AUTHOR: DEVANSHI MEHTA
This report examines India’s new Digital Personal Data Protection (DPDP) Act 2023 and accompanying DPDP Rules 2025 through legal-doctrinal, comparative, and analytical lenses We analyse the Act’s provisions (consent, data-principal rights, fiduciary duties, exemptions, localisation), identify critical gaps (consent asymmetries, broad state powers, digital divide, enforcement weaknesses), and assess democratic risks (surveillance, chilling of dissent, transparency deficits). Historical context (from global privacy norms to the Puttaswamy judgment and Aadhaar cases) frames the discussion. Comparative analysis considers GDPR (EU), CCPA (California), and data governance in Germany, France, and South Korea. We propose innovations and best practices (data audits, public literacy drives, data trusts, and transparency tools) and outline a policy roadmap to strengthen India’s digital safeguards while preserving democratic values. Key findings include that while the DPDP Act formally recognizes data rights, sweeping exemptions for the state, weak enforcement architecture, and persistent inequalities risk undermining privacy protections. The report concludes with recommendations to reconcile India’s welfare-democratic identity with robust digital rights and outlines likely developments over the next five years.