Authors: Nipun Malhotra & Senu Nizar
Published: 6th January, 2025 in The Print
Around half a decade ago, one of the co-authors of this article was invited by then secretary, Department of Disability Affairs, for a vision setting exercise for the department for the next 25 years. The co–author made a strong argument that while the Department continues to function as a nodal agency, disability cannot be limited to just one department. Disability is an intersectional issue and we need disability experts in each ministry.
Data Protection Laws Reinforcing Stereotypes and Limiting Autonomy
The need for this was reinforced when the Digital Personal Data Protection Act 2023 was notified, which clubbed children and Persons with Disabilities under the same provision titled “Processing of personal data of children”. This effectively infantilised them by taking away their right to provide consent for the processing of their data. Those drafting this Act clearly overlooked the fact that not all PwDs have guardians and assumed that PwDs are not capable of making their own decisions, violating their autonomy.
The recently released draft Digital Personal Data Protection Rules 2025 (Draft Rules) reflect an attempt by the Ministry of Electronics and Information Technology to address some of the previously raised concerns. However, there is still much to be desired in adequately meeting the needs of PwDs.
The Rules have limited the requirement for lawful guardian’s consent to only two sets of PwDs. The first group includes those who have “long term physical, mental, intellectual or sensory impairment… and who, despite being provided adequate and appropriate support, is unable to take legally binding decisions”. However, the inclusion of ‘physical impairment’ in this category appears poorly thought out and flawed as physical disability does not automatically imply a lack of mental capability to make decisions.
Conflict with Rights-Based Legal Frameworks and Risks of Regression
Moreover, the Rules also conflict with the Rights of Persons with Disabilities Act 2016 (RPwD Act) which provides a limited guardianship model. Under this model, a court-appointed guardian makes decisions—limited to a “specific period”, “specific decision”, and “situation”—in consultation with PwDs. It is therefore unclear how a limited guardian can make decisions concerning PwDs’ data continuously over an indefinite period. Or would it be the case that lawful guardians must repeatedly approach the court to obtain guardianship arrangements tailored specifically for data processing? In that case, would it not render limited guardianship into a lifelong one, as PwDs inevitably need access to the digital space throughout their lives?
The second group comprises individuals “suffering from any of the conditions relating to autism, cerebral palsy, mental retardation… and includes an individual suffering from severe multiple disabilities”. This mirrors the definition of PwDs under the National Trust Act 1999 (NT Act)—which predates the UN Convention on Rights of Persons with Disability (UNCR/PD) 2006 and is rooted in a medical model of disability (using terms like ‘suffering’). However, not all persons on the autism spectrum necessarily require a guardian to make decisions. Similarly, having one or more disabilities, even if severe (over 80 per cent or more of disabilities), does not automatically indicate that the person is unable to make decisions or needs a guardian. While some might need a guardian for financial planning, surely most can and should be able to choose which burger to order from which restaurant app.
Besides, with the implementation of the RPwD Act, all guardianships for PwDs shall be deemed to be limited guardianship. Therefore, even guardians appointed under the NT Act cannot exceed their specified mandates.
Erroneous assumptions
The DPDP Act has done away with the distinction between personal data and sensitive personal data and consequently offers no special protection for disability data. This is unlike other jurisdictions like Australia where disability data is classified as health data and afforded a higher level of protection that is usually granted to sensitive personal data.
The absence of safeguards for sensitive personal data raises concerns about potential misuse as PwDs are more vulnerable to prejudicial treatment, with instances of disability disclosures leading to discrimination. For instance, declaring a disability to seek exam accommodations could result in an insurance company raising the premium amount or cab aggregators hiking ride charges. Further, these Rules lack clarity on technical measures and means to verify PwD status or court-appointed guardianship, adding more user friction and exacerbating existing barriers to digital accessibility for PwDs.
The crux of the problem lies in equating disability with the inability to consent. This is an erroneous assumption. Even the Contract Act 1872 does not use disability as the standard. Instead, it requires that a person be of sound mind—i.e. that the person is capable of understanding the contract and its effects. If at all special protection for PwDs is desirable, then Australia provides a useful framework. In Australia, data fiduciaries are required to provide assistive resources—like interpreters and translators—to enable consent from PwDs. Only if consent is still not possible can the right be assigned to a nominated guardian, while involving the PwD in the decision-making process.
The Draft Rules if implemented in the current form will turn the clock back for PwDs by denying them the most basic right to make decisions. Ironically, while this law has been created for data privacy, it does exactly the opposite for PwDs who would wish to keep their disability data private. It is unfortunate that in many ways it has created further confusion when it comes to guardianship provisions in India. Besides, it definitely goes against the spirit of the UNCRPD. With the draft rules now open to public consultation, we do hope these provisions are relooked at and our fears are corrected.
Nipun Malhotra is the Founder & CEO, Nipman Foundation and Director, Disability Rights & Inclusion at The Quantum Hub. Senu Nizar is a lawyer and Senior Analyst, Public Policy at The Quantum Hub.