New Delhi, 26 Aug : Multiple attempts have been made in the past by Modi Govt to snoop into the living rooms of ordinary people. (i) Leakage of AADHAAR Data, then facing a backlash on it. (ii) Not recognizing Right to Privacy as the Fundamental Right, then relenting after SC verdict (iii) Collection of Data through tainted global firms (iv) Not working towards a Data Protection Law (v) Miserably failing to achieving its mischievous motives by establishing a “Social Media Communication Hub”.
All these mala fide attempts of the Modi Govt have been nipped in the bud by the Congress Party, Courts and Activists. But Modi Govt has not learnt its lessons and the urge to snoop and spy on ordinary citizens by using all means has now forced it to take out yet another arrow from its deceptive quiver to target our Privacy!
The introduction of DNA Technology (Use and Application) Regulation Bill, 2018, in a hush-hush manner, in the recently concluded Monsoon Session of the Parliament is another attempt towards this mala fide objective.
We do not disagree with DNA profiling; but Modi Govt’s ill-conceived DNA Bill brazenly violates Data Protection and Right To Privacy.
Fearing backlash from a united opposition in the Rajya Sabha; Modi Govt decided to withdraw the DNA Bill after listing it in the business of the House. The Bill was then notified in the business of the Lok Sabha-at late night on 8 August and was introduced on 9 August. The idea was to resist the opposition to introduction of the bill. The magnitude of desperation of the Modi Govt is so huge, that they did not even wait for the Ministry of Electronics and IT to present its Data Protection Bill, as the DNA Bill violates the principles of Srikrishna Committee Report on Data Protection in India and the Personal Data Protection Bill submitted by the committee.
Surveillance breeds conformity. And this government is an absolute conformist government. DNA Bill is an attempt to strengthen this conformity.
MASSIVE LOOPHOLES IN THE BILL:
· Selection of members of the DNA Regulatory Board- In sub-clauses 4(b), the criteria of being an ‘Eminent Person’ for the position of Vice-president, and in sub-clause 4(k), the criteria of being an ‘Expert’ for the position of member of the Board- will entitle the government with discretionary power to choose person favourable to it. Similarly, clause 27 entitles the Government to choose Director of National DNA Data Bank based on its discretion.
· Data Processors and Data Collectors do not have compliance to ensure data protection – In Chapter IV of the Bill titled as ‘Obligations of DNA Laboratory, no obligations have been prescribed for the data processor to ensure data protection and privacy. The DNA laboratories also being the data collectors do not have to comply with specified processes/ methods of data collection in order to ensure personal data breach.
· Entitlement of powers to DNA Regulatory Board overpowering judiciary- Clause 57 of the Bill reads, “No court shall have jurisdiction to entertain any suit or proceeding in respect of any matter which the Board is empowered by or under this act to determine.” The Bill seeks to entitle the DNA Regulatory Boards with powers that might not come under the jurisdiction of judiciary.
· No information to Data Subjects about data sharing with third parties: The Data Subjects will have no clues as to for which purposes their personal data are being used once they are collected.
· No clarity on deletion of data: The Bill does not set a limit on how long someone’s DNA will be kept on record. According to clause 31 of the Bill, the DNA Data Bank will not store data permanently and will be removed, as per “order of the court”.
DNA BILL VIOLATES ‘RIGHT TO PRIVACY’
· Another Aadhaar-like database:Numerous examples have testified how easily AADHAAR data can be accessed. The country right now is waging a battle to secure AADHAAR. DNA Database could be another AADHAAR like database, without adequate protection and safeguards.
· Profiling of an individual: DNA samples can reveal not just how a person looks, or what their eye colour or skin colour is, but also more intrusive information like their allergies, or susceptibility to diseases. As a result, there is a greater risk of information from DNA profiling getting misused to create a profile of an individual and use it for surveillance as well as for making profits.
· No guarantee of Data Security: The bill has only limited attempts to prevent misuse of data, with a few provisions seeking the imposition of jail terms of up to three years and a fine of up to just Rs 2,00,000 on those who leak information stored in such data banks. There is no legal requirement under the law for any data breaches of the proposed DNA banks to be disclosed either to the government or to the original individuals whose data is collected. There is no linkage shown between the government’s other cybersecurity projects and regulations, and the present law.
- Not in line with international Convention: The International Convention for the Protection of all Persons from Enforced Disappearance sets out the protection that should be built into the law when genetic material is used for identification. The provisions of the Bill violate the principles of the international convention by allowing DNA Profiling for purposes other than searching for a disappeared person.
- Sensitive data on gender and caste: The Bill will not only give intrusive details like DNA data, but also gender and caste which are sensitive from sociological aspect.
- Opposition by AP Shah Committee: The AP Shah committee on privacy expressed its concerns on the issue of breach of privacy by DNA profiling. The Committee made several recommendations including ensuring safeguards against breach of data by the government, right of citizens against retention of data, notification and mandatory consent of Data Subject taken before sharing the data with third party, besides many. The bill does not seem to consider either of the recommendations.
- Contrary to Right to Privacy Judgment: The Law Commission Report dates prior to the Puttaswamy Judgment of Supreme Court, interpreting Right to Privacy as a fundamental right. The bill needs to be redrafted and tested against the Right to Privacy judgement.
- Based on a problematic, and outdated report from the Law Commission: The Law Commission had noticed that the fundamental Right to Privacy had been questioned in the Supreme Court and been referred to a larger bench, but, since the judgment had not yet been delivered, it had no means of testing it against the right to privacy as it has emerged from this judgment. The Bill will have to pass the test of life, liberty, dignity and privacy that has been explained in great detail in the judgment.
- No Consultation:Modi Govt did not hold a single consultation to take to opinion of the stakeholders and the civil society on such a sensitive Bill. This reeks of mal intent.
1. Whywas the DNA Bill advanced in Parliament, without considering the Srikishna Committee Report? Does it not show the mal intent of the Modi Govt? Existing provisions of the DNA Bill do not match up with data protection language, with no clarify on the obligations of government agencies and any entities they contract as data controllers, and whether Indian citizens will have true data protection rights regarding their DNA. Is the Modi Govt sure that the DNA Bill will not violate the privacy provisions of the Srikrishna Committee report?
2. If Srikrishna Committee report gets approval and gets introduced as legislation, how will the Modi Govt deal with two contrary laws? Already, the Ministry of Health has been reported to have reconsidered its own separate health records privacy law (DISHA) in accordance of the Srikrishna Committee Report.
1. The Congress party opposes any kind of surveillance on private lives and demands for withdrawal of the bill from the Lok Sabha at the earliest.
2. We demand that Modi Government introduces a comprehensive Data Protection Law first, encompassing issues pertaining to all the sectors and Ministries of the Government.
3. The window for public consultation on Data Protection Bill should be broadened and made public.
4. All the legislation and policies including the DNA Bill and the DISHA Bill should not be introduced until the legislation on Data Protection is implemented.