The DPDP Act says data related to any person cannot be published without their consent, which can even be extended to police officers, politicians or businessmen accused of wrongdoing, she added, explaining that this becomes a major risk for journalists trying to unearth corruption, misgovernance, state-backed violence, and similar matters.
“If a journalist wants to publish the names of the people whose corruption they have unearthed on the basis of personal data that they collect, they will now be worried because the [DPDP] law covers even processing of data like publishing, etc,” Anjali said.
“This effectively means journalists can only act as PR agents, as they are only allowed to say what the government permits them to say. This is dangerous at many levels in our democracy,” she added.
Independent researcher Srinivas Kodali pointed out that unlike the European Union’s General Data Protection Regulation (GDPR), India’s DPDP Act does not include exemptions for journalists. The law does exempt researchers and archivists. It says that the law won’t apply to the processing of personal data “for research, archiving or statistical purposes” under certain conditions.
It even provides certain exemptions for startups, but not for journalists.
“The Act exempts startups, with the justification that they are an important part of our economy and they must be allowed to experiment as they like. Isn’t journalism an important part of society? Why is one category of information operations exempt and not the other?” Srinivas asked.
Srinivas noted that the law gives blanket exemptions to the government. “When we demand privacy, we seek privacy for people and transparency from the state. With this Act, the state is claiming secrecy in the guise of privacy and asking for transparency from the people. This is not about data protection or privacy, it’s merely about data governance,” he said.
Anjali cautioned that the data protection law gives complete powers to the Union government to seek any information from anyone deemed as a data fiduciary.
Section 36 of the DPDP Act (Power to call for information) says, “The Central Government may, for the purposes of this Act, require the Board [Data Protection Board of India established by the Central Government] and any Data Fiduciary or intermediary to furnish such information as it may call for.”
“Till now, whenever the government sought data from citizens, there were guardrails. Even if the police asked for information, one could question the legality. But with this law, without an FIR or giving any reason, the Union government can demand data from you, with no guardrails. This completely exposes citizens to state surveillance, which is precisely the kind of thing the law was supposed to stop,” she said.
Anjali also said that while the Supreme Court has declared both the right to information and the right to privacy as fundamental rights, the DPDP Act fails to protect both these rights.
“People have been using the RTI law to ensure their basic rights, fight corruption, and ensure that human rights violations don’t remain behind a veil of secrecy. That is absolutely going to stop in many ways. It is very clear that the RTI law doesn’t need to be amended to bring in a proper data protection law. This is really a corruption protection law to remove any accountability of the government in power,” she said.
The discussion was organised by Hyderabad-based NGO ASEEM (Association for Socio-Economic Empowerment of the Marginalised), Democracy Dialogue, and NAJAR (National Alliance for Justice, Accountability and Rights).
