Digital Personal Data Protection Act and Disability Rights

The Digital Personal Data Protection Act, 2023 (DPDP Act) is a landmark legislation in India designed to regulate digital personal data processing while balancing individual privacy and lawful data use. As the Ministry of Electronics and Information Technology (MeitY) seeks public feedback on draft rules, disability rights advocates have voiced concerns about specific provisions that may undermine the autonomy of Persons with Disabilities (PwDs).

Key Provisions and Controversies of Digital Personal Data Protection Act

A central point of contention in the Digital Personal Data Protection Act is Section 9(1), which mandates that data fiduciaries obtain verifiable consent from the legal guardian of a child or an adult with disabilities before processing their data. While the Act aims to ensure responsible data handling, activists argue that this requirement assumes PwDs lack decision-making capacity, contradicting principles of self-determination and independence.

Guardianship and Disability Laws: A Legal Dilemma

India’s legal framework for guardianship includes:

• The Rights of Persons with Disabilities Act, 2016 (RPWD Act) – Advocates for limited guardianship, where PwDs receive assistance in legal decisions while maintaining autonomy.
• The National Trust Act, 1999 (NT Act) – Allows for full guardianship, giving legal representatives complete decision-making authority.

The coexistence of these laws creates ambiguity about the role of guardians under the DPDP Act, raising concerns about who should control digital access and consent.

Challenges in Implementation

The draft rules attempt to outline consent mechanisms, but disability rights groups highlight several challenges:

• Lack of clarity on how PwDs can assert their digital rights independently.
• Risk of exclusion, as requiring guardian consent could restrict access to essential online services.
• Potential conflicts of interest, where guardians may act in ways that limit PwDs’ personal and financial autonomy.

Intersectionality and Digital Access

The intersection of disability, gender, and digital rights further complicates the issue. For example, a PwD woman needing a guardian’s approval to purchase personal healthcare products online illustrates the unintended consequences of restrictive consent policies. Without proper safeguards, such rules could disproportionately affect marginalized groups.

Ensuring Accessibility and Inclusion

Beyond legal concerns, digital accessibility remains a major hurdle. Many online platforms are not designed with PwDs in mind, making compliance with the DPDP Act even more difficult. Unless platforms become more inclusive, PwDs may struggle to exercise their rights effectively.

The Way Forward

To ensure the DPDP Act protects both data privacy and disability rights, policymakers must:

• Clarify the scope of guardian consent to avoid unnecessary restrictions.
• Adopt an inclusive approach that upholds self-determination for PwDs.
• Improve digital accessibility standards to enable independent participation.

Striking a balance between data protection and personal autonomy is crucial. Without thoughtful revisions, the Act risks becoming a barrier rather than a safeguard for the digital rights of Persons with Disabilities.