Comments on the Personal Data Protection Bill 2019

We submittted our comments on the PDP to the Joint Parliamentary Committee - February 2020

The Personal Data Protection Bill, 2019 is the result of India's tumultuous journey to safeguarding the right to privacy and data protection of the citizens of India. As the Bill, which was introduced in the Lok Sabha in December 2019, moves further toward becoming legislation, the Joint Parliamentary Committee, headed by Chairperson Meenakshi Lekhi, has invited comments and suggestions on the Bill from public and private stakeholders.

You can read our detailed chapter-wise comments and broader, overarching concerns here.

  • 1. Need for alternative frameworks for data stewardship

  • 2. Inadequacy of a consent based framework

  • 3. Underestimation of algorithmic systems

  • 4. Excessive powers to state agencies

  • 5. Undue exceptions to search engines

  • 6. Anonymity and security undermined through social media verification

We do not believe the Bill provides adequate privacy protections to citizens, particularly with regard to the processing of personal data by government authorities. Further, while we believe there is tremendous benefit to establishing the fiduciary relationship proposed by the Bill, the Bill falls short in adequately defining fiduciary responsibilities and identifying a basis of trust, placing instead an unreasonable and unrealisable responsibility on citizens to safeguard their own privacy. Rather than providing adequate protections, the Bill better identifies the conditions under which considerations of privacy can be side-stepped by both private enterprises and government agencies. The current approach risks subsuming privacy concerns to priorities of economic growth and national security, while increasing the surveillance capacities of the state. With revisions, the bill could provide an important baseline or starting point for data protection and privacy. However, other types of intervention that promote and enable responsible data stewardship - strengthening the trustworthiness of those who use and hold data - will need to be seriously examined if users are to gain better control over their data. Equally, we will need to develop frameworks and conditions for the legitimate collection and use of data, with clearly specified and transparent accountability provisions. Current provisions, such as those around the composition of the Data Protection authority and exemptions for government agencies, undermine rather than contribute to such trust-building. Further, the Bill includes a number of vague and under-specified terms, such as public benefit and innovation, which are used to grant critical exceptions to the Bill; nor does the Bill specify a timeline for implementation.

Initiative

AI & Society

Authors

Urvashi Aneja

Urvashi Aneja is Founding Director of Tandem Research. She works on the governance and sociology of emerging technology; southern partnerships for humanitarian and development assistance; and the power and politics of global civil society. Urvashi is also Associate Fellow at Chatham House and a columnist for the Indian Express. She has a PhD from the Department of Politics & International Relations, University of Oxford. Previously, she was Associate Professor of International Relations at the OP Jindal Global University and Research Fellow at the Observer Research Foundation.

Joanne D'Cunha

Joanne D'Cunha is a law graduate from Symbiosis Law School with a Masters in Information Technology and Intellectual Property Rights from the University of Sussex, United Kingdom. She has worked on legal and policy aspects of free speech, surveillance, data protection, net neutrality, and intermediary liability. She currently is a Research Associate at Tandem working in the AI and Society program.

Harsh Ghildiyal

Harsh Ghildiyal is a Research Associate at Tandem Research. He currently works on research across the technology and society vertical. Harsh is interested in understanding the social implications of technology, consequent regulatory responses, and working towards an equitable technological future. Before joining Tandem Research, he was a Teach for India fellow. He has a B.A., LL.B. (Hons.) degree from Damodaram Sanjivayya National Law University, Visakhapatnam.