Several MPs cutting across political lines want the government’s powers under the proposed data privacy law to be curtailed, recommending in a joint parliamentary committee that principles of necessity and proportionality – part of the draft released by an expert committee but dropped in the bill introduced in Parliament – be restored under sections in which the government can access personal data without a person’s consent.
Congress leaders Jairam Ramesh, Manish Tewari and Gaurav Gogoi, Trinamool’s Derek O’Brien and Mahua Moitra, Biju Janata Dal’s Bhartruhari Mahtab and Amar Patnaik, Bahujan Samaj Party’s Ritesh Pandey, and Shiv Sena’s Shrikant Shinde, are in favour of limiting the government’s access to personal data. The Bharatiya Janata Party’s Rajeev Chandrasekhar, on the contrary, wanted new grounds to be added for the government to process such personal data.
The concerns relate to clause 35 of the bill, which allows the central government, where it “is satisfied that it is necessary or expedient” to access people’s data over reasons such as safeguarding national security. This section drew a large number of amendments, HT has learnt.
A total of 228 amendments, mostly by Opposition members, have been submitted to the joint panel reviewing the bill. These include renaming the bill as Protection of Privacy of Personal Data Bill, a timeline for enacting the law, and keeping anonymised personal data out of the purview of the bill.
Some of the key concerns raised by the members relate to Clause 35 of the bill, which lays down the ground for powers to the government to access people’s data over reasons such as safeguarding national security. This section drew a large number of amendments, HT has learnt.
According to this clause, no other part of the law – which deals with how personal data should be handled, the rights of the individual over this data and the punishment for violators — shall apply, and the Centre can process personal data “in the interest of sovereignty and integrity of India, the security of the State, friendly relations with foreign States, public order” and other related reasons.
Congress leader Gaurav Gogoi proposed that amendments be such that the Centre can process personal data “…where (it) is satisfied that it is necessary for, and proportionate to, achieving, the security of the State, it may, by order, for reasons to be recorded in writing.”
Ramesh, too, said the government’s processing of personal data shall be “proportionate and least intrusive”. He also said “the public interest in granting the exemption outweighs, to a substantial degree, any interference with the right to privacy of data principals that could result from such exempted processing, PROVIDED THAT no processing can be exempted from Section 4 and 5 of Chapter II and Section 24 of Chapter VII of this Act.”
The Personal Data Protection Bill, 2019 will underpin India’s first legal framework to protect privacy after it was held as a fundamental right by the Supreme Court in 2017. But there have been differences over clauses such as those that exempt government agencies and mandates companies to share anonymised data with authorities. The bill was sent to a JPC over these differences. The bill is based on a draft prepared by an expert committee headed by retired justice BN Srikrishna.
In the amendments recommended by BJD’s Amar Patnaik, the exemption should be allowed in cases “where the Central Government is satisfied that it is necessary, proportionate and legitimate”.
O’Brien and Moitra proposed that processing in the interests of the security of the State “shall not be permitted unless it is authorised pursuant to a law, and is in accordance with the procedure established by such law, made by Parliament and is necessary for, and proportionate to, such interests being achieved” be substituted.”
Congress’s Tewari said there should be no such exemption for the government “till the time it is judicially determined by the Appellate Tribunal” and any person shall have the right to access the Tribunal. “The said exemption must be vide a reasoned order and duly notified so as to ensure that the remedy available under Clause 75 can be exercised by the concerned,” Tewari’s amendment said.
BJD’s Bhartruhari Mahtab demanded that ‘public order’ as a ground for government’s access should be omitted. BSP’s Ritesh Pandey says it must be a “clearly defined purpose, which is just, fair, and reasonable.”
Mahtab also recommended that the word “irreversible” be added to sections that allow anonymised data to be accessed by the government.
Shortly after the bill was introduced, experts said the law gives the government a wide berth on surveillance. “The new draft appears to remove the ‘fair and reasonable processing’ obligation in the Srikrishna Committee draft that applied when personal data is accessed for purposes such as national security and to comply with court orders. In the new version, the government can process personal data on the grounds of national security (Section 35), or for purposes relating to crimes or court orders (Section 36), and the only obligation that would apply would be that it needs to have a specific, clear and lawful purpose,” Rahul Matthan, a partner-lawyer in technology and media practice at the law firm Trilegal, told HT at the time.