Context:
The enactment of the Digital Personal Data Protection Act, 2023 has raised concerns regarding its potential impact on the Right to Information Act (RTI), 2005.

Overview:

Restrictive Provisions:

The new data protection law introduces clauses that significantly curtail the scope of the Right to Information Act, particularly concerning the access to personal information.

Section 44(3) of the DPDP Act proposes amending Section 8(1)(j) of the RTI Act, aiming to exempt all personal information.

Section 38(2) of the DPDP Act establishes an overriding effect, potentially impeding officials from disclosing information under the RTI Act.

Key Features:

Data fiduciaries will have obligations to ensure data accuracy, security, and deletion after fulfilling its intended purpose.

A Data Protection Board of India will be instituted by the central government to oversee compliance and adjudicate on non-compliance with the Act.

Critical Concerns:

Exemptions and Privacy Violations:

Exemptions in data processing for state purposes, like national security, might lead to excessive data collection and retention, infringing on the fundamental right to privacy.

The Bill permits the transfer of personal data outside India, except to countries specified by the central government.

Board Composition and Independence:

Board members’ short tenure of two years, with eligibility for reappointment, could raise concerns about the autonomy and impartiality of the Board’s operations.

Conclusion:

The Digital Personal Data Protection Act, while aiming to regulate data handling, poses challenges to the RTI Act by potentially limiting access to personal information. Concerns regarding exemptions, cross-border data transfer, and the independence of the Data Protection Board need careful consideration to balance data protection with citizens’ rights.

Read Also: Data Governance Quality Index