July 27 marks one year since an expert Committee headed by Retd. Justice BN Srikrishna handed over a report and the draft Personal Data Protection Bill to Electronics and IT Minister Ravi Shankar Prasad.
India is among a handful of democracies around the world without a data protection and privacy law. However, a year since the draft bill was submitted it is yet to be tabled in Parliament.
The draft data protection bill has incurred sharp criticism not only for provisions like data localisation but also for the lack of transparency from the Ministry on it.
Very little is known about the Committee’s workings and the submissions by the public to Committee and the ministry on the draft bill.
The workings of the 10-member Srikrishna Committee, tasked with preparing a draft legislation of India’s data protection bill, has been shrouded in secrecy since its formation on 31 July, 2017. Dozens of RTIs seeking information on its formation, meetings and public consultations have been consistently denied.
On 25 July, 2019, in a reply to Rajya Sabha MP, Rajeev Gowda; IT Minister Ravi Shankar Prasad said that “the submissions made to the Committee by any entity are confidential and meant for examination by the Committee.”
A member of the Srikrishna Committee told The Quint that “there was no reason to not make the consultations public.”
Gowda had asked “whether the Ministry has decided to make the consultations received from the stakeholders on Data Protection Bill Public.” This questions has been raised several times in the last one year by digital rights advocates, researchers and the press.
Why Can’t a Public Consultation Be Made Public: MP
There were two sets of consultations held with respect to the draft data protection bill. One was conducted in November 2017 when the Srikrishna Committee had released its white paper. The second was conducted by the Electronics and IT Ministry itslef when it had solicited public comments from 14 August - 10 October 2018.
Gowda spoke with The Quint on the subject and expressed his dismay on the continued confidentiality of a process that was public.
It is a public consultation so why can’t it be made public ? This is a test case for the government on data sharing. Here is information it has received from the public and hence it can be made public.MV Rajeev Gowda, Rajya Sabha MP
“What we want to know are the points and issues raised in the public submissions. If the Ministry wants it can anonymyse the information but at least inform us what has been discussed,” Gowda added.
Is There a Basis For Claiming Confidentiality ?
Apar Gupta, Executive Director of the Internet Freedom Foundation, said that they had filed two RTIs seeking information on the consultations but was denied on both occasions by the Ministry citing confidentiality.
“Both our RTIs have been denied citing confidentiality and third party information. So the Parliamentary reply is consistent with that denial and our appeal is pending before the Central Information Commission,” Apar Gupta, told The Quint
According to us there is no basis for this confidentiality. As per us the section of the RTI act which has been cited for denial of information is inapplicable because the reason cited pertains to cabinet papers and deliberations. It is not applicable in this case because it was a public consultation
Centre Pushing Data Policies Without a Law
The absence of a data protection law has been felt strongly in recent months given the various personal data-related policies pushed by various central ministries. All these policies have processing and sharing of personal data of citizens at their core. In fact, even the Economic Survey of India makes a spirited case for “data a public good” in taking the nation’s economy forward.
Sale of Vehicle Registration and Driving License Data: In line with its larger plan to use “data as public good”, the government earned Rs 65 crore by selling in bulk the data of crores of vehicle-owners and driving license-holders, including data on insurance and tax paid.
Automated Facial Recognition System: On 4 July, the NCRB had ‘quietly’ released a 172-page Request for Proposal (RPF) calling for applicants to bid for the implementation of a nationwide Automated Facial Recognition System.
The move raises pertinent concerns as worldwide instances of surveillance, privacy abuse, inaccurate results and most importantly, disproportionate impact on minorities have surfaced repeatedly.
National Health Stack & Digital Health Blueprint: On 15 July, the Centre released the ‘blueprint’ of its plan to set up a health data empire in India. Among the key principles of the datafication of India’s medical ecosystem is a unique health ID for citizens, with Aadhaar as a key identifier.
Data Localisaion: In the last one year several policies and legislation like the Personal Data Protection Bill 2018, draft e-commerce policy, the draft e-pharmacy regulations -have specified the storing of data within the country as a policy measure.
Ministry Selectively Sharing Information
Both, MP Rajeev Gowda and Apar Gupta pointed towards the The IT Ministry’s disclosure of other consultations as well as the Telecom Regulatory Authority of India (TRAI) as examples of transparent disclosure of inputs received from the public.
The Ministry has made public in February all the public comments it had received to the proposed amendments to intermediary liablity rules under the IT Act. it had also invited counter comments on the comments received.
“ We have also cited in our CIC appeal the public disclosure of all the comments received by the IT ministry during the consultation of Intermediaries Draft guidelines proposed in January 2019. The same ministry is adopting inconsistent practices in which it is publishing comments in one case but in respect with the data protection bill it is denied,” said Apar Gupta.
In a letter to the IT Minister Prasad on 22 July, the Internet Freedom Foundation urged the Minister to look at how TRAI proactively publishes the inputs it receives
“If TRAI can make put our public consultations why can’t the IT Ministry?” asked Gowda.