Data Protection Bill: Surveillance State in making

The much-awaited Personal Data Protection Bill, 2019, introduced by the government in the Lok Sabha and subsequently referred to a joint select committee, is a dangerous Bill that seeks not to protect the privacy and personal data of citizens, but to give the government sweeping powers to access citizens’ data on the pretext of the country’s sovereignty and integrity, security and maintenance of public order. Any entity or department can be exempted by the government from the application of the data protection law at its discretion. That would mean that the nominal protection available to citizens can be taken away at will, and it makes everyone vulnerable to surveillance by the State. This will make actions like the recent snooping into the private conversations of individuals using the Pegasus software legal. The Bill ensures that the State will have control over personal data without any oversight.

The Bill is a far cry from the draft prepared by the Justice BN Srikrishna Committee. The few exemptions for government-handling of data proposed by that draft have been expanded in the Bill, and the safeguards for citizens in the draft have been done away with. The only redeeming feature of the Bill may be that it seems to provide protection to citizens from misuse of data by private companies. There are strong limits on internet or financial companies transferring an individual’s data outside the country or misusing it, and penalties for violation of the stipulations. Individuals have also been given the right to delete and correct personal data. But this is all overshadowed by the vast powers the government has given itself to intrude into people’s privacy and access personal data.

The Bill does not propose any effective system of checks and balances. The Data Protection Authority (DPA) proposed by the Srikrishna Committee was an independent body comprising persons from the executive, the judiciary and domain experts. But the Bill mandates that the DPA members should be government officials. This presents a clear case of conflict of interest and is, indeed, designed to make government control over citizens’ personal data watertight. The government has also not been very forthcoming about the Bill. It was not available for MPs for scrutiny before it was introduced in the House. The government did not want it to be examined by Parliament’s Standing Committee on Information Technology, which is led by Congress MP Shashi Tharoor, so it referred it to a select committee, whose chairman it will nominate. It is clear that the Narendra Modi government wants to use the Data Protection Bill not to ensure the privacy and security of citizens’ data, but to build an Orwellian surveillance state, which is how even Justice Srikrishna himself has described the Bill.