Editorial

Data privacy concerns

| Updated on March 11, 2020 Published on March 11, 2020

In its present form, the Personal Data Protection Bill legitimises state overreach

A joint panel of Parliamentarians is analysing the contentious Personal Data Protection Bill 2019, which many believe is India’s answer to Europe’s game-changing General Data Protection Regulation. The Bill tries to create a regulatory ecosystem for defining, determining and controlling use of data collected from the public through myriad means. Many of the clauses in the Bill have already triggered a heated debate in the country. There is a general consensus among data privacy experts, technologists and companies working in the data industry that the upcoming legislation is riddled with lacunae and offers avenues for state overreach.

One of the many contentious clauses in the Bill, first introduced in Parliament on December 11, 2019, is Section 35 which grants the government amplified powers to collect data from and on citizens. The Section says the government can make exceptions to rules relating to collecting people’s private data when it feels such action is “necessary or expedient” in the “interests of sovereignty and integrity of India, national security, friendly relations with foreign states, and public order.” This is a slippery slope. It is not clear when and how the government will feel it is “necessary or expedient” to access private data. The prevailing context adds to the apprehension. Laws such as the sedition rules (Section 124A of the Indian Penal Code) or the IT Act have been misused to muzzle dissent. The lawmakers must introduce some transparency, considering that the Supreme Court in Justice KS Puttaswamy (Retd) Vs Union of India has upheld the citizen’s ‘fundamental right’ to informational privacy.

The Bill has more such perplexing and vague clauses. Clause 12, Chapter III of the Bill, in effect, allows for processing of personal data without consent. Another example is the role and scope of the proposed Data Protection Authority. The DPA is supposed to protect personal data of individuals, but the way it is envisaged in the Bill now seems to make it a potential tool for enabling mass surveillance. The DPA will largely comprise government representatives. The absence of civil society representation in this era of participatory regulation does not augur well for a democracy like India, which aims to become a $5 trillion economy by 2025. Digital technologies are expected to contribute more than 20 per cent to this future economy. Ensuring fair and judicious use of data becomes important, with every individual in the country expected to live digitally, using a host of IoT-operated devices. In this context, the government should not rush through with the Bill. The country’s experience with the IT Act must act as a reference point. Lawmakers should respect global best practices in privacy regulations and take civil society, businesses, legal scholars and technologists into confidence before codifying the law. Data may be the new oil, but its unregulated use could have unfortunate effects.

Follow us on Telegram, Facebook, Twitter, Instagram, YouTube and Linkedin. You can also download our Android App or IOS App.

Published on March 11, 2020
This article is closed for comments.
Please Email the Editor