On August 24, 2017, the Supreme Court declared the right to privacy a fundamental right, a ruling widely welcomed. But many transparency advocates also felt apprehension, fearing that the right to privacy — meant to protect citizens from arbitrary state and corporate surveillance — might be deployed first and foremost to shield authorities from scrutiny by citizens.
Issue of accountability
The Personal Data Protection Bill, 2018, drafted by the Srikrishna Committee, confirms these concerns. The Bill identifies “personal data” as any data that directly or indirectly identifies a person. It then calls for amending clause 8.1.j of the Right to Information (RTI) Act, 2005. The clause currently exempts the following from disclosure: “information which relates to personal information, the disclosure of which has no relationship to any public activity or interest, or which would cause unwarranted invasion of the privacy of the individual unless the Public Information Officer... is satisfied that the larger public interest justifies the disclosure. Provided that the information which cannot be denied to the Parliament or a State Legislature shall not be denied to any person.”
The Srikrishna Committee suggests amending this clause to authorise public information officers, or PIOs, to deny information containing ‘personal data’, if they feel that such disclosure is likely to cause harm to ‘the data principal’, and if such harm outweighs public interest. The Bill defines ‘data principal’ as whoever the data relates to. This amendment may seem reasonable on first reading, but for the practical experiences of RTI users in the past years.
The RTI Act’s core aim is to bring accountability by making available public records that disclose the actions and decisions of specific, identifiable members of the political class and the bureaucracy. The Data Protection Bill extends the cloak of ‘personal data’ over all such information. It asks PIOs (now overwhelmingly appointed at junior levels) to weigh public interest against the potential for harm to those identifiable in public documents. The Bill defines harm expansively to include everything from blackmail and bodily injury to loss of reputation, humiliation and “mental injury”. The Bill ignores that another key aim of the RTI Act is “containing corruption”. By bringing corruption to light, dogged RTI users have served public interest and caused ‘harm’, in terms of the Bill, to those exposed.
A ‘powerful proviso’
Further, most public records identify one or more persons. For instance, file notings identify bureaucrats making decisions by their posts, or even initials/names; public records, such as contracts awarded or clearances issued, identify specific private actors. Under the proposed amendment, PIOs will be forced to test public interest versus potential for harm to multiple “data principals” in just about every request that they handle, and this is a responsibility they will be reluctant to take on. When nine judges of the Supreme Court are unable to frame the bounds of privacy, can we expect PIOs to assess which information is private, and then weigh the potential harm to individuals due to disclosure, guided all the while by public interest and the cause of accountability?
The amended clause will chill the RTI Act, as PIOs will now have a strong legal ground to play safe, and toss out RTI requests deploying an amended clause 8.1.j. In fact, this is already happening on account of how the Supreme Court has perhaps inadvertently mangled the privacy safeguard provided in the existing Section 8.1.j. The RTI Act currently provides an acid test to help PIOs respond to requests: “Provided that the information which cannot be denied to the Parliament or a State Legislature shall not be denied to any person.” This is a powerful proviso, also retained in the proposed amendment. It implies that PIOs can deny only that information to applicants which they would deny to Parliament or State legislatures.
However, in Girish Deshpande v. Central Information Commission & Ors. (2012), a two-judge Bench of the Supreme Court ignored this proviso and prior precedents in order to rule that the assets and details about the performance of a public servant constituted personal information, and were exempt from disclosure. This has set a precedent for subsequent court rulings and for PIOs to indiscriminately expand the ambit of personal information, and reject RTI requests, using clause 8.1.j. Recently, the Union Department of Personnel and Training denied information about the mere number of IAS officers whose annual performance appraisal reports were pending, as of 2017. The PIO cited clause 8.1.j and the 2012 SC ruling as grounds for denial. In essence, the court has implicitly read down the powerful proviso above, prompting PIOs to “profusely abuse” the privacy exemption in the RTI Act, as Central Information Commissioner M. Sridhar Acharyulu has observed. According to Acharyulu, PIOs’ “misuse of 8.1.j is rampant”, and is reducing RTI to “a mockery.”
The government should be addressing these alarms raised by the Central Information Commission, the RTI’s apex watchdog. The precedent created by Deshpande and its widespread abuse by PIOs need to be corrected, to reaffirm the fundamental right to information. Instead, the government is embarking on a project to legalise such ‘abuse’, by diluting transparency in the guise of an amendment furthering privacy.
If the Bill is passed as is, and the RTI Act amended, it will deal a body blow to India’s hard-won right to information. The Ministry of Information Technology is accepting public feedback on the Data Privacy Bill until the end of September. Citizens should use this window to urge the government not to amend the RTI Act.
Aniket Aga is faculty at Ashoka University. E-mail: email@example.com. Chitrangada Choudhury is an independent journalist and researcher