Data Protection Bill report adopted: Cong MP Jairam Ramesh's dissent note warns of unbridled powers to Centre

Senior Rajya Sabha member and Congress leader Jairam Ramesh has moved a dissent note to the report on the Personal Data Protection Bill, 2019, which the Joint Committee of Parliament adopted on Monday, November 22, 2021. His objection note pointed out that Section 35 of the JCP gives almost unbridled powers to the Central government to exempt any government agency from the entire Act itself.

Ramesh underscored that the Personal Data Protection Bill assumes that the constitutional right to privacy only arises where operations and activities of private companies are concerned. “Government and government agencies are treated as a separate privileged class whose operations are secondary. The idea that the August 2017 Puttaswamy judgement of the Supreme Court is relevant only for a very, very, very tiny section of the Indian population is, in my view, deeply flawed and troubling and is one I totally reject,” wrote Ramesh to PP Chaudhuri, the chairperson of the Joint Committee of Parliament on PDP, 2019.

Ramesh, who posted the letter on his Twitter handle, stated he had objections to Section 35 and 12 of the Bill and had suggested changes to these said sections. “The JCP gave me a patient hearing but I was unable to convince it of the merits of my arguments. The general consensus in the JCP appeared to be in favour of not accepting my amendments and I did not want to force the issue beyond a point,” noted Ramesh.

As Section 35 gives unchecked powers to the union government, Ramesh mentioned that in the amendment he had suggested, the Central government would have to get Parliamentary approval for exempting any of its agencies from the purview of the law.

“Even then the government must always comply with the Bill’s requirement of fair and reasonable processing and implementing the necessary security safeguards. I was willing to compromise provided the JCP had recommended that the reasons for exemption that would be recorded in writing as provided for in the Bill would be tabled in both Houses of Parliament,” added Ramesh. The senior Congress leader noted that this would bring about greater accountability and transparency, but the Committee did not accept these suggestions either.

The Congress party's chief whip in Rajya Sabha, Ramesh observed that Section 12(a)(i) of the Bill creates certain exceptions for governments and government agencies from the provisions of consent. “While fully understanding the logic for such exemptions in a number of circumstances, I had suggested some changes to make this exemption less sweeping and less automatic. The JCP’s report allows a period of two years for private companies to migrate to the new data protection regime but governments and government agencies have no such stipulation,” he said.

Ramesh said the amendments proposed are in line with the recommendations of the Justice Srikrishna Committee Report and Clause 42 of the 2018 Personal Data Protection Bill prepared by it. He explained that the ground of “public order” should be deleted from Section 35 as it could be misused. “Despite the Supreme Court distinguishing between the standards of “law and order”, “public order”, and “security of state”, these standards are often conflated in practice. Hence, to ensure a narrow tailoring of the exemption and limiting its scope, the term “public order” should be deleted from Section 35(i) and (ii) of the Bill,” he added.

“Based on a reading of the Supreme Court’s privacy judgment, the Justice Srikrishna Committee had identified ‘security of the State’ as the sole interest that should be privileged under exceptional conditions, as an exemption from certain obligations of the law. Given the breadth of the proposed power under Section 35, the exemptions should be narrowly tailored to protect the law from a constitutional challenge,” asserted Ramesh.

In Section 12, Ramesh wanted “proportionate” to be added to the text of Section 12 of the Bill so that it read as “the personal data maybe processed if such a processing is necessary and proportionate. He reasoned that the Bill creates an exception for the conditions under which the State can collect personal data of individuals without their consent. Any exception and exemption under law should be narrowly tailored.