The widespread collection and processing of personal data today raises serious questions about individual privacy. In India, the way we look at privacy changed completely after the 2017 K.S. Puttaswamy v. Union of India Supreme Court judgment, which recognized the right to privacy as a fundamental right under Article 21 of the Constitution. This paper looks at how digital privacy protections have evolved in India, moving from court rulings to the recent Digital Personal Data Protection (DPDP) Act of 2023. We reviewed the provisions of the new law to see how well it aligns with constitutional principles like proportionality and informed consent.Furthermore, the rapid expansion of digital services—ranging from online education platforms to digital finance—has exposed average citizens, especially students and younger demographics, to increasingly sophisticated cyber threats. Recent data underscores this urgency, showing that the scale of cybercrime in India has escalated at an unprecedented pace, with official complaint data revealing a roughly 24% increase in cases between 2021 and 2022, and reaching over 2.2 million complaints registered via government portals by 2024. Young users are heavily exposed to phishing attacks, identity theft, cyberbullying, and data breaches due to their extensive use of social media and online learning environments.While the DPDP Act aims to mitigate these risks by setting up a baseline for data minimization and creating the Data Protection Board of India, significant challenges remain. The asymmetrical power dynamic between massive tech corporations and everyday internet users often turns 'informed consent' into a mere formality, as users rarely read lengthy terms of service. Additionally, there are major concerns about the broad exemptions given to government agencies and the lack of robust rules governing automated AI decision-making. Ultimately, we argue that legislative measures like the DPDP Act must be coupled with practical cybersecurity education. We need aggressive digital literacy campaigns, 'privacy by design' built into applications, and strict, transparent enforcement to truly protect people's privacy in a data-heavy world.
A et al. (Mon,) studied this question.