NEW DELHI (Reuters) – Allowing law enforcement to commit “authorized privacy violations” will ensure investigations are not hindered, a senior government official told Reuters on Wednesday, amid worries that India’s privacy law will increase state surveillance.
FILE PHOTO: An officer looks at computer screens inside a police war room setup to monitor social media posts in Jaipur in the desert state of Rajasthan, December 3, 2018. REUTERS/Aditya Kalra
The Personal Data Protection Bill covers how data of Indian users is stored, processed and transferred, and will apply to technology companies and government agencies.
But the bill says any government agency can be exempted from the law “in the interest of sovereignty and integrity of India” or for “preventing incitement” of certain offences, a provision privacy advocates said would allow agencies to abuse access.
The official, who is directly involved with the bill and declined to be identified because discussions are ongoing, said those exemptions were necessary for law enforcement bodies such as the Central Bureau of Investigation – India’s version of the American FBI – that need to access and analyze data.
“This provides for a future where an agency can do authorized privacy violations with checks and balances,” said the official.
India’s information technology minister, Ravi Shankar Prasad, said on Wednesday the bill would be sent to a parliamentary panel for further review.
The government will come up with a list of organizations exempt from all or some of the privacy bill, the senior official added.
Other provisions may affect big technology companies such as Facebook and Alphabet Inc’s Google by empowering the government to request user data.
The proposed government exemptions have alarmed privacy advocates.
Raman Jit Singh Chima, Asia policy director at Access Now, an international digital rights organization, said they were “deeply concerning” and said current surveillance safeguards were insufficient.
The proposed bill empowers the government to exempt an agency from the law if doing so is “necessary or expedient,” without defining those terms.
“The lack of an explanation on what is necessary and expedient is worrisome, there needs to be a body of multiple stakeholders that reviews these decisions,” said Kriti Trehan, a partner specializing in technology law at the Law Offices of Panag & Babu.
Reporting by Aditya Kalra; Additional reporting by Sankalp Phartiyal and Nigam Prusty; Editing by Sanjeev Miglani and Gerry Doyle