Neither the right to privacy nor the right to information

Source– The post is based on the article “Neither the right to privacy nor the right to information” published in “The Hindu” and “It’s My (Digital) Life” published in “The Times of India”on 8th August 2023.

Syllabus: GS2- Polity

Relevance: Important Bills and Acts

News– Recently, Digital Personal Data Protection (DPDP) Bill 2023 was introduced in Parliament.

What is the interrelationship between right to privacy and right to information?

In 2017, a nine-judge Constitutional bench of the Supreme Court reaffirmed the right to privacy. This landmark decision set an international standard.

The recently introduced DPDP Bill 2023 emerged from the discussions around the right to privacy.

The right to information ensures access to government documents to uphold government transparency and accountability. This law has played a pivotal role in strengthening democratic practices.

These two rights mutually complement each other. However, certain tensions exist between the right to information and the right to privacy.

For instance, under the MGNREGA, mandatory disclosure regulations ensure that workers can oversee expenditures and facilitate public oversight through social audits.

This implies that data about individuals registered under the Act are accessible to everyone.

What are issues with the Digital Personal Data Protection (DPDP) Bill 2023?

Data protection- The Bill’s purpose is to establish protocols for processing digital personal data. It acknowledges both individuals’ right to safeguard their personal data and the necessity of processing such data for lawful objectives.

According to Section 4(2), “lawful purposes” is defined in the broadest sense. It can be for any purpose which is not expressly forbidden by the law.

This means that activities like extracting data on worker’s wages or pension payments are permitted since they are “not expressly forbidden.”

Section 36 empowers the central government to request information from the Board, data fiduciaries, or other sources as needed. Sections 4(2) and 36 combined make our data accessible to both government and private entities.

Undermining RTI– Section 8(1)(j) allows for exemption from disclosure. It is provided when personal information has no relationship to any public activity or interest, or it would lead to unwarranted invasion of the privacy of the individual.

This standard sets a high threshold for exemption. It asserts that information which cannot be denied to the Parliament or a State Legislature shall not be denied to any person.

The DPDP Bill 2023 proposes substituting Section 8(1)(j) with merely “information which relates to personal information.”

This modification threatens the integrity of the RTI 2005. For instance, the current requirement for public servants to disclose their immovable assets could be impacted. Although this information is personal, it serves a broader public interest.

Data Protection Board– It will be effectively controlled by the government. The chairperson and members are appointed by the central government.

In Europe, the General Data Protection Regulation established a rigorous standard for data protection. It creates a robust oversight body in a society characterized by universal literacy and high levels of digital and financial literacy.

Literacy issues– India has the absence of widespread literacy and inadequate digital and financial literacy, along with an overwhelmed legal system. The likelihood of citizens being able to seek legal remedies in cases of privacy violations is minimal.

What should be done to increase the efficacy of data protection board?

It should demonstrate promptness in addressing instances of personal data breach that lead to consumer complaints.

Secondly, it should enact a fundamental transformation by eliminating the avenues for evading responsibility that were previously available.

It should not get entangled in the intricacies of data controllers, data processors, and data brokers. Rather, it should focus on holding the entity that initially receives consumer information accountable.

It should act swiftly in imposing and collecting penalties, which may include fines that can escalate to ₹250 crore and beyond.

Why has data protection become crucial?

Every day, through our online activities, we are generating data. This involves tasks ranging from managing our finances and settling utility bills to purchasing groceries, insurance, and even booking appointments with doctors, flights, or hotels.

There is unrestricted circulation of our data, as it gets passed along without limitations.

For instance, immediately after visiting a car-related website, we are inundated with phone calls, text messages, and social media intrusions attempting to persuade us to buy cars. This underscores the deep connection between financial and sovereign identity data.