Why Data Protection Bill Doesn’t Actually Protect Your Data
The Data Protection Bill allows the govt to process citizen data for vague reasons such as “functions of the state”.
advertisement
Video Editor: Abhishek Sharma | Camera: Shiv Kumar Maurya
Nearly 500 days after a draft Data Protection Bill was handed over to him, the Union Minister for Electronics and IT Ravi Shankar Prasad on Wednesday, 11 December, referred the Personal Data Protection Bill (2019) to a 30-member Joint Committee.
We live in an age where we are the sum of the data we generate, so how our data is collected, stored, shared and used directly affects our daily lives. From targeting ads at us, to potentially having loans denied or activities surveilled, data can be exploited in many ways.
So, as the Bill makes its way to Parliament, let’s examine why it has been controversial, what the state thinks of privacy as a fundamental right, and how it treats data in today’s digital economy.
Why Is the Bill Controversial?
A committee of experts led by Justice BN Srikrishna had submitted a report and a draft Data Protection Bill. Here’s a quick look at the three most serious concerns just in this draft Bill.
1. Data Localisation: The requirement to store a copy of all citizen data in servers located within India has raised concerns of surveillance and could hamper innovation in blockchain and AI technologies.
2. Govt Processing of Data: While the draft Bill says consent would be at the centre of processing our personal data, it provides exemptions for the government. It can process even sensitive personal data without consent for “functions of the state” – a sweeping and broad power that could be prone to misuse.
3. Surveillance Reform: An overhaul of India’s surveillance framework with tougher oversight and scrutiny by the judiciary is absent. At a time when our smartphones are an extension of our identities, the Pegasus spyware controversy shows how easily our phone can be hijacked to spy on us.
What Has Govt Been Doing In The Absence of Law?
So, how has the Centre dealt with our data in the absence of a data protection Bill?
The Centre has been very active in implementing policies and bringing in laws that directly use our data and even sell our data without our knowledge or consent.
Add to this plans by the Home and other ministries that aim to use our data to monitor us – From the I&B Ministry’s plan for a social media monitoring hub, to the Home Ministry’s tender for a nationwide face recognition technology, to allowing 10 central agencies to intercept our communications.
Is Our Data a Private Good Or a Public Good?
Finally, a pattern that appears to be clear is that while the Centre appears to be in no hurry to ensure strong laws to protect the privacy of our personal data, it has moved with great urgency on policies related to capitalising on our personal data.
Why is this so and what is the Centre indicating by this?
The Justice Srikrishna Committee also describes the Bill as working towards a “free and fair digital economy” as does the 2019 Economic Survey of India, which makes a spirited case for using the private data of citizens as a public commodity.
The Bill is expected to generate a lot of debate in Parliament and one hopes that the law will put citizens at the centre of a personal data protection law.
(This piece has been updated to reflect the latest developments on the subject)
(At The Quint, we question everything. Play an active role in shaping our journalism by becoming a member today.)