NEW DELHI: The Supreme Court of India on Thursday agreed to examine a question with far-reaching implications for privacy, transparency, and journalism: what exactly constitutes ‘personal data’ under the country’s new digital personal data protection framework.
A three-judge Bench headed by Chief Justice of India Surya Kant issued a formal notice to the Union government on a petition challenging provisions of the Digital Personal Data Protection (DPDP) Act, 2023 and the corresponding DPDP Rules, 2025. The petition argues that the laws, while ostensibly designed to protect privacy, are being used to block the public’s right to information.
The Core of the Petition
The petition, jointly filed by journalist Geeta Seshu and the Software Freedom Law Center, was represented by senior advocate Indira Jaising. It contends that the DPDP laws have a chilling effect on democratic processes.
“While enacted under the ostensible objective of protecting personal data, the DPDP laws in effect legalise disproportionate state surveillance, create a compensation vacuum for citizens, dilute the Right to Information, [and] erode the ability of journalists to practice their profession,” the petition stated.
Key Legal Questions Raised
During the hearing, several critical issues were highlighted by the petitioners and acknowledged by the court.
| Key Concern | Argument Raised |
|---|---|
| Blanket Ban on RTI | Section 44(3) of the Act imposes a “blanket ban” on RTI applications seeking ‘personal information’, with the term ‘public interest’ deleted from the law. |
| Impact on Journalism | Journalists need information in the public interest to function as the “fourth pillar of democracy,” but cannot access data that is now ambiguously classified as ‘personal’. |
| Asymmetric Surveillance | The State has exempted itself from restrictions on personal data, allowing sweeping surveillance while citizens’ access is curtailed. |
| Vague Definitions | Terms like ‘information’ and ‘personal’ are not clearly defined. The State can demand data under overbroad categories like ‘public order’. |
| No Compensation for Victims | Penalties for data breaches go to the Consolidated Fund of India, not to the individual whose privacy was violated, even in cases of identity theft or financial fraud. |
The Court’s Observations
Chief Justice Surya Kant made significant observations during the hearing, framing the complex balancing act the court must perform.
“At what point should data regarding a respectable person holding public office be treated as public and when should it be seen as personal?” the CJI mused, highlighting the core dilemma.
He also noted the broader context of the digital age, stating, “Entire personal data of the citizenry from a substantial part of the globe are flowing into bigwig private entities. Data has become the true wealth of the day.”
The Chief Justice emphasized that a balance must be struck between the right to privacy and the right to information, and that one right should not be allowed to completely compromise the other.
What Happens Next?
The court has asked the petitioners to frame specific questions of law. The case is scheduled for a detailed hearing on March 23, 2026. It will be heard along with a series of other petitions that also challenge various provisions of the DPDP Act.
The outcome of this case could fundamentally shape the interpretation of data privacy, the scope of the Right to Information, and the limits of state surveillance in India for years to come.
