The enactment of India’s Digital Personal Data Protection Act, 2023 arrives at a critical juncture following the Supreme Court’s historic affirmation in Justice K.S. Puttaswamy (Retd.) v. Union of India (2017). Justice K.S. Puttaswamy was a retired judge of the Karnataka High Court, and the judgment recognised privacy as an intrinsic facet of the constitutional right to life and liberty. This paper undertakes a critical examination of whether the statutory framework governing data protection effectively upholds privacy entitlements against state-initiated surveillance operations within India’s evolving digital ecosystem. Employing a doctrinal research methodology, the study scrutinises two particularly contentious features of the legislation: Section 36, which confers upon the government broad authority to compel data fiduciaries and intermediaries to disclose information, and the graduated exemption regime under Section 17, which largely absolves national security apparatuses from compliance with core statutory obligations. The analysis demonstrates that these provisions encounter substantial difficulties when subjected to the four-pronged proportionality test articulated in Puttaswamy. Specifically, the legislative scheme lacks robust procedural checks such as pre-authorisation by judicial authorities, fails to establish that sweeping data access represents the least restrictive means available, and extends beyond recognised legitimate state interests to encompass routine administrative functions. The absence of independent oversight institutions, combined with gag provisions that prevent individuals from discovering when the state has accessed their personal information, effectively nullifies the right to informational self-determination and the right to erasure. The paper additionally considers real-world manifestations of these vulnerabilities, including the Pegasus spyware episode and the Sanchar Saathi mandate controversy, before offering reform recommendations drawn from comparative legal frameworks in the European Union and United States