The Personal Data Protection Bill (PDP), tabled in Parliament on Wednesday (December 11), has given rise to criticism for allowing law enforcement agencies in India to process personal data of users without consent for “reasonable purposes”. Justice BN Srikrishna, who led the committee that drafted the PDP Bill, said the bill is “dangerous” and can turn India into an Orwellian state.
The term Orwellian state is used to describe a system of governance that has draconian control over its people, as described in the novel ‘Nineteen Eighty-Four’ by George Orwell.
“They have removed the safeguards. That is the most dangerous. The government can at any time access private data or government agency data on grounds of sovereignty or public order. This has dangerous implications.”
The exemptions, the revised personal data protection bill says, will be in cases of prevention and detection of any unlawful activity including fraud; whistleblowing; mergers and acquisitions; network and information security; credit scoring; recovery of debt; the processing of publicly available personal data; and operation of search engines within India.
However, experts say the implementation could be challenging. “The Select Committee has the right to change this. If they call me, I will tell them this is nonsense. I believe there should be judicial oversight on government access,” Srikrishna told ET.
Right to Erasure And Right To Be Forgotten
The personal data protection bill is being looked at as being more stringent in nature as compared to European privacy laws. The new bill provides for Right to Erasure to citizens in India, along with the right to be forgotten given by European data protection laws.
The proposed bill also gives users the right to delete any personal data posted in the public domain by approaching the adjudicating officer under the independent regulator (the Data Protection Authority). The European Union, however, allows users to reach out to companies, including social media platforms such as Facebook and Twitter to delete any data they have published online.
According to the bill, data principals (users) can also ask for restricting continued disclosure of data once the purpose for which it was collected has been served, or is no longer necessary. If the users withdraw consent, the data has to be removed. However, they will have to file an application with an adjudicating officer in case they wish to withdraw consent or want to limit the use of data, according to the draft.
Earlier, Justice BN Srikrishna, who led the personal data protection framework for the country panel and a draft data protection bill in July 2018, had said that he prefers the final version of the bill to be sent to a select committee of Parliament for a review before it becomes law.
“It is too serious and too complicated an issue. It is better to give it to a select committee because what happens there is that they invite knowledgeable people, experts to present evidence and the committee assesses the whole thing,” the retired Supreme Court judge had said.
The bill has been referred to a joint select committee of both the Houses of Parliament amid protests by the Opposition. The committee will reportedly submit a report before the Budget session of the Parliament in early 2020.