Can’t Have AI Impact If You Shrink the Right to Information
The India AI Impact Summit, from February 16 to 20, has a lofty slogan: “Shaping AI for Humanity, Inclusive Growth and a Sustainable Future.” Beneath the fanfare, however, a far more disturbing reality is unfolding. At a time when India stands at the crossroads of mandating how information is accessed, processed, and used, the regime meant to empower citizens has been dismantled.
As Nikhil Dey and Apar Gupta argue in a powerful critique, the summit ostensibly about “humanity” is taking place in the shadow of the Digital Personal Data Protection Act (DPDPA), a law that has undermined the right to information and failed to protect the right to privacy. This is not a technical debate about regulatory fine print; it is a fundamental question about who controls information in a democracy and for what purposes.
The Fundamental Question
India’s information regime today raises a fundamental question: What types of information can be accessed, processed, and utilised by citizens, rulers, and the commercial sector? At the heart of this question is a simple constitutional precept—citizens have fundamental rights to their own data, including public data, both individual and collective.
The collective ownership of information affecting public activity and interest hinges on a strong RTI provision. The need to protect information whose disclosure would constitute an unwarranted invasion of privacy requires a careful balance between the right to information and the right to privacy.
This balance is not easy to strike. Too much transparency can invade privacy and chill legitimate activity. Too much secrecy can hide corruption, abuse of power, and incompetence. The art of democratic governance lies in getting this balance right.
The RTI Act’s Delicate Balance
The RTI Act defined information in an expansive manner. It was celebrated for its practical approach in mandating proactive disclosure and making information accessible on demand. It had a carefully worked out set of exemptions, including protection of the individual’s right to privacy.
RTI and privacy activists worked together and crafted a formulation that defined privacy as “personal information the disclosure of which has no relationship to any public activity or interest.” It allowed a public interest override even where there might be a breach of privacy if public interest necessitated disclosure of information.
This formulation stood the test of 20 years, with no major complaints of people’s privacy being breached. The RTI Act was brought in to help citizens fight corruption, challenge the arbitrary exercise of power, and realise their rights. The careful balance it struck between empowerment, access, and privacy protection made these objectives achievable.
It ensured that information about public officials, public spending, and public decisions remained accessible while protecting genuinely private information about individuals. It was a workable compromise that served the country well for two decades.
The DPDPA’s Disruption
The Digital Personal Data Protection Act, passed in 2023 and notified only on November 14, 2025, was expected to define and regulate digital data use while protecting privacy. However, instead of defining or even protecting privacy, the DPDPA does something quite different.
It defines personal data as “any data about an individual who is identifiable by or in relation to such data”—encompassing identifiers such as name, phone number, address, post, photograph, and more without any gradation. This is an extraordinarily broad definition that makes almost any information potentially “personal.”
It defines digital data, digital personal data, data fiduciary (anyone who processes anyone else’s information), and consent in very expansive terms that are left to be determined by a government-controlled board. The definitions are not fixed in the law; they will be determined by a board that answers to the executive.
It also defines data breach and outlines its consequences (fines and penalties in crores of rupees) in an expansive and therefore chilling manner. The threat of massive penalties creates a powerful incentive for information holders to err on the side of secrecy.
The Final Blow
As a final blow, through amendment 44(3), it destroys the only harmony between the right to information and the right to privacy. By mandating that no “personal information” can be disclosed, the Right to Information Act has been transformed into the right to deny information.
The amendment conflates the private with the personal. This conflation deals a blow to the RTI and comes in the way of access to meaningful information. Under the new regime, any information that can be linked to an identifiable individual can be withheld as “personal.” This includes information about public officials performing public duties, about government contracts awarded to individuals, about land holdings of politicians, about educational qualifications of candidates for public office.
The distinction between personal and private was crucial. Information could be personal—relating to an individual—without being private—deserving of protection from disclosure. A public official’s salary is personal to them, but it is not private; the public has a right to know how their taxes are spent. Under the new regime, this distinction collapses.
The Chilling Effect
Given the wide powers and exemptions the state has under the DPDPA and the technical nature of consent that only big data companies will be able to extract at every digital step, the objectives of “Shaping AI for Humanity, Inclusive Growth, and a Sustainable Future” seem like empty slogans.
Citizens who cannot access information cannot hold power accountable. They cannot fight corruption. They cannot challenge arbitrary decisions. They cannot participate meaningfully in democratic debate. The right to information is not a luxury; it is a precondition for democratic citizenship.
The DPDPA creates a regime where information is presumptively secret unless it falls within narrow exceptions. This is the opposite of the RTI’s presumption of openness. The shift is profound and deeply troubling.
The Summit’s Hollow Rhetoric
Having been excluded by law from accessing or processing information, Indian citizens and others from across the globe attending this summit, with an interest in the use of information for public purposes, should not be left with any illusion that they have a place at the table to discuss the fundamentals of the information regime and its use in AI.
The summit talks about shaping AI for humanity, but the underlying information regime excludes humanity from accessing the information that AI systems will use and produce. It talks about inclusive growth, but excludes citizens from the information they need to ensure growth is inclusive. It talks about a sustainable future, but undermines the transparency that makes sustainability accountable.
The rhetoric is lofty; the reality is disempowering.
Conclusion: The Information Paradox
India faces a profound paradox. It wants to be a leader in AI, a technology that runs on information. But it is simultaneously closing off access to information for its citizens. It wants to shape AI for humanity, but is excluding humanity from the information regime that will determine how AI is used.
The RTI Act was a hard-won victory for Indian democracy. It empowered citizens, exposed corruption, and made governance more accountable. The DPDPA, in its current form, threatens to undo that victory. By conflating the personal with the private, by creating expansive definitions controlled by the executive, by imposing chilling penalties, it transforms the right to information into the right to deny information.
Until this is addressed, the AI Impact Summit’s lofty slogans will ring hollow. You cannot have AI impact if you shrink the right to information.
Q&A: Unpacking the RTI and DPDPA Critique
Q1: What was the balance struck by the original RTI Act between transparency and privacy?
The RTI Act defined information expansively while creating a careful exemption for privacy. It defined privacy as “personal information the disclosure of which has no relationship to any public activity or interest.” This allowed a public interest override—even information that might breach privacy could be disclosed if public interest necessitated it. This formulation worked for 20 years, ensuring access to information about public officials and decisions while protecting genuinely private information.
Q2: How does the Digital Personal Data Protection Act (DPDPA) disrupt this balance?
The DPDPA defines personal data broadly as “any data about an individual who is identifiable”—encompassing names, phone numbers, addresses, photographs without gradation. Through amendment 44(3), it mandates that no “personal information” can be disclosed, conflating the private with the personal. This transforms the RTI Act into the right to deny information, as any information linked to an identifiable individual can now be withheld.
Q3: Why is the distinction between “personal” and “private” important?
Information can be personal—relating to an individual—without being private—deserving of protection from disclosure. A public official’s salary is personal to them, but not private; the public has a right to know. A politician’s land holdings are personal, but not private. The original RTI recognised this distinction. The DPDPA collapses it, allowing any personal information to be withheld, regardless of its relevance to public activity or interest.
Q4: What are the practical consequences for citizens trying to access information?
Citizens who cannot access information cannot hold power accountable, fight corruption, challenge arbitrary decisions, or participate meaningfully in democratic debate. The DPDPA creates a regime where information is presumptively secret unless it falls within narrow exceptions—the opposite of the RTI’s presumption of openness. The threat of massive penalties for data breaches creates a powerful incentive for information holders to err on the side of secrecy.
Q5: What is the paradox at the heart of India’s AI ambitions?
India wants to be a leader in AI, a technology that runs on information. But it is simultaneously closing off access to information for its citizens. It wants to shape AI for humanity, but is excluding humanity from the information regime that will determine how AI is used. The AI Impact Summit’s lofty slogans about inclusive growth and sustainable futures ring hollow when citizens are being excluded from accessing the information that AI systems will use and produce.
