present, Indian state is trapped in a highly precarious task of balance. They are forced to secure national security against a tide of rising cyber-attacks, international terrorism and AI based crime on the one hand However, on the flip side, they are meant to safeguard citizen’s constitutional rights from the very surveillance tools being deployed to keep them secure.

So many things have changed since the Puttaswamy judgment way back in 2017.

Facial Recognition system today is performing millions of authentications. Legal practitioners already label the metadata retention mandates quietly introduced by the new DPDP Rules of 2025 as a guide for building an elaborate surveillance architecture. And last November, when numerous hard regulatory issues came up for tackling in its AI Governance Guidelines, the government simply postponed coming to a conclusion.

The current surveillance infrastructure that exists in this County is an extension of an 1885 colonial telephone regulation combined with a digital commerce law created in 2000. These data privacy laws were not even designed for the types of predictive policing algorithms or the bulk traffic metadata that the Digital Personal Data Protection Rules (DPDP) 2025 will require. Our latest attempt at creating a privacy law, the Digital Personal Data Protection Act of 2023, has created a large exception to the government’s compliance with its own privacy laws through Section 17 (2) (a), which allows for the government to exempt itself from complying with the Act simply by asserting ‘national security. There are no independent authorising bodies that oversee the government’s application of these laws, no enforcement mechanisms require that the government obtain a judicial warrant prior to the use of digital wiretaps, and so on.

This paper will take a very in-depth look at all of the intersections of national security and constitutional obligations. I will discuss how privacy jurisprudence has developed, where there are currently holes in adjudicated law, and how we can learn from models of practice developed in the EU, UK, and US. Also, I will highlight the dangers created by the use of AI-based monitoring as outlined in the DPDP Rules, and provide some recommendations for various legislative and institutional changes necessary to re-establish constitutional compliance for India’s surveillance framework, while preserving the security function that we as a society need.

References

Manohar Lal Sharma v. Union of India, W.P. (Crl.) No. 314 of 2021 (India) (Pegasus Case); Amnesty International, The Pegasus Project Report: Global Spyware Scandal (2021).

The Indian Telegraph Act, No. 13 of 1885, § 5(2) (India).

The Information Technology Act, No. 21 of 2000, § 69 (India).

TechPolicy.Press, India’s New Data Protection Regime Could Fuel Metadata Surveillance, Dec. 18, 2025; Digital Personal Data Protection Rules, 2025, Rule 7 (India).

Justice K.S. Puttaswamy (Retd.) v. Union of India, (2017) 10 S.C.C. 1, 6 (India) (per Chandrachud, J.) (laying down the three-part test of legality, legitimate aim, and proportionality).

M.P. Sharma v. Satish Chandra, AIR 1954 SC 300 (India).

Kharak Singh v. State of Uttar Pradesh, AIR 1963 SC 1295, 1303 (India) (Subba Rao, J., dissenting).

Gobind v. State of Madhya Pradesh, (1975) 2 SCC 148 (India).

R. Rajagopal v. State of Tamil Nadu, (1994) 6 SCC 632 (India).

People’s Union for Civil Liberties (PUCL) v. Union of India, (1997) 1 SCC 301 (India).

Justice K.S. Puttaswamy (Retd.) v. Union of India, (2017) 10 SCC 1, 4–5 (India).

Id. at 6 (per Chandrachud, J.).

Id. at 8.

Indian Telegraph Act, 1885, No. 13 of 1885, § 5(2) (India).

Indian Telegraph Rules, 1951, r. 419A (India); People's Union for Civil Liberties (PUCL) v. Union of India, (1997) 1 SCC 301 (India).

Information Technology Act, 2000, No. 21 of 2000, §§ 69, 69B (India).

Information Technology (Procedure and Safeguards for Interception, Monitoring and Decryption of Information) Rules, 2009 (India); Shobhit Garg & Yash Mittal, The Indian Surveillance Framework and the Centre’s Surveillance Order: Addressing Challenges to Individual’s Right to Privacy, 2 Madras L.J. (Civ.) 1, 5–6 (2020).

Digital Personal Data Protection Act, 2023, No. 22 of 2023, § 17(2)(a) (India).

Digital Personal Data Protection Rules, 2025, r. 7 (India); TechPolicy.Press, India’s New Data Protection Regime Could Fuel Metadata Surveillance, Dec. 18, 2025.

Unlawful Activities (Prevention) Act, 1967, No. 37 of 1967, §§ 15–17 (India); National Security Act, 1980, No. 65 of 1980, § 3 (India); Bharatiya Sakshya Adhiniyam, 2023, No. 46 of 2023, § 63 (India).

R. Aksietha, Surveillance in India and Its Privacy Challenges in the Digital Age: A Legal and Constitutional Analysis, 10 Int’l J. for Res. Trends & Innovation 651, 654 (2025).

Indian Telegraph Rules, 1951, r. 419A (India); Information Technology (Procedure and Safeguards for Interception, Monitoring and Decryption of Information) Rules, 2009 (India).

Indian Telegraph Act, 1885, No. 13 of 1885, § 5(2) (India); Information Technology Act, 2000, No. 21 of 2000, § 69 (India).

Digital Personal Data Protection Act, 2023, No. 22 of 2023, § 17(2)(a) (India); Rumi Dhar & Sonia Nath, Digital Surveillance and Civil Rights: Assessing the Impact on Privacy, 5 Chanakya L. Rev. 63, 67 (2024).

TechPolicy.Press, India’s New Data Protection Regime Could Fuel Metadata Surveillance, Dec. 18, 2025; Digital Personal Data Protection Rules, 2025, r. 7 (India).

Ministry of Electronics and Information Technology, India AI Governance Guidelines (Nov. 2025); Lukmaan IAS, The Legal Gaps in India’s Unregulated AI Surveillance, Dec. 30, 2024.

Manohar Lal Sharma v. Union of India, W.P. (Crl.) No. 314 of 2021 (India).

Charter of Fundamental Rights of the European Union art. 8, 2000/C 364/01.

Digital Rights Ireland Ltd. v. Minister for Communications, Case C-293/12, ECLI:EU:C:2014:238 (CJEU).

Tele2 Sverige AB v. Post-och telestyrelsen, Case C-203/15, ECLI:EU:C:2016:970 (CJEU).

Edward Snowden, Permanent Record (2019); Investigatory Powers Act 2016, c. 25 (U.K.).

Investigatory Powers Act 2016, c. 25, §§ 23, 229 (U.K.).

Investigatory Powers Commissioner’s Office, Annual Report (2023) (U.K.); Internet Freedom Foundation, The State of Surveillance in India: Legal Gaps and Institutional Challenges 18 (2023).

Foreign Intelligence Surveillance Act of 1978, Pub. L. No. 95-511, 92 Stat. 1783 (codified as amended in scattered sections of 50 U.S.C.).

USA FREEDOM Act of 2015, Pub. L. No. 114-23, 129 Stat. 268.

U.S. Dep't of Justice, FISA Court Annual Report (2022).

Regulation (EU) 2016/679, of the European Parliament and the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation), 2016 O.J. (L 119) 1, art. 23 (requiring that restrictions on data subjects' rights for national security purposes respect the essence of the fundamental rights and freedoms and be a necessary and proportionate measure in a democratic society).

Artificial Intelligence (Ethics and Accountability) Bill, 2025, Bill No. X of 2025 (India) (Private Member’s Bill introduced in the Lok Sabha in Dec. 2025); Prashant Mali, AI Laws and Regulations in India as of 2026, Cyber Law Blog (Feb. 2026).

Published

2026-07-03

How to Cite

Priyadarshi , P. . (2026). WATCHING THE WATCHERS IN THE ALGORITHMIC AGE: Digital Surveillance, AI-Driven Monitoring, and the Crisis of Constitutional Safeguards in Contemporary India. Journal of Constitutional Law and Jurisprudence, 9(2). Retrieved from https://lawjournals.celnet.in/index.php/Jolj/article/view/2134