International Day for Access to Information: The Plight of Data Act and RTI
The amendment to the Right to Information, through the DPDP law, was criticized by some as “neither the right to privacy nor the right to information”
By M Sridhar Published on 2 Oct 2023 3:15 AM GMTRepresentational Image
Hyderabad: Digital Personal Data Protection Act, 2023 (DPDP law) also called the Data Act, will severely affect the Right to Information Act (RTI), 2005. The Bill was passed by Parliament on August 9, 2023, and the President consented on August 12, 2023. The most important Bill was passed by both Houses of Parliament without just discussion in a couple of days.
The Data Act looks like a conflict between two fundamental rights, that is, the right to information, part of Article 19 (1) and Article 21 of the Constitution of India, protection of life and personal liberty.
The amendment to the Right to Information, through the DPDP law, was criticized by some as “neither the right to privacy nor the right to information”.
Most Empowering RTI
The RTI Act is acclaimed as the most empowering legislation for democracy. Ever since it has come into effect, it has been of great help to every segment of society to obtain relevant information capable of protecting general Constitutional rights.
Unfortunately, the proposed Data Protection Act will have a damaging impact, through this amendment to the RTI Act. It says that all information that can be related to a person may be denied. In effect, it allows the Right to Information Act to become a Right to Deny for public information officers.
It has built-in adequate safeguards through Section 8 (1) (j) while fighting against harassing bureaucracy or protecting helpful officers. For a small fee of Rs 10, one could secure individual privacy with important exemptions with exceptional impact.
Former Central Information Commissioner Shailesh Gandhi, (along with this writer being a former CIC shared the shared signatory) explained: The first attempt to weaken the law by the government in less than a year in 2006 was by trying to amend it by broadening the scope of the exemptions. Since there was a strong protest by citizens across the country, the attempt was aborted. Some more attempts were made to amend the law but were also given up. The present government amended the provisions relating to the status and tenure of the Information Commissions but did not touch the exemptions. Despite a very well-defined process and provisions of the law, bureaucrats have found various ways to frustrate the citizen’s rights.
Shailesh Gandhi agreed that this is done by not following the provisions of the law strictly. This is aided by the adjudicators turning a blind eye since most of them are not able to internalize this transfer of power to citizens.
On the other hand, the new law changed the text and context of RTI by reinterpreting the provisions of Section 8 (1). The provisions stated that “information which cannot be denied to the Parliament or a State Legislature shall not be denied to any person”. Earlier, it was only applicable to Section 8 (1)(j) and now it will affect the whole of Section 8(1) removing the almost.
When the RTI Act was enacted, it had ten critical exemptions under Section 8 (1) and the law served democracy primarily for good governance. But the most common the machinery of Government has misused exemption is Section 8(1)(j), which accounts for 35% of refusals.
Section 8 (1)( j ) exempts
“...information which relates to personal information the disclosure of which has no relationship to any public activity or interest, or which would cause unwarranted invasion of the privacy of the individual unless the Central Public Information Officer or the State Public Information Officer or the appellate authority, as the case may be, is satisfied that the more significant public interest justifies the disclosure of such information:
Provided that the information, which cannot be denied to the Parliament or a State Legislature, shall not be denied to any person. ”As per the law, personal information may be exempt if:
a) It is not related to a public activity or interest, or
b) Would cause an unwarranted invasion of the privacy of an individual.
To help an officer, Information Commissioner or judge to arrive at the right decision the special proviso was provided as an acid test. Whoever claims that a disclosure was exempt under Section 8 (1)(j) should make a statement that she would not give this information to parliament.
Many refusals of information did not adhere to the law but refuse information with a bland statement that since it is personal information, it will not be given. It has been widely used to cover up arbitrary, corrupt, or illegal acts by government officials.
There is almost no instance where the release of information under RTI has caused any significant loss to any national or personal interest that deserves to be protected. Parliament should have understood the need to safeguard offices and protect the RTI Act against indirect attempts to destroy it through the DPDP Act. Nothing is left to Parliament, democracy, and the rule of law. Absolute power resides in the President through the Prime Minister.
The RTI Act, 2005 came into being after fighting for a couple of decades over access. Only a close reading of the 2005 Act and the Data Act can clarify the myths surrounding them. Both Acts have a significant effect, separately and together.
The objective of the Data Act as on title is: An Act to provide for the processing of digital personal data in a manner that recognises both the right of individuals to protect their personal data and the need to process such personal data for lawful purposes and matters connected therewith or incidental thereto.
It does not refer to the Right to Information Act; indirectly, it said, “the right of individuals…connected therewith or incidental thereto”. The Bill of 2019, which was made into an Act,
“the Statement of Objects and Reasons in the Bill in 2019, before it was amended in the 2023 form, said:
1. In the matter of Justice KS Puttaswami and another vs Union of India [WP 494 of 2012], a nine Judge Constitutional Bench of the Supreme Court, while delivering its judgment on August 24, 2017, declared “privacy” as a fundamental right under Article 21 of the Constitution. Subsequently, on September 26, 2018, a five Judge Constitutional Bench of the Supreme Court while delivering its final judgment in the above case impressed upon the Government to bring out a robust data protection regime.
2. The proposed Legislation seeks to bring a robust data protection framework for India and to set up an Authority for protecting personal data and empowering the citizens with rights relating to their personal data ensuring their fundamental right to “privacy and protection of personal data”
They directly deal with “privacy and protection of personal data”.
Not Just Section 44
No one should mistake that the Data Act 2023 amended just one provision — Section 44 — of the RTI Act and that Parliament retained the rest of the RTI. Each provision of the Data Act will have a serious impact on RTI as well.
Unfortunately, the amendment of Section 8 (1) (j) at Section 44 (3) of the Digital Personal Data Protection Bill 113 of 2023 (DPDP) leads to a serious fear that it will convert RTI into a Right to denial of information. The authorities will refuse to part with useful information under the cover of corruption.
The Data Act and RTI Act, as the last provision in Section 44 of the Data Act, says
(3) In section 8 of the Right to Information Act, 2005, in sub-section (1), for clause (j), the following clause shall be substituted, namely: —, …and (j) the information which relates to personal information
This Section (1) (j) under the above through Data Act, does not say whether it applies to the complete RTI Act, 2005.
Interestingly, the government used Section 44 of the Data Act, of 2023, through
“(1) In section 14 of the Telecom Regulatory Authority of India Act, 1997, in clause (c), for sub-clauses (i) and (ii), the following sub-clauses shall be substituted, …:..” which diluted, means, will remove the oxygen pump, from the patient of Right to Information Act 2005, “last nail in the coffin” through the “…shall be substituted, namely:—
“(j) information which relates to personal information;” S(1)(j).
Dangerous Definition of a ‘Person’
The Data Act, 2023, which was recently passed by Parliament, directly gives a dangerous definition of a ‘person’ in Act Section 2(s), (t) “personal data” and (u) “personal data breach” in read with exemption amended RTI.
The meaning of the word “data” [2(h)] under the Data Act will also restrict the wide power of the changed RTI.
(h) “data” means a representation of information, facts, concepts, opinions, or instructions in a manner suitable for communication, interpretation, or processing by human beings or by automated means;
Hence, the following words, as defined, are very significant provisions from the point of view of RTI.
(i) “data fiduciary”,
(j) “data principal”,
(k) “data processor,
(n) “digital personal data”
Over and above, the (v) “prescribed” means prescribed by rules made under this Act. The entire power is now concentrated with the Union Ministry of Information.
Any critic suffers the impact of increasing power through the ‘application’ of Section 3 of the Data Act in the processing of ‘digital personal data’. Lucky for us, Act Section 3(c) will not apply.
The illustration said: “X, an individual, while blogging her views, has publicly made available her personal data on social media. In such case, the provisions of this Act shall not apply”.
Section 6 of the Data Act provided the consent, supported with illustrations to explain, it says “..and be limited to such personal data as is necessary for such specified purpose”.
Instead of people, officers are empowered
Every provision, with RTI reference, is empowered by the Data Act, especially with Section 6. In Section 9 about the processing of personal data of children, the power goes on centralization in “...as the case may be, in such manner as may be prescribed”.
We do not know whether Parliament realized the whole power of the Data Act. Every provision of the law said, “...as the notification may specify.” The expression ‘may’ should be understood as giving complete power to the officers of the union minister and the Prime Minister. Where over ‘may be prescribed’ is the dangerous power, ‘may’ indeed gives the power to the officer concerned.
The section called ‘special provisions’ gives the power in Section 16 of the Data Act. Not only here, but Section 17 enhances scope through exemption:“…(1) The provisions of Chapter II, except sub-sections (1) and (5) of section 8, and those of Chapter III and section 16 shall not apply where —...” Most specifically “(c) personal data is processed in the interest of prevention, detection, investigation or prosecution of any offence or contravention of any law for the time being in force in India” leaves it to officers to decide.
Several state governments and the central government, including personal information, are needed to empower people to undertake collective monitoring and ensure access to their rights and entitlements, besides various welfare schemes.
The government made many provisions to insulate itself from most of the data protection, citing protection of national security, managing foreign relations, maintaining public order and even preventing crimes. This makes the states less transparent and accountable, affecting the liberty of the people.
Under the Data Act, violation of the provision could invite a high penalty for a data breach of up to Rs 250 crore. It requires compliance for the collection and processing of personal data to prevent a breach.
This means whole power resides in Section 40, in addition to many provisions specifically, and gets general authority through ‘power to make rules’, “(2) In particular and without prejudice to the generality of the foregoing power, such rules may provide for all or any of the following matters, namely:—" through every (a) to literally to (z) of Section 40 of the Data Act.
The point to be noted is that the Centre assumed more powers over and above the state governments, in violation of federal principles.
Myth of Good Faith
Section 35 gives more power ‘in good faith’ provision. Now who defines ‘good faith’ and ‘bad faith’? Though it is available in almost all enactments, its impact explains its power.
(The author is the Former Central Information Commissioner of India.)