India’s Ministry of Electronics and Information Technology (Meity) has set up a committee to look into data protection in India, even as the government of India argues in the Supreme Court that there is no fundamental right to privacy. The committee has 8 weeks to give its recommendations.
The committee consists of Justice BN Srikrishna, Former Judge, Supreme Court of India, as its Chairperson, and the following members:
– Aruna Sundarajan, Secretary, Department of Telecom
– Ajay Bhushan Pandey, CEO, UIDAI
– Ajay Kumar, Additional Secretary, Meity
– Rajat Moona, Director, IIT Raipur (also CDAC)
– Gulshan Rai, National Security Co-ordinator
– Rishikesha T. Krishnan, Director, IIM, Indore
– Arghya Sengupta, Research Director, Vidhi Centre for Legal Policy
– Rama Vedashree, CEO, Data Security Council of India
Joint Secretary, Meity, is the ‘Member convener’.
The committee will look into issues of data protection in India, and make specific suggestions for the consideration of the Central Government on principles to be considered for data protection in India, and suggest a draft data protection bill.
It might “co-opt other members in the group for their specific inputs”.
1. Privacy, data protection, data security: My sense is that there has been a concerted attempt to delineate Privacy from data protection and data security. Data Security is about looking into the security of databases and preventing unauthorised access, while data protection has been about looking into the policy aspects of access to data: who gets access to data, when and how, and how long can they hold it. Privacy is more of a rights issue: what right do citizens have over their own data, or companies over citizen data. At this point in time, there are three processes running:
1. This committee, looking into data protection
2. A parliamentary Standing Committee looking into security aspects (albeit of Aadhaar)
3. Cases in the Supreme Court, around the issue of a Fundamental Rights to Privacy
2. The lack of civil society representation in this committee is worrying: a former judge, two academics – one of whom is/was with CDAC and hence not an independent academic; five government officials; an industry organisation (DSCI); and someone who argued against the right to privacy in the Supreme Court (Arghya Sengupta of Vidhi Centre for Legal Policy). As far as the constitution of a committee goes, this requires a multi-stakeholder approach, and there’s a key component of that missing, and there aren’t enough independent academics.
3. This needs a public consultation: DoT committees are typically unlike TRAI consultations. While the TRAI, easily the most transparent of regulators in India, invites public comments, does open house discussions, allows for counter comments, the government committees vary in their approach, but there is never an open house discussion. There was a public comments process on MyGov that the DoT undertook, for their committee on Net Neutrality. Under the last government, the DIPP also took public comments on ecommerce, where submissions were invited, not made public (until after I called out Amitabh Kant on lack of transparency).
It remains to be seen whether this committee will be as open as the TRAI, but given the time constraint (8 weeks), we have our doubts. If there isn’t an open house discussion, there should at least be a public consultation process.