The dangers in the Digital Personal Data Protection Bill

Source– The post is based on the article “The dangers in the Digital Personal Data Protection Bill” published in the “The Hindu” on 2nd August 2023.

Syllabus: GS 2 – Indian Polity – Fundamental Rights

News– The government is set to introduce the Digital Personal Data Protection (DPDP) Bill in Parliament.

What is the importance of the Right to Information Act?

It has been a tool to empower millions of Indian citizens since 2005. Access to information is necessary for governments accountability in a democracy.

According to the Supreme Court of India, individuals have the right to access information about wilful defaulters and the specifics of Non Performing Assets held by public sector banks.

In democracies, voter lists containing names, addresses, and other personal information are regularly made public to facilitate public scrutiny and prevent electoral fraud.

Poor and marginalised people can enjoy the benefits of government schemes and welfare programmes, if they must have access to relevant information.

What are the issues related to the draft Data Protection Bill?

Exemptions under RTI Act– The RTI Act includes a provision to protect the privacy of people. It contains an exemption clause under Section 8(1)(j).

Personal information is exempt from disclosure if it is not related to public activity; or any public interest. The information is also exempted if it leads to invasion of privacy.

Therefore, data protection law does not require any amendment to the existing RTI law. The Justice A.P. Shah Report on Privacy also mentions it.

However, the DDP Bill 2022 includes an amendment to Section 8(1)(j). It exempts all personal information from disclosure. This is not good for the transparency and accountability regime in the country.

Excessive power to executive– A primary objective of any data protection law is to curtail the misuse of personal data, including for financial fraud.

Government is the biggest data repository. It should not have wide discretionary powers under the data protection law.

The DDP Bill, 2022, grants extensive authority to the executive to formulate rules and notifications covering a wide array of matters.

For example, the central government holds the power to exempt any government or private sector entity from adhering to the law’s provisions by issuing a notification.

This raises the possibility of the government selectively exempting entities like the Unique Identification Authority of India (UIDAI).

In contrast, smaller non-governmental organisations, research institutions, associations of individuals, and Opposition parties would be required to establish systems to comply with the stringent responsibilities of a data fiduciary.

Data Protection Board– it is critical that the oversight body set up under the legislation is adequately independent.

The draft Bill does not ensure the autonomy of the Data Protection Board. The strength and composition of the board, and process of selection and removal of its chairperson and other members will be decided by central government

Government will have power to appoint the chief executive responsible for managing the board.

Data Protection Board has power to impose fines up to ₹500 crore. It can be misused by the executive to target the political opposition and those critical of its policies.