Every year, the world observes Data Privacy Day on January 28. This year, the discourse on digital rights has gained urgency in our country which is straddling rapid digitization and evolving privacy norms and the spotlight turns not only to our legislative strides but also to the complex realities of Kashmir, where data privacy intersects with security and politics. In 2023, India enacted the Digital Personal Data Protection (DPDP) Act, a landmark move to regulate how corporations and governments handle citizen data. The law, replacing the outdated IT Act of 2000, mandates consent-based data collection and imposes penalties for breaches. While this marks progress, critics highlight gaps: vague exemptions for state agencies, diluted data localization provisions, and limited public consultation. These loopholes risk undermining accountability, especially when state surveillance is justified under national security. Our digital boom—propelled by Aadhaar, UPI, and e-governance—has exposed vulnerabilities. Aadhaar, linking biometric data to welfare services, has suffered breaches affecting millions. Rural-urban divides exacerbate disparities in privacy awareness, leaving marginalized communities susceptible to exploitation. Kashmir’s context is uniquely fraught. Since the 2019 abrogation of Article 370, Internet has become a weapon for non-state actors to radicalise people which has prompted increased deployment of facial recognition systems and monitoring of social media, justified as necessary for security. Yet, such measures lack transparency, breeding distrust among citizens already navigating terrorism. The conflict between security and privacy here is stark. While the state argues surveillance prevents violence, civil societies warn of normalized overreach. Residents face dilemmas: submitting to digital systems for healthcare and education risks exposing sensitive data, yet opting out isolates them further. The absence of robust data protection mechanisms amplifies risks of misuse. Data Privacy Day must catalyze reflection on reconciling security with fundamental rights. The DPDP Act is a foundation, but requires stringent safeguards against state overreach. In Kashmir, transparency in data practices and accountability for breaches are non-negotiable. Public awareness campaigns, particularly in troubled zones, can empower citizens to demand accountability. Policymakers must engage civil society to draft inclusive laws, ensuring privacy isn’t a privilege limited by geography or conflict. As we champion a digital future, it must also guard against tools that undermine democracy. Privacy, after all, is not antithetical to security—it is its cornerstone. This Data Privacy Day, let the country reaffirm its commitment to a framework where progress and protection coexist, and where Kashmir’s voices are integral to the privacy dialogue. Only then can the digital age truly serve all citizens.