The alleged leak from the CoWin database is yet another indication of some persistent weaknesses in India’s digital public infrastructure (DPI) and a pointer to the need to overhaul its techno-legal approach to managing the personal data of citizens. According to the government, the details being disseminated from the Telegram bot may be from a prior data leak. The concerns, therefore, extend way beyond this one leak, damaging as that may be. It has been six years since the Supreme Court declared privacy a fundamental right and five years since a committee chaired by Justice (retired) B N Srikrishna prepared