India's Gig Workers need a Labour-Sensitive Data Protection Law
When an e-commerce delivery worker agrees to the terms and conditions to the platform, they surrender not only their control over work schedule but also control over their personal data - with no choice in the matter.
Sophy K.J
Published on: 18 November 2025, 01:33 pm
THE STATE CABINET OF TELANGANAis proposing to enact the Telangana Gig and Platform Workers (Registration, Social Security and Welfare) Bill, 2025 mandating transparency in the algorithmic management of gig workers. The law would prohibit arbitrary termination, requiring a seven-day notice period before deactivation except in safety-related cases. By compelling algorithmic disclosure in task allocation, bonuses, and ratings, Telangana’s proposed framework is expected to become India’s most comprehensive legislative measure for gig worker protection, surpassing similar initiatives in Karnataka, Jharkhand, and Rajasthan.
This state-level intervention reveals two crucial insights. On one hand, it suggests that contemporary labour protection increasingly entails the regulation of technology, and on the other hand, it underscores that the national law governing technology and data, namely, the Digital Personal Data Protection (‘DPDP’) Act, 2023 does not incorporate labour law principles to harmoniously protect the interest of gig workers, arguably, the most vulnerable stakeholders in India’s expanding digital economy.
Telangana’s proposed framework is expected to become India’s most comprehensive legislative measure for gig worker protection.
The Origin and Promise of the DPDP Act
The DPDP Act was one of the many major outcomes of the Puttuswamy Judgement (2017), which held that privacy is a fundamental right rooted in human dignity and autonomy. The Act contains suggestions made by the Srikrishna Committee Report, incorporating the principles of free and fair consent, data minimization and mechanism of data fiduciaries and significant data fiduciaries
This paper argues that the Act fails to protect the most vulnerable actors in the digital economy: gig-workers. While the Act incorporates the graded nature of privacy and data protection, it does not address data protection requirements for the gig workers. Further this essay aims to elaborate on different data protection measures required within the DPDP framework to safeguard the interests of gig workers.
The illusion of consent in platform work
Section 6 of the DPDP Act specifies that “consent” has to be free, specific, informed and unambiguous. However, these standards do not apply to gig workers since they are bound by stringent contractual prescriptions. For instance, when a gig worker clicks on “I agree” to the terms and conditions of an aggregator platform like Ola or Uber, they agree to the aggregator's absolute control over both the labour process and personal data. The platform uses data for profiteering businesses in the market.
This makes gig workers more vulnerable than consumers. While a consumer logs into Netflix or Facebook to access a service, a gig-worker logs into Uber or Swiggy to access means of livelihood. This dependency for livelihood warrants more protection for gig workers.
