The approval of the Digital Personal Data Protection (DPDP) Bill by the Union Government recently has raised concerns over its effectiveness in safeguarding the privacy of citizens.
The Bill aims to regulate and protect the utilization of personal data by establishing user rights, specifying user responsibilities, and outlining the obligations placed upon businesses. While doing so, digital rights experts believe that the Bill also allows the state to retain immense access to the collected citizenry data without much explanation as to how it will be utilised.
As per the news reports, the Bill – which is expected to be tabled in Parliament’s Monsoon Session that begins on July 20 – was floated in November last year. As per the Indian Express, “some of the most contentious issues flagged by experts in the November draft have been retained. These include the wide-ranging exemptions to the Centre and its agencies, and diluting the role of the data protection board.”
Meenakshi Ganguly, South Asia director of Human Rights Watch had earlier stated in the publication that India’s proposed data protection law was detrimental to the fundamental right of privacy as granted by the Constitution.
“India’s proposed data protection law undermines everyone’s, including children’s, fundamental rights to privacy and security by enhancing the power of the state to conduct surveillance. With more and more data becoming available on digital platforms, the Indian government needs to make protecting people’s privacy and security a priority,” she was quoted saying to the outlet.
“The current bill, like the 2019 draft, would grant sweeping powers to the government beyond reasonable exceptions to exempt itself from compliance with the bill’s data protection provisions for vague and overbroad reasons. These include the interests of sovereignty and integrity of India, security of the state, friendly relations with foreign states, [or] maintenance of public order,” the outlet stated.
A digital rights expert requesting anonymity said, “We are constantly subject to massive data collection exercises by the public and private sector, which collect, share and process our this data to a scale we cannot fully comprehend. Add to this the state’s immense powers of surveillance, as well as shadowy industries of data brokers, which are able to connect disparate data sets to create profiles of people, and sell this data onwards – where it’s used for purposes as wide as tailoring advertisements and products to ‘micro-targeting’ prospective voters.”
According to reports in The Hindu, the Bill also seeks to “dilute the provisions of the Right to Information (RTI) Act, which has empowered citizens to access information and hold governments accountable.” The Central government has often been accused of trying to dilute the provisions of the RTI act by trying to remove multiple central agencies from the ambit of providing information to those who seek it.
According to the data collected by the United Nations Conference on Trade and Development (UNCTAD), an intergovernmental organisation within the United Nations Secretariat, around 137 out of 194 countries had put in place legislation to secure the protection of data and privacy. Africa and Asia show different levels of adoption with 61 and 57 per cent of countries having adopted such legislation. The share in the least developed countries is only 48 per cent.
Around the globe
The EU data protection model, put into effect on May 25, 2018, has been criticised for being excessively stringent and imposing many obligations on organisations processing data, but it is the template for most of the legislation drafted around the world.
The US data protection model, being continuously modified since 1974, is largely defined as “liberty protection” focused on the protection of the individual’s personal space from the government. It is viewed as being somewhat narrow in focus because it enables the collection of personal information as long as the individual is informed of such collection and use. The US template has been viewed as inadequate in key respects of regulation.
As per the Indian Express research, the new Chinese laws on data privacy and security issued over the last 12 months include the Personal Information Protection Law (PIPL), which came into effect in November 2021. It gives Chinese data principals new rights as it seeks to prevent the misuse of personal data.