On Aadhaar, Srikrishna said the matter was with the apex court and till its constitutionality is decided, it will be premature for him to comment.
Justice BN Srikrishna, who headed the high-level committee on data protection, on Monday said it was not possible to define all the situations under which a state can access citizens’ data without taking their consent. Speaking at the Idea Exchange programme of the Express Group, he argued for an authority to be entrusted with analysing the circumstances under which data can be accessed.
“See, that is exactly the problem. If I say the state can access it for X purpose and if tomorrow it is important for Y purpose, then the state has its hands tied. Therefore, have somebody who can access it only the basis of an authority who will be able to analyse it. You cannot have an Act of Parliament every time,” Srikrishna said.
He added that nobody has the upper had under the constitution.
“If the state makes a law that is unconstitutional, not very far from here is the Supreme Court, which takes care of it. The state has to make a law under which it can access data and that law has to meet with all requirements of the constitution where where fundamental rights get restricted. Privacy has now been defined as a fundamental right, therefore any law has to meet with this,” Srikrishna said.
Most of the surveillance done in the country is done without the warrant of law, Srikrishna said, adding that surveillance is restricting the fundamental rights of the citizens. The Supreme Court is very clear that no fundamental right can be restricted, except by a law, which means a law passed by Parliament and that too must stand the scrutiny of constitutionality.
“What we need is a systematic law on how this kind of access to data by the state authorities should be restricted. We took a view that it is totally impossible for us to carry out this exercise in the limited time and with limited resources. For the simple reason that each of theses accesses will have a different reason. We thought that one size will not fit all and so Parliament should by law will prescribe it. Let Parliament do it,” he explained.
On Aadhaar, Srikrishna said the matter was with the apex court and till its constitutionality is decided, it will be premature for him to comment. “There are good things in Aadhaar, and a lot that can be improved. For instance, in Aadhaar Act there is no method of monitoring and enforcing privacy… Therefore, although it was out of the way, through an annexure in the report, we have suggested how Aadhaar Act can be improved, again subject to the Supreme Court agreeing to the constitutionality.”
“And in conjunction with Personal Data Protection Act, I think it will do good. If you remember, the Supreme Court has said it will be useful only where the citizens seek to get benefits from the state and not otherwise and it is not compulsory,” he said. The amendments to the Aadhaar Act, he said, had been included in the report and not in the Bill since it was directly not the remit of the committee and need to come in by way of a separate law. The state has been given certain exemptions but even otherwise, “If the state by an Act of Parliament is required to collect data, it can do so without consent. But a private company is bound to take consent.”
On the committee not being adequately represented by companies, he said, “Everyone will come to us with having their representative. Yes, the committee did have most members from the government as it will be directly affected in implementing the Act. There were two persons from outside the government. Citizen’s interest is foremost.”
On companies being forced to reveal sensitive market information and practices, he said, “If a decision taken based on this algorithmic analysis is hurting a citizen then he is entitled to challenge it. Just because you have an algorithm, should I suffer? The citizen has a right to challenge, if it hurts him/her.”
On the committee being soft on state surveillance, he said the report does say in the case of government bodies that the head of the department will be responsible and would be fined. The law is applicable, he said, in the case of both private and government entities. However, sovereign functions of the state would need to be protected.