Table of Contents

DPDP Act 2023 × RTI Act: Complete Guide — citizen series 2026

⚠️ DPDP Rules, 2025 (14 Nov 2025) amended Section 8(1)(j) of the RTI Act — public-interest override now under Section 8(2). Read the note →

· 2026/04/19 05:02

In 50 words: The Digital Personal Data Protection Act 2023 (DPDP) permanently changed how RTI applicants and PIOs handle personal information requests. Section 44(3) of DPDP rewrote RTI Section 8(1)(j) — narrowing the exemption and strengthening the public-interest override. This series tells you exactly what changed and how to use it.

The Digital Personal Data Protection Act, 2023 (No. 22 of 2023) received Presidential assent on 11 August 2023 and came into force progressively from that date. While the Act is primarily about data fiduciaries and consent frameworks, its Section 44(3) contains a surgical amendment that every RTI applicant, PIO, and information commissioner must understand: it rewrote the personal-information exemption in the Right to Information Act, 2005.

Until the DPDP amendment, Section 8(1)(j) of the RTI Act had protected information from disclosure if it “relates to personal information the disclosure of which has no relationship to any public activity or interest, or which would cause unwarranted invasion of the privacy of the individual unless the … authority is satisfied that the larger public interest justifies the disclosure.” That language was broad, subjective, and routinely mis-used by PIOs to refuse basic service-delivery information.

The DPDP Act substituted a tighter, rights-language formulation. The result is a narrower exemption — harder for PIOs to invoke mechanically — combined with a clearer public-interest override in Section 8(2).

This is a live and evolving legal area. CIC benches began deciding cases under the new Section 8(1)(j) text from late 2023 onward. The Data Protection Board of India, once constituted under DPDP, will add a parallel redressal channel.

What this series covers

Article Topic Link
1 This hub page You are here
2 S.8(1)(j) Narrowed — before vs after Read →
3 CIC orders post-DPDP Read →
4 Drafting RTI to survive S.8(1)(j) Read →
5 DPDP Board vs RTI Appeal route Read →

Why this matters to ordinary citizens

Before DPDP, a common PIO tactic was to refuse any request mentioning a named individual — government employee salaries, contractor tie-ups, beneficiary lists — by invoking S.8(1)(j) without analysis. Courts had to consistently reverse these refusals (see Girish Ramchandra Deshpande v CIC, (2013) 1 SCC 212; Central Board of Secondary Education v Aditya Bandopadhyay, (2011) 8 SCC 497). The new text forces PIOs to apply a narrower, more rigorous test.

If you are an RTI applicant:

If you are a PIO:

The key statutory provisions

Quick-reference timeline

Use these RTI Wiki tools alongside this series:

FAQ

Q: Did the DPDP Act make RTI easier or harder to use?

The amendment to S.8(1)(j) makes the personal-information exemption harder for PIOs to invoke loosely. The new text is narrower and contains a clearer public-interest override. For well-framed RTI applications seeking information about public functions, DPDP has marginally strengthened applicants' position.

Q: Can a PIO now refuse my RTI citing the DPDP Act itself?

No. The DPDP Act is not a ground for refusal under RTI Section 8. A PIO refusing on privacy grounds must cite Section 8(1)(j) of the RTI Act — the amended version. Citing “DPDP Act” as a standalone refusal ground is legally incorrect and challengeable in first appeal.

Q: Is the DPDP Data Protection Board a replacement for CIC appeals?

No. The Data Protection Board under DPDP handles complaints about data fiduciaries — companies, government bodies — who misuse personal data. RTI appeals go to the FAA and then to CIC (for Central PA) or the State Information Commission. The two systems are parallel, not competing.

Q: Where can I read the official DPDP Act text?

The official gazette notification is at the Ministry of Law and Justice e-Gazette, and India Code at indiacode.nic.in. The PRS India summary is at prsindia.org.

Sources

  1. Digital Personal Data Protection Act 2023 (No. 22 of 2023), Ministry of Electronics and Information Technology.
  2. Right to Information Act 2005 (No. 22 of 2005), DoPT.
  3. Girish Ramchandra Deshpande v Central Information Commission, (2013) 1 SCC 212, Supreme Court of India.
  4. Central Board of Secondary Education v Aditya Bandopadhyay, (2011) 8 SCC 497, Supreme Court of India.
  5. Canara Bank v C S Shyam, (2018) 11 SCC 426, Supreme Court of India.
  6. PRS India, Bill Summary: Digital Personal Data Protection Bill 2023.
  7. CIC Annual Report 2022-23, Central Information Commission.