NewsClick

NewsClick
  • हिन्दी
  • Politics
  • Economy
  • Covid-19
  • Science
  • Culture
  • India
  • International
  • Sports
  • Articles
  • Videos
search
menu

INTERACTIVE ELECTION MAPS

image/svg+xml
  • All Articles
  • Newsclick Articles
  • All Videos
  • Newsclick Videos
  • हिन्दी
  • Politics
  • Economy
  • Science
  • Culture
  • India
  • Sports
  • International
  • Africa
  • Latin America
  • Palestine
  • Nepal
  • Pakistan
  • Sri Lanka
  • US
  • West Asia
About us
Subscribe
Follow us Facebook - Newsclick Twitter - Newsclick RSS - Newsclick
close menu
×
For latest updates on nCOVID-19 around the world visit our INTERACTIVE COVID MAP
Politics
India

Data Protection Bill: From Protecting Data to a Surveillance State

The bill provides some protection against big digital companies, but none against big government. The objective is a surveillance state where any criticism of the government would be considered sedition.
Prabir Purkayastha
20 Dec 2019
Data Protection Bill: From Protecting

The government has come released the draft of a Personal Data Protection Bill, 2019 which differs significantly from the earlier version drafted by Justice BN Sri Krishna in 2018. Justice Sri Krishna has said the changes are dangerous and can potentially create a surveillance state. In a major change from the original Sri Krishna draft, the Data Protection Authority of India has been made entirely subservient to the government. The data localisation provisions for sensitive personal data have also been considerably weakened.

The entire exercise of protecting the privacy of citizens, particularly after the Supreme Court judgement declaring the right to privacy a fundamental right, has now been subverted. Instead, the bill seeks to create a surveillance state, with the government given unrestrained powers to gather or access any data of citizens. No due process has been observed in the government’s draft bill, not the weak ones incorporated in the Telegraph Act after the Supreme Court judgement in the PUCL case nor even those in the Information Technology (IT) Act, which closely follows the Telegraph Act.

Before we get into analysing the draft, the government, true to its character of steam-rolling Parliament, decided that the Parliamentary Standing Committee on IT, headed by Congress Member of Parliament Shashi Tharoor, would be bypassed. A separate Standing Committee has expressly creating for examining this bill. The government had suffered a defeat in the Standing Committee on IT, which had decided to examine the Pegasus spyware and the possibility that it had been procured by an Indian government agency.

The intent is obvious. If any Standing Committee disagrees with the government, it will create a new one where it can stack the numbers in its favour. After the Bharatiya Janata Party’s defeat on the Pegasus issue, except the Standing Committee on IT, all other Standing Committees have met after the Winter Session.

The purpose of a data protection bill is to define the property rights of people over their personal data. This needs to be done because data has now become a valuable commodity. The World Bank calls people’s personal data a new asset class, meaning that if any business “captures” such data, it can be used to make money. As people expand their digital footprint through their activities on the internet, the amount of personal data is increasing rapidly. The business world is salivating over the potential of making money out of this ever-expanding pool of our data.

In other words, this new commodity—people’s personal data—needs to be regulated and property rights over it needs to be codified in law. The problem with this approach is that people’s data is not simply the property of individuals. Quite often, communities create data that is commercially valuable. For example, traffic patterns, community activities in towns, localities and villages. Even when we think of our data as personal to us, it is often the data of our interaction with our friends, it is the data of our network. So the task of personal data protection laws—such as the Indian Private Data Protection Bill or the European Union’s General Data Protection Regulation—is accepting the property rights of digital monopolies over our personal data. The only issue now remaining is the regulation of its use.

The Indian bill goes much further down this road: it does not even recognise that we, as citizens, own our data. It only gives us certain rights over our data as data principal [the natural person whom the personal data relates to]. The larger issue of community rights remains completely unaddressed in all such schemes.

Within this narrow boundary of the law itself, the current data protection bill has some serious issues, particularly with the neo-fascist attitude of this government towards all dissent. Justice Sri Krishna has warned that such a law can turn India into an Orwellian state, or replicate the kind of state George Orwell pictured in his dystopian novel, Nineteen Eighty-Four, in which the government watches the people all the time.

Justice Sri Krishna told the press that the government has removed the safeguards that his committee had put into their draft. The government, according to him, can access private data on grounds of protecting state sovereignty or public order at any time. This has dangerous implications.

Though our telephone calls can be tapped, as also our digital communications, procedures have been laid down that require an authority at the level of a Secretary of the government of India, to sign an explicit order that clears the surveillance of any person. While we know that this procedure has been violated and of bulk surveillance orders being signed—but at least there are some safeguards in the existing laws, even if they are grossly inadequate. Section 35 of the current draft, which corresponds to the existing safeguard provisions, are in Chapter VIII, relating to “exemptions”. The section gives the central government sweeping rights to access and process our personal data. The grounds to exercise this right is again omnibus—from friendly relations with foreign powers to public order—and they extend to any personal data being held by any company, such as Google, Facebook, our phone company or internet provider.

The original purpose of the bill was to define the relations between us and the company that holds our personal data so as to provide us a service. It was also supposed to define what rights we have over this data and the obligations the companies have towards us. To this end, Justice Sri Krishna had coined two terms, “data principal”, which is us, whose data it is, and “data fiduciary”, or the company that holds or processes this data. In the European version, the terms are data subjects and data controllers.

The original Sri Krishna draft did try and codify the rights and obligations over this data, and had also tried to define similar rights and obligations between the government and citizens. What the government’s new draft does is dilute some of these provisions that were put there for our protection in favour of the companies, while taking away all the protection that we had against government access to our personal data.

One of the big issues that the Data Protection Bill had to address was the localisation of personal data. This recognised the fact that data is a high-value resource and should therefore be kept in the country. Keeping this data within the country would ensure that the government could access it any time it wanted: it would never be told that since some data is in the United States or any other foreign country, therefore, the government of India had to apply under the laws of that country even to access the data of Indian citizens. The provision for data localisation was dressed up as a sovereignty issue, but government surveillance over our data was always its purpose as well.

The current version has weakened the localisation proposal. Localisation now applies only to sensitive personal data. In addition, the government has created a category called critical personal data—the only definition of which is whatever the government calls “critical”. Such “critical” data would, again, need to be localised.

Discussions are still ongoing with big Indian businesses and global digital monopolies. The data privacy bill has now become all about data commercialisation, and the government is acting as the broker between global and Indian big capital.

The bill seeks to create a new regulator, the Data Protection Authority, whose members would wield enormous powers over this new world of data. In the original bill, the members were to be selected by a body that would have had external members—people of independent standing, the Chief Justice of India, and so on—which gave it some autonomy. In the current version, there are no provisions for autonomy: the selection committee would consist entirely of secretaries to the government.

What is missing in this draft is privacy, or the protection of citizen’s data. Instead, we have a bill that gives companies and the government rights over our data, some protection for us against the companies, but none against the government. This is another measure that makes no bones about the direction we are headed in: a surveillance state where any criticism of the government or protest against it would be equated with sedition. By definition, we are all seditious, unless proven otherwise after surveillance.

Get the latest reports & analysis with people's perspective on Protests, movements & deep analytical videos, discussions of the current affairs in your Telegram app. Subscribe to NewsClick's Telegram channel & get Real-Time updates on stories, as they get published on our website.
Surveillance State
Data Protection
Sedition
Data Protection Bill
Protest in India
EU data protection law
Orwellian state
Phone tapping
Related Stories
Joe Biden and Kamala Harris

Why Biden Will Keep the US-imposed Cold War Rolling

p&H hc

State Must be Circumspect in Invoking Sedition Laws, Says Punjab&Haryana HC; Grants Bail to Person Arrested for Anti-government Posts on Social Media

arogya

COVID-19: Report Says Aarogya Setu App Failed to Follow Government’s Own Rules

Freedom of speech

Freedom of Speech Being Eroded, Mauled Through Twisting and Turning Law: Justice Lokur

Freedom of speech

Freedom of Speech, Dissent and Sedition

Internet Rights Body IFF Calls for Greater Participation in Data Protection Bill Consultations

Internet Rights Body IFF Calls for Greater Participation in Data Protection Bill Consultations

BJP’s Use of Sedition Law

Another Curve Fails to Flatten: BJP’s Use of Sedition Law

Erendro Leichombam

Manipur Activist Charged with Sedition Over Facebook Post on Meeting between Amit Shah and RS MP

Jio

JIO-FB-Google: Who Controls Our Data?

Sedition law in India

Sedition Law: State of Permanent Emergency?

Share on FacebookShare on TwitterShare on WhatsAppShare via EmailShare on RedditShare on KindlePrint
Share
Share on FacebookShare on TwitterShare on WhatsAppShare via EmailShare on RedditShare on KindlePrint
Share

Related Stories

Ajaz Ashraf

Sharjeel Imam on How Not to Let Jail Break You

31 December 2020
Lawyer Ahmad Ibrahim had been worrying, for a good many weeks, about his client Sharjeel Imam, the PhD student of Jawaharlal Nehru University, Delh
Arnesh Nag, Mehak Nayak

Killing the Messenger Who Made the Caricature

16 December 2020
Following contempt proceedings against Prashant Bhushan in the Supreme Court, there have been a slew of such cases against individuals, especia
Prudhviraj Rupavath

Rights Organisations Demand Quashing of UAPA, Sedition Charges Against Activists

02 December 2020
Hyderabad: In late-November, police officials in Andhra Pradesh and Telangana booked 67 Adivasi, Dalit and huma

Pagination

  • Next page ››

More

  • covid 19 vaccine J&K

    COVID-19: Amid Apprehensions, over 3,700 Vaccinated in J&K in Two Days

  • Mamata Gets Taste of Public Outrage

    West Bengal: Mamata Banerjee to Contest Assembly Polls from Nandigram

  • New ‘COVID Tongue’ Symptom Identified, Claims Expert

    New ‘COVID Tongue’ Symptom Identified, Claims Expert

  • covid 19 vaccine

    UP: Health Worker in Moradabad Dies Day After COVID Vaccine Shot

  • Load More
Subscribe
connect with
about