<p>The Union cabinet’s approval for the draft data protection bill, which has been in the making for the last six years, has paved the way for its introduction in the monsoon session of parliament. A sound data protection regime is essential at a time when data forms an important part of personal, social, financial, and other aspects of life. Legislation is needed to regulate the handling of personal data by all entities, including the State. It should lay down practices for entities that collect data, procedures for storage and processing, and rules to protect the rights of those whose data is being used. Though full details about the proposed legislation are yet to come out, available information suggests that serious concerns about some provisions in last year’s draft bill have not been addressed. </p>.<p>One major concern is about the immunity and exemptions the government has written for itself and its agencies in the use of citizens’ data. Under the proposed bill, the government will have the right to exempt “any instrumentality of the State” from adverse consequences citing national security, relations with foreign governments, and maintenance of public order. Such a blanket power the government seeks to bestow on itself on grounds that can be liberally interpreted is a prescription for misuse. The government gathers a lot of data and keeps it. It should not have such wide and untrammelled powers to use it. The bill also proposes to give the government discretionary powers in the appointment of members of the data protection board. The chief executive of the board will be appointed by the government, according to the bill. There is need for a robust and independent regulatory authority to protect the interests of citizens in the matter of data protection. It has to address grievances and complaints and ensure compliance with the law’s provisions. It should not be beholden to the government.</p>.<p>The bill may dilute the Right to Information (RTI) Act, as personal data of government functionaries is likely to be protected under it. This will make it difficult for an RTI applicant to access it even when such data is of public interest. The provision on “deemed consent” which allows government departments to assume citizens’ consent while processing personal data also has potential for misuse. There are other concerns also. Any data protection bill should ensure protection of privacy which is a fundamental right and should not compromise it. Justice B N Srikrishna (retd), who had proposed the first draft of the bill in 2018, has said that the current draft is still flawed and worse than the previous bill in important aspects. Parliament should address the concerns.</p>
<p>The Union cabinet’s approval for the draft data protection bill, which has been in the making for the last six years, has paved the way for its introduction in the monsoon session of parliament. A sound data protection regime is essential at a time when data forms an important part of personal, social, financial, and other aspects of life. Legislation is needed to regulate the handling of personal data by all entities, including the State. It should lay down practices for entities that collect data, procedures for storage and processing, and rules to protect the rights of those whose data is being used. Though full details about the proposed legislation are yet to come out, available information suggests that serious concerns about some provisions in last year’s draft bill have not been addressed. </p>.<p>One major concern is about the immunity and exemptions the government has written for itself and its agencies in the use of citizens’ data. Under the proposed bill, the government will have the right to exempt “any instrumentality of the State” from adverse consequences citing national security, relations with foreign governments, and maintenance of public order. Such a blanket power the government seeks to bestow on itself on grounds that can be liberally interpreted is a prescription for misuse. The government gathers a lot of data and keeps it. It should not have such wide and untrammelled powers to use it. The bill also proposes to give the government discretionary powers in the appointment of members of the data protection board. The chief executive of the board will be appointed by the government, according to the bill. There is need for a robust and independent regulatory authority to protect the interests of citizens in the matter of data protection. It has to address grievances and complaints and ensure compliance with the law’s provisions. It should not be beholden to the government.</p>.<p>The bill may dilute the Right to Information (RTI) Act, as personal data of government functionaries is likely to be protected under it. This will make it difficult for an RTI applicant to access it even when such data is of public interest. The provision on “deemed consent” which allows government departments to assume citizens’ consent while processing personal data also has potential for misuse. There are other concerns also. Any data protection bill should ensure protection of privacy which is a fundamental right and should not compromise it. Justice B N Srikrishna (retd), who had proposed the first draft of the bill in 2018, has said that the current draft is still flawed and worse than the previous bill in important aspects. Parliament should address the concerns.</p>