Days after a government-appointed panel suggested a draft data protection law that activists felt was wanting on various counts, a private members’ bill has been introduced in Parliament seeking to address privacy concerns and putting stringent curbs on surveillance and interception of personal data.
Congress MP Shashi Tharoor’s ‘The Data Privacy and Protection Bill’, which was prepared last year much before the Supreme Court verdict on Right to Privacy and introduced in early August, puts a person “in control of his/her own data” and further permits them to make an “informed choice” concerning its use.
The Bill seeks to fix the right to privacy as an “inalienable right” and emphasise the increased need to protect privacy in the digital age with the emergence of big data analytics.
It does not allow the use of personal or sensitive personal data without consent. While providing for setting up of a Privacy Commission, it stipulates a stringent procedure to ensure that there is no illegal interception of surveillance of personal data, which includes seeking permission from Privacy Commission.
Tharoor’s introduction of the Bill in Lok Sabha comes soon after the Justice BN Srikrishna Committee submitted its report and a draft bill to the government. It leaves out the contentious question of surveillance and interception of personal data, which upset privacy advocates.
When DH asked how his bill is different from the expert panel’s draft, Tharoor’s office responded via email, the “fundamental difference” is that the panel’s bill views goods and services as the first priority and then the individual while the MP’s formulation individual at the first. In a recent interview to DH, BJD MP Tathagata Satpathy too echoed this when he the panel’s bill was more like a ‘data is the new oil’ bill than a protection of data law.
Besides excluding surveillance and interception by the State, it said the panel’s bill also does not recognize the right to erase or delete data, or to revoke or to object while your data is processed. “There are widely framed exceptions to the storage, processing and disclosure of data, which favours the government,” Tharoor’s Office said adding, the panel’s bill fails to recognise that individual owns his/her personal data.
Another controversial issue addressed in Tharoor’s Bill is Aadhaar as it seeks to ensure that this data is not misused. The panel’s bill does not place any such obligations on the controversial Aadhar, which activists have raised suspicion.
According to the Statement of Objects and Reasons of the Bill, many concerns arise from the absence of a comprehensive data protection and privacy statute which provides rights to individuals in a data governed world.
“Beyond its commercial exploitation, there is also an inherent equation of power when a person or entity possesses data and information concerning another individual or groups of individuals. Today, most such interactions are unregulated and put the users of internet and technological services at risk, and this risk will only grow with more and more digitization and as technological involvement in the delivery of services to citizens develops,” it said.