The government will be able to access personal data of citizens only under exceptional circumstances under the proposed data protection law, Union Minister of State Rajeev Chandrashekhar said on Saturday, PTI reported.

The minister of state for electronics and information technology said that the government can get such data only in situations such as those pertaining to national security concerns, pandemics and natural disasters. He added that the government will not be able to violate citizens’ privacy under the Data Protection Bill.

On November 18, the Union government released a draft of the proposed law – Digital Personal Data Protection Bill, 2022, – on its website. It has sought feedback from citizens on the draft till December 17.

The Bill puts in place regulations for all entities that deal with the personal data of citizens. It envisages the setting up of the Data Protection Board of India, which will be entrusted with ensuring compliance with the regulations and imposing penalties on violators.

While speaking about the draft Bill on Saturday, Chandrashekhar said that the right to data protection is subject to reasonable restrictions, as is the case with freedom of speech, PTI reported.

“Let us say that the government wants to essentially violate the privacy of citizens with this law,” he said. “Is it possible? That’s the question. The answer is no. The bill and laws lay out in very clear terms what are the exceptional circumstances under which the government can have access to the personal data of Indian citizens.... national security, pandemic, healthcare, natural disaster.”

The minister added that the proposed Data Protection Board will be independent and will not have any government officer. “You will not find people like me or bureaucrats sitting on the Data Protection Board,” he said. “It is important to understand that DPB is not a regulator. DPB is an adjudication mechanism to adjudicate a breach that has occurred.”

Draft law fundamentally flawed: Justice Srikrishna

However, Former Supreme Court judge BN Srikrishna said that the draft Bill is fundamentally flawed as it would allow the executive to “act capriciously and infringe on the fundamental right of privacy of personal data”, The Hindu reported on Friday. Srikrishna has led a committee that came with the first draft of the Personal Data Protection Bill.

The retired judge said the draft law released in November can exempt all government departments and institutions from its provisions. “That is a dangerous situation and clear invitation to the executive to act arbitrarily,” he said.

Srikrishna appeared to have been referring to Section 18(2) of the Bill. The provision states that the government can provide exemptions for the processing of data by “any instrumentality of the State in the interests of sovereignty and integrity of India, security of the State, friendly relations with foreign States, maintenance of public order or preventing incitement to any cognisable offence relating to any of these”.

The former Supreme Court judge said that the Data Protection Board would be “a captive of the government” under the law. “The qualifications, tenure, procedure of appointment have all been relegated to delegated legislation,” he added.

Previous version of the Bill

The Centre released the draft Bill more than three months after an earlier version of the proposed law was withdrawn.

The earlier version, the Personal Data Protection Bill, was withdrawn on August 3 after the Joint Committee of Parliament recommended 81 changes and 12 “major recommendations” to it. On September 29, the Centre told the Supreme Court that a new Bill will be introduced in the Winter Session of the Parliament.