<p>The Union government tabled the Digital Personal Data Protection Bill, 2023 (DPDP Bill), in the Lok Sabha on Thursday. The DPDP Bill is ostensibly meant to give effect to personal data privacy rights, which are an integral part of our fundamental right to life. While recognising people’s right to know why and how their personal data will be collected, processed and used, and get any errors corrected or have one’s personal data erased forever, the bill prescribes a detailed compliance framework for entities which handle such data. A breach of this law would attract penalty up to a maximum of Rs 250 crore to be imposed by a Data Protection Authority that the Union government will set up. But wait – it is mostly applicable only to private entities with whom we share data. As for the personal data we share with government, it has taken large liberties to exempt itself and its agencies from the provisions of the bill. </p>.<p>There are many more criticisms of the bill as many have pointed out, but let me focus here on just one thing: The DPDP Bill also proposes to amend the Right to Information (RTI) Act to make all personal data about individuals – which, in this case, would mean government officials and ministers -- exempt from disclosure in answers to RTI applications! The strong legal and evidence-based arguments which the community of transparency and accountability advocates presented against this move during the public consultation process have, it turns out, simply been ignored. </p>.<p><strong>Also Read: <a href="https://www.deccanherald.com/opinion/first-edit/don-t-subvert-rti-by-intent-or-neglect-1222255.html">Don’t subvert RTI, by intent or neglect</a></strong></p>.<p>In 2006, within a year of passing the RTI Act, the then government had drafted a proposal to deny access to file notings -- those parts of a sarkari file which contain the advice and words of caution recorded by public servants involved in governmental decision-making. Even the names of the bureaucrats involved in the internal deliberations of every public office -- from gram panchayat to Rashtrapati Bhavan -- were sought to be hidden from citizens who had by then already begun to employ the law in novel ways to demand institutional and individual accountability for government decisions. The then government was forced to withdraw these proposals in the face of massive opposition from civil society, the mass media and political parties, including the BJP.</p>.<p>Cut to 2023, the BJP government at the Centre hopes to achieve the same effect – namely, to take away the bite of the transparency law and defeat its very purpose -- through the proposed RTI amendment in the DPDP Bill. </p>.<p>The proposed RTI amendment makes little sense when examined within the DPDP Bill’s overall framework. The government has anyway already included multiple provisions to insulate itself from most of the data protection obligations under the pretext of protecting national security, managing foreign relations, maintaining public order, and even preventing crime. So, why has it become necessary to amend the RTI, too?</p>.<p>And the mystery of the intent behind it continues as you read the details. The DPDP Bill itself covers only personal information that is held in digital form. The data protection framework proposed does not apply to personal information recorded on paper. However, the proposed RTI amendment will apply to paper-based personal information also!</p>.<p>This retrograde amendment is being pushed through despite sage advice received from legal and technical experts. The Justice A P Shah Committee had specifically recommended in 2012 against using a data protection law to exempt personal information that is accessible under the RTI Act. In 2018, the Justice Srikrishna Committee recommended an amendment of the RTI Act only to prevent disclosure of personal information if that would cause grave mental or bodily harm, loss of property or reputation, theft of identity, discriminatory treatment, or open up the individual to blackmail or extortion. The Joint Parliamentary Committee, comprising MPs of both the BJP/NDA and the Opposition, did not even contemplate any amendment to the RTI Act in its report on the 2019 version of the data protection bill. A few days ago, the Standing Committee on Communications and IT submitted a report to parliament on the subject of citizens’ data security and privacy. Committee Members from the Opposition have publicly criticised the government for keeping them in the dark about the contents of the DPDP Bill.</p>.<p><strong>Also Read: <a href="https://www.deccanherald.com/state/top-karnataka-stories/activists-express-concern-over-en-masse-dismissal-of-rti-appeals-1234290.html">Activists express concern over en masse dismissal of RTI appeals</a></strong></p>.<p>Perhaps the worst part of the proposed RTI amendment will be the removal of the litmus test for disclosure spelt out in the RTI Act -- i.e., information which cannot be denied to MPs or MLAs should not be denied to the citizens who elect them. This basic democratic principle, which reduces the power imbalance between the governed and those who govern, will be consigned to the dustbin. The Parliamentary Committee report does not bother to explain why this is necessary.</p>.<p>There’s more. The draft bill shared during the public consultation process excluded digital records of things that transpired more than a hundred years ago from the data protection framework. The DPDP Bill drops this provision. So, we may not get access to any personal information, including names of people contained in digital archives held across the country, even if they are long dead.</p>.<p>If all this were not enough, the DPDP Bill then seeks to penalise us to whom the data belongs -- Data Principals -- if we fail in our duties, which it lists out. We are required to comply with all applicable laws while exercising our data protection rights. If we give incomplete information even by mistake or fail to provide proof of identity or address to the government or file a complaint about breach of our data privacy which is later found to be false, we may be fined up to Rs 10,000!</p>.<p>Is it not ironic that the government wants us citizens and our data to be completely transparent and honest to it (even in the name of protecting our own privacy rights), while the government writes for itself complete exemption from the requirement to be transparent to citizens, including by amending even the RTI Act? You decide and speak up.</p>.<p><span><em>(The writer is Director, Commonwealth Human Rights Initiative, New Delhi. Views are personal)</em></span></p>
<p>The Union government tabled the Digital Personal Data Protection Bill, 2023 (DPDP Bill), in the Lok Sabha on Thursday. The DPDP Bill is ostensibly meant to give effect to personal data privacy rights, which are an integral part of our fundamental right to life. While recognising people’s right to know why and how their personal data will be collected, processed and used, and get any errors corrected or have one’s personal data erased forever, the bill prescribes a detailed compliance framework for entities which handle such data. A breach of this law would attract penalty up to a maximum of Rs 250 crore to be imposed by a Data Protection Authority that the Union government will set up. But wait – it is mostly applicable only to private entities with whom we share data. As for the personal data we share with government, it has taken large liberties to exempt itself and its agencies from the provisions of the bill. </p>.<p>There are many more criticisms of the bill as many have pointed out, but let me focus here on just one thing: The DPDP Bill also proposes to amend the Right to Information (RTI) Act to make all personal data about individuals – which, in this case, would mean government officials and ministers -- exempt from disclosure in answers to RTI applications! The strong legal and evidence-based arguments which the community of transparency and accountability advocates presented against this move during the public consultation process have, it turns out, simply been ignored. </p>.<p><strong>Also Read: <a href="https://www.deccanherald.com/opinion/first-edit/don-t-subvert-rti-by-intent-or-neglect-1222255.html">Don’t subvert RTI, by intent or neglect</a></strong></p>.<p>In 2006, within a year of passing the RTI Act, the then government had drafted a proposal to deny access to file notings -- those parts of a sarkari file which contain the advice and words of caution recorded by public servants involved in governmental decision-making. Even the names of the bureaucrats involved in the internal deliberations of every public office -- from gram panchayat to Rashtrapati Bhavan -- were sought to be hidden from citizens who had by then already begun to employ the law in novel ways to demand institutional and individual accountability for government decisions. The then government was forced to withdraw these proposals in the face of massive opposition from civil society, the mass media and political parties, including the BJP.</p>.<p>Cut to 2023, the BJP government at the Centre hopes to achieve the same effect – namely, to take away the bite of the transparency law and defeat its very purpose -- through the proposed RTI amendment in the DPDP Bill. </p>.<p>The proposed RTI amendment makes little sense when examined within the DPDP Bill’s overall framework. The government has anyway already included multiple provisions to insulate itself from most of the data protection obligations under the pretext of protecting national security, managing foreign relations, maintaining public order, and even preventing crime. So, why has it become necessary to amend the RTI, too?</p>.<p>And the mystery of the intent behind it continues as you read the details. The DPDP Bill itself covers only personal information that is held in digital form. The data protection framework proposed does not apply to personal information recorded on paper. However, the proposed RTI amendment will apply to paper-based personal information also!</p>.<p>This retrograde amendment is being pushed through despite sage advice received from legal and technical experts. The Justice A P Shah Committee had specifically recommended in 2012 against using a data protection law to exempt personal information that is accessible under the RTI Act. In 2018, the Justice Srikrishna Committee recommended an amendment of the RTI Act only to prevent disclosure of personal information if that would cause grave mental or bodily harm, loss of property or reputation, theft of identity, discriminatory treatment, or open up the individual to blackmail or extortion. The Joint Parliamentary Committee, comprising MPs of both the BJP/NDA and the Opposition, did not even contemplate any amendment to the RTI Act in its report on the 2019 version of the data protection bill. A few days ago, the Standing Committee on Communications and IT submitted a report to parliament on the subject of citizens’ data security and privacy. Committee Members from the Opposition have publicly criticised the government for keeping them in the dark about the contents of the DPDP Bill.</p>.<p><strong>Also Read: <a href="https://www.deccanherald.com/state/top-karnataka-stories/activists-express-concern-over-en-masse-dismissal-of-rti-appeals-1234290.html">Activists express concern over en masse dismissal of RTI appeals</a></strong></p>.<p>Perhaps the worst part of the proposed RTI amendment will be the removal of the litmus test for disclosure spelt out in the RTI Act -- i.e., information which cannot be denied to MPs or MLAs should not be denied to the citizens who elect them. This basic democratic principle, which reduces the power imbalance between the governed and those who govern, will be consigned to the dustbin. The Parliamentary Committee report does not bother to explain why this is necessary.</p>.<p>There’s more. The draft bill shared during the public consultation process excluded digital records of things that transpired more than a hundred years ago from the data protection framework. The DPDP Bill drops this provision. So, we may not get access to any personal information, including names of people contained in digital archives held across the country, even if they are long dead.</p>.<p>If all this were not enough, the DPDP Bill then seeks to penalise us to whom the data belongs -- Data Principals -- if we fail in our duties, which it lists out. We are required to comply with all applicable laws while exercising our data protection rights. If we give incomplete information even by mistake or fail to provide proof of identity or address to the government or file a complaint about breach of our data privacy which is later found to be false, we may be fined up to Rs 10,000!</p>.<p>Is it not ironic that the government wants us citizens and our data to be completely transparent and honest to it (even in the name of protecting our own privacy rights), while the government writes for itself complete exemption from the requirement to be transparent to citizens, including by amending even the RTI Act? You decide and speak up.</p>.<p><span><em>(The writer is Director, Commonwealth Human Rights Initiative, New Delhi. Views are personal)</em></span></p>