How the New Data Protection Law (section44) Changes RTI

Section 44(3) of DPDP Act vs. Section 8(1)(j) of RTI Act – The Controversy
 

1. Section 44 of the DPDP Act deals with changes to other existing laws.
2.  Section 44 empowers Parliament to make consequential amendments to other Acts as part of enacting the DPDP Act.
3. It helps ensure that data protection becomes the overriding priority wherever needed (e.g., RTI Act, IT Act).
4. It also ensures consistency across different laws, so they don’t contradict the new DPDP framework.
5. Section 44(3) makes a direct amendment to the Right to Information (RTI) Act, 2005.
6. It replaces Section 8(1)(j) of the RTI Act with a shorter version.
7. Earlier, Section 8(1)(j) of RTI Act allowed denial of personal information only if:
   • It had no connection with public interest or public activity, or
   • It would cause unwarranted invasion of privacy, unless larger public interest justified disclosure.
8. Section 44(3) of DPDP Act changes this to simply:
   • “Information which relates to personal information” can be denied.
9. This removes the public interest test from the RTI Act.
10. Activists say this could be used to deny information about public officials (e.g. assets, postings, service records).
11. It could weaken transparency and accountability, as citizens may not get access to important government data.
12. Critics say the change goes against the spirit of RTI, which promotes openness in governance.
13. This is why many activists, journalists, and opposition leaders are demanding repeal of Section 44(3).
     

About the DPDP Act, 2023
 

1. About DPDP Act

1. The DPDP Act was passed in 2023 and got the President’s assent on August 11, 2023.
2. It is India’s first dedicated law to protect digital personal data.
3. The law aims to balance an individual’s right to privacy with the need to process personal data for lawful purposes.
4. It applies to digital personal data collected in India or used to offer goods/services in India.
5. It defines terms like:

• Data principal (individual)
• Data fiduciary (entity that processes data)

2. Rights of Individuals (Data Principals)

1. Right to access their data
2. Right to correct and erase data
3. Right to consent or withdraw consent

3. Responsibilities of Companies (Data Fiduciaries)

1. Use data lawfully and transparently
2. Protect personal data
3. Inform users about data usage

4. Enforcement and Penalties under DPDP Act

1. The law sets up a Data Protection Board of India to handle complaints and ensure compliance.
2. Violations can lead to heavy penalties — up to ₹250 crore for serious breaches.
3. Government can exempt certain departments from the law for national security and other reasons.
    

About the RTI Act, 2005
 

1. RTI Act was passed in 2005 by the Indian Parliament.
2. It gives citizens the legal right to access information from public authorities.
3. Any Indian citizen can file an RTI application to get information.
4. The aim is to make the government more transparent and accountable.
5. Public authorities must reply to RTI requests within 30 days.
6. If the information affects life or liberty, it must be given within 48 hours.
7. Every public authority must appoint Public Information Officers (PIOs).
8. Citizens can ask for records, reports, documents, emails, advice, etc.
9. Some information is exempted under Section 8 and Section 9 (like national security, personal privacy, etc.).
10. If a person is not satisfied with the reply, they can file an appeal.
11. There are Central and State Information Commissions to handle RTI issues.
12. RTI has been used to expose corruption and ensure better delivery of public services.

 

Other laws which have been amended under digital personal data protection act
 

Before vs After – Section 44 of DPDP Act, with Effects
 

Law & Section	Before Amendment	After Amendment (via DPDP Act)	Effect
TRAI Act, 1997Section 14(c)	Listed certain tribunals like TDSAT for appeal.	Added references to appellate functions under:• IT Act, 2000• Airports Economic Regulatory Authority Act, 2008• DPDP Act, 2023	TDSAT is now officially the appellate body for appeals against decisions of the Data Protection Board of India under the DPDP Act.
IT Act, 2000Section 43A	Companies liable to pay compensation for failure to protect sensitive personal data due to negligence.	Section omitted.All personal data protection now governed by DPDP Act.	Shifts personal data responsibilities from IT Act to DPDP Act. Compensation provisions now come under the DPDP Act framework.
IT Act, 2000Section 81 (Proviso)	IT Act overrides other laws except Patents Act, 1970.	Adds “or the DPDP Act, 2023” to the exception list.	Ensures that in case of conflict, the DPDP Act overrides the IT Act.
IT Act, 2000Section 87(2)(ob)	Gave power to central government to make rules for personal data protection under Section 43A.	Clause omitted.	Rule-making for personal data is now fully under the DPDP Act. The IT Act no longer has that authority.
RTI Act, 2005Section 8(1)(j)	Personal info could be denied only if:• Not related to public activity or public interest• Or caused unwarranted invasion of privacy→ But could be disclosed if larger public interest justified it.	Replaced with: “Information which relates to personal information” can be denied.	Removes public interest test.Allows denial of information even about public officials. Weakens transparency and accountability under the RTI Act.

 

 

Section 44 of the DPDP Act, 2023 brings significant legal changes by amending key sections of the TRAI Act, IT Act, and RTI Act. These changes aim to align older laws with the new data protection framework, giving priority to individual privacy and the DPDP Act’s authority. However, the removal of safeguards like the public interest clause from the RTI Act and the shift of powers away from the IT Act have raised serious concerns. Critics argue that while privacy is important, these amendments may weaken transparency, reduce public accountability, and limit citizens’ access to vital information—especially about public officials. Balancing privacy and the right to information remains a key challenge moving forward.