The Digital Shield and the Sovereign State: A Constitutional and Legal Analysis of Cybersecurity, Data Privacy, and the DPDPA 2023 in India
DOI:
https://doi.org/10.69971/dss.2.1.2025.37Keywords:
right to privacy, DPDP act 2023, state surveillance, cybersecurity and data fiduciary obligations, end-to-end encryptionAbstract
India's economy is developing rapidly due to digitization, changing the way citizens interact with the government and improving the way services are delivered. However, significant cybersecurity issues are identified in India's digital system, demanding new ways to protect citizens' "informational privacy”. This study explores the evolution of Indian (privacy) law by significant courts' decisions; starting with M.P. Sharma (1954) and ending with the K.S. Puttaswamy v Union of India (2017) that established the right to privacy as part of the fundamental rights framework established through Article 14, 19, and 21 of the Constitution. Accordingly, a close analysis of the Digital Personal Data Protection Act 2023 (“The DPDPA”) is reported exploring the conflict between state interests and individual liberties and specifically the broad exemptions provided to government agencies pursuant to Section 17 of the DPDPA. It is these same exemptions that some persons believe will enable unchecked government surveillance on an equivalent basis as the “Going Dark” debate related to encrypted data. The paper will focus on the technical aspects of how the laws and regulations defining end-to-end encrypted systems, zero-trust security models (pursuant to CERT-In’s requirements to report breaches within six hours), and the requirements to report breaches/other incidents within six hours can be interpreted and enforced. Comparisons will be made to the General Data Protection Regulation (GDPR) of the European Union and how there are gaps in the Indian framework that do not ensure regulatory independence and/or facilitate cross-border data transfers. Ultimately, while DPDPA 2023 may represent an important moment in Indian legal history, its success or failure will depend more on the operational independence of the Data Protection Board than on the harmonization of legal requirements with the changing nature of cybersecurity.
Downloads
References
Dixit, Pratik Prakash. 2018. Conceptualizing interaction between cryptography and law. NUJS Law Review 11: 327-359. https://nujslawreview.org/wp-content/uploads/2019/01/11.3-Pratik-Prakash-Dixit-CONCEPTUALISING-INTERACTION-BETWEEN-CRYPTOGRAPH Y-AND-LAW.pdf
Joshi Sidharth. 2023. Analysis of Right to Informational Privacy with respect to DPDPA 2023. International Journal of Law Management and Humanities 6: 3705-3718. https://doij.org/10.10000/IJLMH.118361
Kumar, Dharmendra. 2025. The Right to Privacy Under Article 21: Implications of the DPDP Act, 2023 for Data Protection in India. International Journal of Leading Research Publication 6: 1-8. https://www.ijlrp.com/research-paper.php?id=1702
Kumar, P Vasantha. 2024. Cybersecurity and data privacy: legal and ethical dimensions in the digital age. International Journal of Multidisciplinary Research in Science and Business 1: 11-12. https://edwin.co.in/egj/index.php/ijmrsb/article/view/1186
Sohrab, Khan Nazma. 2025. Privacy in the age of digital surveillance: analyzing Whatsapp’s policy and cybersecurity implications. Journal of In-formation Systems Engineering and Management 10: 937-965. https://doi.org/10.52783/jisem.v10i40s.7543
Yechury, Sitaram. 2018. Rs 500 for billions Aadhaar details 10 minutes. https://www.tribuneindia.com/news/archive/nation/rs-500-10-minutes-and-you-have-access-to-billion-aadhaar-details-523361
Downloads
Published
Issue
Section
License
Copyright (c) 2025 Authors
This work is licensed under a Creative Commons Attribution 4.0 International License.
