The right to privacy safeguards individuals against unwarranted intrusions while the right to information enables citizens to hold State officials accountable. Both rights are fundamental pillars of a functioning democracy. Yet, these two rights can be pitted against each other. For instance, there is now concern that Section 44(3) of the Digital Personal Data Protection Act, 2023 — it will come into effect once the rules are notified — intends to change Section 8(1)(j) of the Right to Information Act, exempting all “personal information” from disclosure. This means that any public information that also contains ‘personal information’ — the name of a contractor who gets a government tender to build a public bridge, for instance — will no longer be made public. The vague definition of ‘personal information’ might be further exploited to issue blanket refusals for RTI queries. But the Supreme Court had, in its right to judgment on privacy, made it clear that the rights to privacy and transparency must be reconciled in law. This is exactly what Section 8(1)(j) of the RTI Act does by setting up a ‘public interest test’ for all information. Anything that requires transparency in public interest thus cannot be kept private. Of course, attempts to weaken the RTI Act are not new; India’s powers that be are allergic to transparency. In 2019, the conditions for appointing the chief information commissioner were changed to make the position indirectly dependent on the goodwill of the ruling regime. Reports suggest that vacancies in the various Information Commissions across the country are not filled, slowing down responses to RTI queries. Budgetary constraints — the sum allocated to the Central Information Commission was cut by 63% in 2018 and a further 44% in 2021 — also curb the effectiveness of the RTI Act.
Dealing a blow to the RTI Act ostensibly in the name of privacy merits scrutiny. That the DPDP Act itself gives short shrift to citizens’ right to privacy should not evade examination either. One of the most troubling provisions of the DPDP Act is Section 17(2)(a). This allows the Centre to exempt its agencies from the law’s provisions, thereby giving the latter unfettered access to citizens’ personal data. This, in turn, undermines the core principle of protecting the data of individuals. Clause 18(4) further exempts any State authority from deletion of data after use; this, in effect, allows it to store personal data indefinitely, tilting the law against the interests of individual privacy. The DPDP Act’s protective architecture towards the concept of privacy must be reassessed along with its conflict with the RTI.