Why the Data Protection Bill will make India an Orwellian state

The much-awaited Personal Data Protection Bill of 2019 was introduced in the Lok Sabha last week and it has set the cat amongst the pigeons. One would think it seeks to protect the privacy of personal data, regulate the processing of sensitive personal data and establish a Data Protection Authority of India (DPAI) for regulations. Unfortunately as many feared, it grants governmental agencies sweeping exemptions from the rigours of compliance as well as the restrictions on accessing or processing personal data of private citizens. These powers can convert the world’s largest democracy into an “Orwellian state” especially in the light of the Citizenship Amendment Act that has triggered protests across the country. We dig deeper to understand the flaws and how they can be fixed.

Why do we need laws on data protection?

The European Union passed its own data protection law in 2017 called GDPR (General Data Protection Regulation) which came into action in 2018. It ensured that user data is collected with consent and that the collecting party is responsible for its safekeeping.

Data Protection Bill is filled with ambiguity and lacks clarity

The strange thing about the tabling of this bill is that it didn’t reach Shashi Tharoor, the Member of Parliament who chairs the IT Standing Committee in Lok Sabha. The Bill should’ve ideally reached him for debate, planning, and discussion. However, the bill was submitted in the Lok Sabha to a joint select committee of both Houses, led by Meenakshi Lekhi, BJP’s national spokesperson. It seems that the government is trying to skip the IT Standing Committee because it knows the opposition can point out vulnerabilities in the proposed law, in turn hindering its passage.

Data is the new oil

A couple of years ago with the launch of the Jio telecom service, India’s richest man, Mukesh Ambani proclaimed, “data is the new oil” and indeed he was right. Advertising companies like Google and Facebook have milked user data to push relevant ads as well as target users.

India’s Data Protection Bill is draconian

Yes, data can be weaponized. And, this isn’t just limited to a state vs state scenario. A government could use the same data to suppress the opposition in a political environment. This is where things get interesting with the Data Protection Bill.

  • According to Reuters, the Bill defines personal data as information that can help in the identification of an individual and has characteristics, traits and other features of a person’s identity. In other words, a security agency can cite an order to identify a terrorist or any kind of criminal to access your data.
  • Further, the bill will grant New Delhi powers to ask any “data fiduciary or data processor” to hand over “anonymity non-personal data” for improved governance and provision of state services. This means a third party, like a Google or Facebook, could be liable to hand-over your anonymize information like metadata.
  • One implication of the new policy is that when the government demands its citizens’ data, in the case of foreign attacks and surveillance, digital companies would have to abide and assist the Indian government’s defence policy.
  • Critics argue that data can be potentially misused by the government for unintended uses such as political surveillance. Others argue that anonymous data can be easily de-anonymized.

Serving communities on the intersection of technology, indie music and culture, the warp core is a think tank founded by technology journalist Sahil Mohan Gupta