India’s Data Protection Amendment Sparks Transparency Concerns: A Global Comparison

India’s Data Protection Amendment Sparks Transparency Concerns: A Global Comparison

In August 2023, India’s Digital Personal Data Protection Act (DPDP Act) introduced Section 44(3), amending Section 8(1)(j) of the Right to Information Act, 2005 (RTI Act). This change replaced a nuanced exemption for personal information—one requiring a public interest test—with a blanket exemption for “information which relates to personal information.” Critics, including over 120 opposition MPs and civil society groups, argue it severely curtails the public’s right to know, prompting demands for repeal. But how does this amendment stack up against transparency and privacy frameworks in the United States, United Kingdom, and European Union? A closer look reveals India’s shift risks tipping the balance too far toward secrecy.

India’s RTI Act: A Blow to Transparency?

The RTI Act has been a cornerstone of Indian democracy, empowering citizens to access government records and hold public officials accountable. Before the amendment, Section 8(1)(j) allowed withholding personal information unless public interest outweighed privacy concerns or the data was accessible to legislators. Section 44(3) of the DPDP Act removes these safeguards, exempting all personal information without exception.

This shift could block disclosures that previously exposed corruption, like fraudulent degrees or financial irregularities in the 2010 Commonwealth Games scam. Activists fear it shields public officials’ assets, contracts, or misconduct under the guise of privacy. The government, led by IT Minister Ashwini Vaishnaw, defends the change, citing alignment with privacy rights upheld in the 2017 K.S. Puttaswamy verdict. Yet, with no clear guidelines on exemptions and separate oversight for RTI (Information Commissions) and DPDP (Data Protection Board), ambiguity threatens accountability.

United States: Balancing FOIA and Privacy

In the US, the Freedom of Information Act (FOIA) of 1966 governs public access to federal records, with exemptions for personal privacy (Exemption 6) and law enforcement records (Exemption 7(C)). Unlike India’s broad post-amendment exemption, FOIA requires agencies to justify withholding information, balancing privacy against public interest. Courts often favor disclosure when it exposes misconduct, as seen in cases like Reporters Committee (1989), which clarified only “substantial” privacy invasions trigger exemptions.

The Privacy Act (1974) complements FOIA, protecting personal data while allowing individuals to access their records. State laws, like California’s CPRA, bolster consumer privacy but don’t override FOIA’s transparency goals. Oversight is robust: agencies handle FOIA requests, with appeals to federal courts and mediation by the Office of Government Information Services. This structured system contrasts with India’s fragmented RTI-DPDP framework, ensuring transparency remains a priority.

United Kingdom: Harmonizing FOIA and GDPR

The UK’s Freedom of Information Act (2000) resembles India’s RTI Act, mandating disclosure unless exemptions, like Section 40 (personal data), apply. The UK GDPR, aligned with its EU predecessor, governs data protection, emphasizing consent and minimization. Unlike India’s blanket exemption, Section 40 requires case-by-case evaluation, allowing disclosures if public interest outweighs privacy concerns—as seen in the 2009 MPs’ expenses scandal.

The Information Commissioner’s Office (ICO) provides detailed guidance, ensuring FOIA and GDPR coexist. Authorities must assess “legitimate interests” and often redact sensitive data rather than deny requests outright, a flexibility India’s amendment lacks. The ICO’s unified oversight contrasts with India’s divided system, reducing conflicts and maintaining transparency.

European Union: GDPR Meets Transparency

The EU’s General Data Protection Regulation (GDPR) (2016) sets a global standard for privacy, defining personal data broadly and requiring lawful processing bases, like public interest. Regulation 1049/2001 governs access to EU institution documents, with exemptions for privacy (Article 4(1)(b)) overrideable by public interest, as clarified in cases like Bavarian Lager (2010). GDPR’s Article 6(1)(f) allows transparency-driven disclosures if proportionate, ensuring minimal privacy invasion.

National laws in member states, like Germany’s Freedom of Information Act, align with GDPR, creating coherence absent in India. Oversight by the European Data Protection Supervisor and national authorities, plus appeals to the EU Ombudsman or courts, ensures balance. India’s vague exemption, lacking proportionality or guidelines, risks arbitrary denials by comparison.

A Global Perspective: Where India Falls Short

India’s Section 44(3) stands out for its near-absolute exemption, unlike the conditional frameworks of the US, UK, and EU. These regions prioritize public interest tests, enabling disclosures that hold power to account—whether US government spending, UK MPs’ expenses, or EU anti-corruption efforts. India’s removal of this test could stifle similar outcomes, undermining RTI’s democratic role.

Oversight further highlights the gap. The UK’s ICO, EU’s data protection authorities, and US courts provide clear rules and recourse, while India’s separate RTI and DPDP regimes foster ambiguity. The US, UK, and EU also allow partial disclosures, a practice India could adopt to balance privacy and transparency.

The Path Forward

The demand to repeal Section 44(3) reflects fears that India’s transparency framework is regressing. Restoring the RTI Act’s public interest test or adopting guidelines like the UK’s could align India with global best practices. Without change, the amendment risks shielding misconduct while claiming to protect privacy—a trade-off the US, UK, and EU have worked to avoid.

As India navigates this tension, the world watches. Will it prioritize accountability, or entrench secrecy? The answer lies in whether it can learn from systems that, while imperfect, strive to uphold both privacy and the public’s right to know.

〰️〰️〰️〰️〰️〰️〰️〰️〰️〰️〰️〰️〰️〰️〰️

♦️Comparative Analysis

• Scope of Exemptions: India’s Section 44(3) creates a near-absolute exemption for personal information, unlike the US, UK, and EU, where exemptions are conditional on privacy harm and public interest tests. This makes India’s RTI Act post-amendment less transparent than FOIA, UK FOIA, or EU Regulation 1049/2001.
• Public Interest Test: The US, UK, and EU explicitly require weighing public interest, often favoring disclosure for accountability (e.g., public officials’ data). India’s removal of this test risks shielding misconduct, a concern less prevalent in the others due to judicial and regulatory checks.
• Oversight and Guidance: The UK’s ICO and EU’s data protection authorities provide clear guidelines, while the US relies on courts. India lacks a unified body or detailed rules to navigate RTI-DPDP conflicts, increasing ambiguity.
• Practical Impact: In the US, FOIA disclosures expose government spending; in the UK, GDPR didn’t prevent MPs’ expenses revelations; in the EU, transparency supports anti-corruption efforts. India’s amendment could block similar outcomes, limiting RTI’s role in accountability.