EDITORIAL ANALYSIS : Neither the right to privacy nor the right to information

Source: The Hindu

• Prelims: RTI Act, CIC, Governance etc
• Mains GS Paper I and II: Statutory, regulatory and various quasi-judicial bodies, Important aspects of governance, transparency and accountability etc

ARTICLE HIGHLIGHTS

• Nasscom: ‘Personal data bill will boost digital economy.’
• Digital Personal Data Protection (DPDP) Bill 2023 that was introduced in Parliament.
  • Industry response: The real purpose of the Bill — legalizing data mining

INSIGHTS ON THE ISSUE

Context

The Right to Information (RTI) Act:

Important provisions:

Objectives:

Background of Digital Personal Data Protection Bill:

• It was placed in the public domain in December 2022 but the final Bill has not been placed before the public.
• It has two provisions which would greatly weaken the Indian citizen’s right to information.
• It plans to amend RTI Act Section 8(1)(j) to read as exempting information under (j), which relates to personal information
• The proposed Bill defines the term ‘person’ very widely to include individuals, companies, and the state.
  • Most information except budgets would be linked to one of these.

The Digital Personal Data Protection Bill, 2022:

• It is a crucial pillar of the overarching framework of technology regulations the Centre is building.
• It includes the
  • Digital India Bill(the proposed successor to the Information Technology Act, 2000)
  • The draft Indian Telecommunication Bill, 2022
  • Policy for non-personal data governance.
• It will apply to processing of digital personal data within India
  • To data processing outside the country if it is done for offering goods or services
  • for profiling individuals in India
• It requires entities that collect personal data — called data fiduciaries — to maintain the accuracy of data, keep data secure, and delete data once their purpose has been met.

The right to privacy:

• It was reaffirmed by a nine-judge Constitutional bench of the Supreme Court in 2017.
• It set an international benchmark and illustrated the new challenges to the right to privacy posed by the digital age.
• The DPDP Bill 2023, is an outcome of the debate around the right to privacy.

The right to information:

• It provides us access to government documents to ensure transparency and accountability of the government.
• Right to Information Act (RTI) 2005 has played a critical role in deepening democratic practices.
• DPDP Bill 2023 ends up undermining our right to information, without doing much to protect our right to privacy.

Right to Information and Right to privacy-Complementary or competing rights?

• The right to information seeks to make the government transparent
  • The right to privacy is meant to protect us from government (and increasingly, private) intrusions into our lives.
• For example, under the Mahatma Gandhi National Rural Employment Guarantee Act (MGNREGA):
  • mandatory disclosure provisions are meant to ensure that workers can monitor expenditure and also facilitate public scrutiny through social audits.
  • Everyone has access to data about individuals registered under the Act, including when and how much was paid to each worker.
  • Recent issue: operators can monitor, even scrape data systematically to swindle workers of their hard-earned wages.
    • for example, showing up at their doorstep with offers of lucrative ‘savings’ or ‘insurance’ or with wares to sell.

Issues with the DPDP Bill 2023:

• It makes the government less transparent to us while making us transparent to both the government and private interests.
• It states; A Bill to provide for the processing of digital personal data in a manner that recognises both the right of individuals to protect their personal data and the need to process such data for lawful purposes”.
• Section 4(2) defines “lawful purposes” in the broadest possible manner as “any purpose which is not expressly forbidden by the law”.
  • Thus, as scraping information on wages/pensions paid to workers/ pensioners or mobile numbers of government scheme beneficiaries from government portals is “not expressly forbidden”
  • data mining can merrily continue.
• Section 36 allows the central government to ask the Board, data fiduciary or others to “furnish such information as it may call for”.
• Sections 4(2) and 36 together make our data fair game for both government and private entities.
• The DPDP Bill 2023 suggests replacing Section 8(1)(j) with just “information which relates to personal information”.
  • It will undermine the RTI 2005.
  • For example: Current requirements for public servants (including judges, and Indian Administrative Service officers) to disclose their immovable assets will likely be off limits.
  • This is “information related to personal information
  • But it serves a larger public interest: for example, to identify public servants with disproportionate assets.

Section 8(1)(j) of RTI ACT:

• It exempts personal information which is not a part of public activity, or which is an invasion on the privacy of an individual.
• To help anyone claiming exemption it states: ‘Provided that the information, which cannot be denied to the Parliament or a State Legislature, shall not be denied to any person.’
• Personal information may be exempt if:
  • it is not related to a public activity or interest
  • would cause unwarranted invasion of the privacy of an individual
• Whoever claimed that a disclosure was exempt under Section 8(1)(j) should make a statement that he would not give this information to Parliament.

Misuse of section 8(1)(j):

• Many refusals of information did not adhere to the law but refused information with a bland statement that since it was personal information, they would not give it.
• To cover government officials: It has been widely used to cover arbitrary, corrupt or illegal acts of government officials.
• Some examples of illogical refusal:
  • The Department of Personnel and Training refused “Total number of Annual Performance Appraisal reports (APAR) of IAS officers pending for over years” by claiming exemption under Section 8(1)(j).
  • Request for details of Member of the Legislative Assembly funds being denied saying it was personal information
  • Details of the beneficiaries of the Prime Minister’s fund
  • Bogus caste certificates, education certificates, ghost employees
  • Gross arbitrariness and corruption in selections for jobs and non-conformance to rules and laws
  • Disproportionate assets compared to declared income
  • Verification of affidavits of elected representatives
  • Unfair assessment of students and job seekers in government
  • Disregard of corruption charges against officials that have been proven
  • File notings and minutes of meetings

Concerns around Data Protection Bill:

• Wide-ranging exemptions for the central government and its agencies.
• The Bill has prescribed that the central government can exempt “any instrumentality of the state” from adhering to the provisions on account of:
  • national security
  • relations with foreign governments
  • maintenance of public order among other things.
• Central government will appoint members of the data protection board.
  • Data protection board: an adjudicatory body that will deal with privacy-related grievances and disputes between two parties.
• The chief executive of the board will be appointed by the central government, which will also determine the terms and conditions of their service.
• Law could dilute the Right to Information (RTI) Act, as personal data of government functionaries is likely to be protected under it, making it difficult to be shared with an RTI applicant.

Way Forward

• The DPDP 2023 suffers from other shortcomings.
  • For instance, the Data Protection Board, an oversight body will be under the boot of the government as the chairperson and members are to be appointed by the central government (Section 19).
  • The DPDP Bill 2023 attempts to pass off a lame-duck as a watchdog.
• In Europe, the General Data Protection Regulation (GDPR) set a high standard for data protection.
  • It has a strong watchdog that operates in a society with universal literacy, and high digital and financial literacy.
• In France, the data protection regulator was able to fine Google €50 million for violation of policies related to consent.
  • Edward Snowden warned of the real danger of GDPR becoming a “paper tiger”, that “the problem isn’t data protection, the problem is data collection.”
  • Restricting data collection is not even being discussed in India.
• A weak board combined with the lack of universal literacy and poor digital and financial literacy, as well as an overburdened legal system,
  • It means that the chances that citizens will be able to seek legal recourse when privacy harms are inflicted on them are slim.

QUESTION FOR PRACTICE

What do you understand about the term ‘good governance’? How far have recent initiatives in terms of e-Governance steps taken by the State have helped the beneficiaries? Discuss with suitable examples.(UPSC 2022) (200 WORDS, 10 MARKS)