Last month, the Indian government circulated the revised version of the much-anticipated Personal Data Protection Bill in the parliament. However, Justice BN Srikrishna, who led the committee that made the draft, has raised objection regarding the constitutional validity of some updates the government made.\r\n\r\nJustice Srikrishna said that certain sections are not in alignment with Supreme Court\u2019s right to privacy judgment passed in 2017. He also said that the Indian government has diluted the sanctity by not allowing independent stakeholders to be a part of the Data Protection Act\u2019s office.\r\n\r\nMoreover, Srikrishna noted that the inclusion of non-personal data in the bill is dangerous. He also said that the revised draft can be challenged in the Supreme Court.\r\nThe Difference Between Personal and Non-Personal Data\r\nThe draft of the Personal Data Protection Bill 2018, which was prepared by Justice BN Srikrishna Committee, had defined \u201cpersonal data\u201d and \u201csensitive data\u201d to ensure that there are no loopholes in the bill.\r\n\r\nAs per the draft, any data of a natural person which allows \u201cdirect or indirect identifiability\u201d is personal data. Sensitive personal data includes financial data, biometric data, religious and political leaning, etc.\r\n\r\nOn the other hand, non-personal data is any data, which cannot be traced back to an individual. It is an anonymised community data that is collected by companies. This includes weather data, ecommerce shopping data, traffic and food delivery data.\r\nThe Problems With The Revised Data Protection Bill\r\nNon-Personal Data Inclusion\r\nThe Indian government has also set up a separate committee, in late 2019, to formulate regulations on the non-personal data as it cannot be included in the Personal Data Protection Bill.\r\n\r\nThe committee is headed by Infosys\u2019 Kris Gopalakrishnan, who is currently holding discussions with stakeholders such as ecommerce companies to understand the usage and importance of non-personal data and submit the tentative regulations to the government.\r\n\r\nHowever, in the revised draft, the government has added a provision that allows it to seek both personal and non-personal data from any company to aid the policy formulation process. As per Justice Srikrishna, this provision will allow the government access to all business data \u2014 data on intellectual property, business strategy and mergers and acquisitions.\r\n\r\n\u201cNon-personal data needs a separate law. The government has sneaked it in this Bill. In the universe of data, there is personal data, and then everything else is non-personal data,\u201d Srikrishna maintained.\r\n\u2018Asking For Personal Data Unconstitutional\u2019\r\nIn addition, he also noted that the Supreme Court ruling on the right to privacy does not allow the government to ask for data unless it declares a specific objective for collecting personal data, the authorities ordering it and the procedures that will be followed. The right to privacy judgment was in response to a petition filed by former Karnataka High Court judge KS Puttaswamy.\r\n\r\n\u201cThe argument is that fundamental rights cannot be infringed upon, the law has to be constitutionally valid, which it won\u2019t be because it does not adhere to the Puttaswamy judgment,\u201d Justice Srikrishna added.\r\n\r\nThe draft bill had stated that the government cannot ask for any data unless it was authorised through a law passed in the parliament. However, the government changed the provision and empowered the government to exempt any of its agencies from the purview of the Act.\r\nPersonal Data Body Should Be Independent\r\nThe original draft of the Data Protection Bill 2018 stated that the body managing the regulations, Data Protection Authority (DPA), should be independent. Justice Srikrishna believed that this would ensure that the data is not used by the government to target specific individuals or groups and use the data for personal gains.\r\n\r\nHowever, the revised draft allows only government nominees to hold the DPA office. \u201cThe new Bill has weakened the independence of the DPA, which has to equally monitor the government and the citizens. You can\u2019t put a thief in charge of security\u2026 The ideal thing would be that the DPA become a constitutional authority like the Election Commission or the courts,\u201d Srikrishna said.