Question

India’s Personal Data Protection Bill, 2019 (‘Bill’) starts encouragingly, seeking to protect “the privacy of individuals relating to their personal data”. But by the end, it is clear it is not designed to deliver on the promise. For, even as it rightly requires handlers of data to abide by globally-accepted rules — about getting an individual’s consent first — it disappointingly gives wide powers to the Government to dilute any of these provisions for its agencies.

Recently, messaging platform WhatsApp said that some Indian journalists and rights activists were among those spied on using technology made by an Israeli company, which by its own admission only works for government agencies across the world.

Importantly, one of the first to raise a red flag about Bill’s problematic clauses was Justice B.N. Srikrishna, whose committee’s report forms the basis of the Bill. He has used words such as “Orwellian” and “Big Brother” in reaction to the removal of safeguards against actions of Government agencies. In its report last July, the committee noted that the dangers to privacy originate from state and non-state actors. It, therefore, called for exemptions to be “watertight”, “narrow”, and available for use in “limited circumstances”. It had also recommended that the Government bring in a law for the oversight of intelligence-gathering activities, the means by which non-consensual processing of data takes place. A related concern about the Bill is regarding the constitution of the Data Protection Authority of India (‘DPA’), which is to monitor and enforce the provisions of the Act. It will be headed by a chairperson and have not more than six whole-time members, all of whom are to be selected by a panel filled with Government nominees. This completely disregards the fact that Government agencies are also regulated under the Bill; they are major collectors and processors of data themselves. The sweeping powers the Bill gives to the Government render meaningless the gains from the landmark K.S. Puttaswamy vs. Union of India case, which culminated in the recognition that privacy is intrinsic to life and liberty, and therefore a basic right. That idea of privacy is certainly not reflected in the Bill in its current form.

The author is concerned about the constitution of the DPA under the Bill because: 

Options

• The author believes that Government agencies should not be regulated under the Bill.

• The author believes that if the members of the DPA are elected by Government nominees, the DPA will be ineffective in regulating Government agencies.

• The author believes that the DPA should be constituted of major collectors and processors of data.

• The author believes that collectors and processors of data cannot be regulated by persons who have no experience in collecting and processing data.

Answer 1

The author believes that if the members of the DPA are elected by Government nominees, the DPA will be ineffective in regulating Government agencies.

Explanation:

The correct answer is – the author believes that if the members of the DPA are elected by Government nominees, the DPA will be ineffective in regulating Government agencies. This is because the author’s concern regarding the constitution of the DPA under the Bill relates to the fact that the members of the DPA are to be elected by a panel comprising mainly Government nominees and the author doubts the ability of a body constituted of Government appointees to, in turn, regulate the actions of the Government agencies.