Control Rather than Privacy- Relevance for UPSC Exam
- GS Paper 2: Governance, Administration and Challenges- Government policies and interventions for development in various sectors and issues arising out of their design and implementation.
Control Rather than Privacy- Context
- Recently released, the Joint Parliamentary Committee report on the Personal Data Protection Bill 2019 has failed to provide robust draft legislation ensuring the privacy of citizens.
The Editorial Analysis- Extinguishing the Tobacco Industry’s Main Narrative
Control Rather than Privacy- Right to Privacy
- Background: Puttaswamy judgment and the Justice B.N. Srikrishna committee report led to the Personal Data Protection Bill of 2019 which was later sent to the Joint Parliamentary Committee.
- These developments came in the backdrop of the unavailability of any individual privacy law in the country.
- Constitutional Provision: In Puttaswamy judgment, Supreme Court declared the Right to Privacy as the Fundamental Right under Article 21 of the part-III of the constitution.
Control Rather than Privacy- Issues with Personal Data Protection Bill
- Wrong Presumption: The report is based on the presumption that the question of the right to privacy emerges only where operations and activities of private entities are concerned.
- However, Under the Constitution, fundamental rights are generally enforced against the state and its instrumentalities and not against private bodies.
- Exemption to Government: Clause 12 of the Bill provides exemptions for the government and government agencies and Clause 35 exempts government agencies from the entire Act itself.
- Clause 12: says personal data can be processed without consent for the performance of any function of the state.
- Clause 12 is an umbrella clause that does not specify which ministries or departments will be covered.
- The government can use these provisions as a means of control and surveillance.
- Issue with data protection authority (DPA): The Bill elaborates on the functions and duties of the DPA.
- Functional Overload: It is doubtful whether a single authority will be able to discharge so many functions in an efficient manner.
- Issue with Appointment: Unlike the Justice Srikrishna committee report provided for a judicial overlook in the appointments of the DPA, the Bill entrusts the executive with the appointments.
- Although the report expanded the committee, the power to appoint the panelists vests with the Central government.
- Government Control: Clause 86 says, “Authority should be bound by the directions of the Central Government under all cases and not just on questions of policy”.
- Representation of States: the appointment of the data protection authority (DPA) violates the principle of federalism.
- The proposed central authority issues directions to allow processing of data on the grounds of ‘public order’, ‘public order’ is an entry in the State List.
- Inclusion of Non-personal data: The Joint Parliamentary Committee has included non-personal data within the ambit of the Bill, putting a huge compliance burden on the economy.
- This will hit the MSME sector and small businesses harder as technical processes involving data-sharing are very expensive.
- The government-constituted panel headed by S. Gopalkrishnan also opposed the idea of including non-personal data in the Bill.
- Issue with Mandatory data localization: it is estimated to squeeze the economy by 0.7-1.7%. This may also invite similar measures by other sovereign countries which will hamper the smooth cross-border flow of data.
Control Rather than Privacy- Way Forward
- Ensure Independence of Data Protection Authority (DPA): While ensuring the protection of citizens’ fundamental rights, it is necessary that the DPA is entrusted with the responsibility should work independently.
- Reducing Government control on Data Protection Authority (DPA): Excessive control (Clause 86) makes the DPA duty-bound to follow the orders of the government. This weakens its independence and gives the government excessive control.
- Ensuring Federalism through Participation of States: If the pith and substance of the legislation are related to the State, then it has to be monitored by the State Data Protection Authority.
The Editorial Analysis-Drawing a Line
Control Rather than Privacy- Conclusion
- In its present avatar, the Bill is more about surveillance and control than privacy. At the time of passage of the Bill, loopholes must be plugged in so that India can have a robust data protection law.
The Editorial Analysis- The Crypto Assets Conundrum