The draft data protection bill 2018, if implemented in the present form, may undermine and complicate the Right to Information (RTI) Act, a tool to seek data on the governance. The excessive thrust on personal privacy could become another impediment, experts feel.

The stress on data protection through local storage, in the draft bill presented by a government appointed pan?el, led by former Supr?eme Court judge BN Srikrishna, could also affect data storing practices by global companies in India, say experts. The panel also said all critical personal data on people in India should be processed within the country.

The draft bill seeks to amend the RTI Act’s section 8(1)(j), which states that personal information that doesn’t serve “public activity or interest” cannot be disclosed unless it is deemed to be of public interest, according to the 213-page report released on Friday.

According to experts, ? in the RTI Act are not necessary and it could dilute its effectiveness.

Talking to Financial Chronicle, MM Ansari, former information commissioner, said the current RTI Act duly protects the personal information. “The committee’s recommendations for changes in RTI Act are uncalled for and inconsequential. The Act is sufficient in itself to protect the personal data”.

“The proposed legislation is only for processing data and yet it seeks to repeal section 43(A) of the IT Act 2000, which is on a much broader pedestal of dealing, handling or projecting sensitive personal data. It has ignored data exchanges through mobiles and assumes all data goes through PCs,” said cyber law expert and senior lawyer Pawan Duggal.

“This kind of a knee-jerk reaction must give way to a holistic approach on the subject. The IT Act is mother legislation. It has every aspect of digital format in it. The data protection law is only going to be a subset of the IT Act,” Duggal said.

The fundamental problem is that the definition of data under the bill is restrictive than the broader definition of the data given under the IT Act, he said and added, it will also complicate matter pertaining to Aadhaar. Aadhaar was built on one entry format and the ecosystem around it is not that safe.

“We must wait for the Supreme Court decision on Aadhaar. Also the government must make the ecosystem more secure before mo?ving forward”, Duggal said.

But Mahesh Uppal, telecom expert and director at ComFirst, a consultancy fi?rm, says the bill does not provide sufficient justification to deny information, if it is in public interest to provide it.

Uppal says the mirror data storage suggestion of the panel, which means if the data can’t be stored in India, there be a copy of the data server storing them locally would lead to higher costs.

Nass?com, the apex software association, which said it would kill the startup culture in India, has also highlighted this fear.

“As Nasscom has pointed the panel considers subjects like passwords, financial da?ta as critical personal data. It is not so in most jurisdictions and will increase costs of data players”, Uppal said.

Duggal said the bill is hi?g?hly defective becasue it do?esn’t begin with the basic pr?emise of ownership of data but just deals with processing of data.

Both Uppal and Duggal agree that too much thrust on privacy could lead to misuse of the scope to aid terrorist activity on ground, cyber terror and other unethical practices. The central government should determine categories of sensitive personal data wh?ic?h are critical to the nation,” the panel said, adding there will be a prohibition against cross-border transfer of such data.