In a redraft of the Right to Privacy Bill, leaked to the Economic Times, the government has substantially increased penalties for offences against penalty and has also clarified certain discrepancies and strengthened safeguards present in the earlier draft, which was drafted in 2011, but wants to severely restrict the scope of the bill. The new draft increases the maximum penalty imposable for unlawful interception of communication from 1 lakh to 2 crore. Further, the penalties for wilfully obtaining personal data of a person from a data controller under false pretext, and for a government official or employee of a telecom service provider disclosing personal data that is prohibited from disclosure under the Bill is increased from 5 lakh to 50 lakh. The penalty for stealing personal data has also increased from 7 lakh to 10 lakh for the first attempt and 10 lakh to 20 lakh in case of a second offence.
The bill also mandates the suspension or revocation of a telecom service provider’s licence in case it violates conditions of confidentiality relating to personal data or allows unauthorized interception of communication. It further specifies that recommendations would be made to the Central Government for the chairperson and members of the Data Protection Authority by a selection committee comprising the Cabinet Secretary, secretaries of the departments of personnel and training and electronics and IT, and two experts from fields of data protection, law and finance who would be nominated by the Central government. These Data Controllers would further have to appoint a ‘privacy officer’ who would ensure the security of personal data available with them.
At the same time, recommendations by the National Security Advisor seek to seriously dilute the scope of the Bill. According to the leaked bill, the government is looking to introduce a provision which would wholly exempt intelligence agencies from the ambit of the act, and limit the protection of the act to Indian citizens. If these exemptions are incorporated into the draft, it would allow the government to continue the unbridled surveillance regime which has allowed intelligence agencies almost unrestricted access to personal data and communication, without legal regulation and oversight, and allowed the establishment of comprehensive monitoring and surveillance mechanisms like the Central Monitoring System and the Lawful Interception and Monitoring Systems. Under the current legal framework, 11 ‘intelligence agencies’, including inter-alia the Central Board of Direct Taxes (CBDT) and the SEBI, are authorized by the central government to collect data and intercept communications under the Telegraph Act and the IT Act, since the rules under these acts contain provisions which authorize wide interception, without most of the safeguards for privacy protection and data protection available under the Bill. Under the current regime, ISP’s and telecom companies are mandated to allow access to all communication, including real-time interception and Call Data Records, without the requirement of a warrant and without the restrictions which this Bill seeks to provide, such as limited collection for a specific purpose and time restrictions on restrictions on the period of interception, ensuring security of collected data and the requirement to prove at every instance that the breach of privacy is required for the purposes enumerated under the act, or the oversight of the Data Protection Authority for collection and processing of personal data.
The Bill on the Right to Privacy was drafted in the hope of curbing the growing trend of unbridled surveillance and to ensure that there are legal mechanisms for safeguarding individual privacy, to balance the concerns of both individual privacy and state security. Allowing the government to exempt intelligence agencies which do not have any accountability in the current system, simply on the reasoning that they would be caught up in ‘numerous litigation’, would defeat the purpose of the bill and make it another farce, allowing the undemocratic and unconstitutional privacy violations by the government to continue.
This post was published on Centre for Internet & Society, India website
The Centre for Internet and Society is a non-profit research organization that works on policy issues relating to freedom of expression, privacy, accessibility for persons with disabilities, access to knowledge and IPR reform, and openness (including open government, FOSS, open standards, etc.), and engages in academic research on digital natives and digital humanities.