Abstract
The rapid digitization of governance, commerce, and social interaction has fundamentally altered the contours of privacy, necessitating a corresponding evolution in legal doctrine. In India, this transformation has been shaped by constitutional jurisprudence culminating in the recognition of privacy as a fundamental right, followed by legislative intervention through the Digital Personal Data Protection Act, 2023 (DPDP Act). This paper undertakes a doctrinal analysis of India’s emerging data protection regime, situating the DPDP Act within the broader trajectory of privacy jurisprudence. It examines the shift from a fragmented, sectoral approach toward a consolidated statutory framework, while critically evaluating the Act’s key principles—consent, mechanisms, legitimate use, data fiduciary obligations, right of data principles, and state exemptions. The analysis interrogates tensions between individual autonomy and state interests, particularly in the context of surveillance, data localization, and regulatory discretion. By mapping judicial reasoning against legislative design, the paper evaluates whether the current framework adequately safeguards informational privacy in a rapidly digitizing society. The paper concludes that while the DPDP Act represents a significant normative step forward, its operational effectiveness will depend on institutional safeguards, interpretive clarity, and judicial oversight. Ultimately, the paper contributes to understanding how India’s privacy doctrine is being recalibrated in response to technological change and governance imperatives.
Key words: Data Protection, Privacy, Digital Personal Protection Act, Informational privacy, Constitutional Framework, IT Act 2000.
Introduction
In today’s digital age, it’s likely that you’ve sent an electronic message, made a phone call, filed taxes online, or utilized a smartphone, smartwatch, or fitness tracker. You may also shop online, use voice assistants like Alexa, or engage in various other internet-based activities. If you answered “yes” to any of these, then your personal information is being shared. While it’s undeniable that these technologies have greatly benefited our lives, making everyday tasks more convenient and enabling us to stay connected with others, there’s a trade-off involved. The data generated by our interactions with these devices and platforms reveals a wealth of information about us, including our personality, preferences, relationships, interests, and much more. This is where the importance of data protection and privacy comes into play. You might think that your online activities are harmless, but the reality is more complex. Your data can be used to create a detailed picture of your life, and this information can be vulnerable to exposure. It’s essential to recognize the risks involved and take steps to safeguard your personal data and maintain your online privacy.[1]
It’s undeniable that data has become a highly valuable commodity, often referred to as the new currency. As people go about their daily lives, they generate vast amounts of data, which has the potential to unlock new insights and opportunities. However, as data continues to grow in importance, several critical issues arise that require careful consideration. Who does the data belong to? Is it the individual who generated it, the company that collected it, or someone else entirely? Who has the right to access and control the data? Should it be the individual, the company, or government agencies? How can the data be used? Are there any limitations or restrictions on its use, and if so, who enforces them? How is privacy affected by the collection, storage, and use of data? Can individuals control their own data and maintain their right to privacy? As companies seek to harness the power of data to drive innovation and growth, they often encounter tension with individuals’ right to privacy. The question is, can privacy serve as a limitation on how companies use data? The answer is complex and depends on various factors. Ultimately, striking a balance between data utilization and privacy is crucial. By acknowledging the value ofdata and addressing the complexities surrounding its ownership and use, we can work towards creating a more equitable and sustainable data ecosystem that respects individuals’ rights while driving innovation and growth.
[1] RakeshChandra,RighttoPrivacyin India WithReferencetoInformationTechnologyEra188(Mayur Printers, New Delhi, 2017).