ABSTRACT
The rapid integration of Artificial Intelligence systems into governance, commerce, and everyday digital interactions has exposed the deep structural tensions between data-driven innovation and the constitutional commitment to informational privacy. While India now possesses a general data protection framework under the Digital Personal Data Protection Act, 2023, the law was not designed specifically to address the continuous learning, inferential capacity, and opacity of AI systems. This creates a doctrinal and regulatory gap where the existing principles governing privacy, while AI systems rely heavily on secondary usage of the user data in order to facilitate the learning and betterment of their systems to improve their services. This can be a major source of concern as in the modern times people have their entire lives put out on the social media platforms. This paper aims to analyse whether the current Indian legal framework is normatively and institutionally equipped to safeguard informational autonomy in an AI-driven ecosystem.
KEYWORDS: Artificial Intelligence, Digital Personal Data Protection Act, Privacy, AI-driven ecosystem, Legal Framework.
BACKGROUND OF THE STUDY
Artificial Intelligence (AI) has become an integral part of modern society, influencing various aspects of human life, including technology, governance, economy, and civil liberties. While AI enhances efficiency and convenience, it also raises ethical concerns regarding data privacy, security, discrimination, and job displacement[1]. This dual nature of AI, that is, its potential to both enhance and compromise privacy have sparked a global conversation on the ethical and legal implications of its use.
In India, where digital adoption is surging and data privacy regulations are still in development, the intersection of AI and data privacy is particularly relevant. The country has recently enacted the Digital Personal Data Protection (DPDP) Act, 2023, which aims to safeguard individual’s personal information in an increasingly digital environment[2]. However, this legislation does not fully address the unique challenges posed by AI, such as algorithmic bias, lack of transparency, and issues of accountability in automated decision making[3].
The Supreme Court of India confirmed the right to privacy as a basic right in Justice K.SPuttaswamy vs. Union of India (2017)[4]. In response, the Indian Parliament passed the DPDP Act 2023, which aims to govern and highlight the processing of digital personal data in a way that acknowledges both individual’s right to protect their personal data and necessity to handle such data for authorised purposes[5]. In the Indian context, these challenges are intensified by the nation’s distinct socio-legal environment, a vast and varied populace, inadequate digital literacy in many segments, and a legal system that is still evolving to meet the demands of widespread digital technologies. This article critically examines these emerging challenges and evaluates the adequacy of current legal responses in India. It seeks to highlight gaps, draw insights from comparative frameworks, and suggest pathways for harmonising technological progress with the core constitutional values of privacy, fairness, and human dignity.
[1] Examining India’s efforts to balance AI, data privacy, Rishi Wadhwa, No Date, IAPP https://iapp.org/news/a/examining-indias-effortstobalance-ai-data-privacy
[2] Digital Personal Data Protection Act, No. 30 of 2023, India Code (2023)
[3] What Is Data Privacy?,Amber ForrestI, 19 November, 2023, BM https://www.ibm.com/think/topics/data-privacy
[4] Justice K.S. Puttaswamy (Retd.) &Anr v. Union of India &Ors. (2018) https://desikaanoon.in/wpcontent/uploads/2024/11/Justice_K_S_Puttaswamy_Retd_vs_Union_Of_India_on_26_September_2018.pdf
[5] Government of India, “Digital Personal Data Protection Act, 2023”, available at: https://dpdpact2023.com/index (last visited 1 November 2025).