News & Analysis

Data Protection Act: Citizen Privacy is Supreme

Central minister seeks to assuage lingering doubts about the possibility of government agencies violating privacy rights of citizens

Ever since the government brought in the Data Protection Bill some months ago, there has been an ongoing conversation about citizens’ privacy rights. Having since withdrawn the Bill and presented a new one, the authorities haven’t exactly quelled these doubts. Now the Minister of State for Electronics and IT Rajeev Chandrasekhar is making a renewed effort. 


Speaking at a discussion on the National Data Governance Framework Policy, Chandrasekhar says there are enough provisions whereby the government won’t be able to violate citizens’ privacy under the proposed law. Because the government would get access to personal data only in exceptional circumstances such as national security, pandemic and natural disasters. 


While the statement itself is welcome, doomsday predictors may continue to raise the question as to what constitutes national security. Be that as it may, the minister was unequivocal that on such matters, the proposed Data Protection Board would adjudicate on such matters. It would comprise independent members with no government representative being present. 


There’s the question of anonymous data

The minister even gave a use case of Twitter Live sessions where, he said the Bill clearly lays out that only in the specific circumstances related to national security, pandemic, healthcare or natural disasters, can it seek access to citizens’ private data. “These are exceptions… just like freedom of speech is not absolute and is subject to reasonable restrictions, so is the right to data protection,” Chandrasekhar said. 


However, questions continue to linger. The Draft Bill exempts certain entities notified as data fiduciaries by the government. These do not fall under the compliance procedures such as informing an individual about the purpose of data collection, children’s data, risk assessment around public order, and appointment of a data auditor.  


These notified fiduciaries are exempt from sharing details of data processing with the owners of such data under the Right to Information about personal data carried in the Bill. “In other words, your data might be under review but the government can conveniently invoke one of the above provisions and not inform you about the invasion of your privacy,” says a cyber expert. 


However, on its part the government also has a point on this situation. They believe that in some cases informing a citizen about such a data audit could put paid to any surveillance around national security that security agencies might have put in place. “This is like telling someone that they’re being followed, which automatically would make them walk the straight path,” says an official of the Ministry of IT. 


Another key element that is facing some flak relates to the provisions in the Bill about individuals posting unverified or wrong information with data handling entities. Opponents believe that this could deter data anonymity on the internet, especially on social media. However, the minister holds the view that the National Data Governance Framework provides for dealing with such anonymous data, and has no direct link to the Data Protection Bill. 


The minister confirmed that matters related to anonymous data and standards would be defined under the India Data Management Office (IDMO) under his Ministry and there would be conversations about the non-personal data framework before the launch of the IDMO. 

Leave a Response