BALANCING PRIVACY AND POWER: A CRITICAL STUDY OF INDIA’S DATA PROTECTION REGIME AFTER PUTTASWAMY’

The digital revolution has fundamentally altered the interaction between the individual, the state, and the market, necessitating a re-evaluation of the legal principles governing personal information. In India, this evolution was anchored by the landmark judgment in Justice K.S. Puttaswamy (Retd.) v. Union of India , which unanimously recognized the right to privacy as an intrinsic part of the right to life and personal liberty under Article 21. This research paper explores the trajectory of India’s data protection regime, tracing its origins from early restrictive precedents to the contemporary statutory framework. It critically analyzes the Digital Personal Data Protection (DPDP) Act, 2023, evaluating its ability to operationalize the constitutional principles of informational privacy, autonomy, and dignity and drawing the comparison with EU’s general data protection regulation. By examining the robust proportionality test established in Puttaswamy and its application in subsequent cases like the Aadhaar judgment and the Pegasus controversy, the study highlights a growing tension between individual rights and state power. The research identifies significant structural concerns, including the broad exemptions granted to government agencies under Section 17 and the perceived lack of institutional independence for the Data Protection Board of India. The paper concludes that while the DPDP Act is a milestone, its effectiveness in safeguarding privacy against corporate and state overreach depends on narrow judicial interpretation of exemptions and the strengthening of regulatory oversight to prevent the "new oil" of data from becoming a tool of unchecked surveillance.