Redefining Privacy: Examining the Implications of India's Data Protection Bill

- Gayathri Anil

In an increasingly digital world where personal data is currency, safeguarding individuals'

privacy has become crucial. It is imperative for laws regulating citizens’ privacy to strike a
delicate balance between protecting their privacy while also ensuring their access to relevant
information.

The Ministry of Electronics and Information Technology has thus formulated a Digital Personal
Data Protection (DPDP) Bill with the aim of regulating the handling of digital personal data in
a manner that acknowledges the importance of both safeguarding individuals' right to protect
their personal data and the processing of such data for legitimate purposes. Simply put, the act
aims to find a balance between protecting the privacy of individuals’ and legally regulating the
access of companies, government and other public authorities to process and use such
information when needed lawfully.

While it's undeniable that a regulation of this nature is crucial in the largest democracy of the world, there
exists multiple contradictions to the prescribed right to privacy that must be tackled before its implication.

Firstly, the act’s exemption of regulating publicly published information of an individual furnished by
themselves on social media or various websites as per Clause 3(c)(ii). This sparks the concern of
accessibility of artificial intelligence and surveillance organizations to extract, analyze and process data
from the social media accounts of every Indian citizen, as well as from biometric information such as
photographs, voice and audio published in news outlets etc., all without obtaining their consent.

Secondly, The bill permits governmental agencies via a notification, to exclude themselves from under
the purview of the bill in emergency situations regarding security and matters of public order of the state.
As per Section 36 of the same act, such agencies of the state can deem access to and retain private
information of individuals’ from companies and organizations ‘for purposes of this act’ that are
ambiguous to citizens. This incites the threat of mass surveillance by every private organization and the
agencies thereby breaching the privacy of every citizen of the country and is a direct contradiction to the
1
principles and safeguards enshrined in the Puttaswamy judgement .

1
Justice K.S. Puttaswamy (Retd.) & Anr. vs. Union of India & Ors, (2017) 10 SCC 1, AIR 2017 SC 4161.
Thirdly, the amendment to the section 8 of RTI Act has caused a huge dent in the scope of accessibility
of information that educates citizens and ensures transparency of the governmental operations. The
proposed Bill seeks to eliminate applicable provisions within the RTI Act that permit public authorities to
disclose personal information, such as details regarding officials' salaries and operations, under
circumstances stated to be public interest. Instead, it would establish a blanket restriction, prohibiting the
disclosure of any personal information altogether which contradicts the motive behind the RTI Act which
ensures transparency of the government and protects potential corrupt officials and operations.

While the DPDP Act 2023 represents a new dimension of regulation for the digital age of data
privacy concerns, there still pertains various shortcomings to be reviewed by the Ministry to
further strengthen the legislation for the benefit of both the government and citizens.