logo
+1 619 559 3838
Image

BLOG

Privacy vs Transparency: Does India’s Data Protection Law Override the RTI Act?

India’s governance framework has long relied on two powerful legal principles: citizens’ right to information and individual privacy protection. With the introduction of the Digital Personal Data Protection Act, 2023 (DPDPA), an important debate has emerged. Many legal experts, journalists, and civil society groups are asking whether this new privacy law weakens the country’s transparency framework under the Right to Information Act, 2005.

The discussion centers on how privacy rights should interact with transparency obligations in a digital era where vast amounts of personal data are processed and stored. While the government maintains that the DPDPA only harmonizes privacy and transparency, critics worry it could limit public access to important government information.

This article explores what changed, the legal interpretations from both sides, and what it means for citizens, policymakers, and governance in India.

Understanding the RTI Act and Its Role in Transparency

The Right to Information Act, enacted in 2005, transformed India’s democratic landscape by empowering citizens to request information from public authorities. The law plays a crucial role in:

  • Promoting government transparency
  • Strengthening democratic accountability
  • Exposing corruption and misuse of public funds
  • Enabling citizens to participate in governance

However, the RTI Act also contains specific exemptions where information may be withheld. One such exemption exists under Section 8(1)(j), which concerns the disclosure of personal information.

Originally, this provision allowed authorities to deny requests for personal information only when disclosure had no relationship to public interest or public activity, or when it would cause an unwarranted invasion of privacy. Importantly, the law also included a public interest override, meaning information could still be released if the larger public interest justified disclosure.

How the Digital Personal Data Protection Act Amended the RTI Act

The enactment of the Digital Personal Data Protection Act introduced a change to Section 8(1)(j) of the RTI Act.

Previously, authorities were required to weigh privacy against public interest before denying access to personal information. Under the revised language introduced through the DPDPA, the exemption now broadly covers:

“information which relates to personal information.”

This simplified wording removes the explicit balancing test that previously allowed public authorities to disclose personal information when public interest demanded it.

As a result, the interpretation of what qualifies as “personal information” has become central to the debate.

Government’s View: The RTI Act Remains Intact

The Government of India has clarified that the amendment does not override or dilute the RTI framework.

According to the Ministry of Electronics and Information Technology (MeitY), the change simply aligns the RTI Act with the constitutional recognition of privacy established by the Supreme Court in the landmark judgment of Justice K.S. Puttaswamy v. Union of India.

Key points highlighted by the government include:

  • Privacy is now a fundamental right under the Indian Constitution.
  • The amendment brings the RTI Act in line with privacy jurisprudence.
  • Section 8(2) of the RTI Act still allows disclosure if public interest outweighs potential harm.
  • The earlier public interest clause in Section 8(1)(j) was considered legally redundant.

Union IT Minister Ashwini Vaishnaw has stated that the goal of the amendment is to strike a balance between privacy protection and transparency, rather than restrict citizens’ access to information.

The Attorney General of India has also supported the government’s position that the DPDPA does not undermine the RTI Act.

Critics’ Concerns: A Potential Shift Toward Secrecy

Despite these assurances, several legal scholars, RTI activists, and civil society organizations have raised serious concerns.

Their arguments focus on how the amendment could affect real-world information requests.

Broad Definition of Personal Data

The DPDPA defines personal data broadly as any information that can identify an individual. Critics argue that public authorities could use this definition to deny access to information that historically helped ensure transparency.

Examples of potentially affected disclosures include:

  • Asset declarations of public officials
  • Records of government spending
  • Beneficiary lists of welfare schemes
  • Data related to administrative conduct

If such information is categorized as “personal,” authorities may reject RTI requests without evaluating public interest.

Reduced Accountability Mechanisms

RTI activists believe that removing the explicit balancing test weakens one of the law’s strongest accountability tools.

The RTI Act has historically played a crucial role in exposing corruption, uncovering governance failures, and ensuring public scrutiny of government decisions.

Without clear safeguards for public interest disclosures, critics fear transparency could gradually decline.

Legal Challenges and Supreme Court Review

The amendment has already triggered constitutional challenges.

Several petitions have been filed before the Supreme Court of India arguing that the change may undermine democratic transparency and disproportionately prioritize privacy over the public’s right to know.

While the court has agreed to examine the issue, it has not granted an interim stay on the amended provision.

This means the legal validity and interpretation of the amendment will likely be clarified through future judicial rulings.

Real-World Impact on Governance and Society

The interaction between privacy protection and transparency obligations has significant implications for different stakeholders.

For Citizens and Journalists

There is concern that authorities may increasingly refuse RTI requests by citing “personal data,” which could reduce access to information needed for public oversight.

For Public Authorities

The amendment offers clearer legal protection when handling personal data and reduces the risk of violating privacy rights during information disclosure.

For Policymakers

The challenge lies in maintaining a balance where privacy rights are protected without undermining transparency and democratic accountability.

This balancing act is becoming increasingly important as governments digitize services and collect larger volumes of personal data.

Privacy and Transparency in the Digital Age

The broader debate highlights a global challenge faced by modern democracies: how to protect personal data while ensuring government openness.

Countries around the world are trying to align data protection laws with transparency frameworks. India’s attempt to reconcile these objectives through the DPDPA amendment represents a significant policy experiment.

Whether the balance ultimately favors privacy or transparency will depend largely on judicial interpretation and administrative practice.

Conclusion: Harmonization or Quiet Supremacy?

The Digital Personal Data Protection Act does not formally replace the Right to Information Act. Both laws continue to coexist within India’s legal system.

However, the amendment to Section 8(1)(j) represents an important shift in how personal data is treated under transparency laws.

The government describes this change as harmonization between privacy rights and transparency obligations. Critics, on the other hand, fear it may gradually tilt the balance toward secrecy.

The final outcome will depend on how courts interpret the law and how public authorities apply it in practice. As India navigates the evolving landscape of digital governance, the interaction between privacy and transparency will remain a defining issue for democratic accountability.