Shoddy parliamentary panel report on data privacy

BY Venkatesh Nayak| IN Law and Policy | 18/02/2014
The committee's Report submitted to the Lok Sabha on February 12, 2014, examines several issues relating to the use and misuse of cyber space but does them no justice,

Important discussions on a right to privacy law, on the right to safeguard private information and protections against the misuse of personal data are sadly incomplete in the Parliamentary Standing Committee Report on Security, Crimes and the Right to Privacy in Cyberspace, submitted to the Lok Sabha on February 12, 2014.

This global village in the making is not without its share of unique problems. For every sane word or picture posted on the Web, there are scores of others bordering on the insane or blatantly obscene posted as well. Never before have human beings been so enthusiastic about sharing information about themselves openly making friends of strangers simply by liking each other’s declared profiles and connecting up.

The sheer rapidity of these developments has caught even acknowledged Information Technology (IT) giants across the globe hopelessly unprepared to meet and respond to its challenges. It is this very concern that inspired India’s Department-related Parliamentary Standing Committee on Information Technology to examine the challenges of cyber security, cyber crimes and protecting one of the most cherished of human rights – the right to personal privacy.


Chaired by Mr. Rao Inderjit Singh and comprised of several members of the Lok Sabha and the Rajya Sabha belonging to political parties of many hues, this committee has on it some very well known celebrities such as the latest Bharat Ratna awardee – Sachin Tendulkar, the noted lyricist Javed Akhtar and the Hindi film star Raj Babbar. That none of these celebrities actually attended any meeting of this committee speaks volumes of the kinds of people whom we elect to the Lok Sabha or permit to be nominated to the Rajya Sabha, but that is besides the main point of this article.


The committee’s report, submitted to the Lok Sabha on February 12, 2014, examines several issues relating to the use and misuse of the cyber space. Apart from examining Internet usage data, the committee has looked at problems such as cyber stalking, email frauds, hacking, defacing of websites, phishing, personal data or identity theft, insemination of malware such as viruses and Trojans, spamming, pornography and cyber voyeurism. The monetary value of the reported economic crimes, committed using cyber facilities, is not large but the numbers are more than doubling every year.


Despite the Internet penetration hovering around 10-12%, India will surpass the USA in terms of the total number of people using the Internet. Despite being the IT giant in the developing world, the parliamentary committee bemoans the fact that India is totally unprepared to deal with these challenges.


Submissions only from DEITY

The Department of Electronics and Information Technology (curiously abbreviated to DeitY) was the only body to make submissions to this committee although the committee announced its intent to inquire into these issues way back in September 2013. This author circulated the notice contained in the Lok Sabha bulletin soon after the announcement but no civil society actor or representatives of the industry, subject experts or academia seems to have been invited to depose before the committee.


The Committee voices its alacrity on several matters. The fact that there are only 42,000 trained individuals across the country to deal with cyber threats against a requirement of 500,000; the increasing number of reported financial crimes- apparently only the tip of the iceberg that lurks in cyberspace; the failure of large majority of government agencies participating in the National E-Governance Plan failing to get the necessary ISO 27001 certification relating to cyber security practices are all cause for concern to the committee.


Right to privacy law



I wish to discuss two aspects of this report by way of initiating some debate on these serious issues as the mainstream media prefers to focus on the antics of our elected representatives on the floor and outside of Parliament instead of these big picture issues. The first is the Committee’s observation about the undue delay in drafting a law to protect personal privacy and personal data of individuals.


Readers will remember that the Constitution does not guarantee the right to privacy as a fundamental right. Since the 1970s, the Supreme Court of India has deemed it to be a fundamental right within the meaning and scope of the right to life and liberty under Article 21 in several landmark judgements. Yet, almost all these judgements talk about no-interference of the State in matters personal to the citizen such as home, correspondence, health records and bank-related information.


The data protection aspect of the right to privacy has not come up before the Apex Court or the High Courts in a big way. Contrastingly, several Latin American countries have incorporated the right to protect personal data in their constitutions and set up elaborate systems for ensuring that private or public bodies do not misuse personal data. Philippines has recognised the remedy of the writ of habeas data by which any person may move the court to compel a government body or a private agency to produce data it holds about that person or his family member or friend who may have disappeared due to police or military action. The right to correct errors is an important facet of the right to personal data protection.


The DeitY made its sister department- the Department of Personnel and Training which is under the direct charge of the Prime Minister, responsible for the delay in putting in place a proper architectural framework for personal data protection (over and above the Rules framed under the Information Technology Act, 2000) without briefing the Committee about the other actors in the game. The Planning Commission had constituted a committee under the Chairpersonship of Justice A P Shah a couple of years ago to consult with subject experts inside and outside government to come up with framework for a right to privacy legislation.


The Committee submitted a comprehensive report examining the multifarious aspects of data protection ranging from UID/Aadhar to the efforts to create DNA fingerprint databases, ostensibly for the purpose of investigation of crimes and recommended a set of principles and practices that would protect the right to privacy and also prevent curtailment of the people’s right to know also guaranteed as a fundamental right and exercised under the procedures of the Right to Information Act.


The report has been gathering dust ever since and the Committee was not even apprised of this valuable advice available from a group of very committed and conscientious people who worked overtime to provide sound advice to the Government. This is what happens when civil society is ignored during consultative processes.


Censoring its own report?

A second and even more disturbing aspect of the committee report is the ‘x-ing’ or blanking out of portions of statements made by the DeitY representatives. Entire sentences and even paragraphs are missing from the submissions cited in the report without so much as an explanation. Even references to the availability of trained human resources for cyber security purposes have been published after censoring some portions.


This is the first time that the author has come across such perfunctory reporting by a Parliamentary Committee on a serious issue that affects almost every individual in this country. The logic seems to be that while elected representatives will have the right to know all details, the people who elected them cannot be trusted with the complete information.


This practice runs contrary to the basic principle enshrined in the RTI Act, namely, information that cannot be denied to Parliament must not be denied to any citizen [see the proviso at the end of Section 8(1)]. Perhaps readers might like to file RTI applications with the DeitY and the Lok Sabha Secretariat to access the complete text of the submissions presented to the committee so that the reasons for such sketchy reporting are made public.


If there is a real and justifiable need to mask certain portions of the submissions, the Government or the Committee’s Secretariat must make a clean breast of it so that suspicion about what transpired behind closed doors is alleviated. Newer forms and practices secrecy should not be allowed to overshadow the information revolution that the Internet has unleashed.


(Venkatesh Nayak works with the Access to Information Programme of Commonwealth Human Rights Initiative, New Delhi)

Such articles are only possible because of your support. Help the Hoot. The Hoot is an independent initiative of the Media Foundation and requires funds for independent media monitoring. Please support us. Every rupee helps.

Subscribe To The Newsletter
The new term for self censorship is voluntary censorship, as proposed by companies like Netflix and Hotstar. ET reports that streaming video service Amazon Prime is opposing a move by its peers to adopt a voluntary censorship code in anticipation of the Indian government coming up with its own rules. Amazon is resisting because it fears that it may alienate paying subscribers.                   

Clearly, the run to the 2019 elections is on. A journalist received a call from someone saying they were from Aajtak channel and were conducting a survey, asking whom she was going to vote for in 2019. On being told that her vote was secret, the caller assumed she wasn't going to vote for 'Modiji'. The caller, a woman, also didn't identify herself. A month or two earlier the same journalist received a call, this time from a man, asking if she was going to vote for the BSP.                 

View More