India has proposed its first major data protection law and it has brought some controversy. The bill would look to control how businesses manage their personal information, while allowing the government unprecedented access to its citizens’ personal data.
Justice BN Srikrishna, who led the committee that drafted the Personal Data Protection Bill (PDP), told The Economic Times it was “dangerous” and could turn India into an “Orwellian State”.
He said: “They have removed the safeguards. That is most dangerous. The government can at any time access private data or government agency data on grounds of sovereignty or public order. This has dangerous implications.
“The Select Committee has the right to change this. If they call me, I will tell them this is nonsense. I believe there should be judicial oversight on government access,” Srikrishna added.
“It will weaken the bill and turn India into an Orwellian State.”
Privacy outrage
India’s data protection bill was proposed to Parliament on Wednesday and it has been met with resistance from the Opposition, as well as privacy campaigners and social media companies.
“This latest bill is a dramatic step backward in terms of the exceptions it grants for government processing and surveillance,” said internet company Mozilla.
India has a booming economy and an ever-expanding tech scene, in part buoyed by the surge of personal data created by an explosion of mobile phone usage. But, as is typically the case, regulations have not caught up with this data economy and there is a lack of transparency of what power companies and government agencies have over the ‘the new oil’.
The bill itself says that companies can only store specific categories of “sensitive” data, such as financial, health and biometric information. But, it does allow for the free flow of other forms of personal information.
However, the contention of the proposed regulation lies in government access to the personal data. Agencies, by right of the bill, can bypass data protection safeguards of individuals and companies on a number of grounds, including a national security crisis.
Data protection and privacy – time to take it seriously
Attempting to recreate the EU’s GDPR
Data privacy is a hotly debated topic and in 2017, India’s Supreme Court accepted this as a fundamental right to its citizens. In part, this was the result of the impending EU GDPR, which came into effect on 25 May 2018.
Dyann Heward-Mills, founder and CEO of global data protection officer (DPO) service at HewardMills, explained that it’s important other economies try and replicate the privacy standard set in Europe.
She said: “India is the latest in a long line of jurisdictions introducing data protection laws, following the groundbreaking standards set by Europe in the form of the General Data Protection Regulation (GDPR). Organisations operating globally can no longer afford to take a siloed approach to privacy and data protection. In the face of the disruptive force of data-driven technologies, embracing the protection of personal data as a fundamental human right is essential to ensuring the trust of individuals and ongoing innovation. Economies and businesses that fail to protect will fall behind. When it comes to data protection, it’s now a race to the top.”
However, due to the obvious failures of the proposed bill in regards to government access, it has been compared to an authoritarian agenda that will control, rather than empower Indian nationals.
This potential “Orwellian state”, as Srikrishna described it, is further enforced by India going ahead with one of the world’s most extensive facial recognition programmes.
Another questionable aspect of the bill requires companies to provide the government with anonymised and non-personal data, which it says will help improve services to citizens and craft policy.
Parminder Singh, executive director of non-profit IT for Change, told the Financial Times he welcomed the anonymous data provision, because it would indeed aid policymakers. However, he did question the privacy loopholes in relation to control and surveillance.
“The government’s access to data is not controlled enough,” he said.