According to a story published in The Indian Express on Sunday, the think tank NITI Aayog, which is controlled by the Union government, has expressed disapproval of the parts of the Digital Personal Data Protection Act that would change the Right to Information Act.
The newspaper stated that NITI Aayog had written to the Ministry of Electronics and Information Technology on January 16, 2023, requesting it not to enact the law in its current form as it could weaken the Right to Information Act. It cited the response received under a Right to Information question.
August 2023 saw the passage of the Digital Personal Data Protection Bill, 2023 by the Parliament. President Droupadi Murmu approved it on Saturday of the same month. The Act’s regulations have not yet been announced.
Activists and academics told Scroll after the Act was approved that they believe it will weaken the Freedom of Information Act. This occurred as a result of the Right to Information Act’s Section 8(1)(j) being amended by the Digital Personal Data Protection Act.
Presently, Section 8(1)(j) prevents a public authority from sharing anyone’s personal information if the disclosure of this information has no bearing on any public activity or interest, or the disclosure of the information would cause an unwarranted invasion of the privacy of an individual, unless such disclosure is justified in larger public interest.
Nevertheless, the public activity/public interest exclusions in Section 8(1)(j) of the Right to Information Act are eliminated by Clause 44(3) of the Data Protection Act, which changes the section to provide a general exemption on public authorities disclosing any personal information.
According to The Indian Express, NITI Aayog has objected to Clause 44(3), claiming that the change would rob Public Information Officers of their authority “to examine the condition” and therefore “weaken the RTI Act.”
According to a senior official who was not named in the publication, the Department of Personnel and Training—the organization in charge of implementing the Right to Information Act—did not voice any issues about the Act’s change, which is why the recommendations were rejected.
In addition to the Right to Information Act amendment, the Data Protection Act imposes requirements on governmental and private organizations regarding the gathering and use of personal data of persons.
Additionally, it gives citizens the right to view, rectify, erase, move, and restrict their data, and it requires data fiduciaries to acquire consent before processing that data on a regular basis. It suggests that organizations that misuse or neglect to protect people’s digital data could face fines of up to Rs 250 crore.
Several data privacy campaigners have opposed to the Act, noting that data fiduciaries under the law do not have to warn users about the third parties with whom their data will be shared, the period for which their data will be retained and if their data will be transferred to other countries.
A number of Members of Parliament from the Opposition left a Parliamentary Standing Committee meeting in July of last year in protest over a plan to adopt a report endorsing the Digital Personal Data Protection Bill. They stated that the panel had approved the report without properly reviewing the measure.