Unpacking The Data Protection Law & Who Watches The Watchers? Government Surveillance Powers

The Seminar on the Personal Data Protection Bill, 2021 was hosted by the Bar Association of India on 3rd May, 2022 at New Delhi. The program was inaugurated by the Chief Guest Hon'ble Ms. Justice Indira Banerjee, Judge, Supreme Court of India. Shri Shyam Divan, Senior Advocate & Vice President, BAI gave the welcome address and set the stage for the impugned bill stating that "It's better to have no law than a bad law". Shri Prashant Kumar President, BAI addressed the gathering discussing the ambits of data privacy under the 2021 bill and the need for having independent servers and IT infrastructure for the judiciary. Dr. Pinky Anand, Senior Advocate & Vice President, BAI spoke about the nature of data as an asset in the current landscape and the need for balancing the conflicting requirements. Dr. Anindita Pujari, General Secretary of BAI concluded the inaugural session noting that the impugned bill must give the citizens "the freedom to remain obscure, if they wish to do so", and stated that it must pave way for a society where we are not mere dots in the analytics of big corporations. The first working session discussed Government surveillance powers and its ambit under the impugned bill. The session was chaired by Shri Chander Uday Singh, Senior Advocate & Vice President of the Bar Association of India. He set the topic in motion with a slight overview and, and briefly introduced all four of the speakers. Each of the speakers highlighted a different aspect of government surveillance to identify potential reforms that could be made to the bill. Amarjeet Singh Bedi : Mr. Amarjit Bedi is an Advocate on Record at Supreme Court of India. Notably he was the Gold medallist of the AOR exam. He is the Joint General secretary of the Bar Association of India and his core area of practice is in Arbitration. Recounting his earliest memories of data breach, which started during the days of misplaced floppy disks and internet cards, Mr. Bedi analysed the demographic of the country to explain why such a law becomes imperative. Privacy is a fundamental right by virtue of the Puttaswamy Judgment, however our claims in case of breach of data privacy is currently being filed under a galaxy of laws and rules, the lack of a comprehensive umbrella legislation that governs the matter set the stage for the current bill which is inspired from the EU General Data Protection Regulation 2016. In a world where 2.5 quintillion bytes gets created every day, India as the second largest consumer of this data after China, indeed needs an umbrella legislation that addresses all matters of data breach and privacy. The intrinsic value of data to predict market behaviour makes the potential for risk and misuse sky high. Instances of data leaks over the past few years like in 2018 when around 200 government websites accidentally made Aadhar details public, the 2021 hack of the voters list in the election commission website, The Facebook – Cambridge Analytica data misuse for the Ted Cruz campaign, all tell us that laws protecting us against such misuse becomes the need of the hour. The expectations one has from such a legislation is that it must give one the power to be forgotten, if he wishes to do so. Apar Gupta: Apar Gupta is a young lawyer dedicated to the field of technology and data privacy. He completed his LL.M from Columbia Law School and has worked in the Shreya Singhal case, and served as a counsel in the Aadhar case. Mr. Gupta started his discussion, raising the question of what this legislation aims to achieve. Can this bill in its current form provide a degree of benefit or does it hope to formally and legally authorise certain existing practices that tilts the power away from the individual in favour of the state towards security functions which may be exercised in an unaccountable manner, but will be recognised by this law? He drew the attention to various specific sections of the proposed bill to answer this question. By leaving out the word 'personal' from the title of the bill in 2021, and section 2(b) which conveys that the bill aims to cover anonymised data i.e., data derived from a person that is not identifiable against such person, this bill now aims to cover a larger ambit and has bigger consequences since such anonymised data receives lower degrees of protection, reidentification from such anonymised data becomes a threat to personal privacy. This law does not aim to reform the surveillance framework, but rather only applies to consensual forms of sharing of data and consensual data processing which is defined under section 3(36). Therefore, it keeps surveillance done without the consent and knowledge of citizens outside the purview of this Act. He substantiates this understanding by emphasising on extracts from the BN Srikrishna committee report that accompanied the draft bill in 2019. Chapter 8 of the report: non-consensual...

Unpacking The Data Protection Law & Who Watches The Watchers? Government Surveillance Powers

Parvati Nambiar

Tags