The Srikrishna Committee on Data Protection will not make stakeholder submissions public, Justice BN Srikrishna said the open house discussion in Mumbai yesterday. There are apparently over 100 submissions made, which the committee will deliberate and make recommendations regarding the contours of a Data Protection law in India. The Data Protection law is being formulated at a time when the Supreme Court of India is hearing a case challenging the constitutional validity of the resident ID project Aadhaar.

When MediaNama pointed out to Justice Srikrishna that the TRAI not only allows for publishing of comments, but has a counter comments approach which are then followed by open house discussions, he dismissed it by saying that the committee has creating a law, which is very different from what a regulator does. “You give your comments. Why do you worry about what anyone else has to say?” he added.

Note that the consultations that have taken place so far have been unstructured (unlike the TRAI), and held before the deadline for submissions, unlike in case of other consultations, including the DIPP when it was debating FDI in ecommerce back in 2014.

We also asked Justice Srikrishna, post the consultation, about whether a rumor that the committee will determine the contours of the law based on a majority vote. He responded by saying that he will ensure that “there is consensus” within the committee. This Data Protection committee largely has representatives from the government, none from civil society who have never been involved with the government. It also includes Ajay Bhushan Pandey, the CEO of UIDAI, which oversees the Aadhaar project, and Arghya Sengupta, whose organisation Vidhi Centre for Legal Policy (funded by former UIDAI Chairperson Nandan Nilekani’s wife Rohini Nilekani) was involved in drafting the Aadhaar Act, and personally argued against the fundamental right to privacy in the Supreme Court.

It’s worth noting that the White Paper itself was not released based on consensus within the Srikrishna Committee, and was by majority vote. The White Paper says, and I quote:

“The White Paper outlines the issues that a majority of the members of the Committee feel require incorporation in a law, relevant experiences from other countries and concerns regarding their incorporation, certain provisional views based on an evaluation of the issues vis-à-vis the objectives of the exercise, and specific questions for the public.”

Note that the Committee also declined a request from MediaNama to extend the deadline. At discussion – under Chatham House Rule, that we held in Delhi on the 19th, many participants felt the need for more time. There was also no clear indication – despite our request for clarification – about whether further consultations will be held post the submission deadline.

MediaNama’s take

This committee is working on what is probably the most important and defining law of the last decade and half, and it processes really need to be held to higher standards, which it unfortunately hasn’t demonstrated the intent for so far. Here’s our take on what the process should have been like:

At least six months to a year of consultations: Something as important as this law needs wider participation, which in itself takes time. Laws are not just for lawyers, and it takes time for non-lawyers to get a grasp of the complex issues in the Data Protection law, and the paucity of time acts as a deterrent to participation. The implications and the scale of the impact of a data protection law will have far reaching consequences. That the committee initially gave only one month for submissions, and then extended it by just a month: this is poor form, and unnecessarily hurried. Committee should have adequate civil society representation: Frankly if the CEO of the UIDAI and Arghya Sengupta can be a part of the committee, then there’s no reason why Usha Ramanathan and another civil society representative shouldn’t be there, for balance. An overt UIDAI influence should also have been avoided. Every committee member should participate in each consultation: Mumbai had three participants who stayed throughout, and two others who participated (one came late and another left early). Even in Delhi, not everyone participated: the only two people who were at both were S. Gopalakrishnan and Justice Srikrishna. Consultations should be structured better: Unlike in case of TRAI open house discussions, questions weren’t discussed section by section, or in batches. This meant that the discussions were unstructured and all over the place. Given the vastness of the paper, this clearly needed more than a day in each city, for it to be structured. Given the current approach, the consultations appear to merely be a check-box ticked regarding public consultation, especially given that not all committee members are participating in each consultation. Consultations post final submission deadline as well: The only reason to hold these consultations prior to the submissions deadline is to help people understand more context about the paper, before their submissions. Most participants were still not sure of all the aspects of the consultation paper, and clearly not ready to respond. Transparency: Minutes of all committee meetings should be proactively made public. If the white paper was brought out on the basis of a majority vote, then why do we not have information about what the other members said, what they objected to and why? The public consultations should be live streamed, and videos made publicly available thereafter, as well as transcripts. The summaries that MEITY has put up are mostly useless. For example, compare our (somewhat paraphrased) transcript with the summary of the Delhi consultation. We’ll have notes from yesterdays Mumbai consultation tomorrow. The submissions made by stakeholders to the committee should be made public (more below). Comments, counter comments and debates: The consultation submissions should be public, allow for counter comments (thus helping in a more structured debate format). This allows for specific claims to be debated on all sides, and gives the committee more context. It also provides adequate public scrutiny for comments that specific stakeholders might make: for example our analysis of Reliance Jio’s regressive comments during the Net Neutrality debate. Such transparency and the subsequent debate helps get more people involved, and makes the lawmaking process far more democratic.

While this is not to say that the committee may not end up putting together a great data protection law, and that Justice Srikrishna himself, in the consultation discussions, has been open to comments and opinion, and asking questions, the approach followed by the committee, the haste, and the lack of transparency, are cause for concern.