Reasons Behind Tabling of PDP Bill
This article titled Reasons Behind Tabling of PDP Bill is written by Amogh Tiwari, who discusses all the apparent reasons behind the tabling of the PDP Bill. Introduction: Reasons Behind Tabling of PDP Bill From the perspective of an Indian citizen, the concept of personal data and its usage for profit had never been at the forefront of… Read More »
This article titled Reasons Behind Tabling of PDP Bill is written by Amogh Tiwari, who discusses all the apparent reasons behind the tabling of the PDP Bill.
Introduction: Reasons Behind Tabling of PDP Bill
From the perspective of an Indian citizen, the concept of personal data and its usage for profit had never been at the forefront of their online presence because social media companies that are known to harvest and sell the data generated by the use of their platforms have been selling it for just a little more than a decade now. Personal data refers to all sorts of usage statistics that companies collect while their users use their apps and websites, in order to track their behaviours, personalities and what they are interested in, in order to serve better advertisements and sell the data for profit.
Social media platforms like Facebook, and its off-shoots Instagram and WhatsApp have been enormously profitable in India because not only do we have the highest number of users of Facebook’s platforms, but we also outnumber the second (United States of America) and the third (Indonesia) combined[1]. This was never an issue with the majority of people because no one understood the real cost of these “free” services until the WhatsApp controversy of 2021 occurred that took away the option from its users to opt-out of sharing data with Facebook.
India has not had concrete legislation with respect to the security from abuse of personal data collection and processing nor has it ever had a fixed authority to deal with problems relating to the same, but the Personal Data Protection Bill of 2019 had aimed to fix these issues. While it is a necessary and long overdue bill that has been required in order to make a tangible backbone for anything relating to the personal data of the people of India, it was not perfect in the goals it aims to achieve because of some reasons, which quickly led to it being tabled.
The reasons behind why this bill attempts to do some things very well and absolutely dubiously on other counts will be elaborated on below. The bill refers to the people whose data shall be processed as data principles and the entities that shall process the data as data fiduciaries.
The Bill
Firstly, the inequality that the bill treats the government and its agencies to, as compared to private companies is a little more than concerning. The bill assumes that the government is a safe haven for the data of the nation’s citizens and all the regulations are based on the mere principle that while any entity that wants to collect data has to undergo many checks and balances in order to ethically and legally do so, the government is at a higher “tier”, meaning that they do not have to follow the same rules and the leeway given to them in the wording of the bill exhibits this.
For example, clause 11 lays down specifications about what a fiduciary needs to comply with in terms of the consent of its principles and makes it necessary for a fiduciary to obtain consent from the principle that is free, clear, specific, and capable of being withdrawn after they have informed them about the personal data that they plan to collect from them[2].
While this works as a direct and non-negotiable regulation that lays down the foundational rule behind this practice, the contradiction that is clearly visible in the clause right after, any function performed for the State is exempted from that rule[3] on any grounds relating to the prevention of the breakdown of public order[4] and there is no consent required.
Secondly, the same immunity also exists for laws that are in force passed by the Parliament or any State Legislature[5], which insinuates that the government is absolutely in the reigns to do as they seem fit with the data of the principles come what may, while the legislative and the executive legs of the country can retain and use any data collated under the pretexts of being agents of the government.
The chapter regarding exemptions in the bill also raises considerable concern when read with clause 86 of the bill, with its provision that allows the Data Protection Authority of India to exempt entities from the regulations of the bill for research, archiving or statistical purposes[6] and allows the Central government to issue arbitrary directions to the Authority in the name of “security of the State, friendly relations with foreign states or public order”[7].
This again promotes an authoritarian purview of the powers conferred to the government that can be easily manipulated since the discretion effectively resides with the political party in power at the time. Besides, even clauses from the chapter regarding miscellaneous regulations exclude any officer, member, or Chairperson of the Authority to be proceeded against if their actions were done in “good faith”[8] and the Authority will also never need to pay Income Taxes on their profits and gains[9].
This uneven empowerment of the Authority in addition to relying on the very vague concept of “good faith” gives away red flags as to the extent of reliance on the governmental authority.
Lastly, a small but necessary point to notice was that the bill proposed clause 5 (a) of Chapter II that mandates the data fiduciaries to process data only in a “fair and reasonable manner”. Although precedence to establish the definition of the phrase has existed for a long time[10], its connection and relation to data protection is unprecedented and that makes the application of such a concept very ambiguous because the scope of this is unlimited.
This would mean that it could be misused very rampantly to make violations of privacy fall under the ambit of fair and reasonable since the Courts will inevitably have to apply this on a case-to-case basis in the event of disputes and that leaves no fundamental rule or law to rely upon.
Future
Justice BN Srikrishna rightly called the bill potentially “Orwellian” in nature. Even though the right to privacy has already been declared as a fundamental right[11] this general lack of foresight and blind trust that the bill puts in the government will inevitably cause problems in the future, because the bill lays down the essentials of data protection but contradicts the purpose it tries to accomplish by immediately also providing disguised backdoors to the government to potentially “fix” (manipulate) circumstances.
As a consequence, while the notion of everyone being equal is still promulgated, the government becomes “more equal” than others. This also incites questions about all the data that the government already own about all of us from the introduction of Aadhar and how secure our digital fingerprints, including data of the likes of pictures of our faces, our thumbprints and essentially all data about our families are.
Since the bill has been tabled, there is still scope for the Parliament to understand the risks posed and rectify the mistakes before actually making it law and only time will tell whether the future of our data is truly safe or just claimed to be so superficially.
References:
[1] Facebook users by country 2021 | Statista, Available at Click Here
[2] Clause 11 (2), (3)
[3] Clause 12 (a)
[4] Clause 12 (f)
[5] Clause 12 (b)
[6] Clause 38
[7] Clause 86
[8] Clause 88
[9] Clause 89
[10] Maneka Gandhi v. Union of India (UOI) and Anr. (AIR 1978 SC 597)
[11] Justice Puttaswamy v. Union of India (AIR 2017 SC 4161)
