In 50 words: The Digital Personal Data Protection Act 2023 (DPDP) permanently changed how RTI applicants and PIOs handle personal information requests. Section 44(3) of DPDP rewrote RTI Section 8(1)(j) — narrowing the exemption and strengthening the public-interest override. This series tells you exactly what changed and how to use it.
The Digital Personal Data Protection Act, 2023 (No. 22 of 2023) received Presidential assent on 11 August 2023 and came into force progressively from that date. While the Act is primarily about data fiduciaries and consent frameworks, its Section 44(3) contains a surgical amendment that every RTI applicant, PIO, and information commissioner must understand: it rewrote the personal-information exemption in the Right to Information Act, 2005.
Until the DPDP amendment, Section 8(1)(j) of the RTI Act had protected information from disclosure if it “relates to personal information the disclosure of which has no relationship to any public activity or interest, or which would cause unwarranted invasion of the privacy of the individual unless the … authority is satisfied that the larger public interest justifies the disclosure.” That language was broad, subjective, and routinely mis-used by PIOs to refuse basic service-delivery information.
The DPDP Act substituted a tighter, rights-language formulation. The result is a narrower exemption — harder for PIOs to invoke mechanically — combined with a clearer public-interest override in Section 8(2).
This is a live and evolving legal area. CIC benches began deciding cases under the new Section 8(1)(j) text from late 2023 onward. The Data Protection Board of India, once constituted under DPDP, will add a parallel redressal channel.
Before DPDP, a common PIO tactic was to refuse any request mentioning a named individual — government employee salaries, contractor tie-ups, beneficiary lists — by invoking S.8(1)(j) without analysis. Courts had to consistently reverse these refusals (see Girish Ramchandra Deshpande v CIC, (2013) 1 SCC 212; Central Board of Secondary Education v Aditya Bandopadhyay, (2011) 8 SCC 497). The new text forces PIOs to apply a narrower, more rigorous test.
If you are an RTI applicant:
If you are a PIO:
Use these RTI Wiki tools alongside this series:
The amendment to S.8(1)(j) makes the personal-information exemption harder for PIOs to invoke loosely. The new text is narrower and contains a clearer public-interest override. For well-framed RTI applications seeking information about public functions, DPDP has marginally strengthened applicants' position.
No. The DPDP Act is not a ground for refusal under RTI Section 8. A PIO refusing on privacy grounds must cite Section 8(1)(j) of the RTI Act — the amended version. Citing “DPDP Act” as a standalone refusal ground is legally incorrect and challengeable in first appeal.
No. The Data Protection Board under DPDP handles complaints about data fiduciaries — companies, government bodies — who misuse personal data. RTI appeals go to the FAA and then to CIC (for Central PA) or the State Information Commission. The two systems are parallel, not competing.
The official gazette notification is at the Ministry of Law and Justice e-Gazette, and India Code at indiacode.nic.in. The PRS India summary is at prsindia.org.