Synopsis
The petitioners are the Reporters' Collective, the Editors Guild of India, the National Campaign for People's Right to Information, Mazdoor Kisan Shakti Sanghatan, human rights and transparency activist Venkatesh Nayak and journalist Geeta Seshu. Among other aspects, they have questioned provisions which amend the Right to Information (RTI) Act and allegedly enable blanket denial of information requests involving personal data.Listen to this article in summarized format
The petitioners are the Reporters' Collective, the Editors Guild of India, the National Campaign for People's Right to Information, Mazdoor Kisan Shakti Sanghatan, human rights and transparency activist Venkatesh Nayak and journalist Geeta Seshu. Among other aspects, they have questioned provisions which amend the Right to Information (RTI) Act and allegedly enable blanket denial of information requests involving personal data.
Other challenges target broad government exemptions, concerns over mass surveillance and unrestricted state access to data. Some petitions also flag the removal of civil remedies for negligent data exposure.
Legal experts said the court's observations could define how India balances privacy, transparency, press freedom and state powers in the digital era.
On March 26 last year, more than 120 MPs from the INDIA bloc urged the repeal of Section 44(3) of the DPDP Act, warning that it undermined the RTI Act by removing the public interest test in Section 8(1)(j).
Shortly after, in response to a letter by Congress leader Jairam Ramesh, IT minister Ashwini Vaishnaw cited Section 3 of the Digital Personal Data Protection (DPDP) Act and said that the RTI framework remained protected.
“The DPDP Act, as outlined in Section 3, provides exemptions for personal data that is ‘made or caused to be made publicly available’ by individuals or entities under legal obligations. This ensures transparency while maintaining the need for privacy,” Vaishnaw wrote in a letter to Ramesh on April 10 last year.
The DPDP Act, 2023 is fully operationalised by the DPDP Rules, 2025, notified in November last year. Implementation involves a phased, 18-month compliance journey ending by May 13 next year, requiring organisations to update notices, obtain explicit consent, establish breach reporting protocols, and honour data subject rights.
“The importance of these petitions cannot be understated,” said Rajas R Chitnis, partner, Chitnis Desai law firm.
Arjit Benjamin, associate partner at Prosoll Law, said the PILs “do not merely ask whether India needs a data protection law; they ask whether the DPDP framework, as enacted and then operationalised through the Rules, goes too far by weakening RTI, chilling journalism, expanding state exemptions, and keeping the regulator too close to the executive”.
Hardeep Sachdeva, senior partner, AZB & Partners, said the significance of these PILs lies in the fact that “they collectively place India’s entire digital governance architecture under judicial scrutiny”.
Each petition appears to target a different aspect within the DPDP framework, whether it is the breadth of government exemptions, the potential dilution of the RTI regime, the implications for investigative journalism, or the absence of sufficiently independent oversight mechanisms, he said.
“The Supreme Court’s observations could therefore become foundational in determining the limits of executive access to personal data and the extent to which privacy can be balanced against democratic accountability. The outcome is likely to shape India’s digital regulatory landscape for years to come, not only for citizens and the media, but also for businesses, platforms, and institutions operating within an increasingly data-centric ecosystem,” Sachdeva said.
Nayak’s petition is primarily a constitutional challenge to the Act and claims that the Act's Section 44(3) will disproportionately affect the RTI framework in India.
Before the DPDPA came into force, the RTI Act's Section 8(1)(j) provided for the protection of "personal information" if its disclosure "has no relationship to any public activity or interest, or which would cause unwarranted invasion of the privacy of the individual". Section 44(3) on the other hand has now changed this so that 8(1)(j) of the RTI Act, 2005 simply provides for the blanket protection of personal information.
“In effect, this means that post-DPDPA, a government body can refuse a wide variety of RTI requests on the basis that they contain personal data. The test of proportionality which was in the clause previously has been removed,” Chitnis said.
“Think of a citizen who may want to check if there is corruption in a welfare scheme. Arguably, information about this under an RTI request would include rolls of the beneficiaries of that scheme, which would be those people's personal information, and therefore, the RTI request would be denied, in effect, reversing the hard-won transparency that the RTI provides,” he explained.
