The Data Protection Bill, as recommended by the Joint Committee of Parliament which was tasked to scrutinise a draft bill, is deficient in meeting the demands of data secrecy and protection in some important respects. The growth in the power of governments and multinational social media organisations and the increasing vulnerability of individuals calls for a strong data protection law. In India, the Puttaswamy case judgement, which declared privacy a fundamental right, has laid the basis for it. But the bill fails in many ways to meet the expectations about it. A joint dissent note prepared by seven members of opposition parties has flagged a number of deficiencies in the bill and placed on record their concerns over them.
The most notable flaw in the bill is the liberal regime of exemptions that it provides to government agencies from the working of the bill. Section 35 gives the government blanket powers to exempt its agencies from the application of the provisions of the bill on grounds like national sovereignty and public order. Section 12(a)(i) allows it to collect personal data without the informed consent and approval of individuals. Some definitions in the bill are vague. Public order, for example, can be interpreted in different ways. Another flaw is that the chairperson and members of the Data Protection Authority to be set up under the law to protect the interests of data principals will be selected by the government. A committee appointed by the government will be controlled by it. It will not be able to do its job fairly and convincingly because, in many cases of privacy violations and misuse of data, the government is likely to be the culprit. Though the bill is about personal data, the way the committee has framed it, the law has an expanded scope and includes non-personal data, too. There are other concerns too, like the choice given to the authority in alerting individuals about any data breach.
Another significant proposal is to treat social media platforms as publishers, and require them to mandatorily verify users and to be made liable for posts by unverified accounts. A lot of stress has been made on the need for data localisation and to keep the data pertaining to the country and its citizens within the country. While there is merit in this, it is also true that the biggest threat to privacy and personal data is from within the country and from the government. The many controversies over misuse of personal data and surveillance of citizens show this. A defective and flawed data protection law will do more harm than no law because it will make violations of privacy and surveillance legal and deny citizens recourse to legal remedy.
Watch the latest DH Videos here:
Deccan Herald is on WhatsApp Channels| Join now for Breaking News & Editor's Picks