Scroll Top

HARMONIZING PRIVACY AND TRANSPARENCY: IMPACT OF DIGITAL PERSONAL DATA PROTECTION ACT, 2023 ON RIGHT TO INFORMATION

The clash between Data protection and transparency has remained one of the hot topics of recent times.

INTRODUCTION

The clash between Data protection and transparency has remained one of the hot topics of recent times. Since the advent of the Right to Information Act in 2005, there has been drastic improvement in the accountability and disclosure aspect from the state’s side. The Act has balanced the tribulationsexisting between information seekers and information givers. This has further strengthened the concept of Liberal Democracy upholding the pillars of scrutiny and accountability necessary in today’s political environment.Although there have been significant attempts to dilute and weaken the existing law by proposing amendments, still the post-act conditions have proved to be beneficial and productive for the citizens. According to one estimate, a decade since the initiation of the act, around 17.5 million applications have been filed by citizens.[1]

Before the Digital Personal Data Protection Actof 2023 (further referred to as the DPDP Act), there was no legislation addressing data protection and privacy in India. The Information Technology Act of 2000 only provided the framework for regulating information of individuals on various social media platforms and other spaces on the internet.Hence, the DPDP Act served as a turning point in laying the foundation of privacy law in India. The main engine that gave a boost to the implementation of this law was the KS PuttaswamyCase[2] judgement in 2017which made the “Right to Privacy” a Fundamental right and an important ingredient of Article 21.

On 11th August 2023, the DPDP Act was published in the official Gazette.[3]The DPDP Act aims to create a balance betweenthe protection ofpersonal data(whether in Digital form or in non-digital form which is later on digitized) of any citizen and such data used by the authorities for lawful purposes. This model was inspired by the European Union’s General Data Protection Regulation (GDPR) which has been known to adopt the most stringent regulations in the world.

With the help of Section 44(3)[4], the DPDP Act brings forth its power to amend and subsequently change the critical provisions of the RTI Act, with a specific focus on Section 8(1)(j)[5]which laid down obligations on government bodies to disclose information in cases where it served a larger public interest even though the information may not be related to any public activity or may even invade the privacy of a citizen. But with the coming of the DPDP Act, the rules and regulations have been made stringent and disclosure of information can be denied if it is found to be “personal” in nature even though it may serve a larger public interest. This has subsequently disturbed the equilibrium existing between Privacy and Transparency with some arguing that it gives more power to governmental bodies to keep matters private seriously injuring the citizens ’Right to know.

THE TRADITIONAL NOTION OF ‘SECRECY IS POWER’ AND THE PURPOSE OF THE RTI ACT, 2005

Before 2005, since there was limited scope of the right to know, secrecy and non-disclosure of information by the State used to be the existing norm. The state fostered the growth of a strong bureaucratic and political environment owing to this lack of transparency. Information was considered to be the main power-holding tool and its non-access to the masses exhibited a strong grip of the state over its citizens. Information was considered to be of utmost importance for keeping the issues concerning national security and state interests private.[6]

Later, when the citizens became more aware, they started questioning the state by constantly iterating the phrase “humara paisa humara hisaab”.[7] Finally, after a long period of turbulence between the norms of secrecy and transparency, the Right to Information Act, of 2005 came into being which further strengthened the notion of the right to know as a fundamental right. Although the Act has grappled with challenges in instances like insufficient penalties for defaulting officials and aspects such as non-disclosure and non-compliance, it has proved to be significant in exposing corruption and has given reassurance to citizens that their right to demand information remains intact.

RIGHT TO PRIVACY OR RIGHT TO INFORMATION- WHICH HOLDS MORE POWER UNDER CURRENT LEGISLATION?

Let us first examine the challenges posed by the DPDP Act and how it threatens the Right to Information:

  • Modifications in Personal information exemption clause: Section 44(3)[8] of the DPDP Act deletes the existing provisions of the exemption clause i.e. ,section 8(1)(j)[9] of the RTI Act which permitted the Central/State Public Information Officer to disclose ‘personal information’ if he/she was satisfied that it served a ‘larger public interest’. Now, the information can be denied by merely stating that it is ‘personal’ in nature.

Let us look at this amendment from an RTI applicant’s perspective-

Under the pre-amended clause, the RTI applicant had the power to demand information even if the information was ‘personal’ in nature by proving that it was in the larger interest of the public. For instance, to see the environmental impact of a major infrastructure project, sensitive company data involving its employees could be provided if it justified larger public interest.

However, under the new amendment, the only criteria to be satisfied is the ‘personal’ nature of the information to deny its disclosure.

  • Shift of Legal Authority: This clash is regarding the superior authority of section 38(2)[10] of the DPDP Act according to which it shall take precedence over other laws in matters of conflict only to such extent as necessary. Earlier this power was given to the RTI Act as per its section 22[11].This further raises concerns about the sudden shift of authority and raising the DPDP Act’s provisions above other laws.
  • Impact on denial of information: The broad definition of the term “personal data” in section 2(t)[12] of the DPDP Act has expanded the scope and areas for information denial. According to this section, any information which can identify a person or any relation to the person comes under “personal data”.

In line with these changes, the RTI activists argue that the new legislation undermines the larger public interest and provides a shield to the state for non-disclosure of data by merely stating it as “personal”. The importance of “Public interest” has been quoted in various court rulings including Janata Dal v. V.H.S. Chowdhary (1992)[13] in which the apex court opined that the main aim of “public interest” is to “wipe out the tears of the poor and needy, suffering from violation of their fundamental rights, but not for personal gain or private profit of political motive or any oblique consideration”.[14]

Looking at these changes, it seems clear that the legislature intended to implement the Right to Privacy more stringently as compared to the Right to Information. The legislation has emphasized the fact that personal information should remain private and a balance must be created between the right of individuals to protect their data and the use of such information for lawful purposes.[15]

CONCLUSION

Even though the DPDP Act has significantly helped to provide strong frameworks to protect individual data by keeping a check on its use, allowing citizens to know the purpose of data processing and demanding strict compliance with the provisions, it has somewhere weakened the Right to Information of the citizens which is also a strong pillar that upholds the success of democracy and political accountability in our country.

The interplay between these acts makes it necessary to come up with an approach that helps to preserve the framework of transparency and accountability embedded in our legal system. The RTI Act came into existence after a prolonged process of deliberation and conflict. Although it seems like a clash is likely to unfold between the secrecy that the government wants to maintain and the constant push by citizens towards greater transparency and accountability, there should be efforts to put these two aspects in equilibrium so that we can do justice to the Doctrine of Proportionality and take the principle of Liberal Democracy a step ahead.

Author(s) Name: NAME: Rishita Yadav (Symbiosis Law School, Noida)

Reference(s):

[1]Nidhi Sharma, ‘1.75 crore RTI applications filed since 2005: Study’ (The Economic Times, October 6 2023) <https://economictimes.indiatimes.com/news/politics-and-nation/1-75-crore-rti-applications-filed-since-2005-study/articleshow/54705694.cms?from=mdr>accessed 5 January 2024

[2]Justice K.S. Puttaswamy & Anr vs. Union of India &Ors(2017) 10 SCC 1

[3]AZB & Partners, ‘India: Digital Personal Data Protection Act, 2023 – Key Highlights’ (Mondaq, 1 September 2023) <https://www.mondaq.com/india/data-protection/1360992/digital-personal-data-protection-act-2023–key-highlights>accessed 6January 2024

[4]Digital Personal Data Protection Act 2023, s 44(3)

[5]Right To Information Act 2005, s 8(1)(j)

[6]Himanshu Jha, ‘How India’s Data Protection Law Weakens Citizens’ Right to Information’ (The Diplomat, August 12, 2023)<https://thediplomat.com/2023/08/how-indias-data-protection-law-weakens-citizens-right-to-information/>accessed 5 January 2024

[7]Ibid

[8]Digital Personal Data Protection Act 2023, s 44(3)

[9]Right To Information Act 2005, s 8(1)(j)

[10]Digital Personal Data Protection Act 2023, s 38(2)

[11]Right To Information Act 2005, s 22

[12]Digital Personal Data Protection Act 2023, s 2(t)

[13]Janata Dal vs H.S. Chowdhary And Ors. (1992) 4 SCC 305

[14]Ibid

[15]Chris Brook, ‘What is India’s Digital Personal Data Protection (DPDP) Act? Rights, Responsibilities & Everything You Need to Know’ (Digital Guardian, 6 December 2023)<https://www.digitalguardian.com/blog/what-indias-digital-personal-data-protection-dpdp-act-rights-responsibilities-everything-you> accessed 6 January 2024