Parliamentary panel finalises report on data bill, Opp dissents
A 30-member joint parliamentary committee on Monday finalised its report on the contentious Personal Data Protection Bill 2019 after tossing out amendments proposed by Opposition members that were designed to stymie the government and its agencies from overriding an individual’s right of consent before processing his personal data.
The committee decided to retain all the draconian and objectionable elements in the original bill which seeks to treat the government and its agencies as a privileged class on the presumption that they always act in the public interest and, in effect, treated an individual’s privacy concerns as secondary.
Seven members of Opposition, including Congress MPs Jairam Ramesh and Manish Tewari and Trinamul legislators Derek O’Brien and Mahua Moitra, submitted dissent notes in protest at the way the government had made short work of data privacy concerns.
The Opposition’s main objection was directed at Section 35 of the Bill which empowers the government to exempt federal agencies from the application of the data protection law in the interest of “sovereignty and integrity of India, security of the state, friendly relations with foreign countries and public order”.
“Section 35 gives almost unbridled powers to the central government to exempt any government agency from the entire Act itself. Under the amendment I had suggested, the central government would have had to get parliamentary approval before exempting any of its agencies from the purview of the law,” Ramesh said.
“I don’t agree with the fundamental design of the proposed legislation. It will not stand the test of law,” Tewari said.
The Trinamul MPs described the bill as “Orwellian” and were deeply concerned about the government arrogating to itself the right to control the Data Protection Authority (DPA), which is supposed to oversee the implementation of the protections provided in the bill.
The DPA was supposed to act independently, without interference from anyone.
According to the Trinamul MPs, the problem begins with the selection process for the members and chairperson of the DPA, which has heavy involvement of the central government under Clause 42.
The committee has recommended that the DPA be bound by the directions of the central government in all instances and not just on questions of policy.
“This would affect the independent functioning of the DPA. We strongly oppose these recommendations,” the Trinamul legislators said.
O’Brien and Moitra added that they opposed the bill because it lacked adequate safeguards to protect the right to privacy of data.
Ramesh also objected to section 12(a)(1) of the bill, which grants the government and its agencies the power to override an individual’s right to consent over the processing of his data when the state provides “any service or benefit” to the individual.
“I had suggested some changes to make this exemption less sweeping and less automatic,” Ramesh said.
He also objected to the disparity between private companies and government agencies when it came to processing an individual’s data.
“The JPC’s report allows a period of two years for private companies to migrate to the new data protection regime but the government and its agencies have no such stipulation,” Ramesh said.
He wrote in his dissent note: “The bill assumes that the constitutional right to privacy arises only where operations and activities of private companies are concerned. Governments and government agencies are treated as a separate privileged class whose operations and activities are always in the public interest and individual privacy considerations are secondary. The idea that the August 2017 Puttaswamy judgment of the Supreme Court is relevant only for a very, very, very tiny section of the Indian population is deeply flawed and troubling and is one that I totally reject.”
Tewari said in his dissent note: “The bill creates two parallel universes — one for the private sector where it would apply with full rigour and one for government where it is riddled with exemptions, carve-outs and escape clauses.”
Cyber law experts said that if the government passed the bill in its present form, it would be contested in court.
N.S. Nappinai, Supreme Court advocate and founder of Cyber Saathi, said: “Exemptions from the application of the data protection law to government agencies was ring-fenced with the need for a Parliament-enacted law under the 2018 draft. This was already diluted under the 2019 draft. Retention, if any, in the JPC draft would be a substantial solution of the intent and purpose of the enactment. In any event, excessive vesting of the process of exemptions on the executive is bound to not only face flak but may also be contested in court.”