Digital Personal Data Protection (DPDP) Bill
Context:
The recent uproar saw Opposition members storming out of a Parliamentary Standing Committee meeting, brandishing dissent notes, crying foul over the lack of transparency in the adoption of the Digital Personal Data Protection (DPDP) Bill.
Relevance:
GS – 02 (Government Policies & Interventions)
GS – 03(Cyber Security) (IT & Computers)
Prelims:
- Digital Personal Data Protection Bill
- Right to Privacy
- Puttaswamy Judgement
- Data Protection Laws of Other Nations
Mains Question:
Q. Elucidate the potential implications of the Digital Personal Data Protection (DPDP) Bill on India’s information regime and its citizens. Discuss the significance of safeguarding both the right to information and the right to privacy in this context. (Word limit: 250)
Significance:
- The Digital Personal Data Protection Bill introduces significant concessions on cross-border data flows, departing from the previous contentious requirement of local data storage within India’s borders.
- The Bill adopts a relatively softer stand on data localization, allowing for data transfer to specific global destinations, potentially fostering country-to-country trade agreements.
- It addresses a crucial aspect missing in the previous PDP Bill of 2019 by recognizing the data principal’s right to postmortem privacy (Withdraw Consent), as recommended by the Joint Parliamentary Committee (JPC).
- The new Bill holds the promise of enhancing data protection measures in the digital era, offering potential safeguards for individuals’ data privacy rights.
- These provisions and departures within the Digital Personal Data Protection Bill highlight its significance in shaping data protection policies and regulations in India, with potential implications for the nation’s digital ecosystem and international data exchange.
Dimensions of the article:
- The Conundrum of Data Protection vis-a-vis Right to Information (RTI) Act
- The Empowerment of the Marginalized
- Balancing Transparency and Privacy
- The Pandora’s Box of Discretionary Powers
- The problem of Autonomy
The Conundrum of Data Protection vis-a-vis Right to Information (RTI) Act
- The Data Protection Bill of 2022 carries an intriguing provision – an amendment to the venerable Right to Information (RTI) Act, an empowering statute that has bestowed countless Indian citizens with the gift of knowledge since its inception in 2005.
- A democracy thrives on the wisdom of its people, and to hold their governments accountable, unfettered access to information, including various facets of personal data, becomes a sine qua non.
- In the annals of jurisprudence, the Indian Supreme Court has unequivocally declared that the right to know extends to disclosing the identities of willful defaulters and the intricate details of Non-Performing Assets (NPAs) in public sector banks.
- What’s more, the democratic fabric mandates public disclosure of voter lists, replete with personal information, to thwart electoral malfeasance.
The Empowerment of the Marginalized
- The practical use of the RTI Act has lucidly demonstrated that access to granular information remains the elixir for the masses, particularly the impoverished and marginalized strata of society.
- Navigating the labyrinth of government schemes and welfare programs necessitates access to pertinent, nitty-gritty details. As an illustration, the Public Distribution System (PDS) Control Order recognizes the indispensable need to divulge ration card holders’ particulars and ration shop records, for public scrutiny and social audits, to ensure the efficacy of PDS.
Balancing Transparency and Privacy
- The RTI Act judiciously maintains a delicate equilibrium between the citizen’s right to information and the sacred sphere of privacy.
- Section 8(1)(j) ingeniously exempts the disclosure of personal information if it bears no relation to any public activity or public interest, and if divulging it would unduly encroach upon privacy, devoid of any larger public interest.
- The pursuit of a data protection law does not necessitate tinkering with the existing RTI law, as the sagacious Justice A.P. Shah Report on Privacy aptly notes. However, the enigmatic DPDP Bill of 2022 seeks to expand the scope of Section 8(1)(j) by exempting all personal information, imperiling the bedrock of transparency and accountability in the nation.
The Pandora’s Box of Discretionary Powers
- To curb the misuse of personal data, especially for financial fraud, an effective data protection law must not grant unbridled discretionary powers to the government. Regrettably, the DPDP Bill, 2022, opens the floodgates of executive dominion by bestowing the government with the authority to draft rules and notifications ad infinitum.
- The government’s sweeping prerogative to exempt any entity, public or private, from the law’s provisions through mere notifications breeds the potential for unjustified privacy violations.
- Will the government favor its cronies and grant immunity to institutions such as the Unique Identification Authority of India (UIDAI)?- The specter of arbitrary exemptions looms large, while smaller non-governmental organizations, research bodies, and opposition parties scramble to comply with onerous data fiduciary obligations.
The problem of Autonomy
- For the DPDP Bill to effectively safeguard personal data, a robust oversight body with unequivocal independence must be enshrined. And the draft Bill falters on this front, for it lacks even a pretense of ensuring autonomy for the Data Protection Board – the very bastion of law enforcement.
- The tentacles of government control spreads through every crevice of the institution, with the central government retaining absolute discretion over the board’s composition, strength, and the appointment and removal of its chairperson and members.
- A board under government’s direct thumb, armed with the power to impose fines up to ₹500 crore, raises grave concerns of it metamorphosing into a caged parrot, ripe for misuse against political adversaries and critics of government policies.
Way Forward:
- The impending enactment of the DPDP Bill necessitates swift redressal of these pressing concerns.
- The stealthy passage of Bills without substantive debate or discussion in the Parliament portends a future where citizens relinquish their democratic right to information, relinquishing the power to hold the mighty accountable.
Conclusion
The DPDP Bill stands at the crossroads, its destiny entwined with the fate of the nation’s transparency and privacy ethos. A prudent approach to data protection is a delicate dance between safeguarding citizens’ rights and curbing abuse. Striking the right balance calls for a law that stands the test of time, fortifying the tenets of democracy and empowering the people with knowledge. To protect the people’s democratic rights, the government must heed the clarion call for change, lest history repeats itself in the throes of data protection enigma.
