The Justice Srikrishna committee has at last submitted the long-awaited data-protection bill. The document, officially titled ‘Personal Data Protection Bill, 2018 was submitted on 27 July to the IT Ministry for review.
With the increasing push towards Digital India and the digitisation of services via Aadhaar (whether voluntarily or otherwise), India has bee in dire need of a data protection law. The Bill aims to protect the digital rights of Indian citizens and addresses issues such as consent, protecting children’s rights in the digital age and at empowering citizens to fight for their digital rights.
The Bill must also address issues of government overreach, accountability and initiatives like Aadhaar. Though on the Aadhaar front, Justice Srikrishna is quoted by Medianama as saying, “I’m not talking about Aadhaar because it’s sub-judice.”
This is a weak data protection bill and it should NOT be allowed to be passed in Parliament. Justice Srikrishna has disappointed.
Above all, users are not being given ownership of their own data. @trai did better.
Users aren't being given right to erasure, only non disclosure
— Nikhil Pahwa (@nixxin) 27 July 2018
An early report by Caravan on 24 July, which examined an alleged leaked copy of the Bill, pointed out that the bill was designed to dilute government (UIDAI) accountability with regards to Aadhaar, as well as undermine the RTI (Right To Information) process by offering additional loopholes that could be used to deny RTI requests.
Initial reactions to the bill are less than favourable. Activist Nikhil Pahwa states outright that the bill is weak and should not be passed in parliament. The Internet Freedom Foundation states that they're disappointed in the scope of the bill. More importantly, Medianama observes that neither Aadhaar nor UIDAI are mentioned in the bill.
We ourselves will be examining the Bill in greater detail over the coming days and will publish our findings.