Need to decide on public and private data: SC| India News

The court was dealing with a petition filed by a journalist Geeta Seshu along with Software Freedom Law Centre (SFLC) which raised concerns of state surveillance, exemptions granted to state agencies for gathering private data, compensation for cases of wrongful or illegal access, and lack of judicial oversight and independence of the Data Protection Board which adjudicates complaints.

A bench headed by Chief Justice of India (CJI) Surya Kant said, “Ultimately the question to be determined is what is public data and what is private data.” The court issued notice on the petition and posted it along with a batch of petitions challenging the DPDP Act listed on March 23.

Senior advocate Indira Jaising appearing for the two petitioners along with advocate Paras Nath Singh said that the law poses a serious difficulty for journalists who rely on obtaining information about public functionaries . The law introduces a blanket ban on disclosure of any personal information under section 8(1)(j) of the Right to Information (RTI) Act.

Jaising added: “The Act does not define what is public and what is private data and this needs judicial intervention.”

The bench, also comprising justices Joymalya Bagchi and Vipul M Pancholi said, “A person so long as he or she holds public office …, can information relating to such a person be termed as private data. We want you to suggest hypothetical situations where this issue can occur.”

Jaising said that under RTI,information commissioners have the discretion to determine which information is in public interest. With this Act, this discretion has been taken away, she argued.

Meanwhile, the state can “ call for any information even on the grounds of maintenance of public order…”

She further pointed out that the Act has also removed the provision for compensation to an individual if their data has been illegally accessed or breached. The law repeals section 43A of the Information Technology Act, 2000 which provided for compensation to an individual whose data is wrongfully breached.

Finally, “there is fear of surveillance by the state and any complaints will be heard by the Data Protection Board (DPB) which is not independent and lacks judicial oversight,” Jaising added.

The bench said, “We will be formulating the issues to be considered. There has to be a balance between the right to privacy and right to information. None of the rights should become an impediment for the other right.”

The court informed Jaising that it is hearing the issue of privacy in another matter related to WhatsApp and Meta over their data sharing policy. “There, data of the entire citizenry is going into the hands of a private entity. Data is becoming the true wealth as on date.”

Jaising told the court that the present petition makes a comprehensive challenge to the DPDP Act and Rules, which is broader than the issues raised in petitions pending before the court.

The present petition pointed out that Sections 7(c) and 17(2)(a) of the DPDP Act give unchecked powers to the state to direct data fiduciaries to undertake personal data processing of Indian citizens in a legal vacuum. It further empowers the Centre with unfettered discretion to bypass the DPDP Act and Rules on principles such as lawful processing, fairness, transparency, informed consent, purpose limitation, data minimisation, storage limitation and reasonable security safeguards.

The petition said, “In the absence of judicial oversight and any other procedural safeguards, the DPDP Laws fail the standards of necessity and proportionality by allowing the State to accumulate an indefinite (in terms of variety and quantity) amount of sensitive personal data through mass surveillance programmes. It not only obviates the established principles of the DPDP Act but also lacks clear and enforceable standards to prevent extraneous data processing by the state.”