Data Protection Law Right

While the version of the Digital Personal Data Protection Bill that received the cabinet nod is not in the public domain, it is imperative to ensure that the law does not suffer from the pitfalls that the previous draft had.

Digital Personal Data Protection (DPDP) Bill is set to be introduced during the upcoming Monsoon Session of parliament for consideration and passage.

The draft of the Bill, circulated for consultation by the Ministry of Electronics and Information Technology (MeitY) in November 2022, was fraught with problems and was criticised both by transparency activists and those campaigning for the right to privacy.

First, the law must not dilute the provisions of the Right to Information (RTI) Act, which has empowered millions of Indian citizens since its enactment in 2005.

To effectively hold their governments accountable in a democracy, people need access to information, including various categories of personal data.

For example, the Supreme Court has held that citizens have a right to know the names of wilful defaulters and details of non-performing assets (NPAs) of public sector banks. Democracies routinely ensure public disclosure of voters’ lists with names, addresses, and other personal data to enable public scrutiny and prevent electoral fraud.

Experience of the use of the RTI Act in India has shown that if people, especially the poor and marginalised, are to have any hope of obtaining the benefits of government schemes and welfare programmes, they must have access to relevant, granular information.

For instance, the Public Distribution System (PDS) Control Order recognises the need for putting the details of ration card holders and records of ration shops in the public domain to enable public scrutiny and social audits of the PDS. In the absence of such publicly accessible personal data, it is impossible for intended beneficiaries to access their rightful entitlement of food grains.

To protect peoples’ right to privacy, the RTI Act includes an exemption clause under section 8(1)(j).

In order to invoke this section to deny personal information, at least one of the following grounds has to be proven: the information sought has no relationship to any public activity or has no relationship to any public interest; or the information sought is such that it would cause unwarranted invasion of privacy and the information officer is satisfied that there is no larger public interest that justifies disclosure.

The Data Protection Bill of 2022 includes a provision to amend section 8(1)(j) to expand its purview and exempt all personal information from the ambit of the RTI Act!

This would be a huge blow to the transparency regime in the country.

Dr. Deepak Kumar Sahu, President & CEO, VARINDIA