New Delhi: The cabinet-approved data protection bill goes against and is “in contrast” to the data protection bill drafted by the Srikrishna committee and should be challenged in Supreme Court if it is passed, according to the man who headed the committee, former supreme court judge B.N. Srikrishna.
Srikrishna’s main contention is that the bill has been changed to give the government more “autonomy” and surveillance powers.
In an interview to The Hindu, Srikrishna has indicated that the bill could make India an Orwellian state with the government tracking any citizen and implicating them in wrongdoing if it so wishes.
Srikrishna who headed the expert committee that drafted the original data protection bill has told The Hindu that the new version of the bill, now sent to a parliamentary joint committee, “should be challenged in the Supreme Court” if it’s passed into law in its current form.
Srikrishna added that safeguards the expert committee had carefully added in the draft bill, to ensure privacy, have now been removed.
One such safeguard mentioned in the Srikrishna committee draft was about obtaining consent from an individual before accessing their data. This safeguard has been diluted in the current bill.
For example, the Srikrishna committee’s version of the bill says in cases such as national security, governmental agencies can access an individual’s data without prior consent only if a procedure under a law made by Parliament allows it.
The current version of the bill dilutes this. It now says in national security-related cases government can “by order” exempt agencies from all or parts of the data protection act making it unnecessary to get consent to access any individual’s data.
In addition, Srikrishna has told The Hindu the original draft bill had wanted mostly independent stakeholders to hold office in the proposed Data Protection Authority that is supposed to oversee all data-related activity.
Srikrishna points out that now, the new bill mandates only “government nominees” to hold office in the Data Protection Authority, making it “like a government department… it defeats [intended] the purpose” of making the Data Protection Authority an independent agency.