The Personal Data Protection Bill has been listed to be tabled in the Winter Session of Parliament which will begin on Monday. The controversial Bill is a legal framework that seeks to deal with the handling and processing of consumer data by tech-companies.
The Personal Data Protection Bill, 2008, and a report were submitted by a committee headed by former judge BN Srikrishna. The Bill rests wide and discretionary powers in the hands of the government to collect and process the private data of its citizens, taking the country towards a dystopian and surveillance state. In the Aadhar judgment, the Supreme Court has already declared the right to privacy as an intrinsic part of the right to life and personal liberty under Article 21 and as a part of the fundamental rights guaranteed by Part III of the constitution.
The State is not required to seek the individual’s consent while providing benefits or services while this exemption is only limited only for the purpose of the welfare service of the State, as proposed in the Justice Srikrishna Committee Report. The government is not required to seek consent =of the individual under certain circumstances. These include (i) any function of Parliament or state legislature, or if required by the State for providing benefits to the individual, (ii) if required under law or for compliance with any court judgement, (iii) to respond to a medical emergency, or a breakdown of public order, (iv) purposes related to employment, such as recruitment, or, (v) for reasonable purposes specified by the Data Protection Authority with regard to activities such as fraud detection, debt recovery, credit scoring, and whistleblowing.
However, there are laid down guidelines for what amounts to processing of data in a ‘fair and reasonable’ manner. Activists fear that the government would such wide discretionary powers to silence opposition and dissidents that would come its way. It will only give the government the legal authority to snoop, which it had been doing illegally so far.
Last month, a lawsuit was filed against Israeli cyber intelligence firm NSO by WhatsApp and its parent company Facebook in a US court in California on October 29, accusing it of using their messaging platform to dispatch ‘Pegasus’, a hacking tool1,400 mobile phones and devices worldwide. Many activists and journalists in India confirmed that their phones were hacked by the State using invasive malware, Pegasus.
The Bill rightly tightens the noose around the tech giants to curb the sensitive data of the users, but how the Bill would protect the citizens from the State when the protector becomes the violator?