Editors Guild of India joins chorus against new Digital Personal Data Protection Act rules

Public Lokpal
November 19, 2025

Share by

Editors Guild of India joins chorus against new Digital Personal Data Protection Act rules

New Delhi: The Editors Guild of India has warned that the framework of the Union government’s newly notified Digital Personal Data Protection Rules 2025, could categorise journalism as data processing, which would require consent even for newsgathering.

The Guild cautioned that such an interpretation could undermine investigative journalism and public-interest reporting.

The Guild said the rules, introduced under the Digital Personal Data Protection Act 2023, retain several ambiguities that place newsgathering, investigative reporting and routine editorial processes at risk.

The Guild said that the legislation weakens the Right to Information (RTI) framework and does not provide a clear journalistic exemption. Even after the detailed rules were published, several questions remain unanswered, noted the Guild.

The Guild recalled that the electronics and IT ministry had met media bodies in July 2025 and verbally assured them that journalistic activity would not fall under the scope of the law. But no written clarification has followed.

During that consultation, media organisations had submitted 35 questions seeking clarity on issues such as consent requirements, access to data, the status of research and reporting-related exemptions.

The Guild said these concerns remain unresolved.

One of the principal fears is that journalistic work could be categorised as data processing, which would require obtaining consent even for newsgathering.

The Guild cautioned that such an interpretation could undermine investigative journalism and public-interest reporting. It urged the government to issue an immediate clarification exempting bona fide journalistic work from the law, stating that press freedom and the public’s right to information deserve equal protection alongside data security.

The DIGIPUB News India Foundation also issued a statement on Tuesday, arguing that the new rules endanger journalism and weaken India’s transparency regime by diluting the Right to Information Act.

The rules, notified on November 15, operationalise specific provisions of the DPDP Act 2023 and stagger the enforcement of others.

It said the new law and rules impose an unreasonable burden on independent media and pose a serious threat to freedom of speech under Article 19(1)(a).

The organisation called on the government and the electronics and IT ministry to begin a reform process to restore a clear statutory exemption for journalistic and public-interest processing.

It urged the ministry to initiate a transparent and time-bound consultation on the issues submitted by media groups and amend provisions that undermine media freedom, access to information and the integrity of the digital public sphere.

A free and independent press, it said, is indispensable to any democratic republic.

The Digital Personal Data Protection Rules 2025 include expected features of a modern data protection framework. These include clearer notices on data use and storage, mandatory breach disclosures, parental consent requirements for minors, obligations for grievance redressal and the establishment of a digital Data Protection Board.

The rules also increase accountability for companies through stricter audits for significant data fiduciaries, enhanced obligations for sensitive sectors such as healthcare and finance, and penalties of up to 250 crore rupees for violations.

Industry bodies like NASSCOM and IAMAI have expressed concern that heavy certification and compliance requirements, including annual data protection impact assessments and audits, may burden start-ups and smaller enterprises.

Among the most debated aspects is Rule 23, which authorises the government to seek personal data from any data fiduciary without the citizen’s consent. The grounds cited include national security, sovereignty, integrity of India, public order or any function of law.

Companies are prohibited from informing individuals when such requests are made. At the same time, Section 44(3) of the Act amends the RTI Act to block the disclosure of almost all personal information, leaving citizens with fewer avenues for transparency while widening the State’s access.

Although the rules promise greater citizen control over personal data, the only provision taking effect immediately is the one that expands the State’s authority and tightens restrictions on information access.