Dissent is democratic: Looking at the dissent notes in the report of the JPC #SaveOurPrivacy

In the final report of the Joint Parliamentary Committee on the Personal Data Protection Bill, 2019, 8 Members of Parliament have filed dissent notes against the final recommendations. In this post, we look at what the MPs are saying and explain the various amendments proposed by them.

23 December, 2021
6 min read

tl;dr

In the final report of the Joint Parliamentary Committee on the Personal Data Protection Bill, 2019, 8 Members of Parliament have filed dissent notes against the final recommendations. In this post, we look at what the MPs are saying and explain the various amendments proposed by them.

Background

On 16th December, 2021, after two long years, the report of the Joint Parliamentary Committee (‘JPC’) on the Personal Data Protection Bill, 2019 (‘2019 Bill’) was finally tabled in Parliament. We have already looked at the key takeaways from the report, analyzing the provisions contained in Draft Data Protection Bill, 2021 (‘2021 Bill’) included in the report. We have also compared the recommendations of the JPC with the Personal Data Protection Bill, 2019, and the report of the Justice Srikrishna Committee. Lastly, we have highlighted the glaring lack of any provisions on surveillance reform in the 2021 Bill.

The final report of the JPC also contains dissent notes filed by eight JPC members against the final recommendations of the committee. News reports from last month had indicated that multiple dissent notes had been filed against the final report, to which the chairperson of the JPC had stated that the dissent notes moved by members of the JPC were “ill-conceived”. Disappointingly, such sentiments remain, as, instead of engaging with the dissenting members, in a recent interview the chairperson called the dissent notes “politically motivated”. It is to these dissent notes that we now turn.

Manish Tewari: An inherent design flaw

Indian National Congress MP Manish Tewari, in his dissent note (pg 209-218 of the document), has rejected the bill in its entirety, stating that “there is an inherent design flaw in its very construction”. The MP stated that the Bill seemed to have been conceived with a “pre Putt[a]swamy” mindset. Furthermore, the blanket exemptions under Clause 35 provided to the government are violative of the right to privacy as affirmed in the Puttaswamy judgment and create parallel legal universes for the private sector, where the bill applies with full force, and the government, which can exempt itself from the provisions of the bill.

Derek O’Brien and Mahua Moitra: Orwellian nature of the Bill

In their dissent note (pg 219-220), Trinamool Congress MPs Derek O’Brien and Mahua Moitra criticized the “Orwellian nature” of the bill and drew attention towards the “improper functioning” of the JPC as sufficient time and opportunity were not provided for stakeholder consultations which happened during the COVID-19 pandemic. Other grounds for criticism were the lack of safeguards to protect the privacy of data principals and the inclusion of non-personal data within its ambit.

The overbroad exemptions provided to government agencies under clause 35 was also a key area of concern for the MPs. The excessive involvement of the government in the selection of the members of the Data Protection Authority which will be bound by the directions of the central government was also highlighted, as this would hamper its independent functioning.

Gaurav Gogoi: Lack of surveillance reform and wide government exemptions

Indian National Congress MP Gaurav Gogoi, while in broad agreement with the conclusions of the report, set forth certain reservations with regards to the provisions of the Draft Bill. The note (pg 221-228) highlights the lack of attention paid to the harms arising from surveillance undertaken by the state, which is only exacerbated by the use of age-old laws to conduct surveillance, on this point, he states that “I am of the firm opinion that the Committee should have deliberated these concerns more deeply”. The exemptions provided to the government and the lack of parliamentary oversight has been criticized for being “against the essence of privacy being a fundamental right”. The blanket exemption provided to the government under clauses 12 and 35 of the bill results in a data protection framework that is only applicable to private and non-governmental actors.  The note argues that in clause 12, which provides for grounds for the processing of personal data without consent, the use of terms such as “for performance of any function of the authorized by law”,  ''for provision of services or benefit-to the data principle from the State", and "issuance of any certification, license or permit", allows for too much discretion for the government which can essentially interpret them to enable any government department/agency to non-consensually process personal data for any kind of service.

The note criticizes the “premature and hasty” inclusion of non-personal data within the ambit of the bill without consultation, and also objects to the “loose” definition of non-personal data which fails to acknowledge the multi-faceted nature of non-personal data. This, the note argues, would foreclose innovation as non-personal data is used for “training-cycle” uses, i.e., training algorithms to draw inferences from markers within data. Policy considerations that arise from this use such as how the data will be anonymized and how algorithms will be made accountable to data protection require that there is a regime for non-personal data that is user and business-friendly.

Ritesh Pandey: Lack of independence of Data Protection Authority

Bahujan Samaj Party MP Ritesh Pandey registered his dissatisfaction with three clauses of the Draft Bill, namely, clauses 3(8) relating to, clause 35, and clause 42(2) relating to. In his dissent note (pg 229-235), the MP argued that, “it is vital to ensure that the members of the DPA are impartial and independent of outside influence from any party including the central government”. He further argued against overreaches by the government, saying that carte blanche exemptions to the government,“without adherence to established safeguards such as necessity and proportionality is potentially unconstitutional”. Lastly, he said that lowering the age limit in the definition of ‘child’ in the Draft Bill would, “allow young users to benefit from innovative technologies without the onus of obtaining consent from their parent/guardian.

Jairam Ramesh: Robust regulation of the processing of data by governments

Indian National Congress MP Jairam Ramesh in his dissent note (237-242), expressed two fundamental disagreements with the report of the JPC with regards to clauses 12 and 35 of the Draft Data Protection bill, 2021. He stated that the report, “assumes that the constitutional right to privacy arises only where operations and activities of private companies are concerned”, and that,“[g]overnments and government agencies are treated as a separate privileged class whose operations and activities are always in the public interest and individual privacy considerations are secondary.” The MP said that the idea that the judgement of the Supreme Court in the Puttaswamy case should apply only to a “very, very, very tiny section of the Indian population” was extremely flawed and troubling.

Vivek Tankha: Proposals may impede the Right to Privacy

Indian National Congress MP Vivek Tankha lent support to the dissent notes filed by  other members such as Jairam Ramesh, noting the importance of the concerns raised regarding clauses 12 and 35 of the Draft Bill and supporting the proposed amendments. The said amendments, he says, are “necessary to prevent abuse of the power of exception so liberally granted to the state”. His dissent note (pg 243-244) argues that the Bill is premised on an incorrect assumption according to which the right to privacy arises only for protection against private entities and the state is exempt from it. This is inconsistent with the decision of the Supreme Court in the Puttaswamy case.

Since data is shared with government agencies on a regular basis, there is a need to put a check on sharing of data unless “it is inconsistent with National security, sovereignty, foreign relations, or for prevention/detection of any crime/cognizable offense”. The note also raises concerns regarding the misuse of “public order” as a ground for exemption under clause 35. The note concludes that any exemption that overrides the fundamental rights of the citizens of India “must fulfill and owe complete obedience to the exceptional circumstances permitted by law and so granted by a reasoned order; that is to not trust or leave to state/officers fancy the precious freedom afforded by the constitution to every citizen or person”.

Amar Patnaik: Need to respect the Right to privacy and the principle of federalism

Biju Janata Dal MP Amar Patnaik in his dissent note (pg 245-250) has emphasized the need for the overall design of the bill to adhere to the judgment of the Supreme Court in the Puttaswamy case which enshrined the principle that “privacy is a fundamental right which is guaranteed by the constitution”. According to him, “the government cannot appear to be taking a pre-eminent position in safeguarding citizen’s informational privacy as per the whims and interpretation of an event occurrence”.

Another issue pointed out by the MP is that the proposed regulatory structure may undermine the principle of federalism as enshrined as a part of the basic structure of the Indian Constitution. The MP has previously objected to the lack of state-level Data Protection Authorities, indicating that this may lead to issues of federal override.

As is evident from the above dissent notes, problems of overbroad government exemptions and the independence of the DPA are key issues that emerge from the report of the JPC. We urge the government to address these issues in the final version of the Bill that would be tabled in Parliament

Important documents

  1. The Personal Data Protection Bill, 2019 (link)
  2. The report of the Joint Parliamentary Committee on the Personal Data Protection Bill, 2019 tabled on December 16, 2021 (link)
  3. Key Takeaways: The JPC Report and the Data Protection Bill, 2021 #SaveOurPrivacy dated December 16, 2021 (link)
  4. Comparing the Draft Data Protection Bill, 2021 with its predecessors dated December 17, 2021 (link)
  5. Need for surveillance reform stronger than ever in light of the Draft Data Protection Bill, 2021 #SaveOurPrivacy dated December 21, 2021 (link)
  6. IFF's Public Brief and Analysis of the Personal Data Protection Bill, 2019 (link)
  7. Our #StartfromScratch series on the PDP Bill, 2019 (link)
  8. Our #DataProtectionTop10 series, wherein we analyzed the top 10 issues with the Bill in detail (link)
  9. Our #PrivacyOfThePeople series, which is looking at how the Bill will impact our daily lives by focusing on its impact on different sections of society (link)

Subscribe to our newsletter, and don't miss out on our latest updates.

Similar Posts

1
Your personal data, their political campaign? Beneficiary politics and the lack of law

As the 2024 elections inch closer, we look into how political parties can access personal data of welfare scheme beneficiaries and other potential voters through indirect and often illicit means, to create voter profiles for targeted campaigning, and what the law has to say about it.

6 min read

2
Press Release: Civil society organisations express urgent concerns over the integrity of the 2024 general elections to the Lok Sabha

11 civil society organisations wrote to the ECI, highlighting the role of technology in affecting electoral outcomes. The letter includes an urgent appeal to the ECI to uphold the integrity of the upcoming elections and hold political actors and digital platforms accountable to the voters. 

2 min read

3
IFF Explains: How a vulnerability in a government cloud service could have exposed the sensitive personal data of 2,50,000 Indian citizens

In January 2022, we informed CERT-In about a vulnerability in S3WaaS, a platform developed for hosting government websites, which could expose sensitive personal data of 2,50,000 Indians. The security researcher who identified the vulnerability confirmed its resolution in March 2024.

5 min read

Donate to IFF

Help IFF scale up by making a donation for digital rights. Really, when it comes to free speech online, digital privacy, net neutrality and innovation — we got your back!