data protection laws in India

The new ‘Data Protection Bill’ formulated by Narendra Modi’s led BJP government seeks to snatch away privacy, anonymity, and discretion from Indian citizens and companies operating in India.

Mozilla, an active advocate of privacy protection, strongly criticized the new reforms made in the Data Protection Law, introduced in the Indian Parliament, earlier today. The reforms introduced will indirectly force Indian citizens to hand over their government-issued ID if they wish to use any social media website.

The Indian government will also force companies using the Data Protection Law to hand over non-personal data. This sort of data includes trade secrets and sales location data from e-commerce platforms, etc. in the name of “public good and policy planning purposes.”

Here’s everything in the new Data Protection Bill that should worry Indian citizens and business owners.

5 Reasons Why India’s ‘Data Protection Bill’ Will Be Disastrous For Citizens

1. No ‘Protection’ For Data Protection Authority

A new reform made under India’s Data Protection Bill wants to ensure that the Narendra Modi government can maintain the maximum amount of power in the workings of the Data Protection Authority. Earlier, a diverse committee was to be appointed as members of this authority. The original plan was to include members from the executive, (government) judicial, along with some external experts such as the members of DPA.

However, according to the new reforms, only government-appointed members will now head and regulate the functioning of the Data Protection Authority.

2. Forced Social Media Verification

To quote from the official Mozilla blog, “In a move that will be disastrous for the privacy and anonymity of internet users, the law contains a provision requiring companies to provide the option for users to voluntarily verify their identities.”

The government’s motivation behind this is to “fight misinformation.” This is ironic because, in several instances, ministers of the government’s own political party have been caught sharing fake news via their official social media handles, a matter which the Narendra Modi government never seems to address.

According to Mozilla, the new law contains a provision to prove an option to verify themselves on social media using their government-issued ID. Mozilla has also discovered several reports that suggest that social media users who avoid this verification will be reported by social media websites to the Narendra Modi government.

3. Indian Government Will Remain Above The Data Protection Law

A new provision in the Data Protection Law will make the Indian government, including all its departments and entities, invulnerable from every part of the law.

According to Mozilla “This leaves the current legal vacuum around India’s surveillance and intelligence services intact, which is fundamentally incompatible with effective privacy protection.”

4. Forced Transfer of Non-Personal Data

The Data Protection Law can force private companies to disclose non-personal data to the government. Non-personal data includes everything other than personal data, for example, sales data location information.

Organizations like Amazon and Flipkart have already raised issues over this. But Uber seems more agreeable. Udbhav Tiwari of Mozilla argues that this provision “can be used to draw dangerous inferences and patterns regarding caste, religion, and sexuality.”

5. No Timeline Or Structure In Implementation

“The 2018 draft clearly laid out the timelines for the creation of the Data Protection Authority, the accompanying subsidiary legislation, and the date in which the law would finally be enforceable,” said Udbhav.

However, the new provision removes any hint or reference to the said timeline. It merely mentions that the Central Government may notify the enforcement of the law at its complete discretion.

There are some pros to the Data Protection Law as well, you can read about them here.

Sharing his own remarks, Udbhav Tiwari also said:

“Indians have been waiting for a strong data protection law for years now. This latest bill delivers real privacy in regards to processing by companies, but is a dramatic step backwards in terms of processing and surveillance by the government. Exceptions for government use of data, the verification of social media users, and the forced transfer of non-personal data all represent new, significant threats to Indians’ privacy. If Indians are to be truly protected, it is urgent that the Parliament reviews and addresses these dangerous provisions before they become law.”

Also Read: Google Is Trying To Make First US Data-Privacy Law Practically Useless