Editorial

Legalising surveillance?

Amend the unconstitutional provisions in data protection bill right away
File photo: AFP

We are deeply disturbed that the Information and Communication Technology Division has finalised the draft of the Personal Data Protection Bill, while retaining some key features that have been criticised by human rights advocates as they would infringe upon people's right to privacy—which goes against the very spirit of the law. 

The bill gives all citizens the right to know when their personal information is being collected, how it will be used or processed, for how long, and where it will be stored—a move which is, no doubt, forward-thinking in an increasingly digitised era. However, what is concerning is that it gives sweeping authority to the government to authorise any national security, intelligence or law enforcement agency to "intercept, record or collect information" of any person on national security or public order grounds. What constitutes "national security" or "public order grounds" is open to interpretation. Moreover, there are no requirements to actually notify citizens before their data is accessed or processed for any purpose.

The bill also exempts the director general of the Digital Security Agency—who will be investigating violations, levying fines and ensuring overall compliance—as well as the employees of the data protection office for potential violations. It also has a provision that will enable the government to officially exempt certain data controllers from having to follow any provision of the law. 

Equally troubling is the requirement to store user data locally—even data about citizens collected by major global tech companies such as Google and Facebook—which, coupled with the exceptions outlined above, means that a broad range of actors can legally snoop through our most private emails, chats, photos or videos. Given the likelihood of the concentration of large amounts of data with poor security, it won't just be government agencies which can access our data—hackers and other malicious actors can easily gain unauthorised access.

Given these deeply problematic "exemptions" to data protection, one cannot help but wonder if the law will actually protect citizens' right to privacy. In a context where the controversial Digital Security Act is used indiscriminately to target, harass and jail writers, dissenters and activists, such sweeping authority to security agencies may erode whatever little remains of our constitutionally guaranteed rights to freedom of expression and privacy. 

A law that poses such incredible dangers to citizen's privacy cannot purport to claim to be one about data protection. We urge the government to take into cognisance the concerns of citizen groups and human rights bodies, and to amend the unconstitutional provisions in the draft. Any law that goes against the constitution so brazenly cannot be passed in a country that claims to be democratic. 

Comments

Legalising surveillance?

Amend the unconstitutional provisions in data protection bill right away
File photo: AFP

We are deeply disturbed that the Information and Communication Technology Division has finalised the draft of the Personal Data Protection Bill, while retaining some key features that have been criticised by human rights advocates as they would infringe upon people's right to privacy—which goes against the very spirit of the law. 

The bill gives all citizens the right to know when their personal information is being collected, how it will be used or processed, for how long, and where it will be stored—a move which is, no doubt, forward-thinking in an increasingly digitised era. However, what is concerning is that it gives sweeping authority to the government to authorise any national security, intelligence or law enforcement agency to "intercept, record or collect information" of any person on national security or public order grounds. What constitutes "national security" or "public order grounds" is open to interpretation. Moreover, there are no requirements to actually notify citizens before their data is accessed or processed for any purpose.

The bill also exempts the director general of the Digital Security Agency—who will be investigating violations, levying fines and ensuring overall compliance—as well as the employees of the data protection office for potential violations. It also has a provision that will enable the government to officially exempt certain data controllers from having to follow any provision of the law. 

Equally troubling is the requirement to store user data locally—even data about citizens collected by major global tech companies such as Google and Facebook—which, coupled with the exceptions outlined above, means that a broad range of actors can legally snoop through our most private emails, chats, photos or videos. Given the likelihood of the concentration of large amounts of data with poor security, it won't just be government agencies which can access our data—hackers and other malicious actors can easily gain unauthorised access.

Given these deeply problematic "exemptions" to data protection, one cannot help but wonder if the law will actually protect citizens' right to privacy. In a context where the controversial Digital Security Act is used indiscriminately to target, harass and jail writers, dissenters and activists, such sweeping authority to security agencies may erode whatever little remains of our constitutionally guaranteed rights to freedom of expression and privacy. 

A law that poses such incredible dangers to citizen's privacy cannot purport to claim to be one about data protection. We urge the government to take into cognisance the concerns of citizen groups and human rights bodies, and to amend the unconstitutional provisions in the draft. Any law that goes against the constitution so brazenly cannot be passed in a country that claims to be democratic. 

Comments