GS Paper 2
Syllabus: Governance/ Government Policies and Interventions
Source: TOI
Context: This article is in continuation to yesterday’s article on the Impact of the DPDP Bill on the RTI Act
Digital Personal Data Protection in India is criticized for granting extensive state control over citizens’ lives and privacy.
Limitation of the DPDP Bill:
| The bill has an emphasis on data collection and commercialization, potentially overshadowing robust protection of citizens’ rights and data privacy. | |
| Weak Notice Provision | Data collecting companies (data fiduciaries) are not required to inform users (data principals) about sharing their data with third parties |
| Consent Issues | ‘Legitimate uses’ of data are vaguely defined, potentially leading to consent-related issues. E.g., reasons like ‘State functions’ and ‘medical reasons’, do not require user consent, possibly undermining privacy |
| Government Immunity | The government is granted extensive powers to gather and process citizens’ data. |
| Compromised Independence | The Data Protection Board’s lack of independence due to government-appointed members |
| Undefined Data Fiduciary Category | Unclear criteria for ‘significant data fiduciaries’ exemptions from notifying users about data collection, storage, or sharing |
In September 2018, nearly a year after its decision on the fundamental right to privacy, the Supreme Court upheld but also limited the Aadhaar programme. Justice D.Y. Chandrachud, in his dissenting judgment, drew from Nobel Prize-winning author Aleksandr Solzhenitsyn’s experience in Stalinist Russia: “The invisible threads of a society networked on biometric data had grave portents for the future and unless the law mandates an effective data protection framework, the quest for liberty and dignity would be as ephemeral as the wind.”
