PERSONS WITH DISABILITIES routinely interact with digital infrastructure and advancing AI technologies, which entail extensive data processing. Naturally, when it comes to them, concerns pertaining to data protection and privacy are coupled with the particular vulnerabilities of persons with disabilities. In this context, ensuring clear and informed “consent” for data collection and processing is of paramount importance. However, the current consent framework remains unclear and fraught with challenges and shortcomings. Despite the Union government’s earnest efforts to introduce the Digital Personal Data Protection Act, 2023 (DPDP Act), which seeks to regulate the collection and storage of digital personal data by data fiduciaries, along with the subsequent draft Rules of 2025, the challenges faced by persons with disabilities in the digital space may not only worsen due to the said legal framework but they may also be excluded from equal and unrestricted access to essential digital services, including financial and healthcare services.
The Rights of Persons with Disabilities Act, 2016 (RPwD Act) was legislated with a vision to help PwD individuals live independently and participate fully in society. It aims to ensure equal rights and access to services for everyone, regardless of disability, and to protect the dignity and autonomy of individuals with disabilities. This includes respecting their choices and allowing them to make their own decisions. With increased engagement with digital goods and services, the lawmakers realised the importance of digital access of PwDs and deemed it necessary to incorporate a provision on the access to information and communication technology by PwDs through Section 42 of the RPwD Act. Last year, the Supreme Court, in Rajive Raturi v. Union of India (2024), held that “accessibility” encompasses access to information, communication, and digital platforms to all individuals, including those with disabilities (‘digital accessibility’). Having said that, digital accessibility becomes crucial in the world of AI and big data, raising significant concerns about data sharing, data processing, and the mechanisms and contexts in which meaningful and informed consent can be exercised to enable full participation in the digital space.
Prima facie, in order to address the need for an all-inclusive legal framework for processing data of PwDs and bridge the glaring gap between the disability law and the data protection law, the PwDs have been “reasonably accommodated” under Section 9 of the DPDP Act. Nonetheless, on the bare perusal of the Section 9, it appears that there are underpinnings of injustice and arbitrariness in the legal provision.
Firstly, the language of the provision prohibits PwDs from exercising their lawful right to consent to the processing of their personal data without the involvement of a legally appointed guardian. This approach goes against the core purpose of the RPwD Act , as outlined in its Preamble, and the concept of “limited guardianship” enshrined within the Act. Moreover, the involvement of a guardian in a disabled individual’s decision-making process should be purely assistive and must not entirely replace or overshadow the individual’s intellectual capacity, barring individuals suffering from acute mental impairment. Since the RPwD Act is a comprehensive special law specifically promulgated for the needs of people with disabilities, any future laws that include support measures for people with disabilities must align with and not contradict with the Act. The DPDP Act significantly undermines the autonomy of PwDs to make independent decisions.
Recommendations
The DPDP Act and the draft Rules of 2025 fall short of achieving an all-inclusive and robust data protection legal framework protecting the rights of PwDs. The current approach fails to address the digital access challenges faced by PwDs, who constitute a significant segment of data principals.* The foremost priority should be recognising information asymmetry** in the data economy and its severe impact on PwDs as major digital avenues have low accessibility scores. The Union government should avoid trivialising their concerns by grouping them with minors under the same provision i.e., Section 9.
Also, the final draft of data protection law should incorporate “sensitive personal data” as a classification and distinguish PwDs’ data under it for clarity purposes.
Notes: *An individual whose personal data is collected and processed by an organisation.
** It refers to a situation when giant tech companies and data aggregators, who are in possession of substantial amount of personal and sensitive data, possess more information about users than individuals do.