Moneycontrol: National: Saturday, 15 November 2025.
Through these changes, public authorities and information commissioners must apply the DPDP Act’s definition of “personal data” while deciding RTI requests.
A key amendment to the RTI
Act, brought in through the Digital Personal Data Protection Act (DPDP) Act,
that critics say dilutes provisions of RTI, came into force on November 14,
according to a gazette notification by the Ministry of Electronics and Information
Technology.
The notification was brought into force Section 44(3) of the DPDP Act, which amends the Right to Information (RTI) Act. Through this change, public authorities and information commissioners must apply the DPDP Act’s definition of “personal data” while deciding RTI requests.
This effectively raises the threshold for disclosing personal details of individuals unless a larger public interest is clearly established.
This provision has been met with criticism by several quarters of the society, including media industry, civil society and so on, as they argue that it may restrict disclosure of personal information in RTI responses. Responding to criticism, IT minister Ashwini Vaishnaw earlier this year, aid that the law will not restrict disclosure of personal information in RTI responses.
"Therefore, any personal information that is subject to disclosure under legal obligations under various laws governing our public representatives and welfare programmes like MGNREGA, etc will continue to be disclosed under the RTI Act. In fact, this amendment will not restrict disclosure of personal information, rather it aims to strengthen the privacy rights of the individuals and prevent the potential misuse of the law,” Vaishnaw said in a letter to former minister Jairam Ramesh.
The IT ministry has notified a three-stage schedule for enforcing the DPDP Act. The provisions that take effect immediately include establishing the Data Protection Board and key penalty, appeal and rule-making powers.
A second set of provisions will come into effect one year from now, including provisions that deal with consent, duties of data fiduciaries, data principal rights and so on.
Through these changes, public authorities and information commissioners must apply the DPDP Act’s definition of “personal data” while deciding RTI requests.
 |
| India began operationalising the data protection act on November 14 |
The notification was brought into force Section 44(3) of the DPDP Act, which amends the Right to Information (RTI) Act. Through this change, public authorities and information commissioners must apply the DPDP Act’s definition of “personal data” while deciding RTI requests.
This effectively raises the threshold for disclosing personal details of individuals unless a larger public interest is clearly established.
This provision has been met with criticism by several quarters of the society, including media industry, civil society and so on, as they argue that it may restrict disclosure of personal information in RTI responses. Responding to criticism, IT minister Ashwini Vaishnaw earlier this year, aid that the law will not restrict disclosure of personal information in RTI responses.
"Therefore, any personal information that is subject to disclosure under legal obligations under various laws governing our public representatives and welfare programmes like MGNREGA, etc will continue to be disclosed under the RTI Act. In fact, this amendment will not restrict disclosure of personal information, rather it aims to strengthen the privacy rights of the individuals and prevent the potential misuse of the law,” Vaishnaw said in a letter to former minister Jairam Ramesh.
The IT ministry has notified a three-stage schedule for enforcing the DPDP Act. The provisions that take effect immediately include establishing the Data Protection Board and key penalty, appeal and rule-making powers.
A second set of provisions will come into effect one year from now, including provisions that deal with consent, duties of data fiduciaries, data principal rights and so on.
.JPG)
.JPG)
