The news that the Union Cabinet has approved the Digital Personal Data Protection Bill and will table it in the monsoon session of Parliament raises certain issues. The draft Bill was placed in the public domain in December 2022 but the final Bill has not been placed before the public. Citizens are concerned that if two of its provisions are not changed, it may lead to a major regression for democracy.
The proposed Digital Personal Data Protection Bill has two provisions which would greatly weaken the Indian citizen’s right to information. The Indian Right to Information (RTI) Act, effective since October 12, 2005, is one of the best transparency laws in the world, empowering citizens and is a practical recognition of their role as the rulers and owners of India.
What is in store
However, many honest officers and commissioners often gave information if it was not covered by the exemption. Unfortunately, the proposed Data Protection Bill plans to amend RTI Act Section 8(1)(j) to read as exempting information under (j), which relates to personal information.
If this amendment is made, all information which can be related to a person could be legally denied. Most information could be shown as being related to a person, and hence the law would become a Right to Deny for Public Information Officers (PIO) who do not wish to give out information. Incidentally, this proposal is a tacit admission that any current denial of information on the grounds of it being ‘personal information’ only, is illegal. Whenever a PIO wants to deny information, he will be able to link it to some person. The proposed Bill defines the term ‘person’ very widely to include individuals, companies, and the state. Most information except budgets would be linked to one of these. Thus, the RTI would become a Right to Deny Information, rendering it an ineffective tool.
In 18 years no harm has come to any national or personal interest because of RTI. Therefore, the proposed amendment would lead to a major regression for democracy.
In India, the Right to Information (RTI) is a fundamental right guaranteed by the Constitution of India under Article 19(1)(a), which guarantees the right to freedom of speech and expression. The Right to Information Act, 2005 is the legislation that provides a comprehensive framework for implementing this right.
The RTI Act was enacted by the Indian Parliament on 15 June 2005 and came into effect on 12 October 2005. It was introduced to promote transparency, accountability, and empower citizens by providing them access to information held by public authorities.
Key features of the RTI Act in India:
The Act applies to all states and union territories of India, except Jammu and Kashmir. It covers central, state, and local government bodies, including government departments, ministries, public sector undertakings, and statutory bodies.
The Act defines public authorities as any government body, institution, organization, or agency that is funded or controlled by the government.
The Act allows citizens to request information from public authorities in writing or through electronic means. The requested information must be provided within 30 days, except in cases involving life or liberty, where it must be provided within 48 hours.
The Act specifies certain exemptions where information may be withheld, such as national security, sovereignty, trade secrets, personal privacy, and cabinet papers. However, these exemptions are subject to a public interest test.
The Act establishes Information Commissions at the central and state levels to oversee the implementation of the Act and adjudicate appeals and complaints. These commissions have the power to impose penalties on public officials for non- compliance.
Appeals and Complaints:
If an information request is denied or not adequately addressed, individuals can file an appeal with the relevant Information Commission. They can also file complaints for non-compliance or instances of maladministration.
The RTI Act has been instrumental in enhancing transparency, reducing corruption, and holding public officials accountable. It has empowered citizens to obtain vital information about government policies, projects, expenditures, and decision-making processes.
It is important to note that the RTI Act has its limitations, and there have been ongoing discussions about strengthening its provisions to ensure more effective implementation and address any challenges faced in accessing information.
The Digital Personal Data Protection Bill
The Digital Personal Data Protection Bill, 2022 (DPDP Bill) is a proposed law in India that aims to regulate the processing of personal data by organizations. The Bill defines personal data as “any information that relates to a natural person, which can be used to identify, contact, or locate the person, or to identify any other natural person with whom the person is in direct or indirect contact.”
The DPDP Bill sets out a number of principles for the processing of personal data, including the following:
- Personal data should be processed only for lawful purposes and on the basis of consent.
- Personal data should be collected only for specific, explicit, and legitimate purposes.
- Personal data should be kept accurate and up-to-date.
- Personal data should be kept secure and protected from unauthorized access, use, disclosure, alteration, or destruction.
Individuals have the right to access, correct, delete, and port their personal data.
The DPDP Bill also establishes a Data Protection Board of India (DPBI) to oversee the implementation of the law. The DPBI will have the power to investigate complaints, impose fines, and take other enforcement action against organizations that violate the law.
Here are some of the key features of the DPDP Bill:
- It applies to the processing of digital personal data within India, as well as to the processing of digital personal data outside India if it is for offering goods or services or profiling individuals in India.
- It grants individuals certain rights, including the right to obtain information, seek correction and erasure, and grievance redressal.
- It establishes the Data Protection Board of India to adjudicate non-compliance with the provisions of the Bill.
- It provides for penalties for violations of the law, including fines of up to ₹500 crores.
The DPDP Bill is a comprehensive and well-drafted piece of legislation that is likely to have a significant impact on the way that personal data is processed in India. It is a welcome development for individuals who are concerned about their privacy, and it is a sign that India is taking data protection seriously.