The hue and cry about RTI Act being diluted by DPDPA is misplaced.

India has been trying to get the “Privacy Protection Act” since around 2006 when the Personal Data Protection Bill 2006 (See here) was first presented in the Parliament along with the Information Technology Amendment Bill 2008 which later became a law. The initial demand was entirely from the industry which sought such a law since EU was indicating that they would not transfer data related business to India unless there is a corresponding data protection law here.

The Government yielded to the pressure from the industry and introduced the bill in 2006 which however could not be converted into law. Then again it was in 2017-2018 that the first PDPB 2018 saw the light of the day following Justice Srikrishna’s efforts. Since then we saw a two more versions PDPB 2019 and DPA 2021 before the current DPDB 2022 was born as a bill and later converted into an act on August 11, 2023. The blame has always been placed on the Government though it is part of the industry which is also consistently opposing the Bill for one reason or the other.

Ultimately Mr Rajeev Chandrashekar pushed through the current version by simplifying the law and trying to make a law which was acceptable to all parts of the society including the Big Tech and the Government.

However the Privacy activists continue to oppose the current law either because it is being moved by the Modi Government or because they want only a law to beat the Government with litigations every day.

The latest version of this opposition is now seen in the move to oppose DPDPA 2023 on the ground that it dilutes the RTI act. This has resulted in the Government delaying the notification of the rules and seeking further clarification from the AG.

In our view the opposition is not necessarily valid for the following reasons.

By its inherent nature, a law for protecting Privacy is in contradiction with the law of freedom of speech or national security. Privacy cannot have a free hand if it violates the national security interests or even the rights of another person to maintain his dignity. Hence we can always find contradictions in the Privacy law with any effort to balance it with the “Right to Freedom of Speech” or “Right to Security”.

The Constitution itself has recognized that Right to Privacy even as a Fundamental Right has several reasonable exceptions provided in the Article 19(2) of the Constitution. This article includes national security (interests of the sovereignty and integrity of India, the security of the State, friendly relations with Foreign States,) as well as other issues such as “public order, decency or morality or in relation to contempt of court, defamation or incitement to an offence”.

DPDPA, under Section 17(2)(a) has used the Article 19(2) to provide exemptions to the Government and notified instrumentalities of State in respect of only the national security and maintenance of public order or preventing incitement to any cognizable offence relating to any of these. It may be noted that the DPDPA does not claim exemption in respect of “Contempt of Court”, “Defamation” and restricts the “Incitement to an offence” to only those which relate to the national security and maintenance of public order.

In other words, the Government has been circumspect in using the Article 19(2) exceptions and not provided all the benefits which our constitution had provided to exempt the Government from the requirements of the DPDPA obligations.

The exemption available for “Prevention, detection, investigation or prosecution” is restricted to “Chapter II other than Sections 8(1) and 8(5), Chapter III and Section 16. Here again an attempt is made to use less of privilege than what the constitution had provided.

Now coming to the controversial amendment to the RTI act, it is proposed as follows.

Current provision under Section 8(1)(j) states

“(j) information which relates to personal information the disclosure of which has no relationship to any public activity or interest, or which would cause unwarranted invasion of the privacy of the individual unless the Central Public Information Officer or the State Public Information Officer or the appellate authority, as the case may be, is satisfied that the larger public interest justifies the disclosure of such information:”

The amended section now reads: ”   ā€œ(j) information which relates to personal information;ā€

However the persons opposing the amendment are forgetting that if there is any public interest involved in the information which is being refused to be provided under the amended provision, it can be covered under Section 8(2) of the RTI act which states

“(2) Notwithstanding anything in the Official Secrets Act, 1923 (19 of 1923) nor any of the exemptions permissible in accordance with sub-section (1), a public authority may allow access to information, if public interest in disclosure outweighs the harm to the protected interests.”

Though this provision says “May” instead of “Shall” it is still available for the activists to prove the existence of public interest and claim the information under section 8(2) instead of 8(1)(j).

Hence the hue and cry raised by all the activists has only a marginal justification. Hence there is no need for any Court to intervene and impede the notification of the Act.

Further, the Draft Rules 2025 is currently silent on notification of Section 44 and hence has no bearing on the controversy. As has been already pointed out by us, there is a need to notify at least Section 44(1) and Section 44(2) giving effect to the amendment to the Telecom Act and ITA 2000 even if notification of Section 44(3) is further deferred.

It is our sincere desire that the Government proceeds with the release of the Draft rules with the additional notification of Sections 44(1) and Section 44(2) and wait for the AG’s clarification on Section 44(3). This would enable the industry to go ahead with the implementation since the RTI issue does not affect the private sector.

Naavi

About Vijayashankar Na

Naavi is a veteran Cyber Law specialist in India and is presently working from Bangalore as an Information Assurance Consultant. Pioneered concepts such as ITA 2008 compliance, Naavi is also the founder of Cyber Law College, a virtual Cyber Law Education institution. He now has been focusing on the projects such as Secure Digital India and Cyber Insurance
This entry was posted in Cyber Law. Bookmark the permalink.