<p class="bodytext">The Digital Data Protection Bill, passed by the Lok Sabha, has gone through many iterations, but still falls short on many important grounds. The focus of the bill seems to be how to use the personal data of individuals, and not how to protect it. Exemptions therefore become more important than provisions that protect personal data. The purpose of the bill should be protection, as its description signifies, and to ensure that the personal data of an individual may be processed by another person or entity for a lawful purpose, and only with the individual’s consent and for legitimate uses. The provisions for such protection are weakened by the exemptions the government has granted to itself and its agencies. The bill allows the State to collect and process data without judicial checks or parliamentary regulation. The data thus collected could be used for surveillance and monitoring of citizens’ lives.</p>.Digital Personal Data Protection Bill | Why RTI activists are worried.<p class="bodytext">According to the bill, there is no need to obtain consent from data principals — those who own the data — for purposes of providing State benefits, subsidies, licences, etc. This compromises the basic idea of data protection -- that data collected for one purpose should be used only for that. It becomes difficult to take legal action against the government for compromising one’s personal data because it covers itself in ‘good faith’. The bill also allows the government to notify certain persons or entities that will not need to seek prior consent from individuals before processing their data. This is done on the grounds that the government may need help from outside to process large volumes of data and hence may have to hire such agencies. But this is against the need to maintain confidentiality of personal data and the right to privacy.</p>.<p class="bodytext">The bill does not provide for an independent regulator who will protect the interests of individuals. The proposed Data Protection Board will be an entity whose members will be appointed and can be removed by the government, which will also determine the terms and conditions of their service. The bill will deal a deadly blow to the Right to Information Act, which has already been weakened by a number of government decisions. It has amended the RTI Act to allow denial of all personal information by public authorities even if that information is of public interest. The government has said that this is because people in public life or holding public positions have a fundamental right to privacy. Ironically, this respect for the right to privacy of government officials does not extend to the ordinary individuals’ right to privacy.</p>
<p class="bodytext">The Digital Data Protection Bill, passed by the Lok Sabha, has gone through many iterations, but still falls short on many important grounds. The focus of the bill seems to be how to use the personal data of individuals, and not how to protect it. Exemptions therefore become more important than provisions that protect personal data. The purpose of the bill should be protection, as its description signifies, and to ensure that the personal data of an individual may be processed by another person or entity for a lawful purpose, and only with the individual’s consent and for legitimate uses. The provisions for such protection are weakened by the exemptions the government has granted to itself and its agencies. The bill allows the State to collect and process data without judicial checks or parliamentary regulation. The data thus collected could be used for surveillance and monitoring of citizens’ lives.</p>.Digital Personal Data Protection Bill | Why RTI activists are worried.<p class="bodytext">According to the bill, there is no need to obtain consent from data principals — those who own the data — for purposes of providing State benefits, subsidies, licences, etc. This compromises the basic idea of data protection -- that data collected for one purpose should be used only for that. It becomes difficult to take legal action against the government for compromising one’s personal data because it covers itself in ‘good faith’. The bill also allows the government to notify certain persons or entities that will not need to seek prior consent from individuals before processing their data. This is done on the grounds that the government may need help from outside to process large volumes of data and hence may have to hire such agencies. But this is against the need to maintain confidentiality of personal data and the right to privacy.</p>.<p class="bodytext">The bill does not provide for an independent regulator who will protect the interests of individuals. The proposed Data Protection Board will be an entity whose members will be appointed and can be removed by the government, which will also determine the terms and conditions of their service. The bill will deal a deadly blow to the Right to Information Act, which has already been weakened by a number of government decisions. It has amended the RTI Act to allow denial of all personal information by public authorities even if that information is of public interest. The government has said that this is because people in public life or holding public positions have a fundamental right to privacy. Ironically, this respect for the right to privacy of government officials does not extend to the ordinary individuals’ right to privacy.</p>