Right to life and technology : Facial recognition and surveillance laws – All you need to know.

INTRODUCTION 

In this fast evolving world technology has been transitioning and the most prominent transition is the introduction of methods of artificial intelligence in surveillance and facial recognition technology for proper functioning of state machinery. These tools enable authorities to monitor public behavior, patterns and actively shape the structure of how it should be controlled. Lately while scrolling through LinkedIn I came across a post that discusses the story of a man  named Salim Wastik. It described how a man who committed a  heinous offence and was living under a changed identity was eventually traced and arrested again with the recognition of fingerprints stored in the official database. In this age where the digital era has its footprint all around and the use of surveillance and data privacy laws is becoming part of everyday life. Incidents like Salim’s raise concerns that to what extent our personal data can be collected,traced,stored and used by the authorities and at the same time continuous incidents of data leaks and misuse by private companies deepen this issue.Although the arrest of Salim was a win-win situation, it sets an example for society that no one can escape the limits that authorities have set. This development may be justified for security and governance in the society but it poses a threat to privacy concerns. This is an important aspect for researching all statutory provisions and safeguards that are for the benefit of the individuals and in this article the author has explained everything about Right to life and technology : Facial recognition and surveillance laws.

HISTORICAL BACKGROUND 

The historical evidence of surveillance can be traced back to the British era when Indians were under the control of British dominion. Lord Dalhousie introduced the telegraph system in 1852 and later this system was officially recognized by legislation through the telegraph act 1885. Primarily this act was designed to intercept messages in times of public emergency or security but later its sole aim was surveillance in political context rather than citizen protection.

After independence some acts like Code of Criminal Procedure, Indian Evidence Act, Information Technology Act expanded states power to monitor the data and  communication.

Technologies rapidly moved and with this in 2010 Aadhar scheme was inaugurated. According to this scheme, a unique identification number was given to every citizen and with this India moved into a biometric data collection era. India is still working on data protection law and many law enforcement agencies are working towards facial recognition but as this part is unregulated it raises concerns about lack of accountability and misuse.

UNDERSTANDING AI SURVEILLANCE SYSTEM

AI surveillance is the algorithm based system used to collect, analyse, store data. It is an Artificial Intelligence technology that analyzes human activities in real time and in stored database.It is not like the traditional surveillance methods which relied mostly on manual observation. AI surveillance is equipped with highly predictive analysis, an automated machine that traces the data and pattern of human behaviour.

AI facial recognition is one of the most important tools for AI surveillance systems. Facial recognition technology is a system that works on identifying and verifying the individual facial features with the existing database. Like the gap between eyebrows, the placement of the jaw, the symmetry of the nose etc and thus creating a digital profile.

How does AI facial recognition work?

AI facial recognition totally works on combining the patterns, geometry and by recognizing previous facial data.

1. Capturing facial data
2. Converting faces into digital templates 
3. Matching and verification

The AI facial recognition is highly equipped and can be used by law agencies to track down the criminals or any person who has committed any kind of wrong.

The shift from traditional based system to AI based system has been recognised by various law enforcement agencies. This system has given state functionaries powers but on the other hand violated the concept of privacy. This constitutional implication needs a careful legal approach.

UNDERSTANDING RIGHT TO LIFE

Article 21 of the Indian constitution has incorporated the Right to Life as Fundamental right which states ‘No person shall be deprived of his life or personal liberty except according to procedure established by law.’

Back in 1952 the Supreme Court of India took a very restrictive approach in the case of AK Gopalan v. State Of Madras regarding Article 21 stating any procedure established but law if unfair it will still be valid.

This approach was changed in the case of Maneka Gandhi v. Union of India, where the Supreme Court established a relation between article 14,19 and 21[golden triangle] and stated that the procedure must be just, fair and reasonable.

As time evolved the judgments and the interpretations of the Constitution also evolved. Article 21 is not restricted to life and dignity only but several other fundamental rights were added to it. Some of them are-

Right to speedy trial

Right to environment

Right to livelihood 

Right to privacy

In 2017 India saw a major change in the judicial system through the case of Justice KS Puttaswamy v Union of India [Aadhar case]. In this case the Supreme Court recognised the right to privacy as an intrinsic part of right to life and liberty.This judgement plays an important part in AI surveillance and technological advancement.

Article 21 transitioned itself from a restrictive to an unfolded approach. It not only provides dignity but also provides liberty from arbitrary intrusion. In this high tech and scientific world this fundamental Right is a boon for the citizens against the surveillance and misuse of personal data.

FACIAL RECOGNITION AND RIGHT TO PRIVACY

Facial recognition technology is a system that works on identifying and verifying the individual facial features with the existing database. Facial recognition technology directly breaches the right to privacy because it involves collecting and analyzing biometric data which is highly sensitive information. In India Right to Privacy is imbibed under Article 21 in KS puttaswamy case which states that right to privacy is citizens right to control their personal database and to be free from any kind of intrusion.

According to the constitutional point of view the infringement of right to privacy under Article 21 must fall under three factors-

1. Legality- The action must be authorised by a valid legal framework.
2. Proportionality- There shall be a rational nexus between the object and the aim sought.
3. Necessity-There shall be a lawful aim behind such an act.

Facial recognition technology challenged the right to privacy in almost all spheres. Some of them are discussed below-

1. Risk of data misuse- once the biometric data is collected it is stored for years and this makes it vulnerable for leak on digital tangent.
2. Consent- people are not even aware that they are being tracked or analysed without their permission or knowledge, which directly violates the privacy laws.
3. Surveillance and tracking-there are various law enforcement agencies that are constantly tracking or monitoring the individual movement and behaviour.

Despite facial recognition technology enhances security and efficiency but due to absence of comprehensive legal framework governing such technology raises concern regarding its 

compliances.

LEGAL FRAMEWORK BEHIND  SURVEILLANCE LAWS

Data leaks are becoming very common nowadays. The very known companies like instagram whatsapp, facebook etc have alleged for selling data or either leaking it. In 2025, the news was circulated that many passwords of instagram were leaked. Sometimes I wonder how it is possible that in spite of such a privacy policy of these social sites the personal data of individuals are either sold or leaked. Nowadays phones are an essential thing for every individual. Almost everyone has their data saved on their phone. If any of this data leaked then it can be a serious compromise to security as well as privacy. This all can be managed through various legislation stated below-

• INDIAN INFORMATION TECHNOLOGY ACT,2000

Section 43A-Compensation for failure to protect data

Where a body corporate, possessing, dealing or handling any sensitive personal data or information in a computer resource which it owns, controls or operates, is negligent in implementing and maintaining reasonable security practices and procedures and thereby causes wrongful loss or wrongful gain to any person, such body corporate shall be liable to pay damages by way of compensation to the person so affected.

Explanation-This section makes corporate bodies liable for negligent collection and handling of sensitive data. If a company does not follow the rules and procedure regarding facial recognition technology then they are liable to pay compensation. 

Section 72-Penalty for Breach of confidentiality and privacy.

Save as otherwise provided in this Act or any other law for the time being in force, if any person who, in pursuance of any of the powers conferred under this Act, rules or regulations made thereunder, has secured access to any electronic record, book, register, correspondence, information, document or other material without the consent of the person concerned discloses such electronic record, book, register, correspondence, information, document or other material to any other person shall be liable to penalty which may extend to five lakh rupees

Explanation- This section talks about consent, that if any person without permission discloses any of the above mentioned things then he will be liable to the fine of five lac rupees.

• CONSUMER PROTECTION ACT 2019

The consumer protection act 2019 provides protection to any harm that is caused while using any product. These laws provide safeguard against sensitive information.

Section 47(ix) of consumer protection act falls under the umbrella of unfair trade practices. This clause protects consumer personal data from being misused. It states if service provider leaks the data or causes any kind of mental/emotional agony then the consumer will avail protection under this section.

• DIGITAL PERSONAL DATA PROTECTION ACT 2023

India is moving towards protecting personal databases through this act. It aims to regulate personal data, impose obligations and provide rights for citizens.

The Preamble of the Act states that-

An Act to provide for the processing of digital personal data in a manner that recognises both the right of individuals to protect their personal data and the need to process such personal data for lawful purposes and for matters connected therewith or incidental thereto.

The legal framework for surveillance and facial recognition technology is not in a structured way. On one hand we have constitutional mandates that put limitations on the state for exercise of their power and on other hand some statutory provisions that widen the scope for state. To make it work we need a strong framework that will be accountable.

COMPARATIVE ANALYSIS

The regulation regarding surveillance varied according-

1. EUROPEAN UNION

The European Union follows the stricter approach as compared to other countries. The working of surveillance systems falls under the General Data Protection Regulation (GDPR), it grants individuals right over their data and requires consent to use it and even imposes fines for non-compliance. 

General protection data regulation works on 7 principles-

1. Lawfulness, fairness and transparency
2. Accountability 
3. Purpose limitation 
4. Integrity and confidentiality 
5. Data minimization 
6. Storage limitation
7. Accuracy

GDPR focuses more on individuals rights with restrictive approaches towards state machinery.

UNITED STATES OF AMERICA 

The USA  has a  AI system named foreign intelligence surveillance act ( FISA). FISA was established for the authorization of electronic survey, tracking and tracing devices and for gathering foreign intelligence. Basically it is more security driven than privacy.The USA framework for surveillance is fragmented and mostly talks about foreign intelligence. It lacks privacy concerns. By creating a balance between the two i.e security and privacy it can be achieved.

CHINA

China maintains the largest and the best technologically equipped mass surveillance system. It is a monitoring system used by the China communist party to monitor citizens. China uses almost 700 million CCTV cameras to monitor its citizens. The system is so technologically advanced that the camera can detect your face no matter if your face is covered or not.

Systems like ‘Skynet or Police Cloud’ are used for facial recognition and voice recognition.

China government focuses more on state interest rather than individuals privacy

CHALLENGES 

Every technology has its challenges and AI Surveillance and facial recognition is no different. Being aware of these challenges helps law enforcement agencies to make a structured framework.

1. No specific legislation- India lacks a specific framework for the execution of surveillance laws and face recognition technology. The legislation like Information Technology Act 2000 or Consumer Protection Act 2019 have allied and broad rules which do not fill in the regulatory gaps.
2. Privacy concern- Every surveillance is biometric, state authorities can use any biometric database which is highly sensitive and once it is compromised it cannot be reversed. 
3. Lack of Transparency – Surveillance systems like facial recognition technology are often used without the consent or knowledge of the individual. They are not aware that they have been tracked, analyzed and the data is collected.
4. Misuse of data- Surveillance system is potential for Misuse. The data collected can be used for targeting any individual or to fulfill political whims and fancies which directly threatens democratic mandates.
5. Lacks balanced approach- A balance between security and liberty is the biggest challenge for AI surveillance systems. National security is given priority over individual autonomy.

CONCLUSION

AI surveillance and facial recognition technology is a two-way street. On one side it talks about how efficiently the government can use it for security purposes and on the other side we can see that databases are so vulnerable that they pose a threat to privacy and individual liberty. The concern regarding privacy issues can be witnessed in the famous case of Justice KS puttaswamy v. Union of India, the case made a clarification that privacy cannot be compromised for the sake of technological advancement. Any use of such technology must fall under the threshold of 3 underlying principles i.e legality, proportionality and necessity. The main aim of this judgment was that the technological powers should be exercised within the constitutional limits and with a balanced approach. If AI surveillance systems are regulated properly it will become boon, otherwise if left unregulated it will become a serious threat. The true challenge is to adapt such a framework that  ensures proportionality without ignoring privacy and liberty concerns.

About Author

Sugandha is an advocate and a law graduate with an LL.M from Damodaram Sanjivayya National Law University. Her academic interests encompass criminal law, gender-neutral legal framework, and security laws. Through her writings, she seeks to critically analyse legal frameworks and contribute to discussions aimed at ensuring justice, equality, and effective legal protection.