Personal Data & RTI
In News: The draft for the personal data protection law proposes exemption of personal information from disclosure under the Right to Information (RTI) Act, which can cause harm to the person concerned.
- The data protection law is designed to limit the processing of personal data to legitimate reasons where the flow of information is beneficial and respects autonomy of the data principal.
- The report has proposed amendments to the Section 8(1)(j) of the RTI Act which mentions exemptions from the disclosures under the Act. The report noted that nothing contained in the data protection bill will apply to the disclosure under Section 8(1)(j) section. This is to prevent privacy from becoming a stonewalling tactic to hinder transparency.
- The committee has also recommended two broad sets of amendments to the Aadhaar Act that aim to bolster the right to privacy of individuals and to ensure the autonomy of the UIDAI.
Under the proposed law, a Data Protection Authority (DPA) is envisaged as an independent regulatory body that will be responsible for the enforcement and effective implementation of the law.
- Monitoring and enforcement
- Legal affairs, policy and standard setting
- Research and awareness
- Inquiry, grievance handling and adjudication
Points to Note:
Both the right to information and the right to privacy are cherished fundamental rights and any intrusion into the privacy of individuals which is unwarranted must not happen. But in the context of a country like India where information is key to holding government accountable, we need to be very careful while balancing these two rights – Right to Information and Right to Privacy.
Protection of individual data is absolutely sacrosanct – there is no doubt about it. But on behalf of the RTI regime which we seek to protect with the Commission, there is already a robust regime in the RTI to protect private data and Section 8(1)(j) that information will not be given out unless Public Interest outweighs personal interests.
The Committee did not recommend repealing or limiting Aadhaar despite it representing a major privacy concern for the citizens.
The Committee has recommended that consent will be the basis on which data processing can take place –
- Adoption of a modified consent framework – privacy policies in the nature of contracts will be treated as objects and not a series of terms
- Where consent is sought, it should be free and informed, and at the same time, capable of being revoked.
- In the case of sensitive personal data, the consent required must be explicit.
- Government needs to take care of the criticism that if amended, the Section would “expand scope of denial of information with several ambiguous and very wide expressions.”
- Any proposal to amend provisions of the RTI Act shall not be taken up without wide-ranging consultation with public in general and ICs in particular.
- The Bill contains no definitions for “common good”, “promotion”, “transparency”, or even “privacy” – such a Bill should have clear terms and definitions specified when introduced in the public domain. A technical document published only in English, alienates ordinary Indians from engaging with a subject of real significance to each of us.