personal data protection bill’ vis-À-vis freedom of
TRANSCRIPT
PERSONAL DATA PROTECTION BILL’ VIS-À-VIS
FREEDOM OF EXPRESSION (INCLUDING RTI)
Prof. M Sridhar Acharyulu
Abstract
After the Supreme Court emphatically declared that privacy
is a fundamental right emerging from various guaranteed
fundamental rights in Part III of the Indian Constitution, the
Government has constituted a committee headed by former
judge of Supreme Court Justice Srikrishna to draft a law to
secure the privacy and protection of personal data of the
citizens from the state and non-state actors. There is a need
to analyse the conflict between the right to privacy, data
protection and the right to freedom of speech and expression,
in the wake of the Srikrishna Committee’s Personal Data
Protection Bill, 2018. The Bill, which is yet to be officially
accepted by the Government of India, contemplates new
offences of breach of data protection clauses followed by
high penalties. Though the Committee recognized two major
exemptions- the security of the nation and prevention of
crime, it has not defined them. Rather, it has been left for
some other Committee to draft in future. The Bill provides
for an exception in the name of ‘journalistic purpose’, that
makes a journalist to wait for prior permission from an
adjudicating officer. While pre-censorship during
Emergency was limited, this Bill appears to be imposing a
pre-censorship in a permanent form for all times to come.
Dean and Professor at School of Law, Bennet University, Formerly Central
Information Commissioner (2013-18)
25
26 Bennett Journal of Legal Studies [Vol. I
The right to be forgotten is another controversial creation of
the Bill, that has potential to deny the media from
commenting on public servants based on the data of their
past conduct. The Bill also contains a proposal to amend the
Right to Information Act, 2005, and to replace Section
8(1)(j) of the said Act. Has the Srikrishna Committee
removed the ambiguity it noticed in that clause, providing
for protection of private information of public servant, and
promoted transparency in public offices to help good
governance free from corruption and irregularities? In the
name of protecting personal data, the media’s freedom
should not be curbed and on the lame excuse of ambiguity,
no new ambiguous expressions should be added to privacy
clause under RTI Act, which will dilute the transparency law.
The theme of this article is rightly expressed in the statement by
renowned American Journalist Glenn Greenwald1:
“Transparency is for those who carry out public duties
and exercise public power. Privacy is for everyone else”,
BACKGROUND
The freedom of speech and expression is a basic requirement of any
democratic society with rule of law and constitutional governance.
Without free access to information held by the public authorities and
liberty of thought, it is not possible for a citizen to
1 Glenn Edward Greenwald (born March 6, 1967) is also a lawyer and author. He
wrote series of reports for The Guardian newspaper from June 2013, exposing
the United States and British global surveillance programs. He studied and
cited classified documents disclosed by Edward Snowden. Greenwald and his
team won both a George Polk Award and a Pulitzer Prize for those reports.
One of his best-selling books is “No Place to Hide”. He is a champion of right
to privacy as against invading state.
2020] Personal Data Protection Bill’ Vis-À-Vis Freedom of Expression 27
express himself. Hence, the recently invented – “right to
information” is recognized as an inherent component of this
expression by the Supreme Court in several of its landmark
judgments2. Right to information is the most basic right without
which there will be no glasnost and without such glasnost, there can
be no perestroika meaning change in the character of the Indian
state3.
Article 19 of Indian Constitution has recognized and guaranteed the
freedom of speech and expression, which includes the freedom of
media. The text of this Article is:
Article 19: Protection of certain rights regarding
freedom of speech etc., (1) All citizens shall have the right
(a) to freedom of speech and expression;
Article 19(2) says:
(2) Nothing in sub clause (a) of clause (1) shall affect the
operation of any existing law, or prevent the State from
making any law, in so far as such law imposes reasonable
restrictions on the exercise of the right conferred by the
said sub clause in the interests of
(i) the sovereignty and integrity of India,
(ii) the security of the State,
(iii) friendly relations with foreign States,
(iv) public order,
2 Bennett Coleman and Co v. Union of India, AIR 106 (SC:1973), Indian Express
Newspapers (Bombay) Private Ltd v. Union of India, AIR 515 (SC:1986),
State of U.P v. Raj Narain AIR 865 (SC:1975), Union of India
v. Association for Democratic Reforms, AIR 2110 (SC:2002), Thallapallam
Coop Bank v. State of Kerala, 16 SCC 82, 44 (SC:2013), Namit Sharma v.
Union of India, 1 SCC 745 (SC:2013), Central Board of Sec. Education & Ors. v. Aditya Bandopadhyay & Ors, 8, SCC 497 (SC:2011).
3 SP Sathe, The Right to Know, Bombay: N.M. Tripathi, 39, (1991).
28 Bennett Journal of Legal Studies [Vol. I
(v) decency or morality or
(vi) in relation to contempt of court,
(vii) defamation or
(viii) incitement to an offence
The founding fathers of the Constitution of India preferred the right
to free speech in contrast to the right to privacy. Hence, privacy is
not included in the list of grounds prescribed to restrict free speech
in Article 19(2). Can new restrictions be imposed on freedom of
expression based on any of new grounds other than those listed in
Article 19(2) of the Constitution?
REASONABLE RESTRICTIONS BASED ON LAW
Only through Parliamentary enactments, reasonable restrictions can
be imposed on freedom of speech and expression on the grounds
mentioned. If a new ground is to be added, an amendment to
fundamental rights will become essential. In fact, Supreme Court
has dealt with several reasonable restrictions on the freedom of
press. The Supreme Court specifically discussed the limitations on
the right to privacy in the Puttaswamy4 case, which the Srikrishna
Committee should have seriously considered. Prior to this case, the
Supreme Court broadly explained the scope of privacy and the
necessity of restrictions on privacy in synchronization with Art
19(2), as follows:
In R. Rajagopal v Tamil Nadu5 the question before the Supreme
Court was whether the direction issued by the Tamil Nadu police to
the editor and publisher of a Tamil weekly that was slated to publish
the life-story of a notorious criminal Auto Shankar was
4 Justice K. S. Puttaswamy (Retd.) v. Union of India And Ors. 1 SCC 10
(SC:2017). 5 R. Rajagopal v. Tamil Nadu, 6 SCC 632 (SC:1994).
2020] Personal Data Protection Bill’ Vis-À-Vis Freedom of Expression 29
constitutional. Explaining the scope of right to privacy, the Court
held (per Jeevan Reddy, J.):
A citizen has a right to safeguard the privacy of his own, his
family, marriage, procreation, motherhood, child bearing
and education among other matters. None can publish
anything concerning the above matters without his consent -
whether truthful or otherwise and whether laudatory or
critical. If he does so, he would be violating the right to
privacy of the person concerned and would be liable in an
action for damages. Position may, however, be different, if a
person voluntarily thrusts himself into controversy or
voluntarily invites or raises a controversy. Paragraph 26
Applying the above principles, it must be held that the
petitioners have a right to publish, what they allege to be the
life-story/autobiography of Auto Shankar insofar as it
appears from the public records, even without his consent or
authorisation. But if they go beyond that and publish his life-
story, they may be invading his right to privacy and will be
liable for the consequences in accordance with law.
Similarly, the State or its officials cannot prevent or restrain
the said publication. The remedy of the affected public
officials/public figures, if any, is after the publication, as
explained hereinabove. Paragraph 29.
In PUCL v. Union of India6, it was held that Section 5(2) of the
Indian Telegraph Act, 1885 that allowed for wire-tapping of phones
was violative of right to privacy. The Supreme Court held (per
Kuldip Singh, J.):
6 PUCL v. Union of India, 1 SCC 301 (SC:1997).
30 Bennett Journal of Legal Studies [Vol. I
“Conversations on the telephone are often of an intimate and
confidential character. Telephone-conversation is a part of
modern man's life. It is considered so important that more
and more people are carrying mobile telephone instruments
in their pockets. Telephone conversation is an important
facet of a man's private life. Right to privacy would certainly
include telephone-conversation in the privacy of one's home
or office. Telephone-tapping would, thus, in fact Article 21
of the Constitution of India unless it is permitted under the
procedure established by law.”
In Mr. X v. Hospital Z7, the question before the Court was whether
the right to privacy of the patient was violated when his blood test
results showing he was HIV+ were disclosed by the hospital to
classmate engaged to marry him, thereby leading to cancellation of
marriage. It was held in negative. If the doctor refused to disclose
the information about HIV+ for the fear of harming reputation of the
Youngman, his fiancé could not have taken an informed decision
regarding marrying him. The Supreme Court held that the hospital
was not guilty of a violation of privacy since the disclosure was
made to protect the public interest. While affirming the duty of
confidentiality owed to patients, the court ruled that “the right,
however, is not absolute and may be lawfully restricted for the
prevention of crime, disorder or protection of health or morals or
protection of rights and freedom of others”.
The broad facets of privacy are explained in the Puttaswamy case.
The list is obviously illustrative and not exhaustive:- Physical
privacy, Privacy in one‘s home, Privacy in Communication, Privacy
in Financial affairs, Privacy of Health, Privacy of individual
Information, Online privacy, and Privacy of thought.
7 Mr. X v. Hospital Z, 8 SCC 296 (SC:1998).
2020] Personal Data Protection Bill’ Vis-À-Vis Freedom of Expression 31
The right to privacy is overridden on a long range of grounds from
security of state, to a competing private interest and compelling
public interest. Some of these competing rights that deny right to
privacy are:
• public emergency and public safety (communications)
• criminal investigation (search and seizure/communications)
• competing private interests (divorce proceedings)
• best interests of the child (paternity suits)
• public interest (Right to Information)
• competing fundamental rights (HIV status)
Under the law of torts, invasion of privacy has evolved as a civil
wrong and any affected person in principle has right to claim
damages from the concerned civil court. There are a plethora of
judgments which explain that a citizen has a constitutional remedy
against invasion of privacy by the Government by illegally tapping
his/her telephone or searching his private residence as referred
above. Because of the general lack of knowledge of enforcing
tortious liability in India, only the elite and rich turn to higher courts
through writ petitions for constitutional remedies. This suggests the
need for a comprehensive legislation on the right to privacy and a
reasonably justifiable law on data protection also.
RIGHT TO INFORMATION ACT AND PRIVACY
The only enactment that dealt with ‘privacy’ in a limited manner is
the Right to Information Act, 2005, which has provided for
comprehensive protection to the privacy of the public servants from
the demands for disclosure.
However, public information officers interpreting Section 8(1) (j)
of the Act, denied a majority of RTI requests under that section. The
first and second appeals provided under RTI Act were also not
eliciting information about public servants because of the culture
32 Bennett Journal of Legal Studies [Vol. I
of secrecy embedded in public offices and the mindset of
withholding any information. Most of the denials were intended to
safeguard colleagues from scrutiny or action against their
irregularities. The very purpose of this transparency legislation is to
provide for public scrutiny of public servant’s official actions, which
is an essential democratic norm. But the bureaucrats considered the
information about complaints, inquiries and actions against public
servants as their ‘personal information’, not being inclined to respect
the right to seek such information under this legislation.
In Girish Ramachandra Deshpande, the (Public Information
Officer) PIO, the First Appellate Authority, the (Chief Information
Commissioner) CIC8, single judge bench9 and the Division Bench10
of Bombay High Court supported the view endorsing that the
disciplinary action related activity is between employer and
employee and the citizens need not have access to it. Unfortunately,
the Special Leave Petition (SLP) filed in the Supreme Court was
dismissed11. Though dismissal of the SLP will not constitute
‘precedent’ and declaration of law12, the Department of Personnel
and Training, the central nodal agency to implement RTI Act, issued
an office memorandum13 asking PIOs all over India to deny such
information. It has had a devastating effect on
8 CIC decision in Girish R Deshpande v. Ministry of Labour and Employment
& EPFO NO 1989/IC(A)/2008, in F.No CIC/MA/A/2007/00825.863 dated
2st Feb 2008. 9 Id. WP No. 4221 of 2009 Bombay High Court Nagpur Bench, Justice BP
Dharmadhikari dated 16.2.2010 10 Id. LPA No 358 of 2011 before the Division Bench of DD Sinha and AP
Bhangale, JJ of Bombay High Court at Nagpur on 21.12.2011. 11 Girish Ramachandra Deshpande v. Central Information Commissioner &
ors, SLP Civil NO. 27734 of 2012, JJ (2012) 9 SCALE 700. 12 Dhakeshwari Cotton Mills Ltd v. CIT West Bengal AIR 65 (SC:1955);
Kunhayammed and Ors v. State of Kerala and Anr. 6 SCC 359 (SC:2000). 13 Office Memorandum of DoPT No. 11/2/2013-IR (Pt) on 14th August 2013.
2020] Personal Data Protection Bill’ Vis-À-Vis Freedom of Expression 33
the implementation of the RTI Act, and that effect is continuing. It
is to be noted that the Information Commissioners selected from the
background of bureaucracy are usually not inclined to disclose any
such information as they strongly believe that certain amount of
secrecy is essential for smooth running of administration.
Thus Section 8(1)(j) is most used, if not abused, to deny the
information requests across the country. Srikrishna Committee felt
this privacy clause [S 8(1)(j)] was ambiguous and needed
clarification. The Committee came out with an alternative text to
replace it by drafting a bill to amend RTI Act.
THE REPORT AND THE PERSONAL DATA PROTECTION
BILL, 2018
The Expert Committee chaired by retired Justice BN Srikrishna
submitted the report as well as the draft legislation titled, ‘the
Personal Data Protection Bill, 2018 on 27th July 2018. This report
and Bill were expected to be in accordance with the guidelines laid
down in the landmark nine-judge bench judgment of the Supreme
Court in KN Puttaswamy14 case on the right to privacy delivered in
August 2017.
However, the right to privacy is yet to be properly defined. Except
for some elaborate conceptual explanations in judicial discourses,
the concept of ‘privacy’ remains an ambiguous idea. The Supreme
Court in Puttaswamy expected the Parliament to make a
comprehensive legislation. Though Puttaswamy case set the
controversy on the character of ‘privacy’ as a right to rest, the lack
of a comprehensive and enforceable definition along with defined
scope for exceptions continue to cause serious practical difficulties.
The Justice Srikrishna committee was expected to
14 Supra 33.
34 Bennett Journal of Legal Studies [Vol. I
partly address these difficulties to the extent of Data Protection. The
salient features of the Committee’s Personal Data Protection Bill,
2018 are briefly analysed below:
a) Restrictions on Processing and Collection of Personal
Data: The Srikrishna Committee recommended that
processing (collection, recording, analysis, disclosure, etc.) of
personal data should be done only for “clear, specific and
lawful” purposes. Only that data which is necessary for such
processing is to be collected. The personal data may be
processed by the government if that is considered necessary for
any function of the Parliament or State Legislature. This
includes the provisions of services, issuing of licenses, etc.
b) Data Localisation: The Bill clearly restricts the storage of
personal data to servers located within India, and states that
transfer beyond the country are subjected to certain safeguards.
The Bill also says that critical personal data should only be
processed in India.
c) Explicit Consent and Sensitive Personal Data: Explicit
consent is mandatory for processing “sensitive” personal data
(such as passwords, financial data, sexual orientation, biometric
data, religion or caste). Such consent for the process should be
purpose specific. For instance, if a citizen disclosed his sexual
orientation to a survey which was meant for assessing the
number of people of that category, that cannot be sold or sent
to commercial/advertisement agencies which can target them.
d) Data Protection Authority: The Bill proposes the creation of
a Data Protection Authority (DPA) to “protect the interests of
data principals”, prevent misuse of personal data and ensure
compliance with the safeguards and obligations under
2020] Personal Data Protection Bill’ Vis-À-Vis Freedom of Expression 35
the data protection framework by corporations, governments or
anyone else processing personal data (known as “data
fiduciaries”). The authority will need to publish Codes of
Practice on all these points. The DPA has the power to inquire
into any violations of the data protection regime and can act
against any data fiduciaries responsible for the same.
e) Rights of Data Principals (Citizens): The Justice Srikrishna
Commission Draft Bill laid down the rights of ‘data
principals’ (citizens, or persons owning the data), proposes
the creation of a data authority to enforce the Act, and
prescribes penalties for violations by ‘data fiduciaries’
(public and private sector entities that collect, process and
store data).
f) Definition of Data and Consent: The Bill defines ‘data’ in
two different ways. The first is ‘personal data, which is “data
about or relating to a natural person…” This definition can
lead to wide open inferences and unwieldy inclusions. There
is a separate category for “sensitive personal data” which
includes: health data, official identifier, sex life, sexual
orientation, biometric data, genetic data, transgender status,
intersex status, caste or tribe, religious or political belief. The
consent that ‘data fiduciaries must obtain for collection and
processing of personal data is qualified by the criteria of
‘informed’, ‘specific’, ‘clear’ and ‘capable of being
withdrawn’. For sensitive personal data, the consent
standards are higher and more detailed. For instance, the data
fiduciary should make sure that the individual is “given the
choice” of separately consenting to the “use of different
categories of sensitive personal data relevant to processing”
and that they
36 Bennett Journal of Legal Studies [Vol. I
should understand that the processing of this data “may have
significant consequences” for them. The second category
appears to be ‘personal data’ that needs to be protected. The
first category definition would be a real source of problems,
because the person’s wrongs, crimes, misconduct in office,
irregularities, breach of promises and violation of
constitutional norms also would be covered by this open-
ended definition. Several provisions of the Bill with
reference to first category could be troublesome, anti-
democratic and unconstitutional.
NEW RIGHTS OF CITIZENS & HIGH PENALTIES
The Bill proposes several new rights in regard to the data They are:
a) the ‘right to confirmation’ (Whether any company,
which might include a newspaper or tv channel or a web-
journal or a government department using a person’s
data?),
b) the ‘right to correction’ (correction, completion or
updating of inaccurate personal data),
c) the ‘right to portability’ (compelling company ‘X’ to
give the data principal the order history data and transfer
it to company ‘Y’) and,
d) the ‘right to be forgotten’ (right to demand social media
servers to delete a search engine result that is about a
person).
Penalties: There are two major categories of penalties suggested:
1) If a data fiduciary doesn’t follow through on compliance
requirements, it can be fined up to Rs 50 million or 2% of its
worldwide turnover, whichever is higher.
2020] Personal Data Protection Bill’ Vis-À-Vis Freedom of Expression 37
2) If it doesn’t comply with the standards for processing
personal or personally sensitive data it can be fined up to Rs
150 million or 5% of its total worldwide turnover, whichever
is higher. There are other penalties for more minor violations
such as refusing to comply with an individual’s request (Rs.
5 lakhs maximum).
LEAVING SCOPE FOR TWO MORE ENACTMENTS!
The Bill has provided broad exemptions to personal data protection
on the grounds of Security of State (Section 42); Prevention,
detection, investigation and prosecution of Crime (Section 43);
Processing for the purpose of legal proceedings (Section 44),
Research archiving or statistical purposes (Section 45); Personal or
domestic purposes (Section 46); Journalistic purposes (Section 47)
and Manual processing by small entities (Section 48).
However, the Committee left without proposing any drafts on these
two major exemptions to Personal Data Protection provisions -
Security of State (Section 42); and Prevention of Crime (Section 43).
This Bill says the provisions under Sections 4 and 31 will not apply
to new law (to be drafted) to empower state to process the personal
data on grounds of Security of State (Section 42) and Prevention of
crime (Section 43). The Bill says sections 3 and 32, chapter VIII
(Transfer of personal data outside India) will not apply to Law made
for enabling not processing of personal data for purpose of Legal
proceedings (Section 44).
It wanted two new legislations to be made by the Parliament in
future. There are no safeguards in this Bill for citizens’ personal data
from the surveillance of the state. It suggests that the Centre should
‘carefully scrutinize the question of oversight of
38 Bennett Journal of Legal Studies [Vol. I
intelligence gathering’. The Bill also did not spell out the exceptions
to right to privacy on the grounds of prevention, investigation and
prosecution of persons accused of crimes. The question is why are
these vital aspects left out by the Committee?
JUSTICE SRIKRISHNA’S AMENDMENT OF RTI
It’s necessary to analyse the text of Section 8(1)(j) of RTI Act in the
context of Girish’ judgment and its profuse use to deny information,
as referred above:
8(1) Notwithstanding anything contained in this Act, there
shall be no obligation to give any citizen, —
---- (a) to (h)-----
(j) information which relates to personal information the
disclosure of which has no relationship to any public activity
or interest, which would cause unwarranted invasion of the
privacy of the individual unless the Central Public
Information Officer or the State Public Information Officer
or the appellate authority, as the case may be, is satisfied
that the larger public interest justifies the disclosure of such
information:
Provided that the information which cannot be denied to the
Parliament or a State Legislature shall not be denied to any
person.
(2) Notwithstanding anything in the Official Secrets Act,
1923 nor any of the exemptions permissible in accordance
with sub-section (1), a public authority may allow access to
information, if public interest in disclosure outweighs the
harm to the protected interests.
2020] Personal Data Protection Bill’ Vis-À-Vis Freedom of Expression 39
There can be seven occasions even if the information sought was
personal and it could be given under this exception:
a. The information relates to public activity,
b. The information relates to public interest,
c. The information disclosure will not cause unwarranted
invasion of privacy of that individual,
d. Though information is personal, not related to public activity
or interest, if larger public interest justifies such disclosure,
e. Though information is personal, and its disclosure could
cause unwarranted invasion of privacy it could still be
disclosed if larger public interest justifies,
f. Though information is personal, not related to public activity
or interest, disclosure causes unwarranted invasion of
privacy of the individual, no larger public interest involved,
yet it could be given to citizen if it can be furnished to the
Parliament or State Legislature15.
g. Though information is personal, not related to public activity
or interest, disclosure causes unwarranted invasion of
privacy of the individual, it could still be given if public
interest in disclosure outweighs the public interest in its non-
disclosure16.
This section explains the scope of protection of personal information
of public servant and prescribes exceptions in the larger public interest.
It says there would be no obligation to reveal personal information
which was not related to “public activity or interest” or
15 Right to Information Act, 2005, Proviso to §. 8(1) 16 Id. §. 8(2).
40 Bennett Journal of Legal Studies [Vol. I
that would cause an invasion of privacy. The proposed 8(1)(j) claims
to have a balancing act between the public interest in accessing the
information on one hand, and prevention of the harm that could be
caused to the data principal on the other.
Section 8(1)(j) of RTI Act and the defence of privacy cannot be used
to shield crimes, wrongs or irregularities of public servants. The
experience shows that at present the public authorities are not
inclined to reveal information using section 8(1)(j) which naturally
helps in shielding the irregularities of their officers. Section 3 which
declared right to information to the citizens is very strongly
countered by this clause in practice.
Because of significant technological developments in the field of
Information Communication Technology (ICT) the speed and scope
of the social media has phenomenally increased posing serious
threat to the privacy of individuals. With ‘Aadhaar’ (unique
identification of citizens) plans of collecting massive biometric data
of all citizens and linking public welfare schemes and other activities
to Aadhaar, the issue of privacy has been debated and several
challenges have reached the Supreme Court. The nine-judge bench,
after detailed deliberations pronounced a historic judgement saying
the right to privacy is a fundamental right. However, the Bench said
that the right to privacy, though fundamental, was not absolute and
explained the areas of restriction generally. “Urbanization and
economic development lead to a replacement of traditional social
structures. Urban ghettos replace the tranquility of self-sufficient
rural livelihoods. The need to protect the privacy of the being is no
less when development and technological change continuously
threaten to place the person into
2020] Personal Data Protection Bill’ Vis-À-Vis Freedom of Expression 41
public gaze and portend to submerge the individual into a seamless
web of inter-connected lives”17.
Six days after this landmark order, the Supreme Court delivered
another judgment affecting the RTI of the people. Referring to
Girish as precedent, the Division Bench of Supreme Court in
Canara Bank v CS Shyam18, declared even information about
postings of clerks after appointment, transfer and promotion in a
public sector banks as “the private information” and refused to be
disclosed under RTI Act. The Girish and Canara Bank have unduly
expanded the ambit of ‘privacy’ under RTI Act and shrunk the area
of accountability.
NEW CLAUSE PROPOSED IN THE BILL 201819:
The Justice Srikrishna Committee further expanded the scope of the
right of privacy for public servants by recommending additional
grounds to hide information. The Personal Data Protection Bill
suggested replacing the existing Section 8(1)(j) with the following
provision.
In place of the current clause (j) of sub-section (1) of section
8 of the Right to Information Act, 2005 the following clause
(j) of sub-section (1) of section 8 shall be substituted,
namely: —
“(j) information which relates to personal data which is
likely to cause harm to a data principal, where such harm
outweighs the public interest in accessing such information
17 Supra 4, ¶36. 18 Canara Bank v. C.S. Shyam, AIR 4040 (SC:2017). 19 Ministry of Electronics and Information Technology, Report of the
Committee of Experts under the Chairmanship of Justice B.N. Srikrishna, A
Free and Fair Digital Economy, Protecting Privacy, Empowering Indians,
July 27, 2019, https://meity.gov.in/writereaddata/files/Data_Protection
_Committee_Report.pdf.
42 Bennett Journal of Legal Studies [Vol. I
having due regard to the common good of promoting
transparency and accountability in the functioning of the
public authority;
Provided, disclosure of information under this clause shall
be notwithstanding anything contained in the Personal Data
Protection Act, 2018;
Provided further, that the information, which cannot be
denied to the Parliament or a State Legislature, shall not be
denied to any person.
Explanation. —For the purpose of this section, the terms
“personal data”, “data principal”, and “harm” shall have
the meaning assigned to these terms in the Personal Data
Protection Act, 2018.”
Section 3 (14) “Data principal” means the natural person to
whom the personal data referred to in sub-clause (28)
relates;
A scrutiny of this clause reveals that Section 8(1)(j), if replaced by
the above provision, will expand the scope of denial of information
because of the ambiguity of several expressions and addition of
different grounds for denial such as the ‘harm test’.
The proposed Section 8(1)(j) says “information which relates to
personal data” can be denied. The personal data can be rejected if
it causes harm to the data principal (owner/public servant about
whom the information is sought). As per section 3 (29) of the Bill
2018 “Personal data” means data about or relating to a natural
person who is directly or indirectly identifiable, having regard to
any characteristic, trait, attribute or any other feature of the identity
of such natural person, or any combination of such features, or any
combination of such features with any other
2020] Personal Data Protection Bill’ Vis-À-Vis Freedom of Expression 43
information; This definition itself is very wide in scope. This means,
not only personal data but also any information relating to personal
data also could be denied, if it harms the data principal. The scope
of rejection is further expanded without bounds.
For example, if disciplinary action against officer is considered as
‘personal data’, any information about it also can be denied as that
might be ‘relating to’ it. The mischief lies in the words ‘information
relating to personal data’. If someone asks under RTI whether a
public servant is promoted despite disciplinary action, this could be
considered as information relating to ‘personal data’ and be denied.
The proposed section 8(1)(j) says: “information which relates to
personal data which is likely to cause harm”. ‘Likely’ is a loose and
mischievous expression which can be construed and used according
to individual imaginations. The ‘likelihood’ of harm will stall RTI
questions. If imagination can be stretched, restrictions could also be
stretched.
In present RTI Act, section 8(1)(j) the ‘larger public interest’ is the
test to relax the exemption and the PIO might decide to give
information. In the report Justice Srikrishna said that the undefined
‘public interest’ is ambiguous and suggested specifying the
relaxation clause. But the expressions he included in the Bill are clad
in more ambiguity and have a wide scope for misinterpretation. The
expressions such as ‘relating to’, ‘harm’, ‘likely to harm’ are
ambiguous, wide and without any limits, which decide fate of RTI.
The test Justice Srikrishna suggested appears to be revolving around
‘public interest’ but in fact takes the test beyond ‘public interest’
with many confusing words. It says, ‘where such harm outweighs
the public interest in accessing such information having
44 Bennett Journal of Legal Studies [Vol. I
due regard to the common good of promoting transparency and
accountability in the functioning of the public authority’
information can be given. The PIO has more difficult task of
understanding whether this ambiguous likelihood of harm is going
to outweigh the common good of promoting transparency. It is not
easy even for the applicant to explain. Justice Srikrishna’s Bill also
did not define public interest, common good, promotion,
transparency and accountability. Another major lacuna of this Bill
is that it did not even define the “term” ‘privacy’ either in the Bill or
in the Report.
THE “HARM” TEST THAT CAN HARM RTI
The most important expression used in Bill that can cause serious
harm to RTI is the ‘harm’. Section 3 (21) says:
“Harm” includes— (i) bodily or mental injury; (ii) loss,
distortion or theft of identity; (iii) financial loss or loss of
property, (iv) loss of reputation, or humiliation; (v) loss of
employment; (vi) any discriminatory treatment; (vii) any
subjection to blackmail or extortion; (viii) any denial or
withdrawal of a service, benefit or good resulting from an
evaluative decision about the data principal; (ix) any
restriction placed or suffered directly or indirectly on
speech, movement or any other action arising out of a fear
of being observed or surveilled; or (x) any observation or
surveillance that is not reasonably expected by the data
principal.
The first two words are enough to cause confusion: ‘harm includes’
could mean anything specified in the ten sub clauses in Section 3(21)
of the Bill besides any other harm which PIO can imagine. Yet
another expression used is: “Bodily injury or mental injury”. Any
RTI request may embarrass or upset or cause worry to
2020] Personal Data Protection Bill’ Vis-À-Vis Freedom of Expression 45
‘data principal’ i.e., public servant, which can be considered as
mental injury. PIO can instantly reject any embarrassing
information because it might cause mental injury.
‘Loss of reputation’ is another ‘harm’ suggested to be a restriction
against disclosure. If that is the ground of denial, can any
information about a wrong-doing by a public servant be disclosed?
Every disclosure about disciplinary action on misconduct might
cause loss of reputation. The Justice Srikrishna Report says that even
the possibility of ‘humiliation’ is enough to deny.
This Committee has amending the RTI in order to protect public
servant from any likely harm by the disclosure of such data Both
‘likely’ and ‘harm’ are potential enough to eclipse the RTI forever.
PROTECT BLACK SHEEP FROM BLACK MAIL
All corrupt public servants can celebrate this Bill. It will safeguard
the black sheep among public servants from possible black mail. The
expression used is ‘subjecting him to black mail or extortion” as part
of wide definition of ‘harm’. If disclosure of any information under
RTI is likely to subject a corrupt officer to black mail or extortion,
it can be denied. Corruption and information relating to it also can
be interpreted as his private information if this Bill is made into an
Act.
There are two more expressions: (ix) any restriction placed or
suffered directly or indirectly on speech, movement or any other
action arising out of a fear of being observed or surveilled; or (x)
any observation or surveillance that is not reasonably expected by
the data principal. Even indirect restriction on speech or fear of
being observed is enough cause for denial. These ten clauses of
‘harm’ in definition will provide ten exit gates to corrupt officers to
escape from RTI scrutiny by the people. Imaginative, efficient
46 Bennett Journal of Legal Studies [Vol. I
and corrupt public servants may invent ‘harm’ beyond these ten
clauses.
THE BILL PROPOSES PRIOR RESTRAINTS ON MEDIA’S
FREEDOM
The provisions of the Bill have a potential impact on Media’s
freedom which is in the rubric of citizens’ freedom of speech and
expression under Article 19(1)(a) of the Constitution of India. An
individual may not be affected by this proposed Bill unless he gets
into the business of ‘processing’ the data of some person, which
might fall under the two categories of ‘personal’ and ‘sensitive
personal’ data. But every media organization, company, firm, TV
channel, newspaper etc, that processes certain facts (information or
data) of a ‘data principal’ cannot disclose (publish) without the
‘explicit consent’ of the ‘data principal (other citizen, bureaucrat,
minister or MP - present or retired) for news purposes, or for
publication of a book or an Article or souvenir, etc.
Justice Srikrishna Committee has suggested an exception for
‘journalistic purpose’ to the above mandates with reference to data
processing. The journalists will be professionally interested in
critically commenting on the past and present conduct of political
personalities including public servants using the available data. In
such cases the journalists are exempted from the strict provisions of
Personal Data Protection as per the exemption under clause (Section
47) of the Bill which says that the substantial provisions referred
above need not be observed if the data processing is for ‘journalistic’
purposes. The text of the exception is:
S 47: Journalistic purposes— (1) Where the processing of
personal data is necessary for or relevant to a journalistic
purpose, the following provisions of the Act shall not
apply—
2020] Personal Data Protection Bill’ Vis-À-Vis Freedom of Expression 47
(a) Chapter II, except section 4; (b) Chapter III; (c)
Chapter IV; (d) Chapter V; (e) Chapter VI; (f) Chapter VII
except section 31; and (g) Chapter VIII.
(2) Sub-section (1) shall apply only where it can be
demonstrated that the processing is in compliance with any
code of ethics issued by— (a) the Press Council of India, or
(b) any media self-regulatory organization.”
Section 47(1) appears to be upholding the freedom of speech and
expression, where the processing of personal data is necessary or
relevant for journalistic purpose, for which Chapters 2 to 8 will not
apply (except Sections 4 and 31). This means that, for journalistic
purposes, there can be a publication; however, a journalist is
expected to ensure reasonable respect to the privacy of the ‘data
principal’ (Section 4 of Chapter II which only applies). Section 5
which says ‘personal data shall be processed only for purposes that
are clear, specific and lawful’ will not apply if publication is for
journalistic purpose. Collection limitation (Section 6), Lawful
processing limitation (Section 7), Need for giving notice (Section 8),
Data quality (Section 9) Data Storage Limitation (Section 10), and
accountability (Section 11) of Chapter 2 also will not apply to
writings for journalistic purposes. Sections 12 to 17 that deal with
processing of personal data based on consent will not apply to
journalistic writings. Similarly, grounds for processing sensitive
personal data u/s 18 to 22 and processing of personal and sensitive
data of children (Section 23) will not apply. The rights of Data
Principal such as right to confirmation and access, right to
correction, right to data portability, right to be forgotten, and other
general conditions for the exercise of rights in this Chapter VI dealt
with under Sections 24 to 28 also will not apply to journalistic
writings.
48 Bennett Journal of Legal Studies [Vol. I
There is a twist in Section 47, i.e., the adjudicating officer will
decide whether right to freedom of speech and the right to
information of citizens will override the privacy of data principal.
Sub-section (2) of Section 47 is another hurdle on the media’s
freedom to write. This subsection takes away the freedom that was
given under Section 47(1), which says that such an exemption will
apply only where it can be demonstrated that the processing
follows any code of ethics issued by the Press Council of India or
any media self-regulatory organization. Mischief lies in expression
‘demonstration’ before adjudicating officer. A journalist must
demonstrate to convince that his journalistic purpose is in
compliance with ‘code’ of Press Council or self- regulatory
organization of media, before he publishes a critical analysis about
a bureaucrat or politician. The code developed by the Press Council
of India is not a penal code, and the council is not a court with
powers to impose penalties. That code represents the set of
guidelines based on ethics and proprietary norms, which cannot be
enforced with external pressures. Following the code is a matter of
self-regulation.
The Adjudicating officer envisaged in this Bill is not even a quasi-
judicial officer but a bureaucrat subordinate of political executive,
exercising power to stop a journalist from performing his duties
exercising press freedom. This is the hidden danger, which need to
be decodified and discovered. Any ethical code that is
recommendatory cannot be elevated to the level of a legal
obligation. Imagine if a journalist writes without such convincing
demonstration, he would end up paying huge penalties. This is an
unreasonable restriction on the freedom of media.
Any attempt to restrict the professional activity of writing based on
the grounds other than those prescribed under Article 19(2) will be
2020] Personal Data Protection Bill’ Vis-À-Vis Freedom of Expression 49
unconstitutional. The Press Council is a statutory body with
recommendatory powers to protect journalists from undue pressures
and other from unethical journalists. The PDP Bill also refers to
other ‘codes’ developed by journalistic bodies and elevates them to
the level of a penal code. Compliance with such a code is good for
healthy journalism but to prevent journalist from writing about
public servants on the grounds of failure to demonstrate the
compliance with those codes is neither legal nor constitutional.
A journalistic exercise should be free from prior restraints, including
‘pre-censorship’. Insisting that a journalist should take prior
permission from an adjudicating officer under this Personal Data
Protection Bill brings in the pre-censorship.
If this Bill is accepted by the Government and it passes this
legislation, it will perpetuate the pre-censorship, which was a
temporary restriction during Emergency period (1975-77).
THE RIGHT TO BE FORGOTTEN, TO BE FORGOTTEN!
Another substantial proposition of Justice Srikrishna’s Bill is the
right to be forgotten. The right means right to be forgotten and to
remove, very old irrelevant and unnecessary information links from
social media networks. This concept is prevalent in European Union
(EU) and France, though it was not preferred in the United States
which valued freedom of the press. Mario Costeza Gonzales wanted
Google and a newspaper La Vanguardia,20 to remove a 1998 news
item about the selling of property to pay off debts. EU court in 2009
upheld his right not to be reminded of that unpleasant part of his
life. US courts, however, did not agree with William
20 The Right to be Forgotten, The Guardian, (Feb. 18, 2015, 7.30 AM),
https://www.theguardian.com/technology/2015/feb/18/the-right-be- forgotten-google-search.
50 Bennett Journal of Legal Studies [Vol. I
James Sidis, a former child prodigy who did not want New Yorker
newspaper to publish his past. The court said that there are social
values in published facts. Simply because he does not want
something published, celebrity status cannot be ignored. 21.
In India, one person could get a certificate of marriage with a
woman’s name who never married him. Her father’s plea to annul
that marriage certificate was accepted by Karnataka High Court22. A
rape victim has a right to be forgotten about that nasty past. At the
same time a criminal cannot claim that his conviction should not be
referred by media using this right, Gujarat High Court said.
Thus, in some sporadic cases, where genuine interests of the citizens
were involved the courts considered requests for removing the
embarrassing information from the search engines managed by
Google. Recognizing the right to information as part of Data
Protection legislation might have serious implications on freedom of
speech including right to information. The Srikrishna committee
recommended giving “data principals” (persons whose personal data is
being processed) the ‘right to be forgotten’. This means they will be
able to restrict or prevent any display of their personal data once the
purpose of disclosing the data has ended, or the data principal
21 Sidis v F-R Publishing Corporation, 311 U.S. 711 61 (1940). See also:
What is the Right to be Forgotten and how it could affect you? Catch News,
(Feb. 10, 2017, 1:50 IST), http://www.catchnews.com/tech-news/what- is-the-right-to-be-forgotten-and-how-it-will-affect-you-
1462532182.html. 22 Deya Bhattacharya, Right to be forgotten: How a prudent Karnataka HC
judgment could pave the way for privacy laws in India, First Post
https://www.firstpost.com/india/right-to-be-forgotten-how-a-prudent-
karnataka-hc-judgment-could-pave-the-way-for-privacy-laws-in-india-
3270938.html See also: Arunima Bhattacharya, In A First An Indian Court Upholds The 'Right To Be Forgotten, Live Law, (Feb. 3, 2017, 10:50 AM),
Abhinav Garg, Delhi banker seeks `right to be forgotten' online, (May 1,
2016, 5:32 IST), https://timesofindiArticleindiatimes.com/india/Delhi-
banker-seeks-right-to-be-forgotten-online/Articleshow/52060003.cms.
2020] Personal Data Protection Bill’ Vis-À-Vis Freedom of Expression 51
withdraws consent from disclosure of their personal data In the
European Union (EU), this right has been recognized and used by
people to get unflattering records of them on news websites taken
down after the matter is no longer a matter of public interest.
Section 27 of the draft bill says:
(1) The data principal shall have the right to restrict or
prevent continuing disclosure of personal data by a data
fiduciary to the data principal where such disclosure-
a) has served the purpose for which it was made or is no
longer necessary;
(b) was made on the basis of consent under section 12 and
such consent has since been withdrawn; or
(c) was made contrary to the provisions of this Act or any
other law made by Parliament or any State Legislature.
(2) Sub-section (1) shall only apply where the Adjudicating
Officer under section 68 determines the applicability of
clause (a), (b) or (c) of sub-section (1) and that the rights
and interests of the data principal in preventing or
restricting the continued disclosure of personal data
override the right to freedom of speech and expression and
the right to information of any citizen.
(3) In determining whether the condition in sub-section (2)
is satisfied, the Adjudicating Officer shall have regard to—
(a) the sensitivity of the personal data;
(b) the scale of disclosure and the degree of accessibility
sought to be restricted or prevented;
(c) the role of the data principal in public life;
52 Bennett Journal of Legal Studies [Vol. I
(d) the relevance of the personal data to the public; and
(e) the nature of the disclosure and of the activities of the
data fiduciary, particularly whether the data fiduciary
systematically facilitates access to personal data and
whether the activities would be significantly impeded if
disclosures of the relevant nature were to be restricted or
prevented.
(4) The right under sub-section (1) shall be exercised by
filing an application in such form and manner as may be
prescribed.
(5) Where any person finds that personal data, the
disclosure of which has been restricted or prevented by an
order of the Adjudicating Officer under sub-section (2) does
not satisfy the conditions referred to in that sub- section any
longer, they may apply for the review of that order to the
Adjudicating Officer in such manner as may be prescribed,
and such Adjudicating Officer shall review her order on the
basis of the considerations referred to in sub- section (3).
The Bill prescribes under Section 68, a separate adjudicatory wing,
with adjudicating officers who are persons of ability integrity and
standing, with not less than seven years of experience in the fields
specified. Section 27(4) provides for a review by the same
Adjudicating Officer.
DATA PROTECTION AUTHORITY
The bill envisages a Data Protection Authority (DPA), consisting of
a chairperson and members, whose term is fixed at five years or 65
years of age but salary, other terms and conditions of service, will
be as “prescribed”, not fixed by the Bill. Unlike the present
2020] Personal Data Protection Bill’ Vis-À-Vis Freedom of Expression 53
Information Commissioners, the members of DPA are at the mercy
of the executive to prescribe rules which may vary from time to time,
seriously affecting their independent functioning. It is on the lines
of the Government of India’s recent proposal to reduce the status
and salary of the Information Commissioners. With this Bill, a
parallel and superfluous mechanism will be created to usurp the
authority of Information Commissioners to decide the validity of
disclosure of information about public servants, by empowering the
adjudicating officer to decide that question. The public servant’s
privacy or otherwise should have been totally exempted from the
application of PDP Bill. The absence of exemption so is a major
lacuna of the PDP Bill of Srikrishna Committee.
This constitution of the DPA contradicts the RTI Act, CIC and the
Fundamental Rights chapter of Constitution of India. This
undermines the very existence of the Information Commissions at
the Centre and in States.
BREACH OF CONSTITUTIONAL RIGHT TO FREEDOM
OF SPEECH
Protecting the private data of private persons cannot be taken to the
level of compromising the free speech that depends upon
dissemination of information about public functioning. Introducing
rights like ‘right to be forgotten’ or limiting the journalistic writings
with requirement of prior permission from the ‘adjudicating officer’
are not conducive to any vibrant democracy. Besides any attempt to
amend RTI Act 2005 to increase ambiguity must be understood in a
perspective rather than protecting private data of private persons.
We must consider the suggestion to replace present privacy clause
of RTI in the context of the democratic need for transparency and
people’s general right to speech within the realm of Constitution of
54 Bennett Journal of Legal Studies [Vol. I
India. One should not forget that the RTI is an integral aspect of
fundamental right to speech under Article 19(1)(a) of our
Constitution23 and that it can be limited only according to Article
19(2).
But this proposed Bill has created several grounds such as personal
data, harm, likely harm, possibility of surveillance, loss of
reputation, chance of black mail or extortion, etc. Justice Srikrishna
did even mention about this major Constitutional hurdle while
introducing these new grounds to restrict RTI which also restrict free
speech. These new restrictions cannot be imposed without amending
the Constitution, which is obviously not possible because the
freedom of speech is basic feature of our Constitution. Attempting
to shrink free speech through an amendment to RTI is a serious
interference with the democratic norms of the rule of law. Privacy
should not and does not mean secrecy as far as public affairs are
concerned.
It is clear that Article 19(2), which lists various grounds for
restricting free speech, does not include privacy. With the new
grounds and ambiguous expressions, the Srikrishna committee
expanded the restrictions on Article 19(1)(a)24, beyond the clauses
in Article 19(2)25 of our Constitution and Section 8 of RTI Act.
23 Thallapalam Ser. Coop. Bank Ltd & Ors. v. State of Kerala, 16 SCC 82
(SC:2013). 24 19. Protection of certain rights regarding freedom of speech etc, (1) All citizens
shall have the right
(a) to freedom of speech and expression; (b) to assemble peaceably and
without arms; (c) to form associations or unions; (d) to move freely
throughout the territory of India; (e) to reside and settle in any part of the
territory of India; and (f) omitted (g) to practise any profession, or to carry on
any occupation, trade or business. 25 (2) Nothing in sub clause (a) of clause ( 1 ) shall affect the operation of any
existing law, or prevent the State from making any law, in so far as such law
imposes reasonable restrictions on the exercise of the right conferred by the
said sub clause in the interests of the sovereignty and integrity of India,
2020] Personal Data Protection Bill’ Vis-À-Vis Freedom of Expression 55
Hence, making ‘privacy’ a ground for imposing restrictions on
freedom of speech is not constitutional and can be violative of
Article 19, because Parliament has no authority to restrict the
fundamental freedom guaranteed under Article 19(1)(a).
‘Defamation’ as a ground is well recognized and there is legislation
that restricts the free speech on this ground, i.e., Section
499 and 500 of Indian Penal Code. But no publication or expression
can be prevented on the likelihood of defamation. Defamation is
recognised as a ground for a consequential remedy of damages but
cannot be used as a prior restraint on journalistic expression. By
introducing an ambiguous ground of ‘loss of reputation’, the PDP
Bill crosses the permitted field of restrictions in Article 19(2). If a
statement is defamatory it can still be made if it is based on truth, or
as a fair comment or it could be a permitted as privileged discussion.
In such cases it is legally considered as not being defamation. In the
present scenario, what this Bill proposes is not the likelihood of
defamation as a restriction, but rather the likelihood of loss of
reputation to thwart RTI requests. Thus, the Bill is travelling beyond
the scope of Article 19(2) which damages democracy.
Similarly, there are several other open-ended expressions like
‘harm’ or ‘fear of being observed’ or possibility of ‘black mail’ that
cannot be found as grounds for restricting freedom of expression.
JUSTICE SRIKRISHNA & SC CAUTION ON PRIVACY
Test of arbitrariness: The Puttaswamy judgement dealt with
restrictions on the right to privacy, where Justice Nariman gave
the security of the State, friendly relations with foreign States, public order,
decency or morality or in relation to contempt of court, defamation or
incitement to an offence
56 Bennett Journal of Legal Studies [Vol. I
examples of possible restrictions on the right to privacy, within the
fundamental rights chapter. He cautioned:
“… when it comes to restrictions on this right, the drill of
various Articles to which the right relates must be
scrupulously followed. For example, if the restraint on
privacy is over fundamental personal choices that an
individual is to make, State action can be restrained under
Article 21 read with Article 14 if it is arbitrary and
unreasonable; and under Article 21 read with Article 19(1)
(a) only if it relates to the subjects mentioned in Article
19(2) and the tests laid down by Supreme Court for such
legislation or subordinate legislation to pass muster under
the said Article. Each of the tests evolved by Supreme Court,
qua legislation or executive action, under Article 21 read
with Article 14; or Article 21 read with Article 19(1)(a) in
the aforesaid examples must be met in order that State action
pass muster26.”
Compelling state interest: The Supreme Court went on to say: “The
State requires compelled disclosure of membership lists of a
political organisation on national security or public order grounds.
This is an issue that will be at the intersection of Articles 19(1)(a)
(freedom of speech), Article 19(1)(c) (freedom of association), and
Article 21. The Court will then be required to apply the standards
under Article 19(2) and (4)27.”
Justice Chelameswar28 cautioned referring to concept of
reasonableness, saying:
26 Supra 4, ¶ 86. 27 Id. 28 Id., ¶ 42-43.
2020] Personal Data Protection Bill’ Vis-À-Vis Freedom of Expression 57
“the limitations are to be identified on case to case basis
depending upon the nature of the privacy interest claimed.
There are different standards of review to test infractions of
fundamental rights. While the concept of reasonableness
overarches Part III, it operates differently across Articles
(even if only slightly differently across some of them) … to
begin with, the options canvassed for limiting the right to
privacy include an Article 14 type reasonableness enquiry;
limitation as per the express provisions of Article 19; a just,
fair and reasonable basis (that is, substantive due process)
for limitation per Article 21…”
Justice Chandrachud referring to restrictions, said29: “a law which
encroaches upon privacy will have to withstand the touchstone of
permissible restrictions on fundamental rights.”
It appears Justice Srikrishna Committee did not take this caution of
the Supreme Court seriously. The privacy of public servants has
been protected by the RTI Act in a well-balanced manner as
envisaged by Supreme Court. This committee should have
distinguished private data from the private information in the
context of RTI and need for disclosure in public interest. Action on
the corruption of public servants is not the data, or any information
‘relating to action taken on complained public servants cannot be
imagined as ‘likely’ cause ‘loss of reputation’. In the name of data
protection, one should not protect corruption or corruption related
information. The Data Protection Bill in toto should not apply to
public servants and to their data except for securing their ‘sensitive
personal data’ as defined under Section 3(35) of the Data Protection
Bill 2018, i.e., passwords, financial data, health data, official
identifier, sex life, sexual orientation,
29 Id., Conclusion H.
58 Bennett Journal of Legal Studies [Vol. I
biometric data, genetic data, transgender status, intersex status, caste
or tribe, religious or political belief or affiliation. This information
can be exempted from RTI except in larger public interest or on all
the suggested contingencies. But other data of public servants like
recruitment, transfer, promotion, disciplinary actions, remuneration,
leaves, their endorsements in public issues, file noting with their
names and notes, their reports, correspondence regarding activity of
the office cannot be considered as their private data.
Data protection and privacy are two distinct fundamental rights in
the European Union30. This distinction was the product of
recognition over a period of time where the independent importance
of data protection was emphasized. Data protection is narrower than
privacy since it is limited to data alone and does not extend to aspects
of privacy that are not informational. It is apparent that some
practices such as ensuring adequate data quality and openness have
little to do with privacy but are rather aimed at ensuring accuracy
such that the data can be effectively used. The Constitution cannot
provide detailed provisions of this nature. The Supreme Court has
recognized that matters of detail cannot be provided in the
Constitution itself, given that it is the basic law of the land, or in
statutes flowing from the Constitution. Despite the Charter of
Fundamental Rights containing privacy and data protection rights,
the EU has formulated detailed directives on data protection. It
comprehensively covers the fair information practices laid down by
the Organization of Economic Cooperation and Development
(OECD) and builds on them to ensure greater protection of data.
30 David Banisar, National Comprehensive Data Protection/Privacy Laws and
Bills 2016, (Oct. 31, 2011), https://papers.ssrn.com/sol3/
papers.cfm?abstract_id=1951416.
2020] Personal Data Protection Bill’ Vis-À-Vis Freedom of Expression 59
The mandate of this Committee is to suggest a comprehensive law
on privacy and personal data protection. But the Committee ignored
developing a framework to regulate the State power of unauthorized
surveillance, interception, pre-invasion precautions or post invasion
reviews or penalties to culprits in Government for unauthorized
surveillance and compensations to victims of privacy invasion or
breach of norms of personal data protection. This is the major failure
of the Committee and the draft Bill.
There is absolutely no need to repair or replace section 8(1)(j) of
RTI Act in the name of securing privacy or protecting data. If this
report and Bill are accepted, the fine balance between expression
right and reasonable restrictions clauses will get totally disturbed
and the authoritarian powers of the executive will be terribly
enlarged at the cost of democracy. This Bill of 2018 could give more
autocratic powers to government of the day than MISA
(Maintenance of Internal Security Act, 1971) during the infamous
Emergency. Expression ‘etc’ in MISA was said to have caused
serious violation of Constitutional rights during Emergency. It is
beyond imagination what damage this Bill could cause.
RESTRICTING ACCESS TO INFORMATION RESOURCES
Information or knowledge is a resource which empowers individuals
and enriches society. Such resource must be equitably accessible to
all. Under Article 39(b) of the Constitution, the state has been
enjoined to direct its policy towards ensuring that ‘the ownership
and control of material sources of community are so distributed so
as to sub-serve the common good’.
The report and the bill deserve to be rejected at threshold. Civil
society has the task to protect RTI from this dangerous Bill and the
Report. If not, this bill might drive the last nail in the coffin of the
RTI and the freedom of the media. Professor EP Thompson
60 Bennett Journal of Legal Studies [Vol. I
cautioned civil society in his celebrated Article ‘The Secret State”,
which is relevant right now:
We should certainly campaign for a Freedom of Information
Act. The campaign will have educative value. It might secure
small gains, and, for historians, significant ones. But one
should be under no illusions about it: whatever Act is
passed; our public servants will find a way around it. (EP
Thompson, Writing by Candlelight, 1988, p177).