Financial Express: New Delhi: Friday, August 18, 2023.
A wholesale denial of information under the guise of protecting privacy can’t be the privacy regime the government intends to have.
The Digital Personal Data Protection (DPDP) Act that was passed by Parliament last week is the latest blow to the Right to Information (RTI) Act. The DPDP Act seeks “to provide for the processing of digital personal data in a manner that recognises both the right of individuals to protect their personal data and the need to process such personal data for lawful purposes”. But sharing of personal data upon meeting certain conditions under the RTI Act no longer seems to be protected as “lawful purpose”. Section 44 (3) of the Act amends Section 8 (1)(j) of the RTI Act, and thereby totally exempts personal information from disclosure under the landmark accountability law.
The RTI provision allowed personal information to be disclosed if a Public Information Officer is satisfied that such information’s relationship to the larger public interest or any public activity justifies this. It also held that information that can’t be denied to Parliament or a State Legislature can’t be denied to an RTI applicant. The DPDP Act amends this provision in such a way that an RTI applicant can’t now seek “personal information” even when this information has a bearing on “public activity” or “public interest.” It even does away with the proviso on comparable rights on availing information enjoyed by an RTI applicant and Parliament/legislatures. Matters are made worse by the fact that the definition of a “person” has been made so wide that getting information under the accountability law becomes a lot more challenging. Depriving a citizen of one of the most potent means to hold the government accountable—which is what RTI and legal experts fear would be the case with the DPDP Act in its current form—doesn’t augur well for democracy. A wholesale denial of information under the guise of protecting privacy—especially in a context where the government has got unbridled powers to access citizens’ personal data—can’t be the privacy regime the government intends to have.
There is an urgent need for course correction. Legal experts have strongly backed aligning the DPDP Act with the objectives of the RTI Act in a manner that public interest is not harmed by denial of information. Indeed, the Justice AP Shah committee that had recommended the contours of a privacy law had said in its 2012 report that such a law “should not circumscribe the Right to Information Act” and must “clarify that publication of personal data for … disclosure of information as required by the Right to Information Act should not constitute an infringement of privacy.” Now that the privacy law has been enacted, the government must move immediately to amend it suitably and lift the curbs it has placed on the scope of the accountability law.
It will do well to pay heed to the words of the National Campaign for Peoples’ Right to Information: “…access to granular information, including personal information, is critical to empower people to undertake collective monitoring and ensure they are able to access their rights and entitlements”, which is “well recognized and has been adopted in various welfare programmes and schemes (as social audits)”. Chronic understaffing, amendment of the RTI Act to chip away the independence of the office of the Chief Information Commissioner, heavy pendency, inadequate information supplied, etc, have already been ailing the accountability architecture. The last thing it needs is the privacy law trumping its scope and spirit.