Home Top Stories Agencies can snoop on personal data for national security: Personal Data Protection...

Agencies can snoop on personal data for national security: Personal Data Protection Bill | India News


NEW DELHI: The government proposes to arm its investigating agencies with powers to snoop and carry out surveillance on personal data if doing so is necessary to ensure sovereignty and integrity of the country, security of the state, maintenance of public order, and having friendly relations with countries. The provision – which some analysts described as “blanket surveillance” – finds a place in the Personal Data Protection Bill, and is a departure from the draft bill prepared by the Justice BN Srikrishna committee that was tasked with creating the architecture of India’s much-awaited personal data protection legislation.
The Personal Data Protection Bill, 2019, which is likely to be tabled in the Lok Sabha later this week, aims to create the first comprehensive law that the country will have to manage and legally protect the swathes of digital information that Indians are creating by the minute. While it classifies data into three broad categories – personal; sensitive personal; and critical personal – there are areas where the central government wants to give itself unrestricted access to the information of citizens under designated situations.
“Where the central government is satisfied that it is necessary or expedient… it may, by order, for reasons to be recorded in writing, direct that all or any of the provisions of this Act shall not apply to any agency of the government in respect of processing of such personal data, as may be specified in the order,” the Bill states while spelling out the ‘exemptions’ enjoyed by central investigating agencies.
As per the provision, the government will have the power to order or direct any internet or social-media provider (believed to be companies such as Google, Twitter, Facebook, WhatsApp, Amazon, Flipkart, Apple) – apart from a private citizen – to share the data demanded by any of the central investigating agencies.
The Srikrishna committee, which had submitted its recommendations to the government in the form of a draft law last year after holding detailed deliberations, had not made a case for such sweeping exemption to the state. However, the draft bill had said that “processing of personal data in the interests of the security of the state shall not be permitted unless it is authorised pursuant to a law, and is in accordance with the procedure established by such law, made by Parliament and is necessary for, and proportionate to, such interests being achieved.”
Udbhav Tiwari, policy advisor at Mozilla Corporation, said the proposal raises concerns, and gives unbridled powers to the central agencies. “The new law is a dramatic step backwards when it comes to exemptions for government entities and surveillance by the state, which is very concerning. The criteria in the 2018 (Srikrishna committee) draft that said processing for the prevention, detection and investigations of crimes always had to happen under a law which is necessary and proportionate has been completely done away with, entrenching blanket surveillance,” Tiwari said.
In other provisions, the Bill proposes that internet/social-media companies mandatorily store sensitive personal information on servers located only in India, though they may have a right to process the data under certain conditions. The same diktat applies to ‘critical data’, which the government may define and notify from time to time and could include information that, for example, has a bearing on national security, or is military data.
However, the bill does not make any special mention of the provisions related to cross-border movement of ‘non-sensitive and non-critical’ data, which includes information around what you do when online. For example, what kind of food do you order online, or what you search on the web, or what destinations you travel to when taking an app-based cab. The draft bill had said that companies will need to keep a ‘mirror copy’ of such information on Indian servers, mainly to keep a track of what data is being collected.

Source link


Please enter your comment!
Please enter your name here