Introduction

You ever get that feeling someone’s watching you, even when you’re just scrolling through memes or ordering groceries? It’s not paranoia anymore. Governments across the world have become very good at keeping tabs, and the lines between national security and individual privacy are blurring fast. State surveillance is not just a plot device in old spy movies; it’s alive, breathing, expanding, and sitting right in our pockets. Every ping, swipe, and click feeds the machine. Now, zoom in on India. A country with over a billion people plugged into the internet, rapidly moving towards digital everything: payments, identification, healthcare records, communication. But is this progress quietly shaping India into a digital panopticon, where visibility flows one way and control sits firmly with the state?

This is not just a tech issue; it’s about control, accountability, and whether citizens still get to control how much of their private lives are exploited for commercial purposes in the digital age. Data protection laws, or lack of them, play a critical role here. Without proper guardrails, surveillance morphs into something much bigger, much scarier.

We will first look at how state surveillance has grown globally and within India. Then we’ll get into what this means for privacy and security. We will break down the legal side; where laws stand, and where they fall short. And finally, some closing thoughts on what’s at stake if things continue unchecked.

Defining the Digital Panopticon

The concept of the Panopticon was first introduced by philosopher Jeremy Bentham as a blueprint for an ideal prison. Bentham’s design placed inmates in a circular structure with a central watchtower, allowing guards to observe all prisoners without the prisoners knowing whether they were being watched at any given time. The power lay not in constant observation, but in the possibility of being observed, which was enough to influence behavior (Jeremy Bentham, The Panopticon Writings (Rutherford Press 1995)). In the digital age, this idea has evolved far beyond prison walls. The watchtower has been replaced by data servers, surveillance cameras, facial recognition systems, and digital footprints. Governments and private entities no longer need physical proximity to monitor behavior. Instead, surveillance is baked into daily digital interactions. From phone metadata to social media activity, individuals are constantly leaving trails, often unaware of how much is being tracked, stored, and analyzed. This is what many now refer to as the "Digital Panopticon"; a modern version of Bentham’s concept, where surveillance is invisible but pervasive, and self-regulation becomes second nature due to the uncertainty of who is watching.

Howz modern technologies (AI, big data, etc.) and government surveillance contribute to this concept

Modern surveillance does not rely on a single watchtower. It operates through a web of advanced technologies; artificial intelligence, big data analytics, biometric systems, and ubiquitous digital devices; all working silently in the background. These technologies gather massive amounts of data from countless sources: social media, financial transactions, CCTV footage, GPS tracking, call records, internet activity, even biometric information linked to identification programs like Aadhaar in India.

Artificial intelligence adds muscle to this process by automating data analysis at unprecedented speed and scale. Machine learning algorithms sift through terabytes of information, identifying patterns, predicting behavior, flagging anomalies. Governments utilize these tools for various purposes; national security, crime prevention, social order but the side effect is the creation of a surveillance ecosystem where individuals are visible at all times, often without explicit consent or awareness. Big data acts as the fuel for this system. The more data collected, the more detailed the profile of each citizen becomes. Every click, message, and movement can be aggregated to form a complete behavioral map. Scholars have noted how this environment mirrors Bentham’s Panopticon, with the key difference being the invisibility of the watchers and the scale of observation (Shoshana Zuboff, The Age of Surveillance Capitalism (PublicAffairs 2019)).

In India, the integration of AI-driven surveillance tools with centralized databases, such as Aadhaar, amplifies this effect.

Initiatives like facial recognition systems deployed by law enforcement, coupled with the lack of stringent data protection laws, contribute to a growing sense of omnipresent monitoring. The lines between security and control blur as the digital infrastructure quietly embeds itself in everyday life (Usha Ramanathan, ‘Aadhaar: From Welfare to Mass Surveillance’ (2018) 14(4) Indian Journal of Law and Technology 1).

Physical Panopticon vs. Digital Surveillance: Power and Transparency

The physical Panopticon relied on a simple psychological mechanism: prisoners behaved as if they were always being watched because they couldn’t tell when the observation was actually happening. This uncertainty kept them compliant. The guards, meanwhile, remained unseen, holding all the power without having to exercise it openly (Jeremy Bentham, The Panopticon Writings (Rutherford Press 1995)). Digital surveillance replicates this structure but removes the walls. Today, constant monitoring happens quietly through algorithms, data collection, and surveillance infrastructure embedded in daily digital interactions. Users rarely know when or how they are being watched. There is little transparency citizens can’t easily see who has access to their personal information, how it’s being used, or when they’re under scrutiny.

The asymmetry of power is another direct parallel. In Bentham’s design, guards had visibility over prisoners, but the prisoners had none over the guards. Similarly, in the digital sphere, governments and corporations hold vast power to collect and analyze personal data, while individuals remain largely in the dark about the extent of this monitoring. This power imbalance raises serious concerns about accountability and consent ^2 (Shoshana Zuboff, The Age of Surveillance Capitalism (PublicAffairs 2019)).

In India, initiatives such as extensive CCTV networks, biometric-linked services, and AI-based policing tools reinforce this asymmetry. Citizens are watched, but have limited ability to question or resist the systems observing them (Usha Ramanathan, ‘Aadhaar: From Welfare to Mass Surveillance’ (2018) 14(4) Indian Journal of Law and Technology 1). Like Bentham’s prisoners, people adjust their behavior under the assumption they’re always visible without knowing exactly

Overview of State Surveillance in India

Surveillance in India isn’t a new phenomenon. Its roots trace back to colonial times when intelligence gathering was used primarily to maintain control over the population. After independence, this practice continued, with laws such as the Indian Telegraph Act, 1885, granting the state the authority to intercept communication lines for public safety and security reasons. In 2008, following a series of terror attacks, India introduced the Information Technology (Amendment) Act, which expanded surveillance powers significantly. Section 69 of this Act allows the government to intercept, monitor, and decrypt any information generated, transmitted, or stored in any computer resource if deemed necessary for national security, public order, or prevention of crime.

The technological landscape evolved rapidly in the 2010s. Initiatives like Aadhaar, launched in 2009, became key instruments, linking biometric data to various services. Simultaneously, surveillance technologies such as CCTV networks, facial recognition systems, and call detail record analysis gained prominence, especially in urban policing and intelligence operations. Government strategies have continually emphasized the importance of surveillance tools for internal security and cyber defense. The Ministry of Home Affairs’ National Security and Cybersecurity Strategy of India (2018) outlines surveillance as a crucial pillar for maintaining law and order, highlighting the integration of advanced digital technologies to monitor and manage threats 

However, while surveillance systems have expanded, concerns over checks and balances, transparency, and legal safeguards have remained largely unresolved.

Current state of surveillance in India: use of facial recognition, phone tapping, monitoring of online activity, and social media surveillance

Surveillance in India today has grown into a sophisticated, multi-layered operation. Facial recognition systems are increasingly deployed by law enforcement agencies in cities like Delhi and Hyderabad. These systems scan faces in real-time

databases, often without explicit consent or clear regulatory oversight. Phone tapping remains another key tool. Under the Indian Telegraph Act, 1885 and the Information Technology Act, 2000, government agencies are authorized to intercept phone calls and digital communication. The scale of interception is opaque, with limited transparency about how often and under what conditions such surveillance occurs. Online activity monitoring has also become a central focus. Agencies can track emails, website visits, messaging apps, and browsing histories, citing national security or public order concerns. Internet service providers and platforms are required to cooperate, often compelled to provide user data upon request.

Social media surveillance has ramped up, particularly during elections, protests, or periods of political unrest. Specialized units monitor platforms like Facebook, Twitter, and WhatsApp for content flagged as inflammatory, seditious, or fake news. Tools powered by artificial intelligence assist in scanning vast volumes of content rapidly.

According to the Ministry of Home Affairs, these measures are considered essential to counter threats ranging from terrorism to cyberattacks. The National Security and Cybersecurity Strategy of India (2018) outlines the deployment of advanced surveillance technologies as part of a broader framework to maintain security and order However, the legal safeguards and transparency mechanisms around these practices remain a matter of ongoing debate.

Specific government agencies involved: NIA, IB, CBI, and their expanding digital powers

Several key government agencies in India are at the forefront of surveillance activities, each playing a distinct role, but all increasingly empowered by digital tools and technologies.

The National Investigation Agency (NIA), primarily tasked with handling terrorism-related cases, has seen its scope expand over the years. With access to centralized databases and digital surveillance systems, the NIA conducts deep monitoring of communications, financial transactions, and online activities linked to suspected extremist networks. The agency’s powers allow it to collaborate with telecom companies and digital

The Intelligence Bureau (IB), India’s oldest intelligence agency, operates largely in secrecy. It focuses on internal security, counterintelligence, and surveillance of political activities. The IB extensively uses phone tapping, email monitoring, and social media analysis to track individuals or groups considered threats. Facial recognition tools, metadata analysis, and AI-driven platforms further bolster its ability to conduct surveillance at scale.

The Central Bureau of Investigation (CBI), while known for its role in investigating corruption, economic crimes, and high- profile criminal cases, also leverages digital surveillance in its operations. The CBI uses phone and internet interception capabilities, coordinates with foreign agencies under mutual legal assistance treaties (MLATs), and has increased its focus on cybercrimes.

All three agencies have expanded digital powers backed by legislative instruments like the Information Technology Act, 2000, and provisions under the Indian Telegraph Act, 1885. The Ministry of Home Affairs’ strategy documents emphasize the need to harness digital surveillance tools to enhance the operational effectiveness of these bodies 

However, the activities of these agencies largely escape public scrutiny. There is limited judicial or parliamentary oversight on how these digital powers are exercised, raising concerns about unchecked authority and the erosion of privacy rights.

National security concerns vs. civil liberties: How the state justifies surveillance in the name of security.

The tug-of-war between national security and civil liberties is at the heart of India’s surveillance framework. The state often leans heavily on security concerns to justify its expanding surveillance apparatus. Officials argue that in a country facing threats like terrorism, insurgency, cyberattacks, and communal unrest, real- time intelligence gathering is essential. Surveillance, they claim, acts as both shield and sword preventing attacks before they happen and maintaining public order. Laws such as the Indian Telegraph Act, 1885, and the Information Technology Act, 2000, explicitly provide the government powers to intercept

and public order. These legal provisions are regularly cited as the foundation for phone tapping, internet monitoring, and other forms of surveillance.

Policy documents like the Ministry of Home Affairs’ National Security and Cybersecurity Strategy of India (2018) reinforce this stance. The strategy emphasizes the need to integrate advanced surveillance technologies to safeguard against threats.

However, civil liberties advocates raise serious concerns. They argue that the absence of robust legal safeguards, lack of independent oversight, and minimal transparency create an environment where surveillance can be misused—targeting political dissenters, activists, journalists, or minority communities. The broad and vague language used to define "threats" leaves room for subjective interpretation, tipping the balance heavily in favor of state control, often at the cost of individual privacy and freedom of expression. 

This debate remains unresolved, with the state's justification rooted firmly in the rhetoric of security, while questions about accountability, proportionality, and citizens' rights continue to linger.

Surveillance presents significant threats to civil rights, especially the right to privacy that in India has been recognized by the Indian Supreme Court as fundamental. Those fundamental rights must be supported and some supported through self-determination and control over one's life.

Moreover, continuous surveillance creates a chilling effect that may prevent people from exercising their freedom of speech or the right to protest. Fear of being watched may dissuade people from speaking, protesting or dissenting around certain issues. Therefore, people and certain groups may be silenced, including activists, journalists, or members of marginalized groups. Restrictions imposed by the scrutiny may bring forth the weakening of democracy.

Additionally, pervasive surveillance leaves open the possibility for most citizens to be impacted, with limited or no laws that are established transparently, so that most people have nowhere to appeal the intrusion of the state.


Legal Framework Governing Surveillance in India

India's surveillance powers are built off of a patchwork of outdated and new laws, which give the state extreme power while lacking any serious oversight and a lack of accountability. Instead of a comprehensive legal framework, these laws have significant loopholes that allow for nearly unfettered government monitoring with only minimal checks. 

The Indian Telegraph Act, for example, is a colonial-era piece of legislation that allows for the interception of communications if it is in the name of sovereignty or public order — there is no requirement for a court order and not requiring any public reporting of its use. The Information Technology Act, meanwhile, expands the power of interception and monitoring to digital communications, but also fails to impose any serious protections or rules around procedures so it is able to authorize surveillance itself and by third parties with little oversight. 

The lack of a requirement for judicial approval, vague definitions of threats of sovereignty, and the broad exemptions for the government allow for surveillance to extend beyond very legitimate security and military needs. The proposed Personal Data Protection Bill, which aims to impose controls on the collection and use of individual personal data, contains very wide exemptions for the government for national security purposes and thereby negates its efficacy.

India still does not have a distinct surveillance law to promote transparency, accountability and proportionality, even after the Supreme Court affirmed the right to privacy in a constitutional context back in 2017. Due to this legal environment being disorganized, the country has not developed a comprehensive surveillance policy and instead creates an environment for unchecked surveillance powers to operate, largely in secrecy, while undermining citizen rights to privacy and liberties.

The Expanding Role of Technology in Surveillance

India’s surveillance landscape is increasingly driven by the systems more pervasive and automated. Facial recognition systems, biometric data collection, and AI algorithms form the backbone of this expansion, allowing the state to track individuals at unprecedented scales. One of the most prominent examples is Aadhaar, the world’s largest biometric identification project. Initially introduced to streamline welfare delivery, Aadhaar collects fingerprints, iris scans, and demographic data of over a billion residents. Over time, its integration across banking, telecom, and public services has created a centralized database that the government can access, enabling mass surveillance without explicit consent mechanisms or clear restrictions on use.

Facial recognition technology is being deployed in public spaces, airports, and law enforcement agencies, with little public debate or regulatory framework. These systems analyze CCTV feeds and match faces against government databases, often without informing the individuals being scanned. AI algorithms further automate the process by flagging suspects, tracking movements, and analyzing behavioral patterns.

Private tech companies play a crucial role in facilitating this digital surveillance architecture. The government increasingly partners with firms specializing in data analytics, cloud storage, facial recognition software, and cybersecurity. These collaborations raise concerns about data sharing, as private entities gain access to sensitive citizen information without stringent oversight. Such partnerships also blur the lines between public interest and commercial profit. Many of these private firms operate under opaque contracts, and the lack of strict data protection regulations means that citizens often have no clarity on how their information is being stored, analyzed, or monetized. The expanding role of technology, coupled with weak accountability mechanisms, thus amplifies the surveillance potential in India.

Impact of the Digital Personal Data Protection Act (DPDPA), 2023 on Government Surveillance

The DPDPA, 2023 is India’s first comprehensive law for regulating personal data protection, providing individuals with contingent rights over their data, and imposing obligations on private entities. However, in terms of exemptions for government agencies, the DPDPA’s exemptions are broad, and any Exemptions are provided in the name of sovereignty, security, public order, and law enforcement.

These exemptions allow government entities to collect and process personal data as it deems fit without consent and with minimal safeguards, while essentially upholding a wide range of surveillance powers outside the regulations of the DPDPA. This essentially limits the DPDPA’s effectiveness in curbing public surveillance as it does little in reducing the potential state access to personal data.

Furthermore, because of its various contentions, critics suggest that the DPDPA does not provide mandatory transparency, judicial oversight, or accountability frameworks for government surveillance; this lack of oversight directly contradicts the constitutional principles of privacy established by the Supreme Court of India in the K.S. Puttaswamy v. Union of India Judgment. Subsequently, while the DPDPA represents a milestone in recognizing and protecting privacy against private misuse in this manner, it does little to meaningfully restrict the surveillance powers of governmental agencies; therefore, there remains a significant gap in overall data privacy in India.

Implications for Privacy and Civil Liberties

The rise of state surveillance in India has created a sharp tension between national security and personal privacy. Several instances illustrate how surveillance has crossed boundaries, infringing upon fundamental rights. For example, reports have

surfaced alleging the misuse of technologies like Pegasus spyware to target activists, journalists, and political opponents, without transparent legal processes. These cases highlight how surveillance powers, initially justified under the banner of security, can easily morph into tools for controlling dissent and violating individual privacy.

State surveillance has the potential to stifle freedom of speech and expression. Knowing that online activity, phone calls, and even physical movements are under constant watch may deter individuals from voicing dissenting opinions or participating in protests. This chilling effect undermines democratic values, creating an atmosphere where self-censorship becomes the norm. The risks extend beyond immediate privacy violations. Mass surveillance systems generate vast amounts of sensitive personal data. Without robust data protection frameworks, the chances of identity theft, unauthorized data sharing, or leaks rise significantly. There have been cases where Aadhaar data breaches exposed millions of individuals’ private information, demonstrating how surveillance and data collection systems are vulnerable to misuse. Furthermore, the concentration of surveillance power opens doors for political targeting. Surveillance databases can be weaponized to profile specific communities, opposition figures, or social movements, turning technology into an instrument of control rather than protection. As surveillance expands unchecked, the risk grows that democratic freedoms and personal liberties will be compromised in the name of security.

India’s Digital Sovereignty: A Double-Edged Sword

India’s pursuit of digital sovereignty has become a double-edged sword, reflecting the broader debate between national control and individual freedoms. On one hand, policymakers argue that strengthening control over the country's digital infrastructure is essential. Given the rising threats of cyber espionage, data leaks, and foreign surveillance, India’s state surveillance policies are often justified as defensive measures. Ensuring that critical data remains within national borders and under state oversight is seen as a way to reduce dependence on foreign tech giants and prevent external interference 

Surveillance tools, in this context, become instruments to safeguard sovereignty. The government contends that monitoring digital communication channels helps counter cyberattacks, cross-border terrorism, and geopolitical threats. The banning of certain foreign apps and increased scrutiny of foreign investments in tech infrastructure further demonstrate this intent to tighten control over the digital space. However, critics argue that this pursuit of digital sovereignty often masks excessive state control. Instead of merely shielding India from foreign influence, surveillance policies frequently extend inward toward monitoring citizens, collecting massive amounts of personal data, and curbing online freedoms. Mandatory data localization laws and centralized databases like Aadhaar give the government unprecedented power over users’ digital lives, with little oversight or accountability.

This concentration of control raises alarms about privacy erosion, suppression of dissent, and lack of independent regulatory bodies. While national security concerns are valid, over-reliance on surveillance undermines democratic checks and balances, turning the idea of digital sovereignty into a tool for domestic control rather than protection from external threats.

Global Comparisons and Lessons

India’s surveillance and data protection landscape occupies a middle ground when compared globally, falling somewhere between the stringent surveillance-heavy models like China’s and the rights-focused regulatory frameworks of the European Union.

China represents one of the most comprehensive state surveillance systems in the world. The government employs an extensive network of facial recognition cameras, AI-driven citizen scoring systems, and mandatory data-sharing laws for tech companies. Surveillance in China is deeply integrated into daily life, with the state maintaining centralized control over all digital activity. Individual privacy takes a backseat to state control, and there is little room for legal recourse or transparency (Subash Chandra, ‘The Dangers of Mass Surveillance: A Threat to Democracy?’ (2021) Privacy and Civil Rights Journal). India’s approach, while expansive, lacks the centralized, all-encompassing system seen in China. Surveillance mechanisms like Aadhaar, phone tapping, and

the kind of rigid legal framework or transparency seen in democratic nations. Unlike China, India does not yet have a formalized social credit system or uniform surveillance policy; however, concerns about creeping authoritarian tendencies and lack of accountability persist.

The European Union offers a contrasting model with its General Data Protection Regulation (GDPR). GDPR emphasizes data protection, transparency, and individual rights, requiring clear consent, data minimization, and providing citizens control over their data. It also enforces strict penalties for misuse and mandates independent regulatory oversight (European Commission, General Data Protection Regulation (GDPR) (2018).

India lacks a comprehensive privacy law equivalent to GDPR. The Digital Personal Data Protection Act of 2023 attempts to address some concerns but still leaves broad exemptions for government surveillance, which would not pass muster under the EU’s stringent checks.

The United States, while advanced in surveillance capabilities (e.g., NSA’s programs exposed by Edward Snowden), has strong judicial checks and public debate around surveillance policies. India, in contrast, has limited independent oversight mechanisms or legal recourse for citizens subjected to surveillance. India stands at a crossroads. It can lean toward models prioritizing control and opacity or learn from the EU’s regulatory structure, adopting strict data protection laws and independent oversight to strike a balance between national security and individual rights.

Conclusion

The steady expansion of state surveillance in India signals a clear shift in how the state interacts with its citizens in the digital age. From the early days of telecommunication interception under the Indian Telegraph Act to today’s AI-driven facial recognition and biometric databases, surveillance has grown both in scope and sophistication. This rise comes with significant implications: privacy erosion, risks of political misuse, and the potential silencing of dissent. Laws like the IT Act and UAPA empower the state but lack strong procedural safeguards. Judicial interventions like the Puttaswamy verdict recognized privacy rights, but India still lacks a dedicated, robust legal framework to govern surveillance.

The question remains—Is India becoming a digital Panopticon? Technologically, the tools are in place. Legally, broad state powers with limited checks make the possibility real. As more data is collected, analyzed, and shared, the asymmetry of power between state and citizen grows sharper. India’s future hinges on how it handles this balance.

Transparency and independent oversight are critical. Without stringent data protection laws, clearly defined limits on surveillance, and public accountability, the risks will only deepen. The challenge is to harness technology without compromising fundamental freedoms. As Suman Roy aptly observes, India stands on a fine line between protecting security and preserving privacy. The coming years will reveal which side the country chooses.

References

  1. Jeremy Bentham, The Panopticon Writings (Rutherford Press 1995).
  2. Ministry of Home Affairs, National Security and Cybersecurity Strategy of India (2018) https://mha.gov.in.
  3. K.S. Puttaswamy v. Union of India (2017) 10 SCC 1.
  4. Kiran Garimella, ‘How Technology is Empowering Indian Surveillance’ (2019) Indian Journal of Technology and Law https://ijtljournal.com/article.
  5. Subash Chandra, ‘The Dangers of Mass Surveillance: A Threat to Democracy?’ (2021) Privacy and Civil Rights Journal https://privacyandcivilrights.in/article.
  6. Rajeev Ranjan, Digital Sovereignty: The Indian Perspective (Tech Policy Review 2020) https://techpolicyreview.in.
  7. European Commission, General Data Protection Regulation (GDPR) (2018) https://ec.europa.eu/info/law/law-topic/data- protection_en.
  8. Suman Roy, ‘The Fine Line Between Surveillance and Privacy in India’ (2022) Indian Law Review https://indianlawreview.com/article.