SC to hear plea accusing new data protection law of ‘weaponising’ right to privacy and ‘disarming’ RTI

The Supreme Court is scheduled to hear on February 16 a petition which accuses India’s new digital personal data protection law of weaponising the right to privacy to disarm the citizens’ right to seek information from the state under the Right to Information (RTI) Act.

A three-judge Bench headed by Chief Justice of India Surya Kant would hear a petition filed by human rights and transparency activist Venkatesh Nayak, represented by advocate Vrinda Grover, who has challenged Section 44(3) of the Digital Personal Data Protection (DPDP) Act of 2023.

The petition submitted that Section 44(3) has amended Section 8(1)(j)of the RTI Act to facilitate public authorities to blankly refuse information on the ground that the details sought are of a “personal” nature. It said the provision has turned the fundamental right to privacy on its head. The right, meant to protect ordinary citizens against state incursion, has been extended to protect the state and public functionaries from RTI disclosures.

Originally, the RTI provision had exempted authorities from disclosing personal information to an applicant if the details sought had no relationship to any public activity or if disclosure would amount to unwarranted invasion of privacy. Even then, the government had to disclose if public interest outweighed privacy. The decision whether or not to reveal ‘personal information’ was taken by a Public Information Officer or the First Appellate Authority under the RTI Act after thoroughly weighing privacy and transparency concerns.

“The Constitutional consequence is immediate and serious. Every RTI application involving identifiable public officials, procurement records, audit reports, appointment files, utilisation of public funds, or exercise of statutory discretion can now be denied automatically on the ground that it ‘relates to personal information’. The balancing mechanism that ensured proportionality has been dismantled. The exemption operates as an irrebuttable bar at the first gate. This is not a minor statutory adjustment; it is a structural alteration of the decision-making architecture of the RTI Act,” the National Campaign for People’s Right to Information (NCPRI), represented by advocate Prashant Bhushan, argued in a separate petition filed in the apex court.

The petition represented by Ms. Grover said the amendment introduced by the DPDP Act accorded “unguided discretion to the Executive to deny personal information, which is unconstitutional”.

“It is an unreasonable restriction on the right under Article 19 (right to free speech). Privacy is not a fundamental right available to the state. It violates Article 14 (right to equal treatment) by equating the privacy of public functionaries to that of ordinary citizens. It inverts the jurisprudence of privacy vis-à-vis the right to information and prioritises privacy over the larger public interest of transparency and open governance,” Mr. Nayak’s petition argued.

It contended that the amendment to Section 8(1)(j) of the RTIAct, when read in conjunction with the definition of the term ‘personal data’ in the DPDP Act, has brought within its fold “all information which even remotely relates to the identity of an individual, and renders the right to information illusory” and sounded the death knell for participatory democracy besides being ruinous to ideas of open governance.

The pleas also challenged provisions of the DPDP Rules, 2025, which provide the Executive dominance in the formation of search-cum-selection committees for the appointment of the chairperson and members of the Data Protection Board in violation of the doctrine of separation of powers. Similarly, the law allows the Centre to call for any information without any statutory guidance or limitation from the Data Board of Data Fiduciaries, making it manifestly arbitrary. Besides, it has provided penalties without any statutory guidance on what constituted a “significant” data breach.