Would the Digital Personal Data Protection (DPDP) Bill weaken the RTI Act, 2005?
DIGITAL PERSONAL DATA PROTECTION (DPDP) BILL, 2023
The Digital Personal Data Protection (DPDP) Bill, 2023 has been introduced in the Lok Sabha on August 03, 2023. Readers may recall that the draft Bill was placed in the public domain towards the end of the last year calling for comments from the public. The details of the suggestions received, the ensuing discussions and the reasons for accepting the suggestions (if any) or denying them is yet to be put up in the public domain. With “Data” achieving the status of the new gold, the importance of safety of personal data is not disputed.
Both - Privacy and Right to Information - are important for the society and a fine balance between the two is imperative for a functional democracy. A definite legal definition of “privacy” is not available but is commonly perceived as a human right enjoyed by every human being by virtue of his or her existence. Article 12 of the Universal Declaration of Human Rights, 1948 and Article 17 of the International Covenant on Civil and Political Rights (ICCPR), 1966, provides protection against “arbitrary interference” with an individual’s privacy, family, home, correspondence, honour and reputation. In the absence of uniformity, the right to privacy is determined on a case-by-case basis though many aspects are universal.
The Supreme Court in the writ petition of Justice K.S Puttaswamy & Another v. Union of India and Others [Writ Petition (civil) No. 494 of 2012], on 24 August, 2017 unanimously ruled that privacy is a fundamental right. It was held that the right to privacy is protected as an intrinsic part of the right to life and personal liberty under Article 21 of the Constitution and is subject to reasonable restrictions.
The DPDP Bill requires entities that collect personal data - called data fiduciaries - to maintain the accuracy of data, keep data secure, and delete data once their purpose has been met. An effective data protection law must limit discretionary powers to the government, lest it leads to violation of Citizen’s privacy, especially as the government is the largest repository of data. The DPDP Bill, 2022, empowers the executive to draft rules and notifications on a vast range of issues thus raising the fear of issuing a notification to exempt any entity from the application of provisions of the law. It is vital that the oversight body set up under the legislation be independent and have sufficient powers to act on violations of the law by private or government entities.
SEQUENCE OF EVENTS
2012 - Justice AP Shah Report on Privacy said, “The Privacy Act should clarify that publication of personal data … in public interest, use of personal information for household purposes, and disclosure of information as required by the Right to Information Act should not constitute an infringement of Privacy.”
2018 - Justice Srikrishna Committee recommended an amendment to Section 8(1)(j) Notwithstanding anything contained in this Act, there shall be no obligation to give any citizen, information which relates to personal information the disclosure of which has no relationship to any public activity or interest, or which would cause unwarranted invasion of the privacy of the individual unless the Central Public Information Officer or the State Public Information Officer or the appellate authority, as the case may be, is satisfied that the larger public interest justifies the disclosure of such information: Provided that the information which cannot be denied to the Parliament or a State Legislature shall not be denied to any person. to allow for the disclosure of personal information, subject to fulfilment of following principles:
“(a) the personal data relates to a function, action or any other activity of the public authority in which transparency is required to be maintained having regard to larger public interest in the accountability of the working of the public authority;
(b) if such disclosure is necessary to achieve the object of transparency referred to in clause (a); and
(c) any harm likely to be caused to data principal by the disclosure is outweighed by the interest of the citizen in obtaining such personal data having regard to the object of transparency referred to in clause (a).”
2019 - The Personal Data Protection Bill was introduced in Lok Sabha and the Joint Parliamentary Committee (JPC) was formed to review the Bill.
2022 - JPC proposes 81 amendments and 12 recommendations concluding the Bill.
2023 - Standing Committee on Communications and IT submitted a report to parliament on the subject of citizens’ data security and privacy. It has been criticised for being partisan to the rights of the big tech companies.
The activists are particularly livid over the changes in the Right to Information Act, 2005 which would happen in case the DPDP Bill turns into an Act in the present form. Readers may refer to the article “Impact of the Digital Personal Data Protection Bill, 2022 on the RTI Act, 2005” at: https://www.rtifoundationofindia.com/impact-digital-personal-data-protection-bill-2022
With the ruling party having a majority in the parliament, it does not require too much arithmetic to arrive at the conclusion whether the Bill could be passed as such. The time taken for the draft bill indicates that the government is also seized of the pitfalls of amending the RTI Act, 2005. It can only be wished that more sense would prevail in favour of transparency and accountability.