Evaluating India’s Digital Personal Data Protection Act, 2023: Privacy Rights, State Surveillance and Regulatory Challenges

The Digital Personal Data Protection Act, 2023 represents India’s first comprehensive attempt to regulate personal data in the digital ecosystem. With the expansion of digital governance, financial technologies, and large‑scale public databases, the protection of personal information has become a fundamental legal concern. This paper critically examines the Digital Personal Data Protection Act, 2023 with particular emphasis on privacy rights, the scope of state surveillance, and regulatory challenges. Using doctrinal legal research and comparative analysis with global data protection frameworks such as the European Union’s General Data Protection Regulation (GDPR), the paper evaluates whether the Act adequately safeguards informational privacy while enabling governance and economic development. The research finds that although the Act introduces important rights for individuals and establishes a regulatory mechanism through the Data Protection Board of India, several concerns remain regarding broad government exemptions, institutional independence, and enforcement capability. The paper concludes that stronger safeguards, judicial oversight of surveillance powers, and improved institutional capacity are necessary to ensure that India’s data protection framework effectively protects constitutional privacy rights.