TRANSPARENCY IN THE AGE OF PRIVACY: RECONCILING THE RTI ACT, 2005 WITH INDIA’S DPDP ACT, 2023

Abstract

The enactment of the Digital Personal Data Protection Act, 2023 (DPDP Act) marks a watershed moment in India’s constitutional and regulatory landscape of informational governance. At the same time, the Right to Information Act, 2005 (RTI Act) continues to embody the democratic promise of transparency and participatory accountability. The coexistence of these two statutes raises an intricate legal question: how should the State reconcile the citizen’s right to access information with the individual’s right to informational privacy? This article examines the doctrinal, constitutional, and statutory tensions between the RTI Act and the DPDP Act. It argues that reconciliation is not only possible but constitutionally mandated through a structured proportionality analysis rooted in Article 19(1)(a) and Article 21 of the Constitution. By critically analysing statutory provisions, leading judicial precedents, committee reports, and the 2023 amendment to Section 8(1)(j) of the RTI Act, this article proposes an interpretive framework that preserves transparency while safeguarding digital privacy in a data-driven administrative state.

I. Introduction: The Transparency–Privacy Paradox

The Indian constitutional order rests upon twin normative pillars: transparency in governance and dignity of the individual. The RTI Act operationalises the citizen’s right to know, a facet of freedom of speech under Article 19(1)(a) of the Constitution.[1] Conversely, the DPDP Act, 2023 codifies the fundamental right to privacy recognised by the Supreme Court in Justice K.S. Puttaswamy (Retd.) v. Union of India.[2]

The tension between these frameworks is not merely theoretical. Public authorities routinely hold vast amounts of personal data — service records, tax filings, welfare databases, disciplinary proceedings, biometric information, and more. Requests under the RTI Act often seek disclosure of such information in the interest of transparency. Simultaneously, the DPDP Act imposes strict obligations upon “Data Fiduciaries” to protect personal data and process it lawfully.[3]

The research problem addressed in this article is: Can the RTI Act and the DPDP Act coexist harmoniously, or does the latter dilute the constitutional architecture of transparency? This article contends that transparency and privacy are not competing absolutes but co-constitutional values requiring principled reconciliation through proportionality, public interest balancing, and institutional independence. It proposes a doctrinal framework to prevent privacy from becoming a shield for bureaucratic non-disclosure.

II. Constitutional Foundations

A. Right to Information as a Constitutional Guarantee
The Supreme Court has repeatedly held that the right to information is implicit in Article 19(1)(a).[4] In State of U.P. v. Raj Narain, the Court affirmed that citizens have a right to know how they are governed.[5] Later, in S.P. Gupta v. Union of India, the Court linked transparency to participatory democracy.[6]

The RTI Act institutionalises this right by granting citizens access to information held by public authorities, subject to exemptions under Section 8. The statute is premised upon maximum disclosure and minimum exemptions.

B. Right to Privacy as a Fundamental Right
In Puttaswamy, a nine-judge bench unanimously held privacy to be intrinsic to life and personal liberty under Article 21. The Court articulated informational privacy as a key dimension, particularly in the digital age, and laid down a proportionality test for evaluating restrictions on privacy.

Thus, both transparency and privacy enjoy constitutional recognition. The conflict between the RTI Act and the DPDP Act is therefore not statutory alone but constitutional in character.

III. The RTI Act, 2005: Structure and Exemptions

The RTI Act provides broad access to information, including records, documents, emails, and data in electronic form. Section 3 confers this right upon all citizens.

However, Section 8 enumerates exemptions. Of particular relevance is Section 8(1)(j), which originally exempted disclosure of “personal information” having no relationship to public activity or interest, unless larger public interest justified disclosure.

Judicial interpretation of this clause has been significant. In Girish Ramchandra Deshpande v. CIC, the Court denied disclosure of service records and income tax returns of a public servant, holding them to be personal information.[7] Similarly, Canara Bank v. C.S. Shyam restricted disclosure of employees’ personal details.[8] Conversely, in R.K. Jain v. Union of India, the Court emphasised that transparency in quasi-judicial bodies serves public interest.[9] These cases illustrate that the balance between privacy and transparency has historically been mediated through a “public interest override.”

IV. The Digital Personal Data Protection Act, 2023

A. Legislative Genesis
The DPDP Act emerged after multiple committee deliberations, including the Justice B.N. Srikrishna Committee Report (2018),[10] which recommended a comprehensive data protection regime anchored in privacy as a fundamental right.

B. Key Features
The DPDP Act regulates the processing of “digital personal data.” It establishes obligations upon Data Fiduciaries, rights of Data Principals, and enforcement mechanisms through a Data Protection Board. Section 4 requires lawful processing based on consent or legitimate uses; government bodies are also subject to the Act, though exemptions exist under Section 17.

Crucially, the 2023 amendment modified Section 8(1)(j) of the RTI Act, removing the earlier public interest override and exempting “information which relates to personal information” from disclosure.[11]

V. The Core Conflict: Section 8(1)(j) After the 2023 Amendment

The amendment to Section 8(1)(j) has sparked considerable debate. Earlier, personal information could be disclosed if larger public interest justified it. The amended provision appears to categorically exempt personal data, aligning RTI exemptions with the DPDP framework.

This raises three pressing concerns:

1. Does the amendment undermine the RTI Act’s transparency mandate?
2. Can public interest still override privacy concerns?
3. Is the amendment constitutionally valid in light of Article 19(1)(a)?

A literal interpretation may suggest that personal data is absolutely exempt. However, such an interpretation risks eroding accountability in cases involving corruption, misuse of public funds, or abuse of office.

VI. The DPDP Act’s Overriding Implications: Rewriting the Architecture of Section 8(1)(j)

A. The Pre-2023 Position: A Balancing-Oriented Regime
Before the enactment of the DPDP Act, 2023, Section 8(1)(j) of the RTI Act, 2005 read:

“information which relates to personal information the disclosure of which has no relationship to any public activity or interest, or which would cause unwarranted invasion of the privacy of the individual unless the Central Public Information Officer… is satisfied that the larger public interest justifies the disclosure of such information.”

This provision embedded three doctrinal safeguards:
1. Relationship to public activity or interest
2. Unwarranted invasion of privacy test
3. Explicit public interest override

The Supreme Court’s jurisprudence reflected this calibrated structure. In Girish Ramchandra Deshpande v. Central Information Commission, the Court emphasised privacy protection but still acknowledged the statutory possibility of disclosure upon demonstration of larger public interest. Similarly, in Central Public Information Officer, Supreme Court of India v. Subhash Chandra Agarwal,[12] the Court undertook an elaborate balancing exercise between judicial independence, transparency, and privacy — crucially not treating privacy as absolute. Thus, prior to 2023, the RTI Act structurally privileged transparency while incorporating privacy as a qualified exemption.

B. The 2023 Amendment: Textual Transformation of Section 8(1)(j)
Section 44(3) of the DPDP Act, 2023 amended Section 8(1)(j) of the RTI Act. The amended provision now exempts:

“information which relates to personal information.”

Notably, the explicit public interest override has been removed. This textual alteration marks a profound shift in legislative design: the earlier test required assessment of “unwarranted invasion,” the new formulation appears to create a categorical exemption, and the balancing language has been wholly omitted.

C. Does the DPDP Act Override the RTI Act?
Section 22 of the RTI Act provides that its provisions shall have effect notwithstanding anything inconsistent contained in any other law, historically giving RTI primacy over conflicting statutes. However, because the DPDP Act directly amends the RTI Act through Section 44(3), the issue is not one of inter-statutory conflict but intra-statutory modification — Parliament has effectively reconfigured the RTI exemption itself.

Therefore, the DPDP Act does not override RTI externally; it reshapes RTI internally. The practical effect, however, may operate as a de facto override of transparency principles wherever personal data is implicated.

D. From Balancing to Categorisation: A Structural Shift
The most significant transformation lies in the removal of the public interest override.

Pre-Amendment Structure: Personal information was exempt unless public interest justified disclosure; balancing was mandatory and the burden could shift in favour of transparency.
Post-Amendment Structure: Personal data appears categorically exempt; balancing language is removed; the public interest override is absent from statutory text.

This shift reflects a move from a balancing paradigm to a categorical paradigm. Such categorisation risks expanding the scope of exemption far beyond what privacy jurisprudence requires.

E. Constitutional Implications of the Amendment
The RTI Act operationalises Article 19(1)(a) of the Constitution of India. Any legislative dilution must satisfy the “reasonable restrictions” test under Article 19(2). A blanket exclusion of personal data may disproportionately impair the right to know, could shield information regarding corruption, conflict of interest, or misuse of public funds, and risks failing the proportionality test articulated in Puttaswamy.

The DPDP Act draws legitimacy from informational privacy recognised in Puttaswamy. However, the judgment itself emphasised balancing. Justice Chandrachud warned against treating privacy as an “elitist construct” that undermines transparency in governance.[2] Thus, the constitutional doctrine does not support absolute prioritisation of privacy over transparency.

F. Practical Consequences: Areas of Concern
The amendment could impact disclosure in several sensitive domains:

– Asset declarations of public servants
– Disciplinary proceedings
– Recruitment records
– Conflict-of-interest disclosures
– Beneficiary lists under welfare schemes

Under the earlier regime, such information could be disclosed upon showing larger public interest. After the amendment, authorities may deny disclosure simply by invoking “personal information,” creating a risk of bureaucratic over-classification.

G. Harmonious Interpretation: Is Public Interest Completely Extinguished?
Indian courts favour harmonious interpretation where two statutes overlap.[13] The RTI Act and DPDP Act must therefore be read together, not in isolation. Despite the textual deletion, constitutional courts may still read a balancing requirement into the provision.

In Subhash Chandra Agarwal, the Supreme Court held that transparency enhances institutional legitimacy and applied proportionality even without explicit statutory language mandating it. Indian constitutional interpretation often reads statutes in conformity with fundamental rights — courts may interpret “personal information” narrowly, distinguish between private life and official conduct, and resurrect a constitutional public interest test grounded in Articles 19 and 21.

H. Legislative Intent and Democratic Risk
The Srikrishna Committee Report acknowledged the need to harmonise data protection with transparency laws. It did not recommend wholesale dilution of RTI’s public interest mechanism. If privacy is allowed to become an all-purpose exemption, two risks emerge:

1. Opacity Risk: Public officials shield misconduct under privacy claims.
2. Accountability Erosion: Citizens lose effective oversight tools.

Data protection was designed to prevent surveillance capitalism and arbitrary data processing — not to insulate public authorities from scrutiny.

I. Reconciling the Two Statutes: An Interpretive Framework
To reconcile the DPDP amendment with constitutional values, the following interpretive approach is defensible:

1. “Personal information” under amended Section 8(1)(j) should be read in light of DPDP definitions.
2. Information relating to official acts performed in public capacity should not automatically qualify as exempt.
3. Courts should apply proportionality before denying disclosure.
4. Redaction should be preferred over blanket refusal.

This preserves privacy while preventing structural erosion of transparency.

Proposed Three-Tier Test for Disclosure of Personal Data Under RTI

Tier 1 — Nature of the Information: Determine whether the data relates to public functions or private life. Information concerning the official duties of public servants should lean toward disclosure.
Tier 2 — Reasonable Expectation of Privacy: Apply the Puttaswamy proportionality framework. Would disclosure disproportionately invade privacy?
Tier 3 — Demonstrable Public Interest: Even post-amendment, constitutional interpretation should permit disclosure where compelling public interest exists — particularly in cases of corruption, human rights violations, or misuse of public funds.

Such a test aligns with the reasoning in Subhash Chandra Agarwal and preserves constitutional balance.

J. Amendment as Inflection Point, Not Termination
The amendment to Section 8(1)(j) represents an inflection point in India’s transparency regime. It signals legislative prioritisation of privacy in the digital era. However, it does not, and should not constitutionally extinguish the right to information. Whether the DPDP Act becomes a shield for individual dignity or a cloak for institutional opacity will depend upon judicial interpretation and administrative practice. The constitutional project requires synthesis, not supremacy.

VII. Judicial Approaches to Privacy–Transparency Conflicts

A. Proportionality and Balancing
In Puttaswamy, the Court endorsed a four-pronged proportionality test: legality, legitimate aim, necessity, and balancing. In Central Public Information Officer, Supreme Court of India v. Subhash Chandra Agarwal, the Court applied these principles in holding that asset declarations of judges could be disclosed subject to privacy safeguards, emphasising that transparency strengthens public confidence in institutions.

B. Informational Privacy in the RTI Context
Courts have distinguished between private and public roles of individuals. In Thalappalam Service Cooperative Bank Ltd. v. State of Kerala, the Court held that cooperative societies were not public authorities unless substantially financed by the government.[14] The decision implicitly recognised the limits of RTI intrusion into private entities. The jurisprudence suggests that neither right is absolute; context determines outcome.

VIII. Theoretical Perspectives: Privacy and Transparency as Co-Constitutional Values

Scholars argue that transparency and privacy serve complementary democratic ends. Transparency ensures accountability of power; privacy protects autonomy against power. From a constitutional standpoint, transparency is a check upon the State, whereas privacy is a shield for individuals. Conflict arises when personal data is held by the State, as disclosure in such cases implicates both rights simultaneously. The challenge is therefore not conceptual incompatibility but institutional design.

IX. Critical Evaluation of the 2023 Amendment

The deletion of the public interest override may create a chilling effect on transparency. Consider disclosure of disciplinary proceedings against public officials: if treated as “personal data,” blanket exemption would shield misconduct. A strict privacy-centric approach risks reversing the RTI Act’s transformative impact. Yet an unqualified transparency model may enable data misuse.

The amendment’s constitutionality could be challenged for disproportionately restricting Article 19(1)(a). The proportionality doctrine requires minimal impairment; absolute exclusion of personal data without balancing may fail this standard.

X. Comparative and Policy Insights

Globally, jurisdictions reconcile privacy and transparency through nuanced exemptions. For instance, European data protection law under the GDPR recognises transparency obligations of public bodies while safeguarding personal data.[15] India can adopt similar calibrated mechanisms — redaction, anonymisation, and purpose limitation — rather than categorical denial.

XI. Recommendations for Reform

1. Judicial Clarification: The Supreme Court should interpret amended Section 8(1)(j) in light of constitutional proportionality.
2. Guidelines by Information Commissions: Standardised protocols for redaction and anonymisation should be developed.
3. Legislative Clarification: Parliament may reintroduce an explicit public interest override consistent with privacy safeguards.
4. Institutional Coordination: The Data Protection Board and Central Information Commission should adopt consultative mechanisms.

XII. Conclusion

The coexistence of the RTI Act, 2005 and the DPDP Act, 2023 represents a constitutional dialogue between transparency and privacy. Both derive legitimacy from fundamental rights jurisprudence — Article 19(1)(a) and Article 21. The 2023 amendment to Section 8(1)(j) introduces interpretive complexity but does not, and cannot, mandate the eclipse of transparency. A constitutionally informed balancing approach grounded in proportionality offers a viable path forward.

Ultimately, transparency without privacy breeds surveillance; privacy without transparency breeds opacity. Democratic governance demands both. The challenge before Indian courts and policymakers is to ensure that neither right devours the other.

References

[1] Right to Information Act, No. 22 of 2005, India Code (2005).
[2] Justice K.S. Puttaswamy (Retd.) v. Union of India, (2017) 10 SCC 1.
[3] Digital Personal Data Protection Act, No. 22 of 2023, India Code (2023).
[4] Bennett Coleman & Co. v. Union of India, (1972) 2 SCC 788.
[5] State of U.P. v. Raj Narain, (1975) 4 SCC 428.
[6] S.P. Gupta v. Union of India, 1981 Supp. SCC 87.
[7] Girish Ramchandra Deshpande v. Cent. Info. Comm’n, (2013) 1 SCC 212.
[8] Canara Bank v. C.S. Shyam, (2018) 11 SCC 426.
[9] R.K. Jain v. Union of India, (2013) 14 SCC 794.
[10] Justice B.N. Srikrishna Comm., A Free and Fair Digital Economy: Protecting Privacy, Empowering Indians (2018).
[11] Digital Personal Data Protection Act, 2023, § 44 (amending Right to Information Act, 2005).
[12] Cent. Pub. Info. Officer, Supreme Court of India v. Subhash Chandra Agarwal, (2020) 5 SCC 481.
[13] Rajiv Kumar v. State of U.P., (2017) 8 SCC 791.
[14] Thalappalam Serv. Coop. Bank Ltd. v. State of Kerala, (2013) 16 SCC 82.
[15] Regulation (EU) 2016/679 of the European Parliament and of the Council (General Data Protection Regulation), 2016 O.J. (L 119) 1.