New provisions in the Personal Data Protection Bill that allow wide exemptions to government agencies can be challenged in court, according to one of its main architects. The proposed law, currently being perused by a joint committee of Parliament, can be deemed constitutionally invalid, as it does not adhere to the Supreme Court’s 2017 judgment on the right to privacy, said Justice BN Srikrishna.
The former Supreme Court judge, who led the committee that drafted the Bill, said he has written to the parliamentary committee highlighting concerns about the changes proposed by the government.
“There are grounds (on which) it can be challenged,” he told ET on the sidelines of a legal conference in Bengaluru on Thursday.
The original draft submitted by the Justice Srikrishna-led committee in 2018 had explicitly stated that no data should be collected by the government unless it was authorised pursuant to law passed in Parliament.
But the Bill presented to lawmakers in December by the government empowers the Centre to exempt any of its agencies from purview of the Act.
“The argument is that fundamental rights cannot be infringed upon… the law has to be constitutionally valid, which it won’t be, because it does not adhere to the Puttaswamy judgment,” said Justice Srikrishna.
The SC ruling on the right to privacy, which came on a petition filed by former Karnataka High Court judge KS Puttaswamy, requires governments to declare the specific objective for collecting personal data, the authorities ordering it and the procedures that will be followed.
Privacy Experts Irked over DPA
The personal data protection Bill — which has been in the works for over two years now — is meant to change the way technology companies and governments collect, process and store personal data. Rights activists contend that the new provisions introduced by the government enhance surveillance powers and give the State overarching authority to access personal data.
The proposed structure of the Data Protection Authority (DPA) that places it under the control of the government has also irked privacy experts.
Originally, independent stakeholders were to hold office in the proposed DPA. But, the new proposal mandates only government nominees to hold office.
“The new bill has weakened the independence of the DPA, which has to equally monitor the government and the citizens. You can’t put a thief in charge of security,” Srikrishna said. “The ideal thing would be that DPA become a constitutional authority like the Election Commission or the Courts,” he said.
OTHER CONCERNS
Srikrishna also added that the inclusion of non-personal data in the Personal Data Protection Bill is dangerous.
Non-personal data is anonymised community data that is difficult to trace back to individuals. It includes weather data, ecommerce shopping data, traffic and food delivery data, for instance.
The new bill says the Central Government can direct any company to provide it with anonymised personal or non-personal data for policy formulation for better delivery of services. Through this clause, the government can access all business data, including data on intellectual property, business strategy and mergers & acquisitions, Srikrishna pointed out.
“Non-personal data needs a separate law. The government has sneaked it in this bill. In the universe of data, there is personal data, and then everything else is non-personal data,” he said.
Leave a Reply