It is not accidental that most of the laws rushed through and passed in parliament by the six-month old Modi government with its brute majority, are related to 'national security'. In the post-truth era, the sensitively hot political phrase with the biggest turnover is 'naional security'. Therefore, the very act of raising a criticism against the government's actions aimed at national security will constitute a serious crime.
All the major law-making exercises of the government like UAPA amendment, abrogation of special privileges of Kashmir under Article 370 and the most recent one of Citizenship Amendment Bill, had 'national security' as their goal. Despite the fact that the anti-people nature of all these laws was exposed repeatedly, the government mustered the courage to push through these bills from this expression beneath which were hidden the toxic seeds of hyper-nationalism. It is with the same rationale that the Data Protection Bill (2019) also came up before parliament. The bill which empowers government agencies to handle as it pleases, personal and other data in cyber space and other spheres, has already been subject to serious reproach. Though the bill was tabled in Lok Sabha, following virulent protests of the Opposition, the government has been forced to refer it to a joint committee of the house.
The bill is to be reviewed by the joint committee headed by Meenakshi Lekhi, who is also a BJP spokesperson. It is certain that the bill will be presented again in the house without major changes by the committee - majority of whom are those who spoke in favour of the bill in the house - and will be passed before the next budget session. Members of the committee like Shashi Tharoor have already indicated this. A panel chaired by former Supreme Court judge Justice BN Srikrishna was appointed two years ago to prepare the data protection bill. The first draft was submitted last year, but it was not released for eliciting people's opinion. And in its current form provided to the members of the house, the bill contains major amendments on that draft. When the matter came up before the Lok Sabha, Congress leader Adhir Ranjan Chowdhury said that a 'snooping industry' has grown under the Modi government. What he meant is probably the contradiction of conducting vigorous surveillance in cyber space on the one hand, and on the other data about individuals being be freely provided to private entities for various purposes.
'Personal data' is defined in the bill as any minor information with which an individual can be identified. Any information right from name, address, eduational qualification and blood group to medial insurance will come under this. It also covers rules regarding the use of such data by the government, private companies and individuals. In the new era of digital technology and artificial intelligence, these data are extremely valuable. For the same reason, private companies fish them out extensively from diverse sources. For example, for a medical insurance firm, extracting information about a person's health condition is key. It is highly probable that such companies snoop on the private information of individuals through various means. What the new bill states as its objective is to protect the citizen from this data leak - which is a major malady of the cyber world – and through that to protect national security. At first glance this may appear great. But the hazards of this will become clear, when one goes through the means suggested for achieving this goal.
The government is empowered in the bill to summon and obtain data about us gathered by firms like Facebook and Google; and there is also the requirement that the data obtained by such companies should be stored within the country itself. This much may be fine. But then, there is no harm in transferring those data to other firms! Furthermore, government agencies can demand private datda about individuals without any limit. In other words, government machinery, incluing intelligence agencies, are exempted from the restrictions of gathering private individual data. These sections of the bill are highly dangerous. For it damages privacy. The question of 'national security' may be raised here; and that is where the proposal Justice Srikrishna becomes relevant. If national security and the citizen's privacy are to be equally safeguarded, the government agency that gathers data should be under the control of the judiciary. And the punishments laid down in the bill for violators should be applicable for these officials too. The data protection bill introduced by European Union in 2012 is based on this model. And that will be desirable for our country too, which has a strong presence in the cyber world. Unfortunately, the model for the government now is the draconian cyber regulations of Communist China.