The Digital Personal Data Protection (DPDP) Bill became an Act in India just ahead of the 76th Independence Day in the country. While the central government has claimed it is a huge cyber law milestone, experts have raised concerns the law will forbid the citizens from seeking information for their benefit.
President Droupadi Murmu granted assent to the Bill on August 11 and the lower and the upper Houses of the Parliament had given their nod to it August 7 and 9, respectively.
The act that aims to empower citizens by enabling their right to privacy instead dilutes the provisions of Right to Information (RTI) Act, making it redundant. It also give more power to the central government, the experts analysed.
The law also disproportionately affects the poor and marginalised more, said Raj Shekhar, member of nonprofit Right to Food Campaign.
Many people seek information about their pension, delayed wages in rural areas, and other details under Mahatma Gandhi National Rural Employment Guarantee Scheme (MGNREGS) through the RTI, pointed out Shekhar. Even students use it to check information on their scholarship money.
However, the new law demands that such people or beneficiaries make personal applications to seek information on the same.
“Earlier these applications or information via RTI was sought by community-level people or worker organisations. It helped the people who were less literate or unable to move due to old age to get information on their behalf,” he said.
But now the law would require that nodal person or community-level worker to get approval as a data fiduciary (someone who manages data property for someone else) and take responsibility of protecting the privacy of such persons. “If any data is leaked, it many amount to fines up to Rs 250 crore,” he explained.
Moreover the central government decides who will head the position of data protection commissioner for the same, he said.
“It will be up to the discretion of the officer whether such approvals are to be granted or not. Thus there will be no autonomy for the Data Protection Board, constituted for ensuring enforcement of provisions of the law,” Shekhar said.
Amrita Johri, member of National Campaign for People’s Right to Information, also underlined the impact of the law on the poor and marginalised. Even the public distribution system would be affected, she said.
“The National Food Security Act demands sharing details of ration card holders and records of ration shops, including sale and stock registers publicly. Such transparency enables social audits in the system. Now denial to access this information will disable the the beneficiaries to claim their rights on receiving food grains,” Johri said.
Preventing citizens from accessing information under the right to privacy and national interest directly attacks rights of the common people and encourage corruption, she added.
Prateek Waghre, policy director for Delhi-based nonprofit Internet Freedom Foundation, said the new law removes qualifier under Right to Information Act where information is to be shared for public interest and can be denied, which will remove accountability for the government.
“It becomes difficult to hold the government accountable in such cases. It may expand to cases where minutes of the meeting or who attended a particular government meeting is not disclosed. The drafting interpretation seems on such lines,” he said.
The government has ignored how crucial data is and its benefits at the grassroots, said Shekhar.
The new provisions under Section 18 of the Act grant powers to the central government to exclude any government or private sector entities from its ambit through a notification, said Johri.
Raising another concern, she said the Data Protection Board will be digital in usage for receipt and disposal of complaints.
“The National Family Health Survey report shows that only 33 per cent of women in the country have accessed internet. The Act will deprive millions of people who fail to access the internet and thereby their constitutional rights,” she added.
Earlier, the Section 8(1)(j) stated any personal information that is important for public interest should be made available to public domain, said Shekhar. “The amendments, however, modify the section of RTI in the name of data privacy and killing the essence of the Act,” he said.
The RTI earlier guaranteed equal rights to access information, said Shekhar. Now it will lead to discrimination. “It will be up to the discretion of the commissioner to decide how influential the applicant is and if the information should be allowed to be shared,” he added.
There are many safeguards that do not exist or conditions where information of citizens can be protected or they control it, said Waghre.
“The law also acts on deemed consent that is if a user consents in the past or once for government, it can assume consent for future part. It also considers information in existing database as consensual information,” he added.
The expert said the law gives government entire possession of the information and how it is used.
“Moreover, there is no timeline for companies to draw a roadmap from the government when the provisions will come into effect and when the respective rules will be notified on complying to the data privacy and seeking consent for data. In such a case, it becomes less effective,” he said.