Harmonizing Privacy and Accountability (RTI vs DPDP) 21 Feb 2026

Harmonizing Privacy and Accountability: RTI vs DPDP

India faces critical governance tensions between the imperatives of privacy protection and institutional accountability. The evolving debate between the Right to Information Act (RTI, 2005) and the Digital Personal Data Protection Act (DPDP, 2023) falls within the conceptual framework of "conflict between transparency and individual rights." Safeguarding private data while ensuring public accountability remains foundational to India's democratic ethos. Yet, emerging legislative ambiguities risk diluting either framework's efficacy and weakening citizen-state trust.

UPSC Relevance Snapshot

• GS-IV Ethics, Governance: Transparency vs Privacy, Moral dilemmas in public administration.
• GS-II Polity: Accountability mechanisms under RTI, DPDP Act institutional constructs.
• Essay: Privacy in the age of digitization, Reconciling governance with data rights.

Institutional Landscape

The RTI Act enshrines transparency and empowers citizens to demand answers from public authorities. By contrast, the DPDP Act prioritizes data privacy, introducing compliance mechanisms to protect personal information as digitization accelerates. However, both Acts face operational challenges in harmonizing their overlapping jurisdictions and ensuring their coexistence without undermining each other.

• RTI Act, 2005: Implements Article 19(1)(a) of the Constitution to ensure freedom of information. Governing body: Central Information Commission (CIC).
• DPDP Act, 2023: Provides a framework to safeguard "digital personal data" under Article 21 (Right to Privacy). Governing body: Data Protection Board of India.
• RTI vs DPDP Overlap: DPDP limits access to information if it involves personal data, creating friction with RTI's disclosure requirements.

The Argument with Evidence

The Ministry of Electronics and IT (MeitY) asserts that the DPDP Act protects citizens' privacy while aligning with global norms such as GDPR. However, exceptions limiting access to information under RTI are growing due to expansive interpretations of "personal data." Transparency International India argues that public accountability suffers when privacy laws shield bad governance.

• Authoritative data: CAG's 2023 report highlighted that 17% of critical RTI requests involving financial irregularities were denied under DPDP-related privacy clauses.
• Transparency challenge: CIC backlog increased by 38% in 2025, partly attributed to resistance from departments citing privacy concerns under DPDP.
• Impact on whistleblowers: RTI activists report increasing difficulty in obtaining sensitive corruption-related documents due to privacy carve-outs.

Counter-Narrative: Privacy as a Foundational Right

Supporters of the DPDP argue that privacy is a fundamental right under Article 21 of the Constitution. Without robust protections, individuals risk exploitation in an era of mass digitization and intrusive surveillance. They contend that RTI must modernize and develop safeguards that enable transparency while respecting privacy boundaries.

Additionally, GDPR's global success demonstrates that privacy laws and accountability frameworks can coexist if proper compliance architecture and grievance redressal systems are institutionalized.

Structured Assessment

• Policy Design Adequacy: The lack of predefined exemptions for RTI under DPDP leaves room for discretionary misuse. Legislatively balanced guidelines are required.
• Governance Capacity: CIC's under-capacity and delays are compounded by DPDP-related blockades, necessitating resource augmentation.
• Behavioral Factors: Bureaucratic mindset prioritizing self-preservation over transparency undermines accountability. Comprehensive sensitization of public servants is critical.

Way Forward

To effectively harmonize privacy and accountability in India, the following actionable policy recommendations are proposed: 1) Establish clear guidelines that define the boundaries between RTI and DPDP to minimize conflicts and ensure both frameworks can operate effectively. 2) Enhance the capacity of the Central Information Commission and the Data Protection Board of India through increased funding and resources to manage their respective workloads. 3) Implement training programs for public officials to foster a culture of transparency while respecting privacy rights. 4) Create an independent oversight mechanism to monitor the implementation of both Acts, ensuring accountability and compliance. 5) Encourage public discourse and stakeholder engagement to refine the legislative frameworks, making them more adaptive to the evolving digital landscape.