The Right to Deny Information is here : By Ajit Ranade

National Herald: Opinion: Sunday, 23 November 2025.
The RTI is not just a procedural tool or a bureaucratic mechanism. It embodies the idea of citizenship itself, writes Ajit Ranade

The Right to Information (RTI) Act came into force in India on 12 October 2005. It is one the strongest transparency laws in the world. It essentially says that if any information cannot be denied to a lawmaker, i.e. an MP or MLA, then it cannot be denied to a citizen of India. It puts citizens on par with the so-called rulers, who are actually people’s representatives.
The RTI Act gave citizens a legally enforceable right to ask questions of the State and expect answers. It empowered citizens to hold government agencies accountable.
The law was the culmination of nearly two decades of a grassroots movement for accountability. The movement started with the simple premise that citizens have a right to say: ‘It’s our money, so we want to know how it is spent (hamara paisa, hamara hisaab).' RTI gives the citizen a right to ask questions and obliges the State to answer them.
Over the last two decades, RTI has exposed corruption, improved the delivery of welfare benefits, enabled public scrutiny of procurement, pensions, ration systems and infrastructure spending. Even electoral finances. It has empowered ordinary citizens to challenge opacity in local administration. For many, it became their only shield against arbitrary exercise of power.
The law really empowered ordinary citizens. But because it gave them this power, it also extracted a heavy price. At least a hundred RTI users have been murdered for seeking information that threatened vested interests.
Today, this hard-won democratic tool faces its most serious threat yet. There is danger that the right to information will become the right to deny information. This threat to the Right to Information comes from the passage of the Digital Personal Data Protection (DPDP) Act of 2023. Section 44(3) of this new law amends the RTI Act itself, amending Section 8(1)(j).
The original text of this section of the RTI Act had a public-interest override clause, permitting disclosure of personal information if justified in larger public interest. This override clause was crucial. It recognised that transparency and accountability are the foundations of democratic governance. The DPDP Act has removed this override, making privacy a near-absolute shield, unless the government decides otherwise.
The amendment to the RTI has turned a careful balancing test into a default veto, allowing public information officers to refuse disclosure simply by citing privacy.
The DPDP Act also expands the definition of ‘person’ to include companies, associations and even the State, meaning that even corporate–government contracts could theoretically be shielded as personal data. This is not a legal technicality; it changes the character of the RTI Act itself.
Where information was once presumed to be open and available, unless denied on particular grounds, now information will be presumed to be not available unless the State chooses to make it available. The power has shifted from the citizens to the State.
The original dent in weakening RTI came not from DPDP legislation but from the judiciary. In Girish Ramchandra Deshpande v. CIC (2012), the Supreme Court held that information about disciplinary proceedings and service records of a public servant constituted ‘personal information’ and therefore could be withheld under Section 8(1)(j) of the RTI Act. The court treated this as a matter between employee and employer, without acknowledging that the real employer of public servants is the public itself.
That judgement became a template for routine denial of information. Once anything involving a person could be called ‘personal’, even data related to public duties such as leave records, caste certificates used for official claims, or expenditure from MP or MLA funds began to be withheld.
The situation worsened after the Puttaswamy (2017) judgement, where privacy was recognised as a fundamental right, an important and welcome development in itself. But in the absence of careful balancing, privacy began to override transparency, even where public interest was clear and compelling.
There has also been a steady institutional erosion of the RTI from its early days. Across 29 Central and state information commissions, more than four lakh appeals are pending, many for over a year. Several commissions are non-functional, and key posts have remained vacant for extended periods.
So, even before the latest changes in the DPDP Act, the delays in key appointments, the fading autonomy of the information commission and rising pendency had already weakened the RTI a slow suffocation that discouraged citizens from even filing applications.
We must remember that the RTI was not born in Parliament; it was born in village meetings, street protests, hunger strikes, public hearings and citizen mobilisation. The same kind of mobilisation, the same collective will is needed again, to demand:
1. Restoration of the public-interest override clause. Privacy does matter, but accountability in public finances and restraints on corruption and abuse of state power are more important
2. Reinstatement of the proviso that information that cannot be denied to Parliament cannot be denied any citizen. This principle sits at the heart of democratic equality
3. All vacancies must be filled urgently
4. There should be mandatory and proactive disclosure of information, thereby reducing the RTI burden and removing excuses for secrecy
5. We must have stronger protection for RTI users, and The Whistleblowers Protection Act, 2014, must be implemented
The RTI is not just a procedural tool or a bureaucratic mechanism. It embodies the idea of citizenship itself, and the idea that the State belongs to the people, not the other way around. If we believe that citizens have the right to govern those who govern them, then the struggle to defend the RTI, as with the struggle to create it, must continue with courage, vigilance and collective action.
(Ajit Ranade is a noted economist. More of his writing may be found here)
Article courtesy: The Billion Press

Merely 1/4th of Maharashtra human rights body orders accepted by state: RTI

Times of India: Mumbai: Sunday, 23 November 2025.
Just 24% or 44 of the 183 orders issued by the Maharashtra State Human Rights Commission (MSHRC) in the past 12 years have been accepted by the state govt, reveals a recent reply to a Right to Information (RTI) Act query filed by an advocate.

"The remaining 76% of the total orders are still pending with the govt, without any action, comments, reports, proposed action, and are void of any justification for their non-implementation," said the petition filed by advocate Satyam Surana who submitted the RTI query after moving the Bombay High Court over alleged poor implementation of MSHRC orders.
Citing RTI, the PIL stated high court judgments from different states affirming the recommendations of human rights commissions involve unpaid amounts totalling around Rs 3.4 crore since 2013.
An MSHRC official said there had been internal discussions within the rights commission about approaching the high court against the state govt for not accepting its recommendations, as legal provisions allow such action. However, no final decision has been taken in this regard.
The MSHRC has investigative and recommendatory powers. It investigates human rights violations and recommends compensations and disciplinary action or changes in policy. It take suo motu cognizance of rights violations or after receiving complaints. After hearing the sides, it passes an order, mainly awarding compensation, which the concerned govt department must implement. The commission has the legal option to go to the high court against the state for implementing its order but it has never used the option, said an MSHRC official.
"The govt and its authority needs to act upon such orders, or the body will remain toothless," said an MHSRC official, which is also made a party to the PIL.
"Now that the PIL has been filed, the MSHRC will present its position strongly to ensure its orders are either implemented or legally challenged," said an official.
Most of the recommendations not accepted by the govt were addressed to Mantralaya officials primarily departmental secretaries followed by the police.
The commission independently inquires into custodial death cases to determine compensation for the deceased's families, along with other types of human rights violations.
One of the alleged victims of police harassment said, "Most of the time, police officers challenge MSHRC orders in the high court in their personal capacity to delay or deny justice. Any challenge should be made through the department, not individually."
The petition cited the order of the Madras high court in the Abdul Sattar versus the govt principal secretary case, which concluded that recommendations of the state human rights commission are binding in nature and cannot be ignored by the executive. It also cited a Delhi high court order in Kiran Singh versus National Human Rights Commission and Others case, which held that "failure to act upon such recommendations, without judicial challenge, would defeat the purpose of the Protection of Human Rights Act, 1993". It further cited the MP high court and Allahabad high court while seeking the Bombay HC's intervention to provide similar relief.
The MSHRC was established on March 6, 2001, via a govt resolution under the Protection of Human Rights Act.
Currently, it comprises a chairman, Retired High Court Judge A M Badar, and two members Retired HC Judge Swapna Joshi and retired IPS official Sanjay Kumar.

Forest departments across India have no record of African grey parrot trade, reveal RTI responses

 The Hindu: National: Saturday, 22 November 2025.
The parrot, which is listed under Appendix I of the Convention on International Trade in Endangered Species of Wild Flora and Fauna (CITES), requires special permits, including individual CITES registration and import certificates, for their trade in the domestic and international markets

There are no registered breeders or authorised pet shops to sell African grey parrots (Psittacus erithacus) one of the most easily procurable animals in the country. While the bird is extensively available in pet markets, Forest departments in different States said no breeder has registered with them. The departments had responded to applications filed by The Hindu under the Right to Information (RTI) Act, to understand the trade in the exotic species.
The parrot, which is listed under Appendix I of the Convention on International Trade in Endangered Species of Wild Flora and Fauna (CITES), requires special permits, including individual CITES registration and import certificates, for their trade in the domestic and international markets.
Extensive capture of the bird for the international pet trade have led to the populations being decimated in their home ranges encompassing parts of Central Africa. The species is also listed as ‘Endangered’ by the International Union for the Conservation of Nature.
What the RTI responses said
Out of 19 States and Union Territories to whom the applications were sent asking about the trade in the species, only Kerala’s Forest department declared it had received 17 applications for the registration of breeders’ licences for the species through the PARIVESH portal. The State also said registration of pet stores was delegated to be dealt with by the State Animal Welfare Board. Meanwhile, most other States gave generic responses about not having access to the data requested, while some forest divisions also responded individually, stating that the species was not found in their divisions, misunderstanding the requests.
“That pet stores are an animal rights issue, and deal only with the sale of dogs and cats, has become an outdated point of view,” said a researcher working on the illegal trade in pets across the country. He said the African grey parrots were now protected under Schedule IV of the Wildlife Protection Act, 1972. As per the Living Animal Species (Reporting and Registration) Rules, 2024, every person having these species, be it pet shop owners or pet owners, need to register ownership on the PARIVESH 2.0 portal.
Despite Tamil Nadu claiming that as per their records, there were no registered breeders, traders, or pet stores dealing in the commercial trade of African grey parrots, the Forest department said it was compiling inspection reports and audits of breeding facilities, pet shops, and sellers of the species.
Breeding licence
To breed CITES Appendix I species like the African grey parrot, a valid breeding licence is required. To obtain this licence, an application must be submitted to the Chief Wildlife Warden under the Breeders of Species Licence Rules, 2023. The applicant must also have the CITES import permit for the species, a Directorate General of Foreign Trade (DGFT) import licence number, and a No Objection Certificate (NOC) from the respective Chief Wildlife Warden for the import before applying for the breeding licence, a researcher understanding the trade in exotic wildlife said.
“The information is not available in this office and the process of collecting, compiling and verifying the same is likely to take additional time. As such, the reply will be send [sic] once the process is completed...” the Tamil Nadu Forest department said.
Shekhar Kumar Niraj, former Chief Wildlife Warden of Tamil Nadu, and currently the South Asia head of the Wildlife Justice Commission, said it was mandatory for the Forest department of each State to maintain records of exotic species. “Even prior to importing, buyers have to receive approval from their respective State’s Chief Wildlife Wardens, aside from import certificates and CITES approvals,” he said.
“The trade in exotic species is on the rise, and maintaining registries of these species is extremely important as they pose a biohazard with the potential for spreading zoonotic diseases and also for becoming invasive species,” he added.
Trade hubs
Chief Executive Officer at Wildlife Trust of India (WTI) Jose Louies said Kerala, Tamil Nadu, and Karnataka have become hubs for the import and trade in exotic species.
“These three South Indian States have got well-established aviaries, which are breeding these animals and selling it across the country. If you look at a hub of exotic pet trade in India, it is the three southern states. Whether it is grey parrots, marmosets, anacondas, or turtles, there are farms, traders, networks and organised transportation methods,” said Mr. Louies.
However, he does not lay the blame for a lack of oversight on these species on the Forest department. “You cannot expect the Forest department or enforcement agencies to go to house to house and search for these animals,” he said. People buy animals without paperwork, and also breed them illegally without breeders’ permits. He says while the legal framework exists to monitor exotic species, challenges in implementing laws remain difficult to overcome.
“The problem is not just the grey parrot. The problem is, what we are going to face is alien and invasive species, which are going to be very common and will create problems across the country. The grey parrot is just one particular species, but we can say that about iguanas, marmosets, snakes, turtles; they all have the ability to become invasive in our ecosystem,” he added. The only solution to this problem would be for a mindset in people to stop wanting to own these animals or a blanket ban on all exotic species.

Maharashtra Govt Issues Fresh Circular Defining Respect Norms And Clarifies RTI Rules For MLAs And MPs : Ravikiran Deshmukh

 Free Press Journal: Mumbai: Saturday, 22 November 2025.

According to senior officials, the new clarification was prompted by increasing frustration among Opposition MLAs. Several had sought key documents under the Right to Information (RTI) Act, but officers reportedly delayed releasing them, seeking guidance from the government before responding.
The state government on Thursday issued its ninth circular on how officials must extend respect to elected representatives, reiterating longstanding protocols while adding clarity on what information can and cannot be shared with MLAs and MPs.
New Guidance on Information Release
Although eight earlier circulars have been issued between July 2015 and August 2021, the latest update introduces one significant change: guidance on the release of information sought by legislators. The earlier instructions remain largely the same, emphasising basic courtesies officials must rise from their seats when a legislator enters the room, listen attentively, and maintain polite conduct during phone conversations.
Signed by Chief Secretary Rajesh Kumar, the circular underlines that ensuring respect towards elected representatives strengthens the administration’s reliability and accountability. It warns that action will be taken against officers who fail to follow the norms.
RTI Delays Spark Complaints
According to senior officials, the new clarification was prompted by increasing frustration among Opposition MLAs. Several had sought key documents under the Right to Information (RTI) Act, but officers reportedly delayed releasing them, seeking guidance from the government before responding.
To address this, the circular specifies that information must be provided strictly in accordance with Sections 2(f) and 2(i) of the RTI Act, which define the nature of information and how it may be accessed. Any information falling within the RTI framework must be supplied free of cost.
The circular also makes it clear that no information outside the RTI Act’s definitions must be shared with MLAs or MPs, effectively drawing a boundary on what elected representatives can demand from the administration.
Strict Warning on Privilege Breaches
Another important addition concerns breach of privilege matters. Government officers have been instructed to fully comply with the Legislature’s Committee on Privileges and to act promptly on motions forwarded by the state legislature. Failure to do so will invite disciplinary action, and officers must submit the required reports to the Legislature Secretariat without delay.
The circular further reminds the administration to invite all elected representatives from a district to government events, include their names on invitation cards, and reserve seats for them.

Your Data, Your Rights: India’s New DPDP Rules Put Citizens In Control : By Guest

Kashmir Reader: Opinion: Saturday, 22 November 2025.
The Digital Personal Data Protection Act and Rules establish a citizen-centric framework, empowering individuals with clear rights and setting a phased, 18-month compliance timeline for organisations

The Government of India notified the Digital Personal Data Protection (DPDP) Rules, 2025 on 14 November 2025. This marks the full operationalisation of the Digital Personal Data Protection Act, 2023 (DPDP Act). Together, the Act and the Rules form a clear and citizen-centred framework for the responsible use of digital personal data. They place equal weight on individual rights and lawful data processing.
The Ministry of Electronics and Information Technology invited public comments on the draft Rules before finalising them. Consultations were held in Delhi, Mumbai, Guwahati, Kolkata, Hyderabad, Bengaluru and Chennai. A wide range of participants took part in these discussions. Startups, MSMEs, industry bodies, civil society groups and government departments all offered detailed suggestions. Citizens also shared their views. In total, 6,915 inputs were received during the consultation process. These contributions played a key role in shaping the final Rules.
With the notification of the Rules, India now has a practical and innovation-friendly system for data protection. It supports ease of understanding, encourages compliance and strengthens trust in the country’s growing digital ecosystem.
Understanding the Digital Personal Data Protection Act, 2023
Parliament enacted the Digital Personal Data Protection Act on 11 August 2023. The law creates a full framework for the protection of digital personal data in India. It explains what organisations must do when they collect or use such data. The Act follows the SARAL approach. This means it is Simple, Accessible, Rational and Actionable. The text uses plain language and clear illustrations so that people and businesses can understand the rules without difficulty.
The law rests on seven core principles. These include consent and transparency, purpose limitation, data minimisation, accuracy, storage limitation, security safeguards and accountability. These principles guide every stage of data processing. They also ensure that personal data is used only for lawful and specific purposes.
A central feature of the Act is the creation of the Data Protection Board of India. The Board functions as an independent body that oversees compliance, inquires into breaches and ensures that corrective measures are taken. It plays a key role in enforcing the rights granted under the Act and maintaining trust in the system.
The Act places clear responsibilities on Data Fiduciaries to keep personal data safe and to stay accountable for its use. It also gives Data Principals the right to know how their data is handled and the right to seek correction or removal when needed.
Together, the Act and the Rules create a strong and balanced system. They strengthen privacy, build public trust and support responsible innovation. They also help India’s digital economy grow in a secure and globally competitive way.
Overview of the Digital Personal Data Protection Rules, 2025
The Digital Personal Data Protection Rules, 2025 give full effect to the DPDP Act, 2023. They build a clear and practical system to protect personal data in a fast-expanding digital environment. The Rules focus on the rights of citizens and on responsible data use by organisations. The Rules aim to curb unauthorized commercial use of data, reduce digital harms and create a safe space for innovation. They will also help India maintain a strong and trusted digital economy.
In carrying this vision forward, the Rules outline several core provisions that follow:
Phased and Practical Implementation
The Rules introduce an eighteen-month period for phased compliance. This gives organisations enough time to adjust their systems and adopt responsible data practices. Every Data Fiduciary must issue a separate consent notice that is clear and easy to understand. The notice must explain the specific purpose for which personal data is collected and used. Consent Managers, who help people manage their permissions, must be companies based in India.
Clear Protocols for Personal Data Breach Notification
The Rules set out a simple and timely process for reporting personal data breaches. When a breach takes place, the Data Fiduciary must inform all affected individuals without delay. The message must be in plain language and must explain what happened, the possible impact and the steps taken to address the issue. It must also include contact details for help.
Transparency and Accountability Measures
The Rules require every Data Fiduciary to display clear contact information for queries related to personal data. This may be the contact of a designated officer or a Data Protection Officer. Significant Data Fiduciaries face stronger duties. They must conduct independent audits and carry out impact assessments. They must also follow stricter checks while using new or sensitive technologies. In some cases, they must follow government directions on restricted categories of data, including local storage where needed.
Strengthening Rights of Data Principals
The Rules reinforce the rights already provided under the Act. Individuals can ask to access their personal data or seek corrections and updates. They may also request the removal of data in certain situations. They can choose someone else to exercise these rights on their behalf. Data Fiduciaries must respond to such requests within ninety days.
Digital-First Data Protection Board
The Rules establish a fully digital Data Protection Board of India, which will consist of four members. Citizens will be able to file complaints online and track their cases through a dedicated portal and mobile application. This digital system supports quicker decisions and simplifies grievance redressal. Appeals against the Board’s decisions will be heard by the Appellate Tribunal, TDSAT.
How the DPDP Rules Empower Individuals
The DPDP framework places the individual at the centre of India’s data protection system. It aims to give every citizen clear control over personal data and confidence that it is being handled with care. The rules are written in plain language so that people can understand their rights without difficulty. They also ensure that organisations act responsibly and remain accountable for how they use personal data.
Rights and protections for citizens include:
Right to Give or Refuse Consent
Every person has the choice to allow or deny the use of their personal data. Consent must be clear, informed and easy to understand. Individuals may withdraw their consent at any time.
Right to Know How Data is Used
Citizens can seek information on what personal data has been collected, why it has been collected and how it is being used. Organisations must provide this information in a simple form.
Right to Access Personal Data
Individuals can ask for a copy of their personal data that is held by a Data Fiduciary.
Right to Correct Personal Data
People may request corrections to personal data that is inaccurate or incomplete.
Right to Update Personal Data
Citizens can ask for changes when their details have altered, such as a new address or updated contact number.
Right to Erase Personal Data
Individuals may request the removal of personal data in certain situations. The Data Fiduciary must consider and act on this request within the permitted time.
Right to Nominate Another Person
Every individual can appoint someone to exercise their data rights on their behalf. This is helpful in cases of illness or other limitations.
Mandatory Response within Ninety Days
Data Fiduciaries are required to address all requests related to access, correction, updating or erasure within a maximum of ninety days, ensuring timely action and accountability.
Protection During Personal Data Breaches
If a breach takes place, citizens must be informed at the earliest. The message must explain what happened and what steps they can take. This helps people act quickly to reduce harm.
Clear Contact for Queries and Complaints
Data Fiduciaries must provide a point of contact for questions relating to personal data. This may be a designated officer or a Data Protection Officer.
Special Protection for Children
When a child’s personal data is involved, verifiable consent from a parent or guardian is required. This consent is needed unless the processing relates to essential services such as healthcare, education or real-time safety.
Special Protection for Persons with Disabilities
If a person with a disability cannot make legal decisions even with support, their lawful guardian must give consent. This guardian must be verified under the relevant laws.
How DPDP Aligns with the RTI Act
Since the DPDP Act and the DPDP Rules expand citizens’ privacy rights, they also clarify how these rights work alongside the access to information guaranteed by the Right to Information (RTI) Act.
The changes introduced through the DPDP Act revise Section 8(1)(j) of the RTI Act in a way that respects both rights without diminishing either. The amendment reflects the Supreme Court’s affirmation of privacy as a fundamental right in the Puttaswamy judgment. It brings the law in line with the reasoning already followed by courts, which have long applied reasonable restrictions to safeguard personal information. By codifying this approach, the amendment prevents uncertainty and avoids any conflict between the transparency regime of the RTI Act and the privacy safeguards introduced under the DPDP framework.
The revision does not prevent the disclosure of personal information. It simply requires that such information be assessed with care and shared only after considering the privacy interests involved. At the same time, Section 8(2) of the RTI Act remains fully operative. This provision allows a public authority to release information when the public interest in disclosure is strong enough to outweigh any possible harm. This ensures that the essence of the RTI Act, which is to promote openness and accountability in public life, continues to guide decision making.
Conclusion
The Digital Personal Data Protection Act and the DPDP Rules mark an important step in building a trustworthy and future-ready digital environment for the country. They bring clarity to how personal data must be handled, strengthen the rights of individuals and create firm responsibilities for organisations. The framework is practical in design and backed by wide public consultation, which makes it both inclusive and responsive to real needs. It supports the growth of India’s digital economy while ensuring that privacy remains central to its progress. With these measures now in place, India moves towards a safer, more transparent and innovation-friendly data ecosystem that serves citizens and strengthens public confidence in digital governance.

Odisha SIC Orders Disclosure Of Husband’s Salary Details To Wife Under RTI

Ommcom News: Bhubaneswar: Saturday, 22 November 2025.

The Odisha State Information Commission (SIC) has ruled that a woman has the right to access the salary details of her husband who is a government employee, directing the Public Information Officer (PIO) of Khallikote Block in Ganjam district to furnish the information within 15 days.
The order came in response to a second appeal filed by Archana Panigrahi, who had sought the salary slip and basic pay details of her husband, Biranchi Narayan Sahu, an employee in the office of the Block Development Officer (BDO), Khallikote. Her RTI request was earlier rejected by both the PIO and the First Appellate Authority under Section 8(1)(j) of the RTI Act, citing “personal information.”
During the hearing, Panigrahi argued that as the legally wedded wife, she was entitled to know her husband’s salary details, especially since a matrimonial and maintenance case is pending before a judicial court.
State Information Commissioner Susanta Kumar Mohanty, after hearing both parties, held that the public authority had “partially misinterpreted” the exemption clause. He noted that the salary of a public servant is paid from the government exchequer and falls under voluntary disclosure norms of Section 4(1)(b) of the RTI Act.
Citing key precedents from the Central Information Commission and various High Courts, including the Dr. Dheeraj Kapoor case and Soma Majumdar vs Eastern Coalfields, the Commission reaffirmed that a spouse has the right to know the salary particulars of a government employee.
However, Mohanty clarified that while the basic pay, net income, or take-home salary must be disclosed, details relating to personal deductions, loans, savings, or allowances are exempt as they constitute “personal information” and would amount to an unwarranted invasion of privacy.
The SIC thus directed the Khallikote PIO to provide the relevant salary particulars to the appellant within 15 days, while rejecting her request for additional financial details that fall under the privacy exemption.
With this direction, the second appeal was disposed of.

State Information Commission directs Coimbatore Corporation to pay ₹10,000 compensation to RTI applicant for delayed information

The Hindu: Coimbatore: Saturday, 22 November 2025.

The Tamil Nadu Information Commission has directed the Coimbatore Corporation to pay ₹10,000 as compensation to an RTI applicant for failing to provide information within the 30-day deadline mandated under the Right to Information Act, 2005. The order was passed during a virtual hearing held recently.
K. Deivasigamani, a retired DSP, had filed an RTI application on January 16, 2023 with the Corporation’s West Zone office seeking details on the reserve site located at Maniyam Kaliappa Street in Ward 43. He sought information on the purpose for which the land had been earmarked as per Town and Country Planning approval, the current status of the site, and documents relating to the proposed construction of a water tank, including its sanction order and cost estimate.
S.V. Lakshmanan, Administrative Officer, West Zone, appeared before the Commission as the authorised representative of the Public Information Officer (PIO).
According to the Commission, no information was provided within the statutory 30-day period. The first reply was issued only on March 28, 2023, followed by another response on October 25, 2024. The petitioner later filed an appeal on June 6, 2025 stating that the replies were delayed and incomplete.
During the hearing, the Commission sought an explanation from the then PIO, identified as M. Sekar, who was in office at the time of filing the RTI. The Corporation informed the Commission that Sekar had retired on July 31, 2023, following which further action against him was dropped.
Holding that the applicant did not receive information within the stipulated time, the Commission ordered the Corporation to pay ₹10,000 as compensation within 10 days and submit proof of payment to the Commission.
Official sources said the compensation would be paid as directed and added that Sekar had been deputed to the Corporation from the Revenue Department and that the Corporation would write to the District Collector’s office seeking recovery of the compensation amount from his retirement benefits and reimbursement to the Corporation.

Editors Guild of India Reiterates Need To Protect Journalists Under India’s Digital Data Protection Rules : Kamya Pandey

Media Nama: New Delhi: Friday, 21 November 2025.
The absence of an explicit exemption for journalists and the dilution of the Right to Information (RTI) Act under the Digital Personal Data Protection Rules, 2025 (DPDP Rules, 2025) has left critical questions unanswered, the Editors Guild of India (EGI) said in a recent statement about the rules.

The crux of EGI’s concerns boils down to the fact that, as per the law, reporting on matters of public interest may be in conflict with people’ rights to personal data protection.
Importantly, the Guild mentions that in July 2025, the Ministry of Electronics and Information Technology (MeitY) conducted a meeting with media organisations where it emphasised that journalistic work will not fall under the purview of the DPDP Act.
“The Guild, along with other media organisations, had urged MeitY to issue a legally tenable clarification or amendment provision to explicitly safeguard journalistic activities,” it explains.
Furthermore, the EGI adds that the media industry had submitted a set of 35 questions and case-based scenarios to the MeitY. However, the Ministry has not provided an official response to these queries.
EGI’s continued pushback against the lack of journalistic exemptions:
This is not the first time that the EGI has highlighted these concerns; it has been emphasising them since the DPDP Bill was tabled in the Parliament in 2023. At the time, the guild had cited the Justice Srikrishna Committee report on the data protection law, which stated that if the law required journalists to adhere to the grounds of processing personal data, it would be extremely onerous for them to access information.
The report had also highlighted that if the law mandates consent for data processing, it would mean that journalists would not be able to publish accounts that are unfavourable to the data principal. In these circumstances, the lack of a clear exemption for journalistic activities would have a chilling effect on journalism in the country.

And in February 2024, the EGI sent a representation to MeitY seeking a class exemption to data fiduciaries engaged in data processing for journalistic activities under Section 17(5) of the DPDPA for as long as such purposes subsist. To explain, this section allows the government to exempt certain data fiduciaries from any provision of the act for a specific period.
How does the data protection law impact the RTI Act?
With regard to the RTI Act, EGI had mentioned back in 2023 that Clause 44(3) of the DPDP Act, 2023, unreasonably widens the scope of exemptions allowed to Public Information Officers (PIOs) of government ministries and departments to reject RTI applications, as they can simply argue that certain information ‘relates to personal information’.
EGI argued that this widened scope of exemptions “shifts the balance in favour of non-disclosure of information, including information which is being sought by journalists in public interest, thereby reducing accountability”.
As MediaNama has previously reported, the DPDP Act also amends a provision of the RTI Act, which guaranteed individuals the same access to information as available to the Parliament and state legislatures. This reduces the amount of information available to the average person.
The DPDP rules do not alleviate these concerns:
“The notified rules do not alleviate these concerns [lack of journalistic exemptions and curtailed RTI Act]. Ambiguous consent obligations around consent risk exposing journalists and newsrooms to compliance burdens that may impede routine reportage,” EGI explains in its latest statement.
It has once again urged the Government to issue a ‘clear and categorical clarification’ exempting bona fide journalism from the consent and processing requirements under the Act. The guild argues that while data protection and privacy are vital, the government needs to balance them against people’s right to know and the freedom of speech and expression.

Impact of the new Digital Personal Data Protection Rules on websites : Aman Varma

Bar and Bench: New Delhi: Friday, 21 November 2025.
Every online entity whether a government department, corporate website, or small business - must now adapt its practices to respect user privacy.

The Digital Personal Data Protection (DPDP) Rules, 2025 - framed under Digital Personal Data Protection Act (DPDPA) - have been released as of November 13, 2025. The Rules are somewhat similar to the draft version which was shared on January 3, 2025 for consultation.
Businesses - particularly those that depend on their online presence -now have 18 months to comply with the Rules. Here's how the new Rules affect websites in general.
Growing online presence
In today’s digital-first world, having an online presence is no longer optional; it is essential. Individuals, businesses, professionals and even government departments are all increasingly establishing their digital footprint. The reasons are clear - visibility, engagement and convenience.
Certain organisations, such as e-commerce companies or digital-first startups, rely entirely on their online presence. Their websites and apps are their sole interaction points with customers they have no physical storefronts. Similarly, government portals like UIDAI (for Aadhaar services) and RTI Online are designed to deliver services digitally, improving accessibility and reducing bureaucratic barriers.
This increasing reliance on digital platforms, however, comes with an important trade-off the collection and processing of user data. Every time a person visits a website, performs a search or interacts with an app, they leave behind digital traces. These traces, or ‘digital footprints’, have significant implications under India’s new data privacy regime.
Personal data collection while visiting websites
Virtually every entity with an online presence collects some level of personal data. Research shows that almost all websites gather information - some automatically, some knowingly.
Automatic data collection includes details such as browser type, device information, operating system version, IP address, click patterns, time spent on the website and bandwidth usage. Although these may appear harmless, when analysed together, they can reveal deep insights into an individual’s online behaviour, preferences and even personality traits. In essence, they create a ‘digital clone’ of the user.
In many cases, websites collect this information without providing sufficient transparency. Some do not even have a privacy policy, while others, particularly government sites, have privacy policies that are too brief or vague.
For instance, the Securities and Exchange Board of India’s (SEBI) privacy policy is just a paragraph long and provides little detail about how user data is processed or protected. Such limited disclosure falls short of the expectations set by modern data protection principles.
Digital privacy as a fundamental right today
The turning point came when the Supreme Court of India, in its landmark judgment of KS Puttaswamy v. UOI and Ors, recognised digital privacy as a fundamental right under Article 21 of the Constitution. This recognition laid the foundation for stronger data protection laws and paved the way for the DPDPA.
The DPDPA defines "personal data" as any information that can identify an individual, either directly or indirectly. Under this definition, even automatically collected data like IP addresses or device IDs qualifies as personal data if it can be linked back to a person. Consequently, nearly all websites operating in India fall under the purview of the DPDPA.
How DPDPA affects websites and online services
With the DPDPA now in effect, organisations must reassess their online practices and ensure compliance. The law mandates that all entities processing personal data must be transparent about their data handling practices, obtain user consent and implement necessary safeguards to protect user information.
This means that even static, minimally interactive websites that simply log visitor data such as IP addresses, domain names, or device types must comply. Such information, while indirect, can still identify an individual when combined with other data points.
Websites must, therefore, include detailed and easily accessible privacy notices that explain what data is being collected, how it is processed, the purposes for which it is used and whether it is shared with third parties. Much like how the Right to Information (RTI) Act obliges the government to disclose information for good governance, the DPDPA legally mandates data transparency for digital governance.
Key compliance requirements under DPDPA and DPDP Rules, 2025
To align with the new data protection framework, website operators in India will need to implement several key measures, such as:

• Cookie consent banners: Websites must clearly inform users about the use of cookies and seek their explicit consent before storing any data.
• Comprehensive privacy notice: The notice should detail the nature of data collected, retention practices, data-sharing procedures and user rights.
• Consent mechanisms: Users should have the option to withdraw consent as easily as they grant it.
• Grievance Officer/Data Protection Officer: The details of the grievance officer or the DPO should be mentioned on the website of the data fiduciary, as per Rule 9 of the DPDP Rules, 2025.
• Information on the rights of data principals: Websites should mention the details of the manner in which their own customers, clients or employees may make a request for exercising their following rights:

i) Erasure of their personal data from website;

ii) Accessing what personal data the website holds about them;

iii) Correction/updation of any personal data that the user has made to the website.

• Accountability measures: Entities must ensure compliance through internal audits. This will be particularly relevant for entities who are designated as significant data fiduciaries under the DPDPA.

Failure to comply can lead to significant financial penalties. Under the DPDPA, violations can attract fines of up to ₹250 crore, a strong deterrent against negligence or misuse of personal data. Even a general breach under the DPDPA is penalised up to ₹50 crore.
Conclusion
India’s data privacy landscape is undergoing a major transformation. As digital engagement deepens, both individuals and organisations must become more aware of the value and vulnerability of personal data. The DPDPA is not merely a regulatory requirement; it is a framework designed to foster trust, accountability and transparency in India’s digital ecosystem.
Every online entity whether a government department, corporate website, or small business - must now adapt its practices to respect user privacy. In doing so, India takes a crucial step toward aligning its digital environment with global standards and ensuring that the promise of a connected world does not come at the cost of individual rights.
(Aman Varma is a Senior Manager at K&S Digiprotect Services.)

Despite 2025 goal to eliminate TB, India sees 1.5-fold rise in cases: RTI reply

Daily Excelsior: New Delhi: Friday, 21 November 2025.
The number of Tuberculosis (TB) patients in India has increased by one and a half times in the last five years, despite the central government’s goal to eliminate TB by 2025, an RTI reply revealed.

Uttar Pradesh is the most affected state, where 3,83,987 cases have been reported till June this year, while Lakshadweep is the least affected with only nine cases, it read.
The Central Tuberculosis Division of the Union Ministry of Health and Family Welfare provided this information in response to an application filed by the PTI under the Right to Information (RTI) Act.
The total number of TB cases has reached 20,77,591 as of October this year.  The number in 2020 was 18,05,670, which in 2024 rose to 26,17,923, the information revealed.
According to the information, 18,05,670 cases of TB were reported in 2020, 21,35,830 in 2021, 24,22,121 in 2022, 25,52,257 in 2023, and 26,17,923 in 2024, indicating a persistent rise. With the rate of cases per lakh population being 131 in 2020, 153 in 2021, 172 in 2022, 179 in 2023, 183 in 2024, and 195 in 2025.
Uttar Pradesh is the most affected state, where 3,83,987 cases have been reported till June this year, whereas 6,81,779 cases were reported in 2024, 6,32,872 in 2023, 5,22,850 in 2022, 4,53,712 in 2021 and 3,66,641 cases in 2020, the RTI said.
It further revealed that 62,342 cases were reported in the national capital till June this year, whereas 1,05,343 cases were reported in 2024, 1,00,523 in 2023, 1,06,731 in 2022, 1,03,038 in 2021 and 86,842 in 2020.
Maharashtra reported 1,15,303 cases till June this year, whereas 2,30,163 cases were recorded in 2024, 2,27,664 in 2023, 2,34,105 in 2022, 1,99,976 in 2021 and 1,59,663 in 2020.
In Bihar, a continuous increase in the patients has also been recorded in the last five years. The state had 98,994 TB cases in 2020, 1,31,703 in 2021, 1,61,165 in 2022, 1,86,974 in 2023 and 2,00,4309 in 2024.
Haryana is also among those states where TB cases have increased for five consecutive years. The state had 62,697 TB cases in 2020, 69,083 in 2021, 75,838 in 2022, 80,490 in 2023 and 86,635 in 2024.
The states most affected by TB are Bihar with 112,503 cases, Madhya Pradesh with 89,833, Rajasthan with 89,215, Gujarat with 69,918, West Bengal with 56,512, Tamil Nadu with 49,276, Haryana with 48,936 and Telangana with 41,027 cases till June 2025.
According to information provided under RTI, Lakshadweep leads the list of least affected, where only nine cases have been reported till June, this year, Ladakh 136 cases, Andaman 368, Dadra and Nagar Haveli and Daman and Diu 632, Sikkim 660, Mizoram 1248, Arunachal Pradesh 1348, Manipur 1360, and Puducherry 1692 cases.
TB is an infectious disease caused by bacteria called Mycobacterium tuberculosis. It primarily affects the lungs, but other organs such as the kidneys, brain, and spinal cord can also be affected.
India aims to eliminate TB by 2025 under the National Tuberculosis Elimination Programme (NTEP), one of the world’s most ambitious health missions. The initiative aims to strengthen diagnosis, treatment, and prevention efforts and accelerate progress towards a ‘TB-free India’.
Dr Aamir Nadeem, consultant at Pulmonology Regency Hospital in Gorakhpur, Uttar Pradesh, told PTI, “If TB is not diagnosed and treated early, it can be fatal. It can affect other parts of the body besides the lungs. However, the good news is that it can be completely cured, provided the patient completes the full treatment regularly and does not stop taking the medication.”
When asked about the increase in TB cases, Dr Animesh Arya, Director of Pulmonology, Interventional Pulmonology and Sleep Medicine at Shri Balaji Action Medical Institute in Delhi, said, “People are now more aware of this disease than ever before. People are getting tested as soon as they notice symptoms like cough, fever, weight loss, or fatigue, which helps detect the disease in its early stages.”
He added, “The government’s ‘Nikshay Poshan Yojana’, free medicine, and treatment facilities have also played a major role. Patients now receive not only medication but also nutritional support, which accelerates recovery. Furthermore, digital reporting systems have made patient monitoring and tracking easier.” (PTI)

DPDP Act rules collectively cripple rti endanger journalism says digipub.

Newsclick: New Delhi: Thursday, November 20, 2025.

The Rules notified recently create avens for disproportionate State overreach, covert interference with editorial independence.

DIGIPUB News India Foundation, a collective of digital news portals and independent journalists, has expressed its deep concern over the Digital Personal Data Protection Rules (DPDP), 2025, notified by the government on November 13, making the Act concerned enforceable with immediate effect.

In a press statement, DIGIPUB, whose members include News Minute, The Wire, AltNews, Newsclick, Newslaundry, The Quint, Boomlive, Article 14, HW News, Scroll, Cobrapost among others, said the concerned Act and the Rules “collectively cripple the Right to Information Act”, and also “endanger journalism”.

DIGIPUB urged the government and the department concerned to initiate a “transparent, formal and time-bound” consultation in the issues submitted by it, as also amend provisions that undermine media freedom, Right to Information and integrity of the digital space.

“By excluding journalists from any statutory exemption and granting the State broad access and enforcement powers, the open the door to indirect censorship, a chilling effect on free expression, and disproportionate surveillance of legitimate newsgathering activities”, read the statement.

It added that the Rules and the Act also “endanger source confidentiality, hinder public interest investigations, obstruct anti-corruption disclosures, and weaken the information framework essential for democratic accountability”, and called for restoration of “clear, statutory exemption for journalistic and public interest processing”.

Details of graft cases against MPs, MLAs can’t be denied under RTI.

Times of India: Chennai: Venkatadesan: Thursday, November 20, 2025.

The state information commission has directed the directorate of vigilance and anti-corruption (DVAC) to furnish details of corruption cases it has registered against MPs and MLAs, rejecting its denial of such information. Chief Information Commissioner Md Shakheel Akhter ordered DVAC SP and public information officer V Saravana Kumar to provide the details sought by a petitioner under the Right to Information Act. The directions came while disposing appeals by Aadithya Cholan of Ramapuram, who was not satisfied with the replies he received to his original petition and first appeal. 

The petition was filed in Nov 2024, and the first appeal in Jan. 

While the second appeal was filed before the commission in April, Aadithya Cholan moved the Madras high court seeking directions to the information commission. The high court passed an order directing the commission to consider the petitioner's second appeal on its merits and in accordance with the law, and to pass orders within a period of 12 weeks. When the appeal came up for hearing on Nov 12, DVAC S P V Saravana Kumar submitted the agency's reply to the petition dated Dec 17, 2024. But the appellant contended that it was incorrect information and that the reply was rejected under Section 7(9) of the RTI Act.

The commission has now directed the PIO to furnish modified, correct information as per their records to the petitioner by Speed Post within a month. They were also instructed to submit the postal tracking of the petitioner and a copy of the reply sent to the petitioner on Jan 8, 2026.

Separate Section created in DPDP Rules for persons with disabilities : Aroon Deep, Abhinay Lakshman

 The Hindu: New Delhi: Wednesday, 19 November 2025.
In the draft rule regarding consent mechanism, persons with disabilities had been clubbed with children; activists hail separation of Sections in the notified rules, but raise concern over lack of clarity on laws of guardianship

Representative image. | Photo Credit: Getty Images/iStockphoto

Following pushback over the course of this year from disability rights activists, the Electronics and Information Technology Ministry has made changes to the Digital Personal Data Protection Rules, 2025, to separate persons with disabilities from a rule that, in a draft, clubbed them with children for the sake of consent by a guardian.
While disability rights activists, who referred to the clubbing as the “infantilisation” of persons with disabilities, hailed this change in the notified rules, they said their concerns over the provisions remain. The notified rules do not contain illustrations on implementation to cover a range of instances where disabled people may or may not be able to use the Internet freely. Further, the language of the 2023 DPDP Act continues to group children and persons with disabilities together.
The DPDP Act, 2023, and the rules significantly restrict what minors can do online, such as setting up a social media account, without a parent’s consent. In the draft rules, this requirement was spelled out in detail in a section that included persons with disabilities, causing concern among disability rights groups. They argued that the Act and the draft unnecessarily required guardian consent for all types of data collection by websites.
Nipun Malhotra, of the Nipman Foundation, which has been advocating for changes to this Act and rules, said it was a “major victory” to have the Sections governing consent mechanisms for children and persons with disabilities separated. “The restrictions relating to behavioural monitoring, tracking, targeted advertising that apply to children do not apply to persons with disabilities anymore. These are useful features for persons with disabilities,” he said.
However, Mr. Malhotra noted that concerns remain regarding the practicalities of implementing the rules and the language in the principal Act, where children and persons with disabilities are included in the same section. “How the rules will be implemented and what will be clarified in due course. This is anybody’s guess,” he said.
The part of the rules that deals with consent for children’s data includes multiple illustrations of different scenarios under which consent should be obtained, along with a schedule that exempts and clarifies these requirements. While the separation of the Sections has clarified that these restrictions will not be applicable to persons with disabilities, the Section for persons with disabilities does not have any illustrations to capture the nuances of how guardianship operates, a key issue with the draft rules as pointed out in a report by the policy think tank PACTA and the NGO Saksham Disability.
Another issue pointed out by activists and civil society organizations was that the draft rules did not clarify which law of guardianship for persons with disabilities either the National Trust for Welfare of Persons with Autism, Cerebral Palsy, Mental Retardation, and Multiple Disabilities Act, 1999, or the Right of Persons with Disabilities Act, 2016 would be considered for implementation.
The Saksham report had raised concerns about this, given that under the NT Act, the need for guardianship is partly determined by a person’s “decision-making capacity,” a term that the 1999 law does not clearly define. This, activists say, is not in consonance with the United Nations Convention on the Rights of Persons with Disabilities, while guardianship under the RPWD Act is.
It further noted that small surveys had shown that not many persons with disabilities were aware of the law under which their guardianship is registered.
The notified rules, while creating a separate Section, have left the language in the Section for persons with disabilities unchanged. In Section 11 of the notified rules, they continue to provide for implementation in cases of guardianship under both the NT Act and the RPWD Act.
Mr. Malhotra said that the rules have defined “designated authority” in relation to guardianship as one governed by the RPWD Act, 2016. “But there remains the contradiction because further down in defining persons with disability, the rules provide for persons with physical disability as well. This contradicts because guardianship under the RPWD Act does not provide guardians for people with physical disabilities.”