The Ministry of Electronics and Information Technology recently tabled the much-awaited Digital Personal Data Protection Bill 2022. This is for the fourth time when the Center presented a bill on data protection.
In India, millions of users are using the internet and there is tons of data online. This data can be accessed and used by big tech companies or organizations — also called data fiduciaries — often without overtly intimating the user about data privacy. This is an infringement of the netizen’s Right to Privacy, a fundamental right under Article 21 of the constitution. Big tech companies, for example, Meta or Twitter, or Amazon, enjoy a monopoly and have unbridled bargaining powers as they can have a say on the economy and politics of a country.
The bill will enable big tech companies and businesses (Big Tech) to use citizens’ data for the benefit of their capitalistic endeavor— a classic example of what author and Harvard professor, Shoshana Zuboff calls “Surveillance Capitalism”.
The Digital Personal Data Protection Bill 2022 has been tabled in a bid to set a proper framework of rights, duties, and recourses for the data principals. This bill is also to keep in check the problem of disproportionate power of the data fiduciaries.
Digital Data Protection Bill, 2022 has only 30 clauses — unlike the previous version that had 90 — only covers automated or digital data and not manual data. Legal experts believe that some provisions of the new bill are vaguely defined in certain aspects, for instance, the definition and degree of public interest "in public interest" can be subject to misinterpretation.
Several reports have also flagged the amended bill saying that it will prune the wings of the Right to Information (RTI) Act 2005, which in turn means it will be detrimental to transparency in the institutional machinery. The Digital Data Protection Bill, 2022 proposes to amend the Section 8.1 (j) of the RTI Act which many activists believe will severely affect the transparency in the country. The recommendation in the clause 30(2) of the Data Protection Bill 2022 mentions:
“The words ‘the disclosure of which has no relationship to any public activity or interest, or which would cause unwarranted invasion of the privacy of the individual unless the Central Public Information Officer or the State Public Information Officer or the appellate authority, as the case may be, is satisfied that the larger public interest justifies the disclosure of such information’ shall be omitted”
This can be misused by governments to aid those who are corrupt, as the Centre will retain the right as to whether or not to withhold the information. Besides, clause 30(2) also seeks to delete the proviso accompanying the aforementioned section of the RTI Act which primarily specifies that any information that cannot be denied to the Parliament or a State Legislature, can not be denied to the individual as well.
Nevertheless, comparing the current version of the Data Protection Bill 2022 to the older drafts, personal data is given more attention. It stipulates severe penalties for non-compliance and loosens restrictions on cross-border data flows. Bill will have an effect on how global tech companies transfer and process data in India. Companies can only send user personal data to the nations listed by the government of India.
Even though the bill is being criticized on a large scale, there are many who believe that the bill is essential for India to keep its position as the world's technological leader.