In this piece, we argue that the DPDPA 2023 and the accompanying Draft Digital Personal Data Protection Rules, 2025 (“DPDPA Rules 2025 or Rules”) fail to meaningfully operationalize the principles of purpose limitation and data minimization. In response, we argue for the necessity of reading these principles into the Act through a constitutional interpretive approach. Such a reading is essential not only to honor constitutional commitments but also to harmonize India’s data protection f...
