Years after it was supposed to bring in such a law, Prime Minister Narendra Modi’s government this week introduced in Parliament a Personal Data Protection Bill, meant to preserve the privacy of Indian citizens much like the GDPR rules in Europe. Rather than rush the bill through Parliament, the government quickly moved to send the legislation to a committee where it will be examined by members from various parties.
Considering the Bharatiya Janata Party’s tendency to bulldoze bills through Parliament, this sounds like a more magnanimous approach. It is not. The draft that formed the original basis for this bill was released by the Justice Srikrishna Committee more than a year ago. For a year there was almost no clarity on what was being done with the proposed legislation.
The government invited comments on the draft, and received hundreds of suggestions, but did not make those public. It cleared the current bill in the Cabinet last week, but again, did not make the bill itself public. The proposed law finally leaked out in the press after the government began circulating it among Members of Parliament, a day before it was tabled in the Lok Sabha.
There is a standing committee in Parliament meant specifically to deal with matters like this. The committee is headed by Shashi Tharoor, an Opposition politician, which means that it is likely to be a better forum to raise questions compared to panels headed by BJP members.
The same day that the government introduced the Personal Data Protection Bill in the Lok Sabha, it moved to send the law to a panel – but not this standing committee. Instead, it called for the law to go to a “select committee”, that would feature members from both houses and be headed by a BJP MP. Because of its brute majority in the Lok Sabha, this move was successful.
Hiding in shadows
Why all the cloak-and-dagger moves from the BJP? This is a bill meant to protect the privacy of Indian citizens. Remember, that is a fundamental right that the BJP told the Supreme Court did not exist. Its proposed version of the law makes some extremely significant departures from the draft put out by the Srikrishna Committee last year, most distressingly in the leeway it gives government.
Though even last year’s draft gave the government plenty of power to access personal data, it still required any such moves to at least be “necessary and proportionate”, as per the Supreme Court’s understanding of the right to privacy. The bill in Parliament removes that test.
In fact, it even allows the government to demand that companies hand over “non-personal data” to “enable better targeting of delivery of services or formulation of evidence-based policies by the Central Government”, essentially treating data as a resource that the government has free access to.
And the members of the Data Protection Authority, which will oversee the regulation of data practices, will now only be appointed by the executive, rather than a committee including the judiciary and independent experts.
All of these changes are dangerous and give the government tremendous power to spy on citizens without oversight, prompting Justice Srikrishna himself to say that if they are passed they will enable the creation of an “Orwelian State with Big Brother snooping on us.” This explains why the government was so keen to hide the provisions of the bill, and then send it to a committee that it can more easily control.
Still, the bill is yet to be passed and it will only come up in the next Session of Parliament. It is imperative that, in the interim, the bill is examined carefully and that the public has an opportunity to tell their representatives – especially the 30 MPs on the select committee – what they think of legislation that erodes their fundamental rights.