The Department of Personnel and Training (DoPT), Government of India, has become the nodal agency for drafting laws on privacy and data protection in India.

Recently suggestions were invited from people on what such a law should contain. It appears that very few civil society organisations and even fewer RTI users and activists responded to this advertisement. Perhaps this is why the recentWorkshop on Legal Framework for Privacy, Data Protection and Security  hosted by the DoPT had barely two or three civil society representatives, with a large majority of participants from government departments and agencies. Senior officers of the RTI Unit of the DoPT constituted the remainder of the delegation.

The summary of the proceedings and the power point presentations from the Workshop make for an interesting read. The absence of a clear and comprehensive legal framework for data protection and safeguarding privacy of individuals is a major theme. In the era of growing digital databases containing information about individuals and their transactions in both private and public sectors, this lack of clear regulation on data protection and privacy is an obstacle.

Two of the Workshop participants, the Registrar General, Census of India and the Chief Legal Advisor Indian Banks Association (IBA) called for amendments to the RTI Act to protect the data that was gathered while conducting sample surveys or banking operations. The Registrar General noted that the Central Information Commission did not allow access to information about private individuals that was collected during the census. Nevertheless he was in favour of amending the RTI Act to immunise such data from disclosure. The IBA representative held that the existing laws governing secrecy of bank transactions were adequate and no separate law on privacy and data protection was necessary. However he demanded an amendment of the RTI Act to protect banking secrecy.

The proceedings show that one participant asked the big question: “Is the right to privacy a fundamental right?” (Someone has to ask such a question at some point, especially if nobody does it at the beginning!). There is however, nothing in the proceeding to indicate if this question was satisfactorily answered. Neither is there any reference to the jurisprudence developed in India on the subject of the fundamental right to privacy. One may perhaps assume that this issue was not discussed at all and this is ample reason for concern. 

There are several cases where the Indian Courts have stated the scope of the right to privacy. The kind of information for which disclosure may be denied on grounds of privacy, instances when the claims for privacy do not apply (i.e. when the personal information is contained in public records), the status of medical records and data regarding financial transactions have been discussed several times by the Supreme and High Courts.

Some High Courts have even stated when the right to privacy must yield to the people’s right to know in the era of the RTI Act. There at least two cases that spring to mind, one of them being the celebrated as the “Supreme Court Judges Assets case”. Perhaps the DoPT may elect to consult other experts on this important subject in future!

It is high time that all RTI users and activists start to engage with the DoPT to ensure that a sound law for protecting privacy and data is drafted without curtailing the RTI Act.