Power Over Privacy: New Personal Data Protection Bill Fails to Really Protect the Citizen’s Right to Privacy
Nikhil Pahwa for the Times of India
Hannah Joseph is an Asia Society Bridge Fellow.
December 13, 2019
As India's parliament moves to pass a highly contentious data protection bill—known formally as the Personal Data Protection Bill—Asia 21 Young Leader Nikhil Pahwa ('19) comments on the shortcomings of the bill and gives insight into some of the issues surrounding the “power over privacy" debate. Citing two privacy violation cases in India and the Philippines, Pahwa points out that the bill carries the potential to limit the Data Protection Authority—the new agency that will oversee the enforcement of the regulations under the bill (if enacted)—and give the government access to non-personal data, and allow it to evade scrutiny from the agency. Below is an excerpt of the op-ed published by the Times of India on December 12, 2019.
Earlier this year, in April, a data breach in the Election Commission of Philippines led to the leakage of personal information of over 55 million eligible voters on a searchable website: including names, addresses and date of birth. This was not the first data breach from the Election Commission. After the first, which took place in March 2016, where 340 GB of voter data was published online by a group of hackers called LulzSec Pilipinas, the National Privacy Commission of Philippines found that the Election Commission had violated the Data Privacy Act of 2012, and recommended criminal prosecution of its chairman, finding him liable when the agency failed to dispense its duty as a “personal information controller”.
It’s 2019, and that recommendation has still not been acted upon, because the National Privacy Commission of Philippines only has recommendatory powers for criminal prosecution. Meanwhile, data breaches continue at the Election Commission of Philippines.
Between 2017 and 2018, Aadhaar related personally identifiable data of several Indian citizens, including names, addresses, bank account numbers, in some cases pregnancy information and even religion and caste information of individuals, was published online by Indian government departments. The Centre for Internet and Society, in a report, estimated that personally identifiable data for 130-135 million Indian citizens had been leaked, thus putting them at risk. 210 government websites had made Aadhaar related data public, UIDAI confirmed in response to an RTI in 2017.
Read the full article in the Times of India.