Data Protection Bill: National security, at the cost of citizens’ privacy

News: Joint Committee of Parliament (JCP) has tabled its report on the Data Protection Bill in both houses.

Also Read:  The draft personal data protection bill, 2018
Read here: Why need of data protection bill arise?
What are the recommendations by JCP on Data Protection Bill?
Read here: Data Protection Bill: Explained: JCP prescription for data Bill
What are the controversies surrounding the Data Protection Bill?

Surveillance reforms: Bill evades the surveillance reforms which were omitted by the BN Srikrishna committee. So there are no provisions to regulate mass surveillance projects like CCTNS or CMS or NATGRID. Data protection bill inserts the exception clause for the security of the state. This effectively overrides the norms of individual privacy.

Exemption clause: The order invoking the exemption is not a gazetted notification, so it will likely to be exempt from RTI proceedings. Also, the reasons for providing the exemption are not required to be tabled in Parliament.

In contrast, under the UK Data Protection Act, 2018, the national security exemption does not extend to the entire Act. It requires a certificate to be signed by the Minister of the Crown and can be challenged by the affected person before a tribunal.

Read here: JPC retains exemption clause, adopts personal data Bill

Appointment committee: BN Srikrishna committee proposed an appointment committee consisting of judicial members, with the Chief Justice of India as chairperson, to choose members of DPA (Data Protection Authority).

But the panel now included the cabinet secretary, law secretary and the IT secretary. Also, Under Clause 87, the JPC has expanded the power of the central government, as it states, “the authority should be bound by the directions of the central government under all cases and not just on questions of policy”

The move is criticized for compromising the independence of the appointment process. Also in clause 92, it makes policies made by the central government override any protections under the Data Protection Bill 2021.

Sensitive data: JCP proposed all contracts enabling businesses to take sensitive personal data out of India’s borders will now need the approval of the central government in addition to the data protection regulator (DPA). This move is criticized as it would add a layer of red tape and could lead to rent-seeking.

Also read: Opposition Dissent without Basis or Foundation: About the data protection bill
How the bill is different from  European Union’s General Data Protection Regulation?

GDPR covers all individuals regardless of nationality if their personal data is held in the EU. It also offers granular protection against government surveillance, along with a “Right to Forget” clause.

While, In India, the bill doesn’t address concerns about over-reaching government access to private data. The inclusion of social media platforms also appears unnecessary.

Source: This post is based on the following articles:

National security, at the cost of citizens’ privacy” published in the Indian Express on 20th December 2021.

“Disappointed report” published in the Business Standard on 19th December 2021.

Print Friendly and PDF