Significant recent legislation designed to safeguard the personal data of Indian citizens appears to weaken another important law that brought much-needed transparency to government operations, according to experts.
Until just last week, India lacked a comprehensive law to oversee the collection, storage, and processing of individuals’ personal data. The passage of the Digital Personal Data Protection Bill in parliament addressed this longstanding need.
However, privacy specialists have voiced serious reservations, highlighting that the new law fails to adequately shield citizens from surveillance and grants disproportionate authority to the central government in its implementation.
One notable critique pertains to the modification introduced by the legislation to the landmark Right to Information (RTI) law, enabling citizens to obtain government data. Since its enactment in 2005 – after prolonged advocacy efforts – millions of Indians have utilized the RTI law to raise queries and demand information from government bodies and officials. Yet, the fresh legislation alters a provision within the RTI law to exempt “personal information” from disclosure. This alteration will impact a substantial portion of the information presently sought under this law.
Anjali Bhardwaj, co-convenor of the National Campaign for People’s Right to Information, a pivotal force behind the passage of the RTI law in 2005, remarks, “The essence of the RTI law – whether it’s to hold governments accountable or combat corruption – frequently involves personal information.” Madan Lokur, a former Supreme Court judge, asserts that this amendment “will significantly diminish the effectiveness of the RTI.”
While the implementation of the RTI law has never been flawless – information was frequently denied on questionable grounds, and successive governments attempted to dilute its impact – activists are concerned that this recent alteration will render obtaining answers nearly impossible.
What are the provisions of the RTI law?
The RTI law encompasses a broad range of organizations, including all departments established under the Constitution or any government legislation or notification. Even entities that receive significant funding from any government source, even indirectly, fall under its purview.
The fundamental principle of the RTI Act is that, by default, all information should be accessible to citizens upon request, with a few exceptions for matters such as national security. A particular clause that is currently being debated states that if the information is of a personal nature and doesn’t pertain to any “public activity,” or if disclosing it would unduly intrude upon an individual’s privacy, then the official can reject the request, unless they determine that it should be disclosed in the “greater public interest.”
In 2012, a committee on privacy law chaired by Justice AP Shah recommended that disclosures under the RTI Act should not be considered a violation of privacy.
What modifications will the new law bring about?
The new data protection law supersedes this clause, simplifying the denial criteria by stating that any information “related to personal information” can be refused – potentially encompassing any response that identifies an individual.
Shailesh Gandhi, a former Central Information Commissioner responsible for resolving complaints under the RTI Act, explains that previously there was a requirement that personal information shouldn’t be linked to public activities or invade privacy without justification.
Mr. Gandhi also notes that, for practical implementation, it was clarified that if information couldn’t be withheld from a legislature, it shouldn’t be withheld from an individual either.
However, the present law imposes a comprehensive prohibition on personal information, a shift Mr. Gandhi considers problematic as “almost any piece of information could be somehow connected to an individual.”
Additionally, the data protection law introduces the possibility of significant financial penalties for non-compliance, reaching up to 2.5 billion rupees ($30.1 million; £23.7 million). This potential financial risk might discourage officials from disclosing information that could relate to personal matters, even in the public interest.
Given this scenario, Mr. Gandhi raises a crucial question: “Even if they impose a [lesser fine], which officer would take the risk [of disclosing personal information in public interest]?”
Federal minister Ashwini Vaishnaw has emphasized that the law change considers a significant 2017 Supreme Court ruling on privacy, asserting that personal data processing is acceptable if it meets the criteria of legality, legitimacy, and proportionality. He also maintains that this alteration won’t impact the RTI.
