Digital data protection bill unlikely to protect personal datatext_fields
Citizen's right to information in the matters mainly of governance and his right to privacy are inherent in democracy. The former has the backing of the 2005 Freedom of Information Act whereas the latter is guaranteed under the fundamental rights in the Constitution as has has been confirmed by several court judgments since 2017. However, recent legislative changes and government actions have been found to weaken both. As a result, democratic institutions and systems get all the less effective. The growth of digital media has led to more information being leaked and becoming less private than ever before. Individuals and agencies involved have been showing an increasing tendency to leak information and make financial gains. Further, information extraction through surveillance by governments increases the risk of loss of privacy. Perhaps it is as a protection against this that 137 out of 194 countries in the world have developed different laws, according to the information compiled by the UN agency UNCTAD.
When it comes to India, data protection regulations in India are scattered across various Acts like the I.T. Acts of 2000 and 2011, the Consumer Protection Act, 2019 and the National Telecom Policy in its different versions are contained in the Code - the list not being exhaustive. Now the Digital Personal Data Protection Bill 2022 has been introduced. Its draft was released last week for public comments and suggestions. While withdrawing the earlier draft and introducing the new bill, the Central government claims that the new draft is an exercise to come up with a more comprehensive law. However, criticism has already started surfacing that the new version of information protection is taking away more of the citizen's rights.
The Data Protection Board of India (DPB) is the authority envisaged for regulating the collection and distribution of data in the country. The bill provides that its composition and selection of committee members will be decided by the Central government. In the previous draft, there was a section for judicial supervision in all these. In the new it is an all-powerful body under the executive. Moreover, in the past, the use of information in violation of the privacy of data collection was restricted to matters where national security was at stake. However, according to the new draft, this board will decide items of exclusion from data protection which come under a wide range of areas like public order, in deciding nature of information, risk to democracy and danger to the sovereignty and integrity of the country. That being the case, the Bill does not adequately specify how data protection is made more secure. Unlike the previous draft, the new one does not mention any critical restrictions on data collection. Earlier, personal information only to the extent it is absolutely necessary for the use of the party handling the information could be collected. There are no such safeguards in the new draft. In the earlier version, there was a provision for the consent of the person about whom the information was to be obtained in regard to sharing of data. It also says that he has the right to remove the information if he refuses to consent. In short, the executive will now more or less totally has the final word on data protection.
Thus, the protection of civil rights, including the right to privacy will end when all state restrictions on private data collection and surveillance are removed for all intents and purposes. There is already criticism that the state's data collection for surveillance will receive more protection than digital privacy in the new law. Similar concerns had been expressed by higher authorities earlier too. A 2017 Supreme Court judgment on the right to privacy issue warned of the dangers of such surveillance. Justice B.N. Srikrishna who had been appointed to study the 2018 data protection framework had also voiced similar reservations. Going by the current draft, the restrictions for eliciting or accessing information are far from reassuring. On the other hand, even when the Right to Information Act is in place, the authorities are not ready to part with information when asked about even the number of scrutiny orders issued by the government during the year. So much for the relief that can come from transparency. Although the Centre's explanatory note on the new proposed law talks about citizen-friendly safeguards, the fact is that if the Bill is passed as it is, the citizens are likely to be subjected to grave loss of data privacy, let alone getting any increased protection.