Financial Chronicle: New Delhi: Monday, July 30, 2018.
The draft
data protection bill 2018, if implemented in the present form, may undermine
and complicate the Right to Information (RTI) Act, a tool to seek data on the
governance. The excessive thrust on personal privacy could become another
impediment, experts feel.
The stress on
data protection through local storage, in the draft bill presented by a
government appointed panel, led by former Supreme Court judge BN Srikrishna,
could also affect data storing practices by global companies in India, say
experts. The panel also said all critical personal data on people in India
should be processed within the country.
The draft
bill seeks to amend the RTI Act’s section 8(1)(j), which states that personal
information that doesn’t serve “public activity or interest” cannot be
disclosed unless it is deemed to be of public interest, according to the
213-page report released on Friday.
According to
experts, in the RTI Act are not necessary and it could dilute its
effectiveness.
Talking to
Financial Chronicle, MM Ansari, former information commissioner, said the
current RTI Act duly protects the personal information. “The committee’s
recommendations for changes in RTI Act are uncalled for and inconsequential.
The Act is sufficient in itself to protect the personal data”.
“The proposed
legislation is only for processing data and yet it seeks to repeal section
43(A) of the IT Act 2000, which is on a much broader pedestal of dealing,
handling or projecting sensitive personal data. It has ignored data exchanges through
mobiles and assumes all data goes through PCs,” said cyber law expert and
senior lawyer Pawan Duggal.
“This kind of
a knee-jerk reaction must give way to a holistic approach on the subject. The
IT Act is mother legislation. It has every aspect of digital format in it. The
data protection law is only going to be a subset of the IT Act,” Duggal said.
The fundamental
problem is that the definition of data under the bill is restrictive than the
broader definition of the data given under the IT Act, he said and added, it
will also complicate matter pertaining to Aadhaar. Aadhaar was built on one
entry format and the ecosystem around it is not that safe.
“We must wait
for the Supreme Court decision on Aadhaar. Also the government must make the
ecosystem more secure before moving forward”, Duggal said.
But Mahesh
Uppal, telecom expert and director at ComFirst, a consultancy firm, says the
bill does not provide sufficient justification to deny information, if it is in
public interest to provide it.
Uppal says
the mirror data storage suggestion of the panel, which means if the data can’t
be stored in India, there be a copy of the data server storing them locally
would lead to higher costs.
Nasscom, the
apex software association, which said it would kill the startup culture in
India, has also highlighted this fear.
“As Nasscom
has pointed the panel considers subjects like passwords, financial data as
critical personal data. It is not so in most jurisdictions and will increase
costs of data players”, Uppal said.
Duggal said
the bill is highly defective becasue it doesn’t begin with the basic
premise of ownership of data but just deals with processing of data.
Both Uppal
and Duggal agree that too much thrust on privacy could lead to misuse of the
scope to aid terrorist activity on ground, cyber terror and other unethical
practices. The central government should determine categories of sensitive
personal data which are critical to the nation,” the panel said, adding there
will be a prohibition against cross-border transfer of such data.
.JPG)
.JPG)
