‘New data bill at odds with privacy ruling’
NEW DELHI: The proposed new data protection law shared by the government possibly falls afoul of the 2017 Supreme Court judgment that laid down the right to privacy, gives the government excessive leeway in framing rules and protocols outside of the parent legislation and seeks to set up a regulator that is unlikely to be independent, experts believe.
The Union ministry for electronics and technology shared the Digital Data Protection Bill, 2022, on Friday for public comments and the proposal is likely to be brought to parliament in the upcoming winter session.
Among the aspects that experts pointed to was the number of issues left to be “prescribed” later via rules that the government will draw up, a process that would not need parliamentary approval.
Among these are additional purposes to which deemed consent will apply, the purposes for which there will be exemption on the additional protections when data of children is processed, and the strength, composition, terms and conditions of appointment and service of the Data Protection Board and its officers and employees.
“The Bill should be called “As May Be Prescribed By Govt Bill” as a lot is left to the rules -- rules that the executive in India has a track record of exploiting to expand its powers,” said technology lawyer Mishi Choudhary.
“Earlier, according to the 2018 draft, to grant an exemption, the government needed the approval of the Parliament,” said Supreme Court lawyer and founder of Cybersaathi, NS Nappinai.
“Now they are proposing that exemptions can be introduced in by order of the central government. That is unconstitutional and will not stand the test of judicial review.”
A second major concern was around the deemed consent clause. The bill includes among its provisions “deemed consent”, which does away with the explicit need for a person to permit the sharing of personal data in certain circumstances, including “in public interest” and “any breakdown of public order”.