Difference Between Confidentiality and Privacy

In today’s digital era, terms like confidentiality and privacy are often used interchangeably. Yet, legally and conceptually, these two are distinct. Understanding the difference between confidentiality and privacy is crucial, especially in India where awareness around data protection and personal rights is growing rapidly.

What is Privacy?

Privacy is fundamentally a right—the right to be free from unwarranted intrusion into one’s personal life or personal information. It is a broad concept that protects an individual’s personal space, autonomy, and control over their personal data.

In India, the right to privacy was recognised as a fundamental right under Article 21 of the Constitution by the landmark judgement in Justice K.S. Puttaswamy (Retd.) v. Union of India (2017). This means that privacy is protected as part of the right to life and personal liberty.

Examples of privacy include:

• The expectation that your home is free from illegal searches or surveillance.
• The right to keep your personal communications, like phone calls or messages, private.
• The right to control your personal information shared online.

Privacy, therefore, protects individuals from intrusion by the state, corporations, or other persons without their consent or lawful authority.

What is Confidentiality?

Confidentiality, on the other hand, is a duty or obligation. It arises when information is shared in a trusted relationship, and the recipient of the information is legally or ethically bound to keep it secret.

Confidentiality is not a universal right, but a responsibility that applies to certain relationships, such as:

• Lawyer and client
• Doctor and patient
• Employer and employee (regarding certain business secrets)
• Banks and customers

For instance, when you consult a lawyer, you expect that whatever you disclose remains confidential. The lawyer is obligated to keep your information private unless you consent to share it, or the law requires disclosure.

Key Differences Between Privacy and Confidentiality

Here, we discuss the key differences between privacy and confidentiality in a clear and concise manner.

Scope and Application

Privacy is a broad concept applying to everyone equally. It protects individuals from unwanted intrusion into their personal lives, whether physical, informational, or digital. This can include protection from illegal searches, unauthorised surveillance, or disclosure of personal data without consent.

Confidentiality has a narrower scope and applies only to specific persons or organisations who have received information in a trusted setting. The duty of confidentiality arises from professional ethics, contractual obligations, or statutory requirements. It does not create a general right for the individual but imposes a responsibility on the recipient of information.

Who is Bound?

Privacy rights bind everyone—government authorities, private individuals, companies, and organisations alike. No person or entity can lawfully invade another’s privacy without consent or lawful authority.

Confidentiality binds only specific persons who have an explicit or implied obligation to protect the information entrusted to them. For example, doctors, lawyers, banks, and therapists have legal and ethical duties to maintain confidentiality of the information their clients or patients share with them.

Triggering Event

Privacy is violated when there is an intrusion or surveillance without authorisation or consent. Examples include unauthorised CCTV cameras in private spaces or illegal interception of communications.

Confidentiality is breached when a trusted party discloses sensitive information shared with them without permission or lawful excuse. For example, if a lawyer reveals a client’s case strategy to a third party, it constitutes a breach of confidentiality.

Legal Remedies

Violations of privacy can give rise to constitutional remedies (such as writ petitions), tort claims for invasion of privacy, or damages for mental distress.

Breach of confidentiality generally leads to claims for damages under contract law, professional disciplinary actions, or statutory penalties depending on the sector and jurisdiction.

Duration

Privacy is an ongoing and universal right that persists throughout an individual’s life, protecting them continuously against unlawful intrusion.

Confidentiality obligations may last indefinitely or for a specified period, often defined by law, professional codes, or contractual agreements.

Examples to Illustrate

• If a person’s home is unlawfully searched without a warrant, it is a privacy violation.
• If a doctor shares a patient’s medical condition without consent, it is a confidentiality breach.
• If a social media platform leaks user data, it involves both privacy invasion and confidentiality breach.

Privacy and Confidentiality in Indian Law

India’s approach to privacy has evolved significantly over recent years. The Supreme Court’s 2017 Puttaswamy judgement was a turning point, affirming privacy as a fundamental right. This has implications for how personal data is handled, accessed, and protected.

At the same time, confidentiality is governed through a mix of statutory provisions, professional ethics, and contractual agreements. Some relevant legal frameworks include:

• Information Technology Act, 2000: Addresses data protection and privacy of electronic information. Section 43A penalises companies for negligence in protecting sensitive personal data.
• Bar Council of India Rules: Mandate confidentiality between lawyers and clients.
• Medical Council of India Regulations: Doctors are required to keep patient information confidential.
• Contracts and NDAs: Private agreements can establish confidentiality obligations.

When Privacy and Confidentiality Overlap

Sometimes, breaches can involve both privacy and confidentiality. For example, if a hospital leaks a patient’s records online:

• It is a privacy violation because personal health data was exposed without consent.
• It is a confidentiality breach because the hospital had a duty to keep patient information secret.

Understanding this overlap is important for addressing complaints and enforcing rights effectively.

Examples to Understand the Concepts

Example 1: Privacy
Imagine the government installs CCTV cameras inside a person’s private home without consent. This is a breach of privacy because the person’s reasonable expectation of solitude is violated.

Example 2: Confidentiality
If a doctor shares a patient’s medical history with a third party without permission, it breaches confidentiality, even if the patient’s home is not intruded upon.

Example 3: Both
If an online platform collects and sells user data without consent, it violates user privacy and breaches any confidentiality terms agreed upon during sign-up.

Important Indian Case Laws

1. Kharak Singh v. State of U.P. (1962): The Supreme Court struck down police domiciliary visits as unconstitutional, holding them to be an invasion of privacy under Article 21.
2. Justice K.S. Puttaswamy v. Union of India (2017): Affirmed privacy as a fundamental right protecting personal autonomy and informational privacy.
3. Tata Consultancy Services Ltd. v. State of Andhra Pradesh (2005): Recognised “information privacy” in the context of business data and protection from arbitrary state actions.

Conclusion

Privacy and confidentiality, while related, serve different functions in law and society. Privacy protects an individual’s right to be free from unwarranted intrusion, enshrined as a fundamental right in India. Confidentiality imposes duties on those entrusted with information to keep it secret.

Both principles work together to safeguard personal dignity, trust, and autonomy. As India strengthens its data protection framework, understanding these concepts is essential for all individuals and entities to navigate their rights and obligations responsibly.