- The monumental progress achieved by the digital evolution around the world has been mind-boggling. The dynamically emerging information technology has completely altered the way the global community goes about performing its day-to-day activities riding on infinitesimal digital content. No wonder, governments around the world speak excitingly about digitization endeavors intending to further transform their respective citizen’s life in a meaningful way in line with the changing times. The Indian government too is not found wanting in pushing ahead with the technology-driven initiatives.
- The Digital India campaign launched by the BJP-led NDA government at the center has gained palpable traction over the years. But what about the data security surrounding the initiative? Let’s delve. We all know how cybercrimes are on the rise with unscrupulous elements making every effort to best the gullible citizens to achieve their dubious means using digital platforms. As such, it became incumbent on the part of the government to come out with adequate safety measures to protect the all-important data. We all know about the Data Protection Bill in the anvil to address the matter yet to see the day of light. Even so, data theft cases are on the rise.
- Now, an interim report by an Andhra Pradesh assembly committee tasked to probe allegations of data theft by the erstwhile TDP government has concluded that the rights of citizens had been infringed. The report says personal information, including political affiliations, had been mined through the Seva Mitra Expectedly, TDP has refuted the conclusions and the final word on the issue hasn’t yet been said. Regardless, these developments are relevant to the new iteration of the Personal Data Protection Bill, which is expected to be introduced in the Parliament’s budget session. We know how the iteration-before-this was introduced in Parliament in December 2019 and withdrawn last month.
PC: Scroll Staff
- Of course, the touchstone for a personal data protection law is the 2017 Supreme Court judgment that held privacy to be a fundamental right. It follows that any exemption has to be narrowly tailored. Viewed in this context, the last personal data protection bill had a design flaw carving out large areas of exemptions for the state and its agencies, departing from the 2017 SC verdict. Against the backdrop of the Andhra development, the new bill must close the loopholes that existed in the 2019 effort. To illustrate, Section 12 of the bill’s last version gives the state the right to process personal data without consent to carry out a range of functions, including the provision of some service or benefit.
- The open-ended nature of this section is wholly inconsistent with the 2017 court verdict. It’s underpinned by an implicit assumption that agencies of the state have no incentive to violate privacy removing all restraints in the interest of the sovereignty, security, public order, etc. Note that this segment is so loosely worded that GOI has the power to carve out an exemption from the entire personal data protection law for any of its agencies. Indeed, the right to privacy is not absolute but exemptions need to be narrowly defined and subject to tight checks and balances in the next data protection bill. Hopefully, the envisaged bill will ensure the same.