The specter of “national security” overrides objections to granting access to personal data

The Indian government has always found one reason or another to need full control and unbridled access to citizen data. And if the data protection bill did little to get the government to grab that data, a parliamentary committee tasked with deliberating on the bill barely scratched the surface.

The Joint Parliamentary Committee (JPC), which studied the Personal Data Protection Act in 2019 for two years, recently adopted its final report containing a series of recommendations on the bill after consulting various government and industry stakeholders. The report will be presented to the upcoming winter session of Parliament.

The heart of the matter is simple. The Data Protection Act went into the hands of the JPC and contained some controversial clauses exempting the government from important provisions of the bill. “National security” was the main reason in most cases.

The JPC should be the bottom. But far from providing the assessments and controls requested, it adopted a report which steadfastly bowed to the position of the government, a member of the committee that Trickypedia spoke, said, on condition of anonymity.

However, at least seven MEPs out of the committee’s 30 members have formally disagreed over some of the final recommendations in the committee’s report.

Earlier this month Trickypedia would have exclusively reported At some of the recommendations made in Report of the committee

Small, vague recommendations

The centerpiece is three controversial proposals from the Data Protection Act. First, Clause 35, which enables the government and its authorities to obtain blanket exemptions from compliance with all provisions of the draft law for reasons of “state security”, “friendly relations with foreign states” and “public order”.

To that end, the GPA’s report, chaired by BJP MP PP Chaudhary, states that there is a precedent for the government to allow such exemptions, but that the government acts on a “just, fair, reasonable and proportionate process “Limited.

“While there is some kind of limitation, the way is like that [JPC’s] Recommendation is formulated gives the whole process a feeling of vagueness. The exception should be a deviation, not the norm, ”said another member of the committee, asking for anonymity.

Congressman Jairam Ramesh in his formal rejection Note revealed that he had advocated greater legislative control over government exemptions. He had suggested that the government “must seek parliamentary approval in order to exclude any of its authorities from the scope of the law”. His suggestion was not taken up in the final version of the report.

Clause 35 was serious indeed criticized by Judge BN Srikrishna, who led the drafting of the first version of the Data Protection Act in 2018.

Monitoring via consent

Second, there is no meaningful surveillance reform in the draft law. Specifically, Clause 12, which essentially allows the government to skip consent-based data collection, again for reasons of national security.

“Many non-BJP members of the committee had asked for this clause to be deleted entirely. Why should a democratically elected government be allowed to bypass approval? said the second committee member quoted above. However, the committee retained the clause in its final report.

Civil society has also loudly criticized the lack of surveillance reform in the draft law. “Any meaningful legislative attempt to protect an individual’s digital privacy must combine both data protection and surveillance reforms. This is particularly true of India, which suffers from a complete lack of either, “Executive Director of the Delhi-based rights group Internet Freedom Foundation”. tweeted

In his dissenting opinion, Ramesh wrote that the JCP’s report gives private companies two years to transition to the new data protection regime, but governments and government agencies have no such provision.

The almighty regulator

The third problem, as sources have pointed out, is the regulator. The Data Protection Agency (DPA) will act as the central regulator to handle all data-related incidents in the country. The core issue is the government’s say in the formation of the regulatory authority.

The Data Protection Authority is intended to be a central regulator overseeing the enforcement of the Data Protection Act and has extensive powers, including defining new types of sensitive personal data in consultation with the central government.

“The government has too much control over the formation of the committee and it shouldn’t. It would have been ideal if the judicial route had taken to form the regulatory authority, ”said the first person quoted above.

However, this has to be seen in the context of the virtual stalemate between the government and the judiciary in the appointment of courts and any body that a legal entity or other person may need. Often times the government does gone slowly In recent years, work on these has been brought to a virtual standstill and the highest court has been invited to threaten contempt.

Trickypedia had earlier exclusively reported that several state governments had asked the committee for a more decentralized regulatory authority. These requests were not taken into account in the GPA report. Trickypedia learned that several committee members had made the same request. Again, the reluctance of the central government is evident when you consider how confrontational center-state relations have been lately, have become thoroughly politicized and lead to blockades wherever both have had to cooperate.

In its final report, the committee does not address government scrutiny of the DPA and only recommends that the composition of the regulator should include at least one technical expert. In addition, the GPA’s report recommended that the DPA listen to government orders in all cases, and not just on political matters.

Thus, at its core, the JPA’s final report simply reflects the government’s fundamental belief that it cannot go wrong and that its motives certainly should not be questioned. And injustice once identified should be covered up under the undefined zeal of “national security” – not exactly the definition of a democratic regime, but perhaps this definition has even changed from the government’s point of view.

More from our coverage of the GPA’s draft report:

Leave a Comment