In the past week,1 public discussion around the potential of the India’s Digital Personal Data Protection Act, 20232 (DPDPA) to “dilute” the Right to Information Act, 20053 (RTI Act) has grown shriller. The concern: DPDPA’s focus on individual privacy may now be used as a shield by public authorities to deny access to information under the RTI Act, especially where such information includes personal data of public servants. Will the tail be used to wag the dog? Is this tension real, or overstated?
Most laws and regulators have overlapping areas, but this does not necessarily lead to dilution. The DPDPA also has overlaps with several laws like consumer protection, competition law, privacy requirements of sectoral laws, etc. Indian jurisprudence is equipped with well-established principles of statutory interpretation such as harmonious construction, generalia specialibus non derogant4 (the general does not override the specific) reading down all of which help courts interpret overlapping statutes without eroding any particular law.
To unpack this further, we must begin by revisiting the true scope of the RTI Act. Enacted in 2005, the RTI Act was a landmark legislation intended to bring transparency into the functioning of public authorities. It empowers citizens to request a wide range of information typically relating to the use of public funds, execution of welfare schemes, project progress, or administrative decisions taken by government departments. Over the years, RTI has become a powerful instrument to hold public functionaries accountable and expose inefficiency or corruption in governance.
Importantly, the RTI Act already contains built-in safeguards against misuse. Section 8(1)5 lays down exemptions including refusal to disclose information that could affect national security, public safety, or the privacy of individuals. Public authorities are also empowered to redact personal information from records, or reject queries that are not germane to the public interest. In practice, data about public servants such as their postings, project roles, official tours, or use of public funds is often already available in the public domain. This means that while some overlap definitely exists between the DPDPA and the RTI Act it is narrow, and has long been managed through structured redactions and sensible discretion.
For example, if a citizen files an RTI query asking about a minister’s foreign visits, and those visits were funded by taxpayers’ money, the RTI Act would rightly allow such disclosure. However, if the visit was personal and privately funded, and the citizen asked for minute details: names of family members, hotel bills, places visited or travel companions, the authority could reasonably refuse to provide this information. This principle already exists within the right to information (RTI) framework, and it does not require the DPDPA to alter the balance.
From a structural standpoint, the RTI Act is institutional and governance-centric it deals with the public’s right to know how governments and public offices function. The DPDPA, on the other hand, is individual centric, concerned with how organisations handle personal data so as to safeguard the data principals’ rights. Their objectives are fundamentally different. While RTI is about democratic transparency, the DPDPA is about safeguarding the individual’s privacy rights.
In the ultimate analysis, the DPDPA does not override or nullify the RTI Act. It merely brings sharper focus to safeguarding personal information embedded within government records. The responsibility lies with information officers, not to deny access wholesale, but to apply redactions thoughtfully and proportionately. Just as freedom of speech is not absolute and must be balanced against public order, transparency too must be balanced with privacy, especially in a digital age.
Rather than viewing privacy and transparency as being in opposition, we should see them as complementary rights, both flowing from the Constitution6. A well-run democracy needs both and the key lies not in one trumping the other, but in learning to respect the context, purpose, and limits of each.
|
Aspect |
RTI Act, 2005 |
DPDPA, 2023 |
|
Objective |
Promote transparency and accountability in governance. |
Protect personal data and privacy of individuals. |
|
Focus |
Public authorities and Government funded institutions. |
The individual and all entities possessing the individual’s personal information. |
|
Beneficiary |
Society and public at large. |
Individual data principals. |
|
Information sought |
Institutional data, decisions, use of public funds. |
Personal information cannot be sought, used or disclosed without the consent of the data principal. |
|
Disclosure default |
Favours disclosure, with exceptions. |
Favours protection, with consent-based sharing. |
|
Legal tension |
Minor overlap, resolved via exemptions and redaction. |
Redactions still possible; minimal practical conflict. |
*CEO, K&S Digiprotect Services Pvt. Ltd. Author can be reached at: chandrasekhar@knsdigiprotect.com.
**Manager, Legal & Regulatory Affairs K&S Digiprotect Services Pvt. Ltd. Author can be reached at: aman@knsdigiprotect.com.
1. The following news report dated 2-7-2025 which reported that the DPDPA is going to be referred to the Attorney General of India for obtaining an opinion on the fact that the DPDPA is diluting the RTI Act; Surabhi Agarwal and Suraksha P., “Privacy Act may be Sent to AG for Judging RTI Impact”, The Economic Times (economictimes.indiatimes.com, 2-7-2025).
2. Digital Personal Data Protection Act, 2023.
3. Right to Information Act, 2005.
4. The legal maxim “generalia specialibus non derogant” means “general things do not detract from special things”. It is a principle of statutory interpretation used to resolve conflicts between general and specific provisions within a law or between different laws.
5. Right to Information Act, 2005, S. 8(1) contains scenarios/situations wherein the public authority is exempted from disclosure of the information.
As per my view and experience, as per main importance and main public purpose or good governance and clarity in administration…THE R.T.I.ACT is much better and could not modified by DPDPA ACT 2023. RTI ACT 2005 IS MORE CLARITY LAWS AGAINST DPDPA ACT 2023…REST GOVT.DEVISION…I PREFER RTI ACT 2005