Right to Information Wiki

The working reference for India's Right to Information Act, 2005.

User Tools

Site Tools

You are here: Right to Information Act, 2005 — India's Working Reference » courses » 🔐 DPDP Act 2023 + Rules 2026 Crash Course » Module 04 — DPDP × RTI interplay — for both PIOs and citizens
Trace: Module 04 — DPDP × RTI interplay — for both PIOs and citizens
courses:dpdp:module-04
Translate:

Table of Contents

Module 04 — DPDP × RTI interplay — for both PIOs and citizens

DPDP Act 2023 + Rules 2026 Crash Course Module 04

Goal: Apply the right standard at the §8(1)(j) boundary.

§8(1)(j) of RTI vs DPDP

§8(1)(j) RTI exempts personal information unless disclosure is in larger public interest OR the information would have been disclosed to Parliament/Legislature.

DPDP doesn't override RTI but adds a consent factor:

  1. Living individual + sensitive personal data → DPDP Rule 4: PIO should consider data principal consent
  2. Deceased/historical data → DPDP largely doesn't apply; pure §8(1)(j) test
  3. Public-servant 'public activity' → §8(1)(j) doesn't shield (per Karnataka HC 9-Feb-2026)

PIO workflow under combined regime

For each personal-information RTI:

  1. Is the data subject a public servant in their public-activity capacity? → §8(1)(j) doesn't apply; disclose.
  2. Is the data subject deceased? → DPDP doesn't apply; pure §8(1)(j) test.
  3. Is the data subject a private individual? → §11 third-party notice (RTI) + consider DPDP consent factor.
  4. Is the request large-public-interest? → §8(2) override applies; disclose with redaction.

§7(b) state function + DPDP

DPDP §7(b) allows the State to process personal data for benefit/subsidy/license without consent. This means:

  1. Govt can collect Aadhaar-linked subsidy data without separate consent under DPDP
  2. But the data can still be requested under RTI as 'records held by public authority'
  3. Combination: data was lawfully processed under DPDP + can be requested under RTI subject to §8 / §10

Citizen actions

For citizens whose personal data is held by govt:

  1. DPDP §11 right to information: ask the Fiduciary what data is held + how processed
  2. RTI §6(1): ask the public authority for records about you
  3. These overlap — but DPDP gives you the right to correction + erasure; RTI doesn't.
  4. For breach by govt: file with DPB under §34

Penalties + Data Protection Board

Data Protection Board of India (DPB) — 4-7 members appointed by Central Govt, 2-year terms.

Penalties (Schedule):

  1. Failure to take security safeguards: up to ₹250 crore
  2. Failure to notify breach: up to ₹200 crore
  3. Failure to fulfill child-data obligations: up to ₹200 crore
  4. Other obligations: up to ₹50 crore

DPB appeals → Telecom Disputes Settlement and Appellate Tribunal (TDSAT) → Supreme Court.

✅ Quiz

Quiz available from your course dashboard.

Next

Last reviewed: 24 April 2026.

, ,
Share this article
Twitter Facebook WhatsApp
Was this helpful? views
courses/dpdp/module-04.txt · Last modified: by 127.0.0.1
Except where otherwise noted, content on this wiki is licensed under the following license: GNU Free Documentation License 1.3
GNU Free Documentation License 1.3 Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki

The working reference for India's Right to Information Act, 2005. Current, sourced, usable. We do not file RTIs on your behalf — we equip you to file your own.

1,161articles
408case-law rulings
1,046tags
36state guides

📰 Get the RTI Wiki digest — monthly

Important rulings, amendments, editorial. Curated. No spam — unsubscribe anytime.

@rtiindia Facebook RSS
🗺 Full sitemap — every page →

© 2005–2026 RTI Wiki. Content reviewed as of 23 April 2026. RTI Wiki is an editorial knowledge base on the Right to Information Act, 2005 — not a law firm, not a legal-advice service, not a paid filing service.

Home Sitemap Editor Editorial policy Disclaimer Privacy Press kit Contribute Contact