NEW DELHI: Next week, the Supreme Court headed by Chief Justice of India Surya Kant will start hearing arguments for and against India’s first-ever data privacy law. After five separate public interest litigation petitions filed in February challenged the Digital Personal Data Protection (DPDP) Act, these hearings starting 13 May could determine the future of what companies and government bodies can do with the personal data of 1.4 billion people.
Both the Centre and the litigators have deployed batteries of top lawyers. Court proceeding records accessed by Mint showed 38 lawyers representing those who filed the public interest litigation (PILs), including two of India’s senior-most advocates—member of Parliament Abhishek Manu Singhvi and senior activist and lawyer Prashant Bhushan. The Centre’s team of 17 lawyers is led by Tushar Mehta, India’s solicitor general.
Litigators, activists and officials told Mint there are three issues at stake—dilution of the Right to Information Act, infringement of freedom of journalism, and sweeping exemptions afforded to the Centre through the , and its rules.
The DPDP Act became law in August 2023 after it was passed by Parliament without debate and received the President’s assent. The ministry of electronics and IT (Meity), the nodal ministry for the law, notified its rules in November 2025. The law is now set to be implemented by companies starting this November.
So far, the Supreme Court has refused to halt the law—something that one of the five PILs has sought from the top court. On 16 February, chief justice Kant said there was “no question” of staying the DPDP Act. Kant, however, said the court would hear all grievances against the act and issue a verdict before the law is enforced.
Most grievous clauses
“There have been enough precedents of select provisions of a law being struck down by the Supreme Court in cases when the provisions were proved in court to be unconstitutional and against the judiciary’s own past judgements,” Bhushan told Mint. “We’re not asking for a stay against the entire law—we’re only asking for the most grievous clauses in the , which will act against protecting the data privacy of our people, to be struck down.”
Mint independently accessed and reviewed copies of all of the five PILs filed before Kant. In one petition, Geeta Seshu, a Mumbai-based independent journalist and free-speech activist, called the law “a constitutional regression from the fundamental right to privacy recognized by this Hon’ble Court in Justice K.S. Puttaswamy (Retd.) v. Union of India.”
“While enacted under the ostensible objective of , the DPDP Laws in effect legalize disproportionate State surveillance, create a compensation vacuum for citizens, dilute the Right to Information, erode the ability of journalists to practice their profession, and establish a data protection regulator that is structurally dependent upon the Executive,” she said in the PIL.
Europe’s General Data Protection Regulation is considered the template for all data protection legislation worldwide, while the US uses state-wise legislation for data protection standards. Mishi Chaudhary, lawyer and founder of Software Freedom Law Centre and one of the complainants, said that “no significant economy in the world currently has the kind of draconian surveillance powers that India has afforded to its data protection law.”
Bhushan said the current version of the law “could mean that an investigative journalist may be forced to give up crucial whistleblower identity if they expose sensitive corporate wrongdoing.”
The current version, the top lawyer added, significantly dilutes the powers of India’s judiciary, “which stands at the heart of India being the world’s largest democracy.”
Public consultations
Speaking with Mint, Seshu added that the petitioners also seek to obtain clarity on the public consultations done by Meity.
“While the consultations were said to be public and transparent, we do not have any account of the submissions that were made about the law or what changes were eventually made to the law basis these submissions. Unless there is such transparency and accountability, there’s no point in such consultations,” she said.
A questionnaire sent to Meity by Mint on Tuesday remained unanswered until press time.
The Centre has so far refuted these claims. Meity, according to two senior officials who requested anonymity because the matter is sub-judice, is expected to file its responses to the Supreme Court’s three-judge bench prior to its next hearing on 13 May.
“All of these litigations are being filed by proxy bodies who represent corporate parties looking to stall the implementation of a stringent and justified data protection regime. The was framed over many years, afforded ample time for public consultations, and was implemented only after taking every view into account,” one of the officials said.
Mahendra Limaye, one of the 17 lawyers representing the Centre, added that “the government is open to hearing all voices, but the questions being raised are not to the interest of public data privacy concerns.”
For now, all eyes will move to the Supreme Court hearing on 13 May, when the hearings start with the Centre’s submissions. Bhushan said the top court is unlikely to stay the law in the future as well.
“We’re hopeful that the chief justice will take note of the concerns and act accordingly. The battle will most certainly be long drawn, but such sensitive issues require careful deliberation—especially seeing that privacy as a fundamental right of every individual was afforded by this very court, and the final version of the law fails to fully achieve that,” Bhushan said.