As laid down in retired Justice BN Srikrishna’s words, “The Final Privacy Bill could turn India into ‘Orwellian State’.” The economy is slowly recovering from the global pandemic and after much hiccups, the Joint Parliamentary Committee (JPC) held a meeting on Monday to review the issues arising out of the Personal Data Protection (PDP) Bill, 2019.
The Committee had been constituted in September 2019 by the Ministry of Electronics & Information Technology (‘MEITY’) to deliberate on Data Governance Framework. In 2020, India’s active online platform users stands at 1.3 billion and the scenario has obligated the government to establish a data protection law in India to address the lacunas that the Information Technology Act, 2000.
“The Indian legal system has failed to address data protection and has not even begun addressing privacy laws while the rest of the world has moved way past us. Our dependence on such laws which are no more than relics is stifling not only the e-commerce domain but also harming the basic protection that should be offered to consumers too”, an industry expert stated. The Data Protection (Draft), 2018 had too many safeguards, while on the other hand the PDP Bill, 2019 has fewer safeguards, making it even more dangerous in its operability. It essentially gives government the power to access private data or government agency data on grounds of sovereignty or public order.
This raises a huge red flag on how the right to privacy would be guaranteed to all citizens. The data protection problems germane as the Hon’ble Supreme Court on September 26 2018 had delivered a unanimous verdict in Justice K.S. Puttaswamy v. Union of India, affirming that the Constitution of India guarantees each individual a fundamental ‘Right to Privacy’.
The issue which has drawn flak from the citizens pertain to the supreme power bestowed by the government to exempt itself. Clause 35 of the PDP Bill grants government the wide power to exempt any agency of government from application of the Act for the purpose of processing citizens’ data and has also granted liberty to take steps if satisfied that same is ‘necessary and expedient’ for maintaining the integrity and sovereignty of India, or for maintaining friendly relations with foreign states and public order. It draws a stark contrast with the draft presented by retired BN Srikrishna in 2018 as it only exempted the processing of data if it “is in the interests of the security of the state” relying on the conditions laid down in Puttaswamy judgment.
The current proposal seems as if the government is the party, judge and adjudicator of its own cause which dilutes the very purpose of having a centralised privacy act and the road block is not limited to clause35 only. “The problem with respect to clause 35 is that it is opening room for abuse of powers. There is absolutely no transparency and accountability towards the use of the relevant data as the ultimate target/ citizen in question would never know how their personal data is being used by the Government. In a way it is negating the enjoyment of personal privacy and other digital liberties”, an advocate working with a legal firm stated.
Now that the Commi t tee is scheduled for a meeting in August, certain questions still need to be pondered into. What if the exemption is granted to Unique Identification Authority of India (UIDAI), one of the largest collectors of personal data? Wouldn’t be giving unrequited power to government undermine the adjudicating power given to the Data Protection Authority? It’s like all of us are sailing on an anchorless ship, with the captain having no idea about what to do.
The main focus in principle should have been on expanding the scope of privacy rights, rather it looks as if the bill is going the other way around. We need to draw more knowledge from where such laws are already being enforced and take the aid of industrial specialists who are better equipped to handle the legal lacunas we might face. As a country of 1.3 billion citizens, we owe it to ourselves to expect better governance and a reassurance that our constitutional right to privacy will always be protected.
TISHYA PANDEY
TMT lawyer based out in Delhi
(The writer can be reached at tishyapandey.adv@gmail.com)