The
Hindu: National: Thursday, September 27, 2018.
The draft Personal Data Protection Bill poses a danger to
the hard-won right to information
On
August 24, 2017, the Supreme Court declared the right to privacy a fundamental
right, a ruling widely welcomed. But many transparency advocates also felt
apprehension, fearing that the right to privacy meant to protect citizens from
arbitrary state and corporate surveillance might be deployed first and foremost
to shield authorities from scrutiny by citizens.
Issue
of accountability
The
Personal Data Protection Bill, 2018, drafted by the Srikrishna Committee,
confirms these concerns. The Bill identifies “personal data” as any data that
directly or indirectly identifies a person. It then calls for amending clause
8.1.j of the Right to Information (RTI) Act, 2005. The clause currently exempts
the following from disclosure: “information which relates to personal
information, the disclosure of which has no relationship to any public activity
or interest, or which would cause unwarranted invasion of the privacy of the
individual unless the Public Information Officer... is satisfied that the
larger public interest justifies the disclosure. Provided that the information
which cannot be denied to the Parliament or a State Legislature shall not be
denied to any person.”
The
Srikrishna Committee suggests amending this clause to authorise public
information officers, or PIOs, to deny information containing ‘personal data’,
if they feel that such disclosure is likely to cause harm to ‘the data
principal’, and if such harm outweighs public interest. The Bill defines ‘data
principal’ as whoever the data relates to. This amendment may seem reasonable
on first reading, but for the practical experiences of RTI users in the past
years.
The
RTI Act’s core aim is to bring accountability by making available public
records that disclose the actions and decisions of specific, identifiable
members of the political class and the bureaucracy. The Data Protection Bill
extends the cloak of ‘personal data’ over all such information. It asks PIOs
(now overwhelmingly appointed at junior levels) to weigh public interest
against the potential for harm to those identifiable in public documents. The
Bill defines harm expansively to include everything from blackmail and bodily
injury to loss of reputation, humiliation and “mental injury”. The Bill ignores
that another key aim of the RTI Act is “containing corruption”. By bringing
corruption to light, dogged RTI users have served public interest and caused
‘harm’, in terms of the Bill, to those exposed.
A
‘powerful proviso’
Further,
most public records identify one or more persons. For instance, file notings
identify bureaucrats making decisions by their posts, or even initials/names;
public records, such as contracts awarded or clearances issued, identify
specific private actors. Under the proposed amendment, PIOs will be forced to
test public interest versus potential for harm to multiple “data principals” in
just about every request that they handle, and this is a responsibility they
will be reluctant to take on. When nine judges of the Supreme Court are unable
to frame the bounds of privacy, can we expect PIOs to assess which information
is private, and then weigh the potential harm to individuals due to disclosure,
guided all the while by public interest and the cause of accountability?
The
amended clause will chill the RTI Act, as PIOs will now have a strong legal
ground to play safe, and toss out RTI requests deploying an amended clause
8.1.j. In fact, this is already happening on account of how the Supreme Court
has perhaps inadvertently mangled the privacy safeguard provided in the
existing Section 8.1.j. The RTI Act currently provides an acid test to help
PIOs respond to requests: “Provided that the information which cannot be denied
to the Parliament or a State Legislature shall not be denied to any person.”
This is a powerful proviso, also retained in the proposed amendment. It implies
that PIOs can deny only that information to applicants which they would deny to
Parliament or State legislatures.
However,
in Girish Deshpande v. Central Information Commission & Ors. (2012), a
two-judge Bench of the Supreme Court ignored this proviso and prior precedents
in order to rule that the assets and details about the performance of a public
servant constituted personal information, and were exempt from disclosure. This
has set a precedent for subsequent court rulings and for PIOs to
indiscriminately expand the ambit of personal information, and reject RTI
requests, using clause 8.1.j. Recently, the Union Department of Personnel and
Training denied information about the mere number of IAS officers whose annual
performance appraisal reports were pending, as of 2017. The PIO cited clause
8.1.j and the 2012 SC ruling as grounds for denial. In essence, the court has
implicitly read down the powerful proviso above, prompting PIOs to “profusely
abuse” the privacy exemption in the RTI Act, as Central Information
Commissioner M. Sridhar Acharyulu has observed. According to Acharyulu, PIOs’
“misuse of 8.1.j is rampant”, and is reducing RTI to “a mockery.”
The
government should be addressing these alarms raised by the Central Information
Commission, the RTI’s apex watchdog. The precedent created by Deshpande and its
widespread abuse by PIOs need to be corrected, to reaffirm the fundamental right
to information. Instead, the government is embarking on a project to legalise
such ‘abuse’, by diluting transparency in the guise of an amendment furthering
privacy.
If
the Bill is passed as is, and the RTI Act amended, it will deal a body blow to
India’s hard-won right to information. The Ministry of Information Technology
is accepting public feedback on the Data Privacy Bill until the end of
September. Citizens should use this window to urge the government not to amend
the RTI Act.