Scroll Top


Data protection is an issue involving infinite caution because of the sensitive nature of personal


Data protection is an issue involving infinite caution because of the sensitive nature of personal data, which is of high importance in this current digital age. Personal data is the most important aspect of a person’s Right to Privacy[1]. The current level of dependency on the internet and technology has led to the conceptualization of data protection as a distinct element from privacy. The Data Protection Bill has drawn wide speculation across the country as it has been described, as it requires a ‘comprehensive legal framework’. The bill has made changes in its tried methods of a data principal, data fiduciary, and grievance resolver. The bill is the successor to the Draft Personal Data Protection Bill, 2018[2]which was recommended by the government-appointed expert committee chaired by Justice B.N. Srikrishna[3]. The article will point out the relevance of the bill, its differentiation from the Right to Information Act[4], how it is proving to be distinct legislation, and its role in data protection and the constitutional validity of the bill under Article 21 of The Indian Constitution[5].


The Digital Personal Data Protection Bill, of 2022 stands to be a very necessary legislation in the Digital Era. K.S. Puttaswamy v. Union of India[6] paved the way for the integration of the Right of Data Protection as a Fundamental right[7], which was asserted by the Supreme Court of India in a wider sense. These assertions were not accepted by the Government then, but the Data Protection Bill seems to implement those changes. The Bill focuses on the digital processing of personal data. This would also include personal data collected online and personal data collected offline but the sameshould be fully digitizedwhile processing. The territorial jurisdiction of the bill is to cover the processing of personal data, collected by the data fiduciaries within the territory of India as well as it will cover the processing of the offer of goods and services within India. These significant changes will prove to be a consequentialimpact on the statutory obligation of protecting the data of the clients of the Indian- start-ups which is operating overseas. This will alsoimpactthe level of competitiveness. The necessary effect of the Bill signals a cautious alarm in the data protection arena. The RTI Act[8], 2005 provided a distinctive opportunity to the state and the Central authorities in Section 8(1)(j)[9], which guarantees the individual the right to their privacy and information, but the gross mishandlings occurred in the recent times have made it necessary for a data protection legislation to protect the privacy and data of individuals.


The legislations suffice the cause for unequivocally supporting the rights of individuals to protect their data irrespective of the different purpose they offer to serve.  This showcases a stark disagreement in the above stance as the RTI ACT, 2005 has been serving as the most robust and effective law that aims to establish transparency. The Digital Personal Data Protection Bill, 2022[10] has proposed to make amendments to the Act, which seems to be an unwarranted move. Clause 30(2) of the Bill[11]suggests an amendment to Section 8(1)(j) of the RTI ACT,2005[12], which was one of the key provisions which guaranteed the citizens the right to their privacy as well as at the same time aided the government to use it to their own advantage. The amendment to the clause would suggest that the Central Government will not be much obliged towards the public information which could relate to personal information. It would also give enormous control and power to the Central government in concern with the data and information of the citizens. The Freedom of Information Act, 5 U.S.C. 552[13] of the United States provides a similar right to the individual for accessing information from the federal agency except for the information which is protected under the exemptions by law, should not be disclosed. This gives a certain right to information to the citizens. The Privacy Act, 1988 of Australia[14]is another legislation, which provides for the safeguarding of the data and information of the citizens, but there is a significant clause, which indicates a similar disclosure method pertaining to the personal information of the citizen in the public interest, which we are witnessing in the Digital Personal Data Protection Bill, 2022.


The role that The Right to Information Act, of 2005 played in the political arena by accessing personal data and bringing about a great change by acting as an anti-corruption tool. The act enabled the citizens of India to seek information from the public authority in a matter, which holds crucial importance to the people’s right to access information that is withheld by the respective governments. The RTI Act also referred to as the sunshine laws most commonly give a sense of transparency in the functioning of the government and uphold the rights of the citizen in the advent of seeking answers concerning the governance[15]. The RTI Act acted as an effective anti-corruption tool in reducing the secrecy involved behind closed doors, which has led to these unjust practices. The major success of the Act was seen in the case of IIM’s admission criteria, which had to be released by the premier institute of the country because of the RTI application filed by a visually-impaired student which showcased a sense of accountability which the institutions are still responsible for. The instance of the Public Distribution Scam in Assam created a huge political incident where an RTI request by an anti-corruption non-governmental organization led to the discovery of grave irregularity in the distribution of food for the people below the poverty line. The RTI Act brought about a revolutionary war against the Government and institutions that engaged themselves in corruptive practices.


The Preamble of the Bill in unequivocal terms recognizes the Right to Privacy as a fundamental right, which was laid down in the judgement of K.S.Puttuswamy (Retd.) v. Union of India. The Bill aims to protect the data of the citizen but the constitutional validity of the bill is still surmounted with a lot of clarifications and questions. The right to prevent the dissemination of personal information is also an important aspect of a person’s privacy right. The State’s authority over the publication of personal data is contrary to the Right to Privacy being upheld by the Constitution. The very core objective of the Bill which aimed at providing digital privacy to the people have digressed from the fundamentals of privacy enshrined in Article 14[16],15[17],19[18] and 21[19] of the Constitution which is affirmed in the Puttuswamy judgement by the Supreme court. The very word ‘privacy’ seems to secure a bleak position in the bill, giving it a nature of a tyrannical thought in today’s world. The Bill seems to override both procedural and substantive justice to the Indian citizens when it comes to providing a right to their privacy judiciously. The low attention given to ‘consent’ in Clauses 7 and 8 of the Bill[20] would have an adverse effect as it can be seen asinterference as well as a compulsion on the part of the citizen to adjust to the privacy norms under the new regime. The standards of privacy upheld by the Supreme Court seem to provide quite an unconstitutional outlook to the Bill.


The analysis undergone in the above piece providesentailed details about the different entities surrounding the Bill and how it proves to be a relevant part of the current times.It provides an insight into the revolutionary role of the RTI Act in protecting the privacy of the citizens and how the Bill does not well establish itself to the standards of privacy held in the Puttuswamy Judgement.

Author(s) Name: Ananya Sinha (KIIT University, Odisha)


[1]Justice (Retd.) K.S. Puttuswamy v Union of India. (2017) 10 SCC 1

[2] Personal Data Protection (Draft) Bill,2018, presented to the Ministry of Electronics and Information Technology

[3] “A Free and Fair Digital Economy”, Report of the Committee of Experts under the Chairmanship of Justice B.N. Srikrishna.

[4] Right to Information Act,2005, No.22, Acts of Parliament,2005 (India)

[5] Constitution of India, 1950, art. 21

[6] Justice (Retd.) K.S. Puttuswamy v Union of India (2017) 10 SCC 1

[7] Justice (Retd.) K.S. Puttuswamy v Union of India (2017) 10 SCC 1.

[8]The Right to Information Act, 2005

[9]The Right to Information Act,2005, No.22, Acts of Parliament,2005 (India)

[10] The Digital Personal Data Protection Bill, 2022

[11]The Digital Personal Data Protection Bill, 2022

[12] The Right to Information Act,2005, No.22, Acts of Parliament,2005 (India)

[13]Freedom of Information Act, 5 U.S.C. § 552

[14] Privacy Act, 1988

[15]Deeksha Sabharwal, Brief Analysis of Constitutionality of Section 12(F) of Data Protection Bill (2020) 01, Indraprastha Law Review,

[16]Constitution of India, 1950, art. 14.

[17]Constitution of India, 1950, art. 15.

[18]Constitution of India, 1950, art. 19.

[19] Constitution of India, 1950, art. 21.

[20]The Digital Personal Data Protection Bill, 2022