You are here: Home » Current Affairs » News » National
Business Standard

Should states have the incentives to have their own laws in data protection

If the Centre endorses states having the right to control access to their own records, it will also be forced to have a relook at the RTI Act, 2005

Prashant Reddy T | The Wire 

Data protection

As debates the requirement of a protection law, an important issue that is not getting much attention is whether protection is a subject on the state list, central list or the concurrent list. As per the constitution, legislative powers are distributed between the and the state legislatures as per the scheme laid down in Schedule VII to the constitution. This schedule contains three lists – only the can enact laws for subject matters listed in List I, only state legislatures can enact laws for subject matters listed in List II and both can legislate on matters listed in List III, subject to certain restrictions. For all residuary subjects, which are not in any of the three lists, only can legislate. Schedule VII ensures a federal where power is not concentrated with the and allows states the flexibility to chart their own course on most matters. So, where on Schedule VII is protection listed? Understandably, none of the entries in the schedule specifically mention the subject matter of protection. This does not automatically mean that it falls within the residuary subject matter, thereby giving the the right to legislate on a for the entire country. Determining the legislative competence under Schedule VII does not come down to finding the exact subject matter in one of the three lists. Rather, courts use the test of “pith and substance” to identify the essence of a legislation and identify which of the entries in the three lists best covers the issue. This doctrine was recognised by the in its early days in the case of The State of Bombay and Another vs F. N. Balsara where the court had to decide on whether the was within the ambit of List I or List II. The “pith and substance” of a protection is a slightly complicated issue because such a deals with records which are an intrinsic part of every aspect of governance and administration. There are, however, a few parliamentary legislations which deal exclusively with and information held by the government and those can serve as a starting point for the discussion. Public Records Act, 1993 – covers only central government The first is the Public Records Act, 1993, which lays down the procedure to maintain public records in the custody of the The same also lays down the procedure to archive records with the Archives. At the time the was enacting the legislation, there were calls for extending it to even those public records that are held by the state governments. At the time the government told the that it would not be possible for the to control the manner in which states held their public records. The then deputy minister of HRD Kumari Selja gave the the following reason for not enacting a single uniform for both the central and state governments: “Considering this all-round demand, the Government had appointed an Archival Legislation Committee in 1959, which in its Report submitted in the next year, suggested enactment of a Single Uniform on Public Records of the Union Government, Governments of the States and the Union Territory Administration by amending the Constitution. Since the proposed course of amending the Constitution was not very easy, and there is no single entry in the Constitution under which such a could be framed, consultations with the State Governments were initiated, permitting the to frame a on their behalf. Unfortunately, none of the State Governments wished to give such an authorisation.” In short, the Union government had then conceded that could not legislate on a controlling the manner in which maintained their records. Logically, this position makes sense because a state should have the power to make laws on how records generated by its legislation can be held or released by the Right to Information Act, 2005 – covers both the state and the central government This takes us to the second legislation which controls access to public records. This legislation is the Right to Information (RTI) Act, 2005, which was enacted by the and which covers public records held by both the state and central governments. Before discussing the competence of the to enact such a legislation, I should point out that several states like Tamil Nadu, Goa, Maharashtra, Karnataka and Rajasthan had enacted their own RTI legislation long before the UPA enacted the RTI Act, 2005. Tamil Nadu, for example, had enacted a state-level in 1997, although it is generally accepted that none of these laws were as powerful as the version proposed by the Campaign for the People’s Right to Information and enacted by in 2005. The inevitable question at this point is how exactly did the parliament, in 2005, enact an covering even the state governments when in 1993 the Union government had conceded that the lacked the power to pass a legislation covering public records held by the state governments? The answer to that is available in one of the parliamentary debates in the Rajya Sabha over the Freedom to Information Bill, 2002, introduced by the NDA government. Pranab Mukherjee, then in the opposition, had headed the parliamentary committee that examined the legislation and spoke at length about the deliberations surrounding the legislation. In his speech, Mukherjee had argued that the had the legislative competence to enact a covering all states because the right to information was not specifically listed in any of the lists thus bringing it under the residuary power in List I, giving the the power to enact the His submission was as follows: “the Central laws would be made available to them. If I understand correctly – if I am wrong, the Minister may correct me – the legislative competence of the Union Government is arriving in this case from Entry 97 of the List I in the Seventh Schedule, because in List I of the Seventh Schedule, on which the has the competence to make laws, specifically, the right to information is not mentioned there.

But, as early as in 1997, the Department-related Parliamentary Standing Committee on Home Affairs, while examining the Demands for Grants for the Department of Personnel, recommended that if the Government suffered from lack of legislative competence, it can take the help of Entry-97, which is a residuary clause, where the power is vested in the Union Government to make legislations through Parliament, if it is not specifically mentioned from Item Nos. 1 to 96.” Mukherjee’s submission is not very convincing for the reason that the “pith and substance” of the is essentially the management of public records and the right to access the same. Land records, public expenditure from the state consolidated fund and state taxes are essentially subjects on the state list and only the state can enact laws on those issues. It is only logical that state legislatures be responsible for regulating access to such public records. It does not make sense to argue that state enact laws that create these public records which the can then regulate through laws like the The logical extension of my argument is that portions of the that create mandates for public records created and stored by state governments, are most certainly unconstitutional. Apart from these two laws, there are laws such as the Census Act, 1948 and the Collection of Statistics Act, 2008 which deal with collection of huge amounts of from citizens. Both of these are parliamentary legislations – the census is clearly listed on List I, while the latter is on List III, which means that the can enact laws on these issues. The ‘pith and substance’ of a protection law But returning to the subject of discussion, which is a potential protection law, I think the essence of the argument remains the same. Just because protection is not enumerated as a separate subject in Schedule VII, it does not automatically fall within the residuary powers that lie with the under Entry 97 of List I. The pith and substance of a protection law, in the context of the state, is basically the right to regulate access to state records. Therefore, it is the that enacts the laws creating the state record or information in a particular sector that should have the right to enact a protection regulating access to those records. So, for example, when it comes to records maintained by the in context of state taxes, financial records, state services governed by state laws, employment records of state employees, land records, educational records and lower court records, a protection can be enacted only by the state and not the The same logic applies for records created by the i.e. employment records of employees, educational records at centrally-funded universities, income tax records, etc. which are already subject to parliamentary The next question to be examined is that of protection for the private sector. The question of a central or state will again depend on which can regulate that particular sector under Schedule VII. So, for example, Entry 31 of List I covers, “post, telephone, telegraph, wireless, broadcast” etc. This clearly means that the will also have the right to enact a protection for the telecom and internet sector regulating how that may be accessed or used. Same goes for Aadhaar, which is a centrally-funded project. However, for other sectors like hospitals, hotels, casinos which fall under List II, where only the state enacts legislation creating the public/private record, it is only the state that can enact a protection The pith and substance in these cases is regulation of those sectors and transparency or secrecy of those records goes to the core of regulating any particular sector. Any other outcome will lead to a rather strange scenario where states can regulate certain sectors without having the power to define the transparency of those sectors. If the endorses this position of states having the rights to control access to their own records as also the records of the private sectors that they regulate, it will also be forced to have a relook at the RTI Act, 2005, because that legislation has an impact on the boundaries of a protection It does not make sense allowing states to enact their own protection laws if they don’t have the power to regulate access under the RTI Act, 2005. This is easier said than done, given the immense popularity of the current throughout the country. The other question is whether state governments will even want to enact their own protection Do states have an incentive to have their own laws? Given that information is power, I presume that state governments will eventually want the right to control their own records. This may become a prickly issue between the Centre and the states in light of the State Resident Hubs (SRDHs) that will be a goldmine of for state governments from a financial perspective as well as a surveillance perspective. These hubs will contain of all beneficiaries of various government schemes and as the system is populated with more data, it will become a critical tool of governance. I am sure the is eyeing the contained in these SRDHs. Whether state governments are willing to share such with the Centre remains to be seen. I think public interest is better served by not concentrating all this in the hands of the Allowing states to retain control over the SRDHs will help to prevent this concentration of information. Federalism has many goals and decentralisation of power is one of them. If information is power, I think we can all agree that we are better off with not having the exclusive power to regulate Other countries with a federal scheme of governance follow a similar template for regulation. Germany, for example, has different regulation laws at the federal and provincial level. The same is true for the US, where the Privacy Act, 1974 regulates only the federal government’s records, while different states have their own privacy laws based on either common or state constitutions. There is no reason for to not follow a similar path of decentralised protection laws.


Prashant Reddy T. is an assistant professor at the Academy for Legal Studies and Research (NALSAR), Hyderabad. Published in arrangement with The Wire

First Published: Sat, December 23 2017. 11:25 IST
RECOMMENDED FOR YOU