Leaks such as the Radia tapes could soon be punishable by law with the government firming up the draft Right to Privacy Bill, 2011, to check misuse of interception of communications and protect “personal information” of citizens.
The bill, for the first time, defines “right to privacy” and includes in it “confidentiality of communication, family life, bank and health records, protection of honour and good name and protection from use of photographs, fingerprints, DNA samples and other samples taken at police stations and other places”.
The bill, a copy of which is with this newspaper, also moots the establishment of a “Data Protection Authority of India” that will investigate complaints about alleged violations of data protection. The bill contains provisions for “prosecution” and “penalties” for government officials, employees of service providers and other persons who indulge in illegal disclosure of intercepted communication, other than in the execution of his duties, as defined in the bill.
The proposed legislation makes “unauthorised interception” punishable with a maximum of five years’ imprisonment, or a fine of `1 lakh, or both, for each such interception. It also says that disclosure of legally intercepted communication will be punishable with imprisonment up to three years.
The bill, running into 15 chapters, is the first of its kind to streamline the powers given to government agencies to intercept communications. While interception of communication by government agencies can only be “authorised by an officer not below the rank of home secretary at the Central level and home secretaries in state governments”, the proposed legislation says that both security agencies and service providers will designate no-dal officers to handle “requisitions for interception”.
Asking service providers to put “internal checks” to ensure than unauthorised interception does not take place, the proposed legislation says “the service providers shall be responsible for actions of all its nodal officers or their employees or any other person’s action on their behalf, arising or connected with the interception of communication”. It also mandates service providers to “destroy records pertaining to directions for interception within two months of discontinuance of the interception of such messages with secrecy”.
The bill envisages a “Central Communication Interception Review Committee” with the Cabinet Secretary at the helm at the Central level, and the chief secretary at the state level, to meet every two months to review orders for interception and with powers to “set aside an order and direct destruction of the copies of the intercepted message or class of messages”.
The proposed Data Protection Authority of India, meanwhile, also entails setting up a National Data Controller Registry “which will essentially act as an online database” for “data controllers” who will need to register themselves here and will be prescribed “appropriate electronic authentication protocols” by the Central government to prevent misuse. Asian Age