The impact of India's DPDPA on existing laws and regulations

India's newly introduced Digital Personal Data Protection Act aims to establish a comprehensive framework for data protection in an increasingly digital world. However, as the country anticipates the release of supplementary rules for the DPDPA, contradictions with pre-existing laws such as the Right to Information Act, Reserve Bank of India Regulations, Telecom Regulatory Authority of India Act, and the Information Technology Act, 2000 are coming to light.

The advent of the DPDPA has been a transformative step in India's journey towards regulating personal data in the digital age. There's a lot of buzz around the DPDPA in India and its upcoming rules, which will affect approximately 1.4 billion people.

While businesses are a bit anxious about the potential complications for trade, some government bodies, like NITI Aayog, are concerned about balancing privacy with public interest. A big part of the discussion is how the DPDPA intersects with existing laws and regulations.

As highlighted at the IAPP Asia Privacy Forum 2024, the DPDPA promises to strengthen privacy protections while facilitating the growth of India's digital economy. However, its implementation may introduce conflicts with existing statutes designed for transparency and public accountability, posing significant legal and compliance challenges for businesses, government bodies, and individuals alike.

The Right to Information Act and DPDPA

The Right to Information Act, which went into effect in 2005, empowers Indian citizens to request information from public authorities, thereby promoting transparency and government accountability. Section 8 of the RTI Act outlines exemptions to the disclosure of sensitive information, including national security concerns, judicial restrictions and personal privacy.