+ Follow
Source:  Jason Dent on unsplash.com

For decades, the Indian citizens lived in a ‘Glass House’ of transparency, where the Right to Information (RTI) Act of 2005 served as a powerful floodlight. It exposed the inner workings of a once opaque bureaucracy. It was an era where a commoner could demand the asset details of a high-ranking official or the recruitment records of a government body, forcing accountability through the simple act of asking. But in 2026, that floodlight is dimming vehemently.

The arrival of the Digital Personal Data Protection (DPDP) Act was framed as a progressive step toward securing our digital identities in an increasingly connected world. Yet, as the law takes full effect, a paradox has emerged which suggests that the very shield designed to protect the citizens’ privacy is being wielded by the state as a sword to decapitate transparency.

The Digital Personal Data Protection Act 2023 was enacted on August 11, 2023, after several years of deliberations and different iterations of Bills. The draft Bill that was ultimately approved by Parliament was passed hastily, with little deliberation.

By amending Section 8 (1)(j) of the RTI Act, the DPDP Act has effectively removed the ‘Public Interest Override’, a crucial legal safety valve that previously allowed the disclosure of personal information if the larger public good outweighed an individual's privacy. Today, we find ourselves at a constitutional crossroads. On one side stands Article 19(1)(a), the fundamental right to know; on the other, Article 21, the right to privacy.

As the Supreme Court begins its landmark 2026 deliberations on this conflict, we need to ask ourselves whether the price of digital privacy is the permanent blindness of the Indian electorate?

HOW INDIA'S DATA PROTECTION LAW BLINDFOLDED THE RIGHT TO KNOW

source: Ryoji Iwata on unsplash.com

To understand the current legal friction, we have to look at the Indian Constitution as a living ecosystem and not merely a static book, where different rights occasionally compete. For nearly two decades, the Right to Information (RTI) Act of 2005 was the apex predator of transparency. It operated on a simple, revolutionary premise: in a democracy, the masters are the people, and the public servants are exactly the servants whose actions must be visible to those they serve.

Nonetheless, the digital explosion of the 2020s birthed a new necessity: ‘the Right to Privacy’. As our lives migrated into databases, the need to protect personal ‘data footprints’ became a matter of fundamental dignity under Article 21. The Digital Personal Data Protection (DPDP) Act was supposed to be the armour for the common man. Instead, what we are witnessing is a ‘friendly fire’ incident of constitutional proportions.

THE TWO PILLARS AT WAR.

  • The Thesis

We are transitioning from a ‘Glass House’, where the state's actions were visible to the citizens, to a ‘One-way mirror’, where the state retains the power to surveil the individual while simultaneously using ‘privacy’ as a legal cloak to hide its own machinery from public scrutiny. The central argument of this investigation is that the Digital Personal Data Protection (DPDP) Act of 2023 has effectively inverted the democratic transparency model of India.

This thesis rests on three primary legal pillars:

  • By removing the ‘Public Interest Override’ from Section 8(1)(j) of the RTI Act, the law has moved from a ‘balanced disclosure regime’ to a ‘blanket secrecy regime’. This is the ‘Deconstruction of Accountability.’
  • Under the DPDP Act, the state grants itself ‘legitimate use’ exemptions to process citizen data without consent, yet denies citizens access to government records by claiming the need to protect the privacy of public officials.
  • This legal shift criminalises the act of investigative journalism by categorising the handling of personal data, such as corrupt officials’ bank records, as a high penalty violation.
  • The ‘Before’ Picture

Before the DPDP Act of 2023 began shielding officials under the broad umbrella of ‘personal privacy’, the RTI Act was the primary engine behind India's most explosive anti-corruption investigations. It wasn't just a law; it was a cultural shift that empowered ordinary citizens to look into the bank accounts, file notings, and decision-making processes of the most powerful people in the country.

  • The 2G Spectrum Allocation Scam: Often cited as the ultimate success story, RTI applications were used to obtain documents that revealed how licenses were allotted at 2001 prices in 2008, favouring specific firms like Unitech and Swan Telecom. This transparency forced the hand of the CBI and eventually led to the arrest of the then Telecom Minister.
  • The Coalgate Scam: RTI-based disclosures were instrumental in exposing how coal blocks were allocated through an inefficient and allegedly corrupt process rather than competitive bidding.
  • The Adarsh Housing Society Scandal: RTI queries reveal that a 31-story building in Mumbai, originally meant for war widows and Kargil heroes, had been illegally hijacked by top-ranking military officials, bureaucrats and politicians.
  • The Commonwealth Games (CWG) Diversion: Activists used the RTI Act to trace how ₹744 crore, funds specifically earmarked for Dalit welfare schemes, were diverted to finance the 2010 games in Delhi.

SECTION 8 (1)(j)

In its original form, Section 8(1)(j) did not just give a ‘yes' or ‘no’ to information requests, but performed a proportionality test. It protected personal information unless:

  • The information had a relationship to public activity or interest.
  • The disclosure would not cause an unwarranted invasion of privacy.

Even if it invaded privacy, a Public Information Officer (PIO) could still release it if the ‘larger public interest’ justified the disclosure.

Crucially, the law included a ‘Parliamentary Proviso’, which stated that if the information could not be denied to Parliament or a State Legislature, it could not be denied to a common citizen.

  • The ‘After’ Picture

Section 44(3) of the DPDP Act performed what activists call a ‘slash-and-burn’ amendment. It didn't just refine the clause but deleted almost all of it. The nuanced, 100-plus-word provision was reduced to a blunt six-word sentence:

“(j) information which relates to personal information.”

By removing the qualifiers, the amendment has fundamentally altered the DNA of accountability. It had caused:

  • The loss of the ‘public interest’ safety valve: PIOs are no longer either required or allowed to ask if a ‘larger public interest’ exists. If data is ‘personal’, it is now absolutely exempt from disclosure, even if it could expose massive fraud or corruption.
  • The death of the ‘Parliamentary Proviso’: In 2026, legal experts are still debating the status of the proviso that protected a citizen's right to see what an MP sees. Many argue that this structural change has created a ‘privileged class’ of information that is now off limits to everyone but the state.
  • Simplification at a cost: While the government argues this makes the law ‘simpler’ for PIOs to implement, critics contend this simplicity is actually a ‘blanket ban’ on the ‘Right to Know’.

THE ‘LEGITIMATE USES’ PARADOX

The DPDP Act of 2023 has introduced what legal scholars call the ‘Asymmetric Power’ paradox. It creates a world where the state can peer into the private lives of its citizens with unprecedented ease, while simultaneously veiling its own internal workings.

The DPDP Act is built on the foundation of consent. The entire idea is that your data cannot be touched unless you say so. However, Section 7 provides the State with ‘Legitimate Uses’.

Under this provision, government agencies can process your personal data without your consent. Because:

  • If you have ever received a government benefit, license, or permit, the State can process your data to continue providing those services.
  • Data can be processed for any function of the State authorised by law, including for ‘sovereignty, integrity and security.’
  • If a court or a law requires it, your privacy is compromised.

This essentially means that while you are the ‘Data Principal’ or the ‘owner of your data’, the State remains a ‘Super Fiduciary’ that can bypass the very consent mechanisms it forces upon private companies.

The paradox deepens when one tries to use that same logic in reverse. While the State uses our data for legitimate administrative goals, it now denies us access to its data by citing our privacy.

In 2026, transparency activists have highlighted a jarring contradiction:

  • The State says, “We need to process your personal details to ensure this welfare scheme reaches the right person.”
  • The citizen asks, “Can I see the list of beneficiaries to ensure there are no ‘ghost’ names stealing the funds?”
  • The State responds, “No. That is personal information protected by the DPDP Act. Its disclosure would violate privacy.”

This creates a one-way mirror. The government can acquire call logs, identity records, or location metadata under Section 17 and Section 36 of the Act, often without judicial oversight or leaving a visible trace. Yet, the common citizen is stripped of the ‘Public Interest Override.’

By labelling everything from official attendance to asset records as ‘personal information’, the bureaucracy has found the ultimate legal shield to dodge accountability.

REAL WORLD CASUALTIES

source:  Lianhao Qu on unsplash.com

The surgical removal of the public interest override has turned the RTI desk into a graveyard of ‘Denied’ stamps.

THE DEATH OF SOCIAL AUDIT

In rural India, the Social Audit was the primary weapon against the ‘leakage’ of welfare funds. Under the MGNREGA (Mahatma Gandhi National Rural Employment Guarantee Act) or the Public Distribution System (PDS), activists would use RTI to get lists of beneficiaries and walk from house to house to verify if the money actually reached them.

In 2026, PIOs are citing the DPDP Act to refuse these lists, claiming that a citizen's name, address, and the amount of subsidy they receive constitute ‘personal information’. Without these lists, ‘ghost beneficiaries’, or in other words, names of deceased or non-existent people used to siphon off funds, remain invisible and untouchable.

THE SHIELDING OF CIVIL SERVANTS

Perhaps the most significant casualty is the ability to scrutinise the conduct of public officials. Previously, the Supreme Court had held that the assets and liabilities of public servants must be disclosed to ensure they aren't enriching themselves at the taxpayer's expense.

Bureaucrats are now successfully arguing that their property returns, disciplinary records and even their official travel expenses are personal in nature. This has created a protective bubble around the executive branch, making it nearly impossible to detect disproportionate assets or nepotism in government appointments.

THE INVESTIGATIVE JOURNALISM CRISIS

Journalism in India has long relied on RTI to ‘follow the money.’ Whether it was the Adarsh Housing scam or the diversion of Dalit welfare funds, the proof was always in the personal records of those involved.

Section 12 of the DPDP Act gives individuals the ‘Right to Erasure’. In 2026, we are seeing a surge in ‘Right to be Forgotten’ requests where politicians and businessmen, citing their privacy, demand that digital news archives delete reports on past criminal investigations or financial defaults.

Furthermore, journalists who handle such personal data during an investigation risk being labelled ‘Data Fiduciaries’, exposing them to astronomical fines of up to ₹250 crore if they cannot prove they had the subject's consent.

THE CONSTITUTIONAL BATTLEFIELD (2026 DEVELOPMENTS)

Source:  Wesley Tingey on unsplash.com

As of March 2026, the quiet tug-of-war between transparency and privacy has escalated into a full-scale constitutional showdown at the Supreme Court of India. The bench, led by Chief Justice Surya Kant, is currently grappling with a cluster of petitions. The most notable one is the ‘Venkatesh Nayak v. Union of India’ and the challenge by ‘The Reporters’ Collective’ that seeks to strike down the DPDP's ‘surgical strike’ on the RTI Act as unconstitutional.

The petitioners argue that the amendment to Section 8(1)(j) is ‘manifestly arbitrary’ because it replaces a functional, balanced mechanism with a blanket prohibition. In the eyes of the law, the Right to Information is not lesser; it is the very basis of Article 19(1)(a) [Freedom of Expression]. By removing the Public Interest Override, the State has effectively prioritised the privacy of its officials over the fundamental right of the citizen to hold them accountable, creating a hierarchy of rights that the Constitution never intended.

The Doctrine of Proportionality

The legal battleground centres on the ‘Doctrine of Proportionality’, a four-part test established in the landmark Puttaswamy (Privacy) and Anuradha Bhasin (Internet Shutdowns) judgments. For any restrictions on a fundamental right to be valid, it must meet four criteria:

Legality: Is there a law? (Yes, the DPDP Act)

  • Legitimate Aim: Does it serve a valid purpose? (Protecting privacy)
  • Necessity: Is it the least restrictive measure? (DPDP is a blanket ban, which is the most restrictive path.)
  • Proportionality (stricto sensu): Is the benefit to privacy worth the total loss of transparency?

The argument in court is that the original RTI Act was already a perfectly proportional law. It protected privacy while allowing a window for the public good. By shattering that protective window, the DPDP Act has crossed the line into constitutional overreach.

The Supreme Court has referred these matters to a Constitution Bench, with the next high-stakes hearing scheduled for March 23, 2026. The outcome of this case will decide whether India remains a participatory democracy where ‘we the people’ can monitor our representatives, or if we are entering an era where the government can legally operate behind a digital iron curtain.

THE EFFECTS ON JOURNALISM

Source: Dav Hovhannisyan on unsplash.com

Journalists, whistleblowers, and RTI activists have raised two main concerns with the Act, which significantly affect journalistic freedom to obtain and report critical information about issues in the functioning of public authorities. First, the Data Protection Act 2023 has no exemption for the processing of personal data for journalistic purposes.

Second, the amendment to the RTI Act dilutes and undermines the role of RTI in holding public offices accountable.

The foremost concern with the Act is the absence of an exemption for processing personal data for journalistic purposes. Interestingly, the Act allows for an exemption to be granted by the Central Government to startups, considering the ‘volume and nature of personal data processed’, but not to journalists.

In August 2023, both the ‘Editors Guild of India’ and ‘DIGIPUB News India Foundation’ expressed concerns over the lack of exemptions for journalists, noting that reporting on certain entities and persons in public interest may conflict with their right to personal data protection. On April 25, 2025, transparency activist and co-convenor of the National Campaign for People's Right to Information (NCPRI), Anjali Bhardwaj, poignantly noted in a discussion in Hyderabad on ‘Understanding the Implications of the DPDP Act’ that,

“...this effectively means journalists can only act as PR agents, as they are only allowed to say what the government permits them to say. This is dangerous at many levels in our democracy”.

The second concern that journalists and RTI activists have is the amendment to Section 8 (1)(j) of the RTI Act. The RTI Act and the quasi-judicial bodies it has put in place form part of a valuable system extensively used by journalists and RTI activists to expose wrongdoing, corruption, human rights abuses, including challenging wilful non-disclosure of crucial data.

The ‘Report of the Group of Experts on Privacy’ (2012), of which Justice A.P. Shah is a co-author, noted that any legislation on privacy should not circumscribe the Right to Information Act. The ‘Srikrishna Committee’ (2018) also recommended narrowly tailored exemptions, permitting non-disclosure only when there is a risk of grave harm, such as identity theft, blackmail or discrimination.

Even the ‘Joint Parliamentary Committee’ of 2021, reviewing the Data Protection Bill 2019, did not recommend any amendment to the RTI Act. The MeitY bulldozed an amendment to the RTI Act into the version of the ‘Digital Personal Data Protection Bill 2022' put up for public consultations (then Section 30, now Section 44(3) in the Data Protection Act 2023). This provision amended Section 8(1)(j) of the Right to Information Act to exempt the disclosure of information that is related to any ‘personal information’. This amendment presents a serious threat to the core principles of transparency and accountability that the RTI Act was designed to uphold.

This exemption was accompanied by an important safeguard, namely that, if the Central Public Information Officer (CPIO), the State Public Information Officer (SPIO), or the appellate authority is satisfied that the larger public interest justifies the disclosure of such information, it could still be made available.

The lack of safeguards under Section 8(1)(j) of the RTI Act omits the considerable jurisprudence developed under that provision, which states what kinds of personal information can be disclosed by information officers.

Satark Nagrik Sangathan, a citizens’ group working to promote transparency and accountability in government, reports that the original Section 8(1)(j) of the RTI Act was the most commonly used exemption to deny disclosure of information, due to a lack of clear definitions for ‘personal information’ and ‘unwarranted invasion’. Two judgments of the Supreme Court, namely ‘Girish Ramchandra Deshpande v CIC’ (2013) and ‘Canara Bank v CS Shyam’ (2018), have interpreted Section 8(1)(j) in a manner that restricted the scope of disclosure of information relating to the assets of public servants, their functioning, and performance evaluation. In ‘CPIO, SC v Subhash Chandra Agarwal’ (2019), a Supreme Court decision which left the door open for RTI requests on personal assets of judges, Justice Khanna referred to case law and provided an indicative list of what would form part of personal information. This list included aspects such as name, address, physical, mental and psychological status, medical records, treatment, choice of medicines, etc. He concluded that such personal information is entitled to protection from unwarranted invasion of privacy, and conditional access is available only when the stipulation of a larger public interest is satisfied.

Ultimately, the decision noted that ‘public interest’ must be determined on a case-by-case basis with public welfare in mind. Hence, even in its unamended form, Section 8(1)(j) of the RTI Act was ambiguous and restrictively interpreted.

The DPDP Act did away with all these nuances and exempted disclosure of all ‘personal information’. Without defining what constitutes ‘personal information’, this amendment to the RTI Act undermines RTI's primary purpose and makes it ineffective to hold government institutions accountable and combat corruption.

This has effectively created a terror in the minds of RTI users and civil society members alike, that public authorities will routinely use this blanket exemption to withhold critical information under the guise of privacy and data protection.

Source:  Tingey Injury Law Firm on unsplash.com

As India stands on the precipice of its most significant constitutional recalibration in decades, the choice before the Supreme Court on March 23, 2026, is stark. Will we be a nation of protected individuals in an opaque state, or a transparent democracy where privacy and accountability can coexist?

Reclaiming the ‘Glass House’ does not require the destruction of privacy. If anything, it requires harmonisation. Legal scholars and the 2026 petitioners have proposed a three-pronged ‘harmonisation’ model to restore the model:

The blanket ban in Section 8(1)(j) must be replaced with a mandatory balancing test. If the information helps expose corruption or ensures welfare reaches the poor, it must be disclosed, regardless of its ‘personal’ nature.

Much like the EU's GDPR, India's DPDP must explicitly exempt ‘journalistic purposes in the public interest’ to prevent the law from being used to bury investigative evidence.

The law must clarify that the ‘privacy’ of a public servant while performing public duties (or holding assets derived from public salary) is qualitatively different from the privacy of a private citizen.

If the ‘Right to Know’ is allowed to wither, the ‘Right to Information’ becomes a mere formality. As the Constitution Bench convenes this March, the eyes of the world are on India. We must decide if the ‘Digital India’ of 2026 will be defined by the security of its data or the integrity of its soul. Privacy should never be synonymous with secrecy, and a law meant to protect the ‘Data Principal’ should never be used to protect corrupt officials or corrupt mechanisms.

REFERENCES

.    .    .

Discus