India’s push for a data protection law went through several failed drafts, and the final DPDP Act 2023 along with the 2025 Rules has now raised significant concerns.

Background

• Origin in the Puttaswamy Case: The Supreme Court’s nine-judge bench in Puttaswamy case declared the Right to Privacy as a Fundamental Right under Article 21.
• Expanded Understanding of Privacy: The Court clarified that privacy includes autonomy and individual control over personal data and highlighted that privacy governs personal choices, including everyday decisions like what to wear.
• Court-Directed Legislative Action: The Supreme Court instructed the Central Government to create a strong data protection law which set in motion the drafting of multiple versions of the law.
• Multiple Drafts Between 2017–2023: Three draft Bills emerged between 2017 and 2023, none of which satisfied the government or opposition. The 2018 Sri Krishna Committee’s recommended draft was also rejected by the Central Government.
• Passage of the DPDP Act, 2023: Passed by the Parliament, made consent mandatory for social media companies using personal data and offered limited consumer safeguards.

Major Flaws of the 2023 Act

• Excessive Exemptions for Government Agencies: The Act allows government bodies broad powers to process personal data for national security and public order which creates concerns about unrestricted access to citizens’ data.
• Weakness of the Data Protection Board of India (DPBI): The DPBI is responsible for handling complaints and imposing penalties and  was criticised for lacking strength and independence, reducing its ability to enforce protections.
• Removal of Public-Interest Clause: The Act deletes the RTI provision permitting disclosure of personal information when public interest outweighs privacy and now bars release of personal information entirely, even when public good is involved.
• Restriction on Legislative Transparency: The Act removes the clause that allowed information shared in Parliament or State Assemblies to be disseminated publicly. This narrows the scope of transparency and weakens democratic accountability.

Key Concerns with the 2025 Rules

• Uneven Regulatory Treatment: Companies get an 18-month extension to comply, while RTI-diluting provisions were enforced immediately, creating an imbalance between corporate convenience and citizens’ rights.
• Perception of Regulatory Softness:  The long compliance window for Big Tech raises doubts about whether the government is being overly lenient toward powerful platforms.
• Conflict of Interest in Oversight: The DPBI operates under the Ministry of Electronics and Information Technology (MeitY), which has appointed its members, raising questions about its impartiality.

Check Out UPSC CSE Books

Visit PW Store

Conclusion

The Big Tech benefits from a long compliance extension, while citizens face delayed protections and broader data access for the government. The weakening of RTI further reduces transparency for the public.

DOWNLOAD PDF