Data Protection: Srikrishna Panel Calls For Changes In RTI Act
The Justice Srikrishna panel on data protection has called for amending the Right to Information Act to restrict non-disclosure of information to cases where harm to an individual outweighs the common good of transparency and accountability in the functioning of public authorities.
In its 213-page report that calls for a new legislation to protect an individual’s right over his data, the committee said neither the right to privacy nor the right to information is absolute, and the two will have to be balanced against each other in some circumstances. The panel said data protection law is designed to limit the processing of personal data to legitimate reasons and adds there is a conflict between transparency and privacy. “This requires careful balancing.”
Chapter II of the RTI Act grants citizens a right to obtain information from public authorities but certain exemptions are provided for in Section 8 of the Act in which case the disclosure of the requested information is not necessary.
This section requires the Public Information Officer to generally provide information unless such information has no relationship to any public activity or interest or causes unwarranted invasion of privacy.
“If the condition that the information bears no relation to any public activity or public interest is met, the burden shifts on the seeker of information to establish that the disclosure of the information is in larger public interest,” the panel said. “This may often be a difficult burden to bear as the citizen may not be in possession of any material to establish any specific concern involving larger public interest. Further, this defeats the spirit of the RTI Act which sees transparency as an end in itself, and not necessarily a means to an end.”
Also, the other section of about causing unwarranted invasion of privacy also raises complex issues as there is no indication in the provision as to what constitutes such an unwarranted invasion.
The panel said a lot of information sought from a public authority may contain personal data of some kind or another.
“Further a strict interpretation of purpose limitation may give rise to the inference that any disclosure other than for the purpose for which the personal data was submitted would lead to an unwarranted invasion of privacy,” it said.
“To avoid this predicament, the RTI Act must specifically spell out the circumstances in which disclosure of such personal information would be a proportionate restriction on privacy having regard to the object of the RTI Act in promoting transparency and accountability in public administration,” the report said. “This must be done keeping in mind the fact that the RTI Act generally leans in favour of disclosure of information.”
The panel was of the view that the feature in the RTI Act that the burden is on the public authority to justify denial of information under one of the exemptions must be preserved notwithstanding a data protection law.
Under exceptional circumstances in which personal data can be denied to a citizen, the panel said the relevant factor should be any likely harm that may be caused to the data principle by the disclosure of such information.
“The RTI Act, in most circumstances, leans in favour of disclosure, underlining the importance of transparency in public activities. The Committee is cognizant of the fact that this feature of RTI Act has contributed tremendously to securing the freedom of information and enhancing accountability in public administration,” it said.
It noted that this feature has to be accounted for in any balancing test created under the RTI Act. “Therefore, in addition to the likelihood of harm, disclosure should be restricted only where any likely harm outweighs the common good of transparency and accountability in the functioning of public authorities.”
It proposed that the RTI Act be amended to state that “nothing contained in the data protection bill will apply to the disclosure” so as to “prevent privacy from becoming a stonewalling tactic to hinder transparency”.
The default provision is that the information which is sought must be disclosed, according to the panel’s report. Such disclosure, it said, promotes the public interest and the common good of transparency and accountability.
“Only if such information is likely to cause harm to a data principal and such harm outweighs the aforementioned public interest, can the information be exempted from disclosure,” it said.
The committee said that such a formulation offers a more precise balancing test in reconciling the two rights and upholding the spirit of the RTI Act without compromising the intent of the data protection bill.