As the number of stories we hear of people being denied acceptance to college, of a person being fired from their job, all due to social media, grows, the awareness that our data is important and that we have a right to online privacy is increasing. In lieu of this, and the 2018 Supreme Court verdict, which declared privacy to be a fundamental right under Article 21 of the Constitution of India (protection of life and personal liberty) in the Justice KS Puttaswami vs Union of India case, the Personal Data Protection Bill was formed.
As our nation continues its journey into the digital age, the realization that you, and I, and everyone we know is on the internet is of extreme importance. It highlights the fact that a lot of our data is easily accessible online, and that it can have a direct impact on our lives.
As the number of stories we hear of people being denied acceptance to college, of a person being fired from their job, all due to social media, grows, the awareness that our data is important and that we have a right to online privacy is increasing.
In lieu of this, and the 2018 Supreme Court verdict, which declared privacy to be a fundamental right under Article 21 of the Constitution of India (protection of life and personal liberty) in the Justice KS Puttaswami vs Union of India case, the Personal Data Protection Bill was formed. Initially introduced in July 2018, after recommendations made by the Union Cabinet and various other stakeholders, the bill was revised and finally introduced into Parliament on the 11th of December, 2019.
This bill is meant to function in a manner similar to the European Union’s General Data Protection Regulations, a set of regulations that was designed to simplify the existing regulations, and give EU citizens more control over their personal data. Although the Indian Personal Data Protection Bill aims to do the same, and, if passed, will become the first ever Indian law to explicitly address data privacy, Section 35 of the bill ensures that it would not fulfil its purpose.
Section 35 essentially provides the government with unrestricted access to personal data. It enables the government to exempt any agency they choose from the bill should the government decide it to be a matter of India’s sovereignty, security, or for the sake of maintaining relations with other states. It essentially provides the government with a legal backdoor to access any information they desire. The only safeguard of the act is a written order from the central government specifying the reasons for breaching an individual’s privacy in a manner that “may be specified” in the future.
In contrast, while the original draft of the bill (presented in 2018) also enabled the central government to exempt any agency from the bill, it included a safeguard: that data processing by the government “shall not be permitted unless authorised pursuant to a law, and in accordance with the procedure established by such a law made by Parliament and is necessary for, and proportionate to, such interests being achieved”.
The removal of the safeguard, which required the government to follow a specific law while impinging upon an individual’s privacy, from the original bill is a direct result of the Union Cabinet’s and/or the stakeholders’ suggestions that were provided during the first tabling of the act in the union cabinet. The fact that the government is suggesting the removal of clauses that mandate oversight is especially worrisome considering the current situation in India; In regards to the Citizenship Amendment Act and the National Register of Citizens for Assam, as well as attacks by the government and police on the Indian right to free speech, which all seem to herald a movement of India towards a state of non-secularism.
However, aside from this section and this troublesome revision, the PDP bill most definitely has clauses that would be deeply beneficial to Indian citizens. For example, the bill:
- lays down obligations on agencies collecting personal data to collect only data which is required for a specific purpose and with the express consent of the individual
- confers rights to the individual to obtain personal data, correct inaccurate data, erase data, update the data, port the data to other fiduciaries and the right to restrict or prevent the disclosure of personal data
- establishes the Data Protection Authority of India (DPAI) to protect the interests of individuals, prevent misuse of personal data, ensure complacency and promote awareness about data protection
Each of these clauses, and various others in the bill, ensure that data privacy is maximized, and that corporations can not misuse their users’ data. The bill represents the advancement of India as a whole as it joins the 80 other countries which have established data protection laws. It represents India stepping up to meet the various challenges of the digital age by addressing the needs of its population, of which more than 70 percent own mobile phones.
I feel that what this bill is essentially doing is ensuring the existence of data protection for citizens when it comes to the concerns of corporations misusing data; however, it is important to note that the bill completely exempts the government from the bill and enables them to collect whatever data they desire under the guise of national security.
Those amongst the Indian population who trust that the government would collect data only for ‘national security’ would not be very concerned by the bill. Even those skeptical of the government would understand that certain exemptions must be made for the purposes listed. And yet, permitting the government to be totally exempt from the bill for specific reasons is not what concerns me. It is the fact that there is a lack of oversight, and that the oversight which was present in the 2018 draft was removed as per the suggestion of the Union Cabinet and/or other stakeholders.
Each of us has the right to privacy, and this is a right that should be infringed upon by no entity. Be it the government or any conglomerate. But, if there is an issue of national security, or something of a similar scale where the government finds it necessary to infringe upon this right, I’d feel more comfortable knowing that a safeguard is present. A safeguard where those cutting into our privacy must do so in a manner pursuant to or justified by a specific law of this great nation, rather than by simply issuing a written order of justification. Don’t you?
The objective of an ‘Opinion Article’ is to promote the valuable viewpoints and arguments of the youth in India. Though, the views presented in the article are not of the organisation but of the author, fully. The Young India Foundation neither accepts or denies those viewpoints.