DATA PRIVACY AND PROTECTION IN INDIA: A CRITICAL DOCTRINAL ANALYSIS OF THE DIGITAL PERSONAL DATA PROTECTION ACT, 2023 IN THE LIGHT OF CONSTITUTIONAL STANDARDS AND INTERNATIONAL BENCHMARKS

INDIAN JOURNAL OF LEGAL REVIEW

2 May, 2026

DATA PRIVACY AND PROTECTION IN INDIA: A CRITICAL DOCTRINAL ANALYSIS OF THE DIGITAL PERSONAL DATA PROTECTION ACT, 2023 IN THE LIGHT OF CONSTITUTIONAL STANDARDS AND INTERNATIONAL BENCHMARKS

DATA PRIVACY AND PROTECTION IN INDIA: A CRITICAL DOCTRINAL ANALYSIS OF THE DIGITAL PERSONAL DATA PROTECTION ACT, 2023 IN THE LIGHT OF CONSTITUTIONAL STANDARDS AND INTERNATIONAL BENCHMARKS

AUTHOR – G. MAHENDHIRA ADHITHYA* & Ms. K. KEERTHANA**

* STUDENT AT SCHOOL OF LAW, VELS INSTITUTE OF SCIENCE, TECHNOLOGY AND ADVANCED STUDIES (VISTAS)

** ASSISTANT PROFESSOR AT SCHOOL OF LAW, VELS INSTITUTE OF SCIENCE, TECHNOLOGY AND ADVANCED STUDIES (VISTAS)

BEST CITATION – G. MAHENDHIRA ADHITHYA & Ms. K. KEERTHANA, DATA PRIVACY AND PROTECTION IN INDIA: A CRITICAL DOCTRINAL ANALYSIS OF THE DIGITAL PERSONAL DATA PROTECTION ACT, 2023 IN THE LIGHT OF CONSTITUTIONAL STANDARDS AND INTERNATIONAL BENCHMARKS, INDIAN JOURNAL OF LEGAL REVIEW (IJLR), 6 (7) OF 2026, PG. 13-23, APIS – 3920 – 0001 & ISSN – 2583-2344. DOI – https://doi.org/10.65393/IJLRV6I73

ABSTRACT

The governance of personal data in India stands at a constitutionally consequential inflection point. The unanimous recognition of informational privacy as a fundamental right by a nine judge bench of the Supreme Court of India in Justice K.S. Puttaswamy (Retd.) v. Union of India (2017) 10 SCC 1 imposed a proportionality calibrated constitutional mandate upon all subsequent legislative endeavor’s in this domain. The Digital Personal Data Protection Act, 2023 (DPDPA), India’s first purpose specific data protection statute, represents the culmination of a protracted and politically contested legislative process. This article undertakes a rigorous doctrinal analysis of the DPDPA 2023, situating it within the constitutional architecture erected by the Puttaswamy jurisprudence and evaluating it against the normative standards established by the European Union’s General Data Protection Regulation (GDPR). The analysis reveals that while the Act constitutes a genuine legislative advance, it is marred by structural deficiencies of constitutional significance: the sweeping executive exemption under Section 17(2) fails the proportionality standard; the Data Protection Board’s dependence on executive appointment compromises institutional independence; the omission of rights to data portability and protection against automated decision making leaves critical lacunae; and the whitelist based cross border transfer mechanism substitutes diplomatic pragmatism for objective adequacy review. Drawing on comparative frameworks from the European Union and the United Kingdom, and examining the practical dimensions of enforcement deficits, surveillance accountability gaps, and the emerging challenge of algorithmic governance, this article advances a programme of legislative, institutional, and policy reforms directed at aligning India’s data protection framework with its constitutional aspirations.

Keywords: Data Privacy; Digital Personal Data Protection Act 2023; Informational Self Determination; Proportionality Doctrine; GDPR; Data Protection Board; Surveillance; Algorithmic Decision Making; Constitutional Rights; Comparative Data Law.

V6I73FDownload

Download Full Article