A bill introduced in the Lok Sabha on Thursday on personal data protection seeks to neutralise the right to information from public offices, RTI activists complained.

The activists said the Digital Personal Data Protection (DPDP) Bill 2023 would erode the right to information and weaken the accountability of public servants to citizens.

The bill defines a person as an individual, a Hindu undivided family, a company, a firm, an association of persons or a body of individuals, the State and every artificial juristic person.

The RTI Act provides for the protection of such personal information that has no relation with any public activity or interest, or which would cause unwarranted invasion of the privacy of the individual. The act also says information that cannot be denied to Parliament or a state legislature shall not be denied to any person.

Therefore, the RTI Act allows public information officers (PIOs) to share information related to beneficiaries of government schemes, inquiry reports on any irregularities in any institution or scheme and complaints against officials, among others.

The DPDP Bill says the clause related to personal information in the RTI Act will be amended to only mention that “information which relates to personal information” will not be shared with citizens.

Anjali Bhardwaj, co-convenor of the National Campaign for People’s Rights for Information (NCPRI), said the DPDP Bill would deal a huge blow to the RTI Act by expanding the scope of personal information.

“If the DPDP Bill is passed, people’s ability will be severely curtailed to access information on how many people worked under a project in the MGNREGA, or how many beneficiaries received ration under the food security law, or defaulters of loans from public sector banks, or the name of a contractor of a project, or the background of election candidates — since all these categories will be considered personal information," she said.

Bhardwaj said this would potentially prevent people’s monitoring of the voter list and the lists of beneficiaries of government schemes, which might have wrong entries that cannot be accessed or challenged.

The NCPRI has written to the government expressing concern about the changes being planned to the RTI Act. It has also reached out to Opposition parties to sensitise them about the alleged dilution of the RTI law through the DPDP Bill.

Bhardwaj said the Centre can exempt any government or even a private sector entity from the application of the provisions of the law by merely issuing a notification, potentially resulting in rampant violation of citizens’ privacy. Small NGOs, research organisations, associations of persons, and Opposition parties that the government chooses not to include in the exemption notification would have to set up systems to comply with the obligations of a data fiduciary as described in the law, she said.

Bhardwaj said the DPDP Bill provided for the creation of a Data Protection Board (DPB) to enforce the compliance of provisions of the legislation. The bill vests in the central government wide powers, including the appointment of the chairperson and members and deciding the strength of the DPB.

The board has the power to impose penalties up to Rs 250 crore in cases of violation of the law. This raises apprehensions about the potential misuse of the board by the central government to target civil society groups and the political Opposition, Bhardwaj said. She underlined the need for such an institution to function without the interference of the central government to protect the rights of the people.

“No suit, prosecution or other legal proceedings shall lie against the Central government, the Board, its Chairperson and any Member, officer or employee thereof for anything which is done or intended to be done in good faith under the provisions of this Act or the rules made there under. The Central Government may, for the purposes of this Act, require the Board and any Data Fiduciary or intermediary to furnish such information as it may call for,” the bill says.

Shailesh Gandhi, a former central information commissioner, said most PIOs would have the option now to either give or deny information.

“Personal information relates to persons which could be a natural person or a company or the State. If a PIO (public information officer) denies any information related to any scheme or programme, he cannot be faulted. This is for the first time the fundamental rights of citizens are being constrained by law,” Gandhi said.

He said there had been no major case of any misuse of the RTI Act or breach of personal information through the legislation.

“The objective of the RTI Act was to make governance accountable. It is only possible by effective monitoring by the citizens. The RTI Act provided power to the people. That power is being curbed. This will encourage corruption,” Gandhi said.

Digital rights body Internet Freedom Foundation said: “The Internet Freedom Foundation is extremely disappointed by the version of the Digital Personal Data Protection Bill 2023 that has been introduced in the Lok Sabha today.”

The IFF’s main concern is regarding the “widening exemptions granted to government instrumentalities”, which it said might increase State surveillance.

Cyberspace advocate N.S. Nappinai said: “The very purpose of the data protection law is to protect users against indiscriminate collection of data. The bill tabled unfortunately has failed to incorporate the critical ‘opt-out’ provision as apprehended, which was essential to ensure such limitation in collection. The present draft limits use but not collection.”

Prashant Phillips, executive partner at Lakshmikumaran and Sridharan Attorneys, pointed out: “Section 37 provides the Data Protection Board certain advisory powers through which the board may recommend blocking public access to a computer resource or a platform.”

Under Section 37 of the bill, the board has only advisory powers, while the final authority still vests with the Centre. “It is pertinent to note that the Centre has powers to limit access under the Information Technology Act 2000,” he added.