01 January 1970

Understanding Digital Personal Data Protection Act’s Impact on Transparency And Right To Information With Nikhil Dey

Weekend Reads

Understanding Digital Personal Data Protection Act’s Impact on Transparency And Right To Information With Nikhil Dey

Vikram Raj interviews social activist Nikhil Dey, who has been associated with the Right to Information (RTI) movement. He talks about the Digital Personal Data Protection Bill, the issues of transparency in governance, citizens’ rights, and much more.

Social activist Nikhil Dey
Social activist Nikhil Dey Jitender Gupta/Outlook

As the world becomes increasingly interconnected through the digital realm, the protection of personal data has become a paramount concern. The Indian government has passed the Digital Personal Data Protection Bill, aiming to provide a robust legislative framework to safeguard data privacy rights and define responsibilities for businesses. The bill faces criticism from activists and experts who argue that it may undermine the Right to Information Act (RTI) and hinder essential social audits, surveys, and journalism.

Nikhil Dey is a prominent Indian social activist renowned for his tireless dedication to advancing the rights of marginalised communities. His unwavering commitment to social causes has positioned him as an influential figure in grassroots activism within India. 

Dey’s trajectory in the realm of social transformation has been closely intertwined with his involvement in crucial organisations such as the Mazdoor Kisan Shakti Sangathan (MKSS), Suchna Evum Rozgar Adhikar Abhiyan, and the National Campaign for People’s Right to Information (NCPRI).

Dey’s expertise and dedication have earned him recognition far and wide. He was invited to the television program ‘Satyamev Jayate’ to elucidate the Right to Information alongside esteemed figures such as Shankar Singh, Sowmya Kidambi, and Aruna Roy. His significant contributions also extend to government initiatives, where he collaborated with the Government of Rajasthan on the Jana Soochana programme. This initiative aimed to proactively disclose information in accordance with the Right to Information Act, streamlining access to vital government data without the need for RTI requests.

Given his extensive involvement in social causes and profound understanding of information rights, Dey’s insights into the new Digital Data Protection Act in India and its potential impact on citizens’ right to information carry great significance. His rich history of activism and advocacy positions him as a leading voice in the ongoing discourse surrounding data protection and information access in the digital age.

When were you initially informed about the government’s endeavour to introduce the Digital Personal Data Protection Bill?

This idea of digital data protection predates the government’s own intention to pass it. There was a Government of India report on the right to privacy and there are two different streams through which I emphasise the need for any law to prioritise the protection of citizens. Protecting citizens is synonymous with safeguarding society, the economy, and the broader population. Protection should be viewed through the lens of safeguarding citizens’ rights. There was a Law Commission, specifically a committee established by Justice Shah’s Committee, that took an early stance on addressing privacy issues.

It’s essential to note that privacy was discussed in the context of the right to information. The committee asserted that privacy and the right to information should coexist harmoniously. The challenge lies in aligning them synergistically, as demonstrated by the Right to Information Act, which was developed long before the digital data era. With the global proliferation of digital technologies, the need for transparency arose, leading to discussions about open data.

However, as commercial entities extended their reach into people’s lives and habits, a necessity emerged to control the commercial exploitation of individuals’ choices and information. Another significant concern was surveillance. Interestingly, as we delve into this act, we find that it has had the opposite effect of its intended purpose. It has inadvertently facilitated the commercial exploitation of data and enabled widespread surveillance.

Can you please provide an overview of the DPDP Act and its main objectives and how it relates to the RTI Act?

So, the Intent of the DPDP Act is supposed to be to protect citizens, but if you look at the act, the act does nothing. The act does very, very little to protect the privacy of people. And the act makes it very difficult for anyone to use the Right to Information. What it has done is, it is supposed to protect citizens in those bits of information that are completely in their own private domain, and that is a formulation that you find in section 81 J. 

That section 81 J states that any information that does not have a public bearing and is to do only with someone’s own private matters is privacy. Anything else that has a public bearing cannot be called privacy because you are invading someone else’s privacy. A very good formulation for that or an equivalent is that my freedom extends as far as I do not impinge on someone else’s freedom.

So, I can’t use privacy as an excuse to impinge on someone else’s rights. That formulation has been directly amended through this act and it has destroyed the entire framework of the right to information and its combination with the right to privacy. Digital data multiplies everything. And therefore, when we are talking about digital data in a world of digital democracy, in a world of digital governance, in a world of digital administration at that time, anything that we do to digital data affects the fundamentals of all the principles.

As a founding member of MKSS and the key figure in the development of RTI, what were your initial thoughts from the DPDP Act and its implications?

My perspective is that this act holds little value for individuals but significant value for the government. Commercial establishments also find it somewhat valuable because it allows them to continue utilising data from individuals. The Data Protection Act, or DPDP Act, is written in very clear language, and we must read it carefully.

Now, let's discuss what a data fiduciary is. Essentially, it encompasses all of us who use data, which is almost unavoidable in today’s world. It’s akin to saying we shouldn’t use language or evidence or base in our work. Therefore, all policymakers are data fiduciaries, as are citizens who engage in public discourse and the media.

This concept affects all of us, and as a member of MKSS, what we have advocated for is that information empowers citizens. If citizens are unable to access information, it’s akin to saying that the Right to Information (RTI) cannot inquire about anything related to individuals. For instance, in a village, if I want to know how many trees exist, I can get information about that but I can’t get information about who planted them, where they were planted, and on whose land. If we limit the RTI in this way, what’s the purpose of, having it? It essentially renders it ineffective.

The RTI did two primary things among others. Firstly, it served as a potent tool against corruption and the arbitrary exercise of power, both of which are often carried out by identifiable individuals. Identifying those responsible is how you combat corruption and control arbitrary actions.

However, the DPP Act is making it nearly impossible for the RTI to be used effectively in these areas. We are entering an era where the corrupt and exploiters, those who seize land, water, air, living resources, and financial resources, will take refuge under the right to privacy as an excuse to carry out their actions without accountability.

Could you share an example or scenario where the DPP Act could intersect with the RTI Act and how citizens and activists can navigate this intersection?

It’s crucial to understand that this intersection is primarily negative. Section 81 J of the RTI Act will likely be amended in a way that runs contrary to its original purpose. It’s akin to leaving the skeleton of the body while removing its heart.

The heart of the RTI, which was about protecting individual privacy while ensuring transparency for the greater good, has been taken away. This intersection between RTI and the right to privacy has turned into a difficult one. The right to information not only remains unaffected but also overrides all other acts, including the RTI Act. So, there’s no room for intersection, and even if one attempts a creative challenge, it’s unlikely to succeed.

In many countries, the RTI Commission, the Data Protection Commission, and the Privacy Commissioners are usually the same entities that ensure these acts work in harmony. However, the DPDP Act does not protect us from significant data collection by powerful commercial interests and pervasive government surveillance. This has created a challenging landscape where individual privacy and the right to information are at odds.

Can you share any historical instances or case studies that highlighted the pivotal role of the RTI Act in uncovering governmental irregularities and how the DPDP Act might alter such instances?

Every single significant corruption case that has been exposed can be traced back to RTI applications. Whether it pertains to grand corruption, such as mining, spectrum allocation, or defence deals, or if we believe that corruption is prevalent in all these areas, we are essentially undermining our nation. The Right to Information has provided citizens with a pathway, a means to scrutinize various initiatives like NREGA, which employs around 15,00,00,000 workers striving to secure work, survive, and contribute to infrastructure development simultaneously. While corruption hasn't been eradicated completely, transparency and the Right to Information have played pivotal roles.

What have they achieved? They have made public the names of individuals who secured work, displaying them on walls and websites. This has effectively placed these names in the public domain, meaning that no action related to them can be undertaken without the express consent of the individuals concerned. This consent is often implied through actions like clicking on a link, a practice adopted by platforms like Google and others that utilize big data. It's worth noting that declining consent is often not a practical option as it requires opting out of these systems. The Right to Information, on the other hand, embodies the genuine idea of openness, where transparency is considered superior.

This undermines the principle that transparency is the best disinfectant and an essential ingredient for a healthy society. It implies that everything can be concealed and manipulated. What's even more concerning is that the enforcement mechanism under this act is poorly structured, leading to numerous violations. I openly admit to being in violation of this law because I use various information sources to bring forth crucial data to assist the less privileged, especially those whose pensions aren't reaching them. While I do it with the intent of helping them, anyone can claim that their consent was not obtained. This particularly affects government officials who face harassment when we try to hold them accountable for their duties.

This situation has far-reaching implications, from accountability and transparency to democratic governance, efficient governance, and the fight against corruption. Even initiatives like social audits under schemes like NREGA may need to revert to closed government audits, shrouding activities in secrecy. In essence, we are entering a new era of information governance.

Has the government consulted stakeholders, including organizations like MKSS in drafting the Bill?

No, the government's actions in this matter were quite limited. They only placed a specific draft in the public domain. However, after people responded to it, there was little to no effort made to consult with them. Surprisingly, there was just one online consultation, and it's worth noting that none of us who are information activists, including myself, were ever called for consultation. Even a former Information Commissioner, Shailesh Gandhi, was granted only an online chance to voice his opinions. However, when he discussed the RTI amendment, his microphone was abruptly cut off.

So, the level of consultation that actually took place was quite questionable. In fact, the parliamentary committee even walked out in protest, as they were presented with a report they hadn't had the chance to review. This lack of transparency raises significant concerns about the process.

In my opinion, this process was carried out in a completely illegal and illegitimate manner. As a result, this law lacks legitimacy, especially in the eyes of information activists like us. It's clear that this law needs to be reevaluated and thoroughly reconsidered. It cannot remain as it is; changes are necessary, both in terms of the law itself and its implementation.

What are your thoughts on the role of technology and digital platforms in implementing the act and ensuring transparency in government operations?

So, I think technology has a significant role to play, but this is going to give technology a very bad name. Technology has a crucial role, and people like us have developed a public information portal based on Section 42, which emphasizes digitizing everything and proactively sharing it, reducing the need for RTI requests. That's a positive approach. However, this law necessitates pulling down all information under Section 4 and in portals like the Jansuchna portal. The issue is that it contains names of individuals who either received or didn't receive something, who are applying or not applying, and whose applications are stuck or not stuck. All this public domain information is now at risk of becoming private because of the inclusion of names.

So much so that the public might lose track of who is there, where they are, what they are doing, and whether they have fulfilled their job chart. The entire foundation of democratic governance is at risk due to these definitions. There are four key definitions that people should pay attention to: what constitutes personal information, what qualifies as a breach of personal information, and the definition of a data fiduciary. Furthermore, understanding consent is essential.

These four provisions alone highlight that personal information includes anything related to any individual, even a public servant. A breach occurs if you use their name or any related information without obtaining detailed consent. Anyone who uses information, even for a public purpose, can be considered a data fiduciary, including you, me, and everyone else. Finally, understanding consent is crucial; you must obtain explicit consent from the individual; otherwise, you're liable.

The consequences are severe, with penalties of up to 250 crores and fines that could devastate individuals for generations. This is a draconian act with far-reaching implications.

What are the amendments you suggest in the act to strike a more optical balance between privacy and transparency?

There are no amendments I can suggest. One significant change I would recommend is the removal of the amendment they introduced to the RTI. This would help restore some balance because, at the very least, the RTI and its definition should be incorporated into digital data protection regulations. This alignment would create harmony between the two and potentially lead to an intriguing situation where both people's right to information and their right to privacy are harmoniously preserved. Data protection should serve as the instrument through which this is achieved.

Are there any specific safeguards or mechanisms that you believe should be placed to ensure that the DPDP Act does not inadvertently weaken citizens’ Right to Information and where citizens' right to privacy and RTI can go parallelly?

Only by either repealing the whole law or amending that particular part of the law that has actually destroyed and undermined the citizens’ right to information.

Citizens have the right to privacy, and right-to-information activists act together. They assert that any new formulation must stay within the bounds of Section 8(1)(j) of the Right to Information Act. It should not be amended if we seek harmony. Achieving that harmony entails navigating a delicate balance between privacy and the right to access information.

This balance requires a harmonious formulation that ensures privacy is not used as an excuse to infringe upon someone else's rights. Privacy must be respected when it does not harm others. Section 8(1)(j) embodies this principle, stating that information unrelated to public interest and concerning private matters should not be disclosed under the Right to Information Act.

However, exceptions are made when public information officers believe that even private matters might have an overriding public interest, such as when an individual's actions in their private space may pose a threat to themselves or others. This flexibility aims to maintain harmony between the right to information and individual privacy.

In conclusion, the current legal framework has posed challenges to the right to information, directly and indirectly, by introducing various complexities. Nevertheless, India has already witnessed the power of information access. When the battle for the right to information commenced, there was no legal entitlement, but citizens recognized it as a birthright. They used this birthright to champion their cause and dismantle any obstacles in their path.

In the global discourse of data privacy, how do you think that DPP ACT positions India in the international landscape of legislation focused on data protection and transparency?

In India's case, this is supposedly using many of those principles across the world for digital data privacy, but it is used in a way that the government has become the total arbiter of information. I want to step back to the time when India was under colonial rule. First, we were under feudalism across, which doesn't mean a single feudal ruler, but a feudal structure. The feudal structure held information, and it prevented our society from progressing because even people in trade and professions, whether they were in medicine or a particular craft, were hiding information. Caste hierarchies kept information from flowing freely.

Then we had a colonial administration that allowed feudalism to continue, but it was an extractive colonial administration, taking resources and keeping people in the dark. They implemented the Official Secrets Act to conceal government actions from the public. RTI completely changed this. It declared all information to be public and accessible unless prevented by Section 8 and protected freedom of speech and expression, national sovereignty, and the prevention of crime.

Today, we face a situation worse than colonial times because digital data allows unprecedented access to people's lives. It's more invasive than Big Brother watching. The government now has immense control and surveillance capabilities. Other companies are complicit, as they know citizens have limited choices in platforms like WhatsApp for communication, and many government activities are conducted through these platforms. This lack of choice empowers commercial entities and the government while burying citizen interests and activism.

I want to highlight two critical points. First, Aadhaar was introduced with the intention of inclusion and reducing corruption. However, it has become ubiquitous and risks becoming a tool for government surveillance. Second, after the Official Secrets Act amendment, India's information regime has deteriorated further. Technology enables widespread intrusion, and a government-controlled body, the Commission, undermines any independence it might have. The government can selectively target individuals and organizations, making it a powerful instrument for persecution and intimidation, discouraging the use of information for transparency, democracy, or better governance.

What are you planning to do further when RTI is finally weakened?

Campaign. We have no other way. Movements will not cease; they will get stronger, find reserves, and reach out to people. Every person affected due to lack of information will become part of the fight. Perhaps, to establish the right to information as a constitutional amendment and make it so powerful that it cannot be easily dismantled by someone else. It may take years or happen quickly, but it will indeed happen.

Lastly, as an advocate for transparency and accountability, what messages would you like to convey to the citizens of India regarding the role in upholding these values in the context of the context of DPDP Act and RTI?

I'd like to emphasise that democracy hinges on transparency; it's a fundamental aspect. Accountability cannot exist without transparency. So, what exactly is democracy? It's essentially transparency coupled with accountability to the people. Our accountability should not be directed towards some superior, officer, or elected representative; it should be directed toward the people.

Now, concerning this law, it's undermining democracy itself, and we must fight for its preservation. Therefore, we must champion transparency, but not just for its own sake – we seek transparency to enforce accountability and safeguard democracy. This fight is essential.

In this regime, our voices have not been heard, and we must compel them to listen. It's worth noting that this law has been signed by the president, although it hasn't been officially implemented yet. We can't afford to waste any time; we need to assert our right to information. Even the remaining shreds of that right must be utilised to continuously seek information, even if it's denied. Let's work on building that up and employ practical means.

Our goal is to mobilise the masses; approximately 8-10 million people annually should become the foot soldiers in this endeavour.