 "Data protection concerns")
The government has taken extraordinary measures to reduce public scrutiny, and even Parliamentary examination of the Personal Data Protection Bill. The draft was not circulated well in advance of its presentation in Parliament and comments and submissions made during the drafting process were not made public. Communications, Electronics & Information Technology Minister Ravi Shankar Prasad requested that the Bill should be examined by a select committee chosen for the purpose and not by the Standing Parliamentary Committee on IT (which is chaired by an Opposition member). This lack of scrutiny makes it more likely that multiple areas of concern will not be addressed.
On the positive side, there is good protection against data misuse by companies. There is also a provision for a Right to Erasure (the so-called right to forget) and Right to Correction, which allows individuals to request deletion or correction of data, once it is no longer necessary for the specific purpose for which it was collected. However, this has been nullified by massive exemptions for government surveillance, data-handling and other disturbing provisions. Social media platforms will be asked to provide a process for voluntary verification of users. The government claims the right to demand “non-personal” data. There were some exemptions for government handling of data in the original 2018 draft by the Justice Srikrishna Committee but these have been expanded. The Srikrishna Committee’s suggestion that government data-processing be “necessary and proportionate” has been erased. An additional provision has been inserted to grant discretion to exempt any government entity, or department, to collect data without consent. This means zero checks and balances against state surveillance.
The independence of the proposed Data Protection Authority (DPA) has been weakened as all members must be from the executive arm of government. This contrasts with the Srikrishna Committee’s suggestion that the DPA induct individuals with executive, judicial, and external expertise. The draft also avoids setting any timeline for setting up the DPA. If social media platforms are forced to provide processes for “voluntary” user-verification, this would chill freedom of expression, and impinge on the privacy of those who chose to be verified. Any user who does not submit “voluntary” verification and remains anonymous could also be specifically targeted by government agencies. Moreover, it would increase the risk of profiling, and data breaches as more data would flow to social media platforms.
The mandate for enforced transfer of “non-personal” data to government could also lead to abuse and misuse. The definition of “non-personal” data is very broad. Even anonymised information about e-commerce sales patterns can, for example, be used to infer personal details like caste, religion, medical conditions, sexuality, reading habits and so on. Tying non-personal data to personal data, such as electoral rolls, income tax records, mobile call and internet-usage patterns and social media usage is possible since government has access to such data and a free hand with surveillance. Using that data for malign purposes, such as influencing voters, or threatening them, is possible. It is a pity that India’s first privacy legislation has so many holes. It is also ironical that an attempt is being made to pass this Bill with minimum transparency. It may lead to flawed legislation that fails to protect individuals unless the Opposition insists on vigorous debate and amendments to strengthen the protection of privacy.
On the positive side, there is good protection against data misuse by companies. There is also a provision for a Right to Erasure (the so-called right to forget) and Right to Correction, which allows individuals to request deletion or correction of data, once it is no longer necessary for the specific purpose for which it was collected. However, this has been nullified by massive exemptions for government surveillance, data-handling and other disturbing provisions. Social media platforms will be asked to provide a process for voluntary verification of users. The government claims the right to demand “non-personal” data. There were some exemptions for government handling of data in the original 2018 draft by the Justice Srikrishna Committee but these have been expanded. The Srikrishna Committee’s suggestion that government data-processing be “necessary and proportionate” has been erased. An additional provision has been inserted to grant discretion to exempt any government entity, or department, to collect data without consent. This means zero checks and balances against state surveillance.
The independence of the proposed Data Protection Authority (DPA) has been weakened as all members must be from the executive arm of government. This contrasts with the Srikrishna Committee’s suggestion that the DPA induct individuals with executive, judicial, and external expertise. The draft also avoids setting any timeline for setting up the DPA. If social media platforms are forced to provide processes for “voluntary” user-verification, this would chill freedom of expression, and impinge on the privacy of those who chose to be verified. Any user who does not submit “voluntary” verification and remains anonymous could also be specifically targeted by government agencies. Moreover, it would increase the risk of profiling, and data breaches as more data would flow to social media platforms.
The mandate for enforced transfer of “non-personal” data to government could also lead to abuse and misuse. The definition of “non-personal” data is very broad. Even anonymised information about e-commerce sales patterns can, for example, be used to infer personal details like caste, religion, medical conditions, sexuality, reading habits and so on. Tying non-personal data to personal data, such as electoral rolls, income tax records, mobile call and internet-usage patterns and social media usage is possible since government has access to such data and a free hand with surveillance. Using that data for malign purposes, such as influencing voters, or threatening them, is possible. It is a pity that India’s first privacy legislation has so many holes. It is also ironical that an attempt is being made to pass this Bill with minimum transparency. It may lead to flawed legislation that fails to protect individuals unless the Opposition insists on vigorous debate and amendments to strengthen the protection of privacy.
One subscription. Two world-class reads.
Already subscribed? Log in
Subscribe to read the full story →*Subscribe to Business Standard digital and get complimentary access to The New York Times
Smart Quarterly
₹900
3 Months
₹300/Month
SAVE 25%
Smart Essential
₹2,700
1 Year
₹225/Month
SAVE 46%
*Complimentary New York Times access for the 2nd year will be given after 12 months
Super Saver
₹3,900
2 Years
₹162/Month
Subscribe
Renews automatically, cancel anytime
Here’s what’s included in our digital subscription plans
Exclusive premium stories online
Over 30 premium stories daily, handpicked by our editors
Complimentary Access to The New York Times
News, Games, Cooking, Audio, Wirecutter & The Athletic
Business Standard Epaper
Digital replica of our daily newspaper — with options to read, save, and share
Curated Newsletters
Insights on markets, finance, politics, tech, and more delivered to your inbox
Market Analysis & Investment Insights
In-depth market analysis & insights with access to The Smart Investor
Archives
Repository of articles and publications dating back to 1997
Ad-free Reading
Uninterrupted reading experience with no advertisements
Seamless Access Across All Devices
Access Business Standard across devices — mobile, tablet, or PC, via web or app
SAVE 25%