Data Protection Bill May Endanger Citizens' Privacy: Author Of First Draft Justice Srikrishna

Retired Supreme Court judge Justice B N Srikrishna has warned that the Personal Data Protection Bill giving extra powers and legal exceptions given to the central government are a "dangerous trend", and is potentially leading to an "Orwellian State".

Srikrishna headed the committee that drafted the original Personal Data Protection Bill.

The Personal Data Protection Bill aims to create a 'Data Protection Authority' to ensure the security and privacy of a person's data available on the internet. A bill that was drafted with an aim to protect the data of citizens is now under threat. People are worried that their data might be used for keeping a watch on them.

Under the Bill, the central government can exempt any of its agencies from the provisions of the Act in the interest of the security of the state, public order, sovereignty, integrity of India and friendly relations with foreign states.

In a first, the bill proposes social media platforms to come up with a mechanism in which "for every user who registers their service from India or uses their service from India, a voluntary verifiable account mechanism has to be made." The provision puts the burden of creating the mechanism on the company.

Additionally, the companies will also be tasked with including security audits, appointing a data protection officer, and performing data protection assessments, based on the volume of data they collect from users. Social media platform providers will also be asked to enable customers to verify their accounts.

In a note to the Joint Select Committee in Parliament deliberating on the Bill, justice Srikrishna said, "Data localisation requirement has been watered down because of lobbying by foreign companies."

Srikrishna noted that if a situation arises where the data needs to be accessed at short notice, it would be impossible to follow the MLAT process to get it as that would take at least 18/24 months.

In order to receive information from an American company for law enforcement purposes, Indian authorities have to follow an extensive process -- the Mutual Legal Assistance Treaty (MLAT).

Justice Srikrishna said that besides giving leniency to foreign companies, the "Government can always dominate the Data Protection Authority", and exemptions for government surveillance have "sinister implications".

Justice Srikrishna said that giving the government the power to direct anyone to provide all their non-personal data is "a dangerous trend".

He also talked about the government's power to notify social media intermediaries as "signified data fiduciaries" having more strict obligations under the law, and claimed that these "vague" exceptions for government surveillance violates an entity's right to privacy and leads to a potential introduction of an "Orwellian State".

With the support of the Internet Freedom Foundation, The Logical Indian is running a campaign to make people aware of the Data Protection Bill and then fix it. Through #SaveOurPrivacy initiative we are taking our voice to a Joint Committee of Parliament that is, at present, considering and taking inputs. By clicking on the pledge you sign on to the campaign and bring a change.

Also Read: What Happens When Personal Data Protection Bill Becomes A Law?