FDPPI Objective Number Three now comes to fore

Posted on March 11, 2026 by Vijayashankar Na

When FDPPI was formed in 2018, three main objectives were set for the Section 8 Company.

First was to build an empowered Community of professionals who were “Knowledgeable”, “Efficient” and “Ethical”

Second was  to Enhance the intrinsic value and worth of the Profession of Data Protection Professionals.

Both these objectives are served firstly by the Awareness building initiatives, Secondly by the Certification and  thirdly by the development of Compliance framework.

It was interesting that FDPPI had added the third main objects of its constitution as

“To bring harmony in the pursuance of Civil Rights of individuals such as Privacy and Freedom of Expression along with the Right to Information and Right to Cyber Security without any profit motive”.

The time has now come to activate action to meet this third objective  in the light of the threat posed to the DPDPA by the three petitions filed in the honourable Supreme Court by Mr Venkatsh Nayak, Reporter’s Collective Trust and National Campaign for People’s Right to Information, represented by Ms Vrinda Grover, Mr Abhishek Manu Singhvi and Mr Prashant Bhushan.

These petitioners are approaching the Court as “Civil Liberty Activists” and claiming that the DPDPA 2023 and the Rules are damaging  the basic structure of Freedom of Speech ingrained under Article 19 of the Constitution and therefore should be scrapped wholly or partly.

FDPPI had anticipated that the “Right to Privacy” would come into conflict with “Right to Freedom of Expression” even before the current conflict arose. Hence it had the vision to add this third objective to its objective clause.

We are therefore now opposing  the petitions with the following argument.

  1. Objective of DPDPA 2023 was to protect Personal Data and not “Right to Privacy”.
  2. “Puttaswamy Judgement” neither defined “Privacy”  nor mandated the law to protect Privacy.
  3. Government passed a  refined “Personal Data Protection Act” in the form of DPDPA 2023 after considering the different iterations presented and collecting public views and debating  at length in the JPC.
  4. DPDPA 2023 recognizes Data Processors as “Data Fiduciaries” if they decide  the purpose and means of processing and mandates “Consent”, while providing some exemptions and recognition of legitimate use
  5. Legitimate use as well as Exemption is determined on the basis of purpose of processing not on the nature of the data fiduciary.
  6. Supreme Court holds both Right to Information and Right to Privacy as derivative Rights associated with Article 19 or Article 21. Both  need to be looked at as a shade lower right than the Right to Freedom of Expression and Right to Life and Liberty.
  7. Government has defined a “Public Right to information” and “Public Right to protection of personal data” in the two acts namely RTI 2005 and DPDPA 2023.
  8. When RTI 2005 was enacted, Puttaswamy judgement was not there and Privacy was not even considered a “Fundamental right”. Hence RTI had a free reign of interpretation which the petitioners are claiming now as inalienable fundamental Right.
  9. With the Puttaswamy Judgement the fundamental condition under which RTI and Section 8(1)(j) existed has irrevocably changed. Now the Government and the Court cannot ignore the presence of the Puttaswamy Judgement and has to make Right to Information co-exist with Right to Privacy.(RTP)
  10. It is therefore  imperative that  the activists of RTI and activists of RTP find a middle ground and cannot claim primacy of one right over the other.
  11. Since RTP is a complicated concept which even the Supreme Court bench found it hard to define, it is not possible to expect a Government servant who is an administrative manager to take a judicious decision about what outweighs what.  Hence changes made to Section 8(1)(j) should be considered as a mandate on the Government by the Puttaswamy judgement.
  12. Any disagreements between an RTI applicant and the PIO refusing information on RTP grounds  should be handled as a “Grievance” and redressed through appropriate appeals to DPB (Instead  of the Information Commissioner) which can go upto Supreme Court.
  13. If “Journalists” claim to  be a category meant to protect Right to Information as a means to Right to freedom of expression, then there is a need to define “Journalist” in a manner that is relevant to the Digital world not restricting to those who  hold a “Press  Pass” that gives them entry into the Press Club or Press enclosure in the legislature. It should include every Blogger, Youtuber, Instagram account holder and even Telegram or WhatsApp Channel owner.
  14. DPDPA 2023 has also not recognized any other profession including educationists or doctors or advocates or chartered accountants, SMEs, etc as exempted category and left the application of the Act only on the  basis of purposes
  15. Government  has the right to declare and notify specific classes of data fiduciaries eligible for different exemptions for which a system in the form of designated officers is being set up.

These are the Fifteen Sutras which we would like the Supreme Court to take into account when it hears out the petitioners.

In view of the above,  DPDPA 2023 and the Rules cannot be questioned on the basis of it not being able to meet the “Exaggerated expectations of the petitioners”.

Let us learn  to co-exist and live in a world where RTI and RTP co-exists.

Naavi

About Vijayashankar Na

Naavi is a veteran Cyber Law specialist in India and is presently working from Bangalore as an Information Assurance Consultant. Pioneered concepts such as ITA 2008 compliance, Naavi is also the founder of Cyber Law College, a virtual Cyber Law Education institution. He now has been focusing on the projects such as Secure Digital India and Cyber Insurance
This entry was posted in Privacy. Bookmark the permalink.