Privacy Vs Transparency: RTI & DPDP

By /

Background and Constitutional Context

  • The Supreme Court referred challenges to the RTI amendment to a Constitution Bench. The Court recognized the matter as involving serious constitutional sensitivity. 
  • The RTI Act, 2005 aimed to create an informed and empowered citizenry. It significantly reduced state-citizen information asymmetry over two decades.
  • Transparency under RTI strengthened democratic accountability and responsive governance.

Nature of the Amendment under DPDP Act, 2023

  • Section 44(3) of the DPDP Act amended Section 8(1)(j) of RTI Act. 
  • Earlier, personal information could be denied only without public interest however the RTI Act contained a crucial public interest override safeguard. The amendment now has removed this override and imposes a blanket prohibition.
  • This may restrict access to procurement records, audits, and public spending details.

Democratic and Institutional Concerns

  • The amendment creates a “legitimate uses paradox” in data governance. 
  • Section 7 of DPDP allows state data processing without consent.Citizens, however, cannot seek similar transparency from the government.
  • This creates imbalance, enabling state surveillance while limiting citizen scrutiny.
  • Such asymmetry weakens democratic oversight and accountability mechanisms.

Impact on Press Freedom and Judicial Guidance

  • Journalists may be classified as data fiduciaries under DPDP provisions.
  • Non-compliance may attract penalties up to ₹250 crore.
  • This framework risks creating a chilling effect on investigative journalism.
  • In Central Public Information Officer (2019), public interest justified disclosure.
  • The European Union’s GDPR balances privacy protection with transparency safeguards.

Way Forward

  • The Court must clearly define the scope of “personal information”. 
  • Restore the public interest override within the RTI framework.
  • Ensure privacy laws do not dilute democratic transparency mechanisms.
  • Provide explicit protections for journalism within data protection regulations.
  • Reaffirm that no information asymmetry should exist between state and citizens.

Digital Personal Data Protection Act, 2023

  • Objective and Scope
    • The Act establishes a legal framework for protection and lawful processing of digital personal data.
    • It applies to personal data collected in digital form within India.
    • It also covers non-digital data that is later digitised.
    • The Act applies to foreign entities offering goods or services in India.
    • It excludes personal data processed for purely personal purposes or publicly available data.
  • Consent and Rights of Data Principals
    • Personal data may be processed only for lawful purposes after obtaining valid consent.
    • Data principals retain the right to withdraw consent at any time.
      • Consent is not required for specified legitimate uses, including government benefits and emergencies.
    • Data principals have rights to access, correction, erasure, and grievance redressal.
      • They must not file false or frivolous complaints under the Act.
  • Obligations of Data Fiduciaries and Regulatory Framework
    • Data fiduciaries determine the purpose and means of data processing.
    • They must ensure accuracy, reasonable security safeguards, and breach notification.
    • Personal data must be erased once the purpose of processing is fulfilled.
    • The Act establishes the Data Protection Board of India to ensure compliance.
  • Appeals against Board decisions lie before the Telecom Disputes Settlement and Appellate Tribunal.

Related Posts

Leave a Comment

Your email address will not be published. Required fields are marked *

Scroll to Top