Why privacy bill should be amended

September 2, 2018 01:00 AM Taranath Dahal


Taranath Dahal

Taranath Dahal

The author, Freedom of Expression and Information expert, is currently affiliated with Freedom Forum

The state has no right to control people’s freedom and liberties while introducing right to privacy laws. No law should encroach on people’s right to know

Individual privacy is a constitutional right. Nepal has constitutionally ensured our right to privacy since 1990. But separate act had not been endorsed by the parliament then. As a result, the last 28 years witnessed several cases of violation of right to privacy. There was no demarcation between individual and public domain. Successive governments used to hide information that was under public domain by citing privacy issue.

Constitution of 2015 has granted the citizens an explicit right to privacy. In this context, the government initiative to introduce the separate act on privacy is a welcome move. But the parliament must be mindful that the law does not become an instrument to curtail people’s freedom and civil liberties. 

In democracies, privacy law should uphold individual liberty and dignity. It is because democracy must acknowledge the supremacy of an individual. Our constitution has retained this spirit. Article 28 of the constitution has clearly mentioned six areas of individual privacy. “The privacy of any person, his or her residence, property, document, data, correspondence and matters relating to his or her character shall, except in accordance with law, be inviolable,” states the constitution.

Flawed content 

However, some of the provisions in the privacy bill contradict this constitutional provision. Though the constitution has explicitly mentioned the domain of right to privacy, the bill has expanded the scope by adding some more domains like educational information, identity card, criminal records and experts’ opinion—which were not mentioned in the  constitution. 

The proposed Act has failed to differentiate between private individuals and public figures. The bill has not made it mandatory for public figures to disclose their assets. This provision is contrary to the notion of transparency and accountability. And it is yet to clarify the definition of public places and private residence. The bill contains some provisions which are incomplete and ambiguous or not in line with international standards of right to privacy.

The bill has a provision related to data protection but it is incomplete. Data protection is an integral part of privacy and therefore the law should avoid ambiguity in interpretation. The proposed law has clearly missed to incorporate comprehensive aspect of data protection. Data related issues need to be dealt with seriously because data protection is a key issue in the digital era. The parliamentarians can go for two options: Introduce a separate personal data protection act or add comprehensive and clear provisions in the proposed act. It would be wise to bring a separate Act in consultation with concerned stakeholders working on data issues. 

There are many emerging issues and areas that proposed law should pay attention to. The proposed Act must include provisions related to key areas such as use of data acquired from CCTV placed in public places, meta data, data related to children and data of internet service providers. 

Given the rapid growth of IT and private companies, it also needs to have a separate provision related to violation of privacy by private company and service providers. The state should ensure that no person will be allowed to invade into right to privacy of citizen by collecting, storing, processing, disclosing or achieving personal data of another person. For this, data protection provisions should be elaborated and described in a comprehensive manner. If we don’t pay enough attention to this matter now, these issues will be very difficult to manage, for in the future people’s safety will have to be ensured largely through digital technology and evidence-based interventions. 

RTI and privacy 

Nepal already has Right to Information (RTI) Act and Regulations.  Many think RTI and privacy are contradictory propositions. In truth, RTI and privacy are not contradictory but complementary laws. Our policymakers must bear in mind this fact while deliberating on this bill. The provisions which are contrary to RTI Act should be removed. For instance, Article 3(3) of RTI Act has clearly defined domain of individual privacy. That provision should be well reflected and protected in the law. But Article 35 makes it mandatory to agencies to abide by the privacy law while disclosing information. Right to information and right to privacy can supplement each other. Both laws are meant to empower the people. Proposed law should not leave room for misinterpretation and ambiguity.

The bill has made police and security agencies more powerful in the name of investigation and inspection. Article 11 (4) is problematic as it makes individual liable to produce his/ her every detail to state mechanism. This should not be the case. Individual should not be liable to provide all information to security agencies. Only court should have the right to make individual liable to produce information. Articles 34, 25(3), 12(5) of the bill are quite problematic when it comes to safeguarding individual rights. These articles give unlimited power to state agencies to reveal information when individual is under investigation. 

In fact, no state agencies should be allowed to seek private documents without permission from the court. These provisions will turn Nepal into a police state. These provisions allow state authorities to spy on individual information. There are provisions which mandate the person to get consent from an individual captured in photo even if the photo has been taken in public place. 

The bill does not define who the responsible regulating authority is. That authority should be clearly defined. 

Some provisions in the bill go against the concept of open data. These provisions should be changed. For example, Article 23 of the proposed act is quite regressive as it discourages research and data collection activities. It makes it mandatory to acquire license for conducting any kind of data based study and research. This provision discourages academics to conduct research and studies deploying some methods of research.  There is a provision which increases the risk of manipulation in independent research as it makes it mandatory to let the respondents know about research work. This will make it difficult for the researchers to collect the information. 

Making amendments

Out of total 36 Articles in the privacy bill, 27 Articles need amendment before it gets endorsed by the parliament. Some provisions need to be reformed, others need to be removed. There are duplications in some and others are completely irrelevant. The bill has failed to define the scope of some crucial concept such as sensitive information and domain of personal data. This should be clarified and defined. 

Article 29 (3) has completely criminalized the invasion of privacy. This provision should be removed. The bill should make public more powerful. The bill weakens the privacy sphere of common citizenry while protecting the public officials’ information even if it is of the public interest. 

The state has no right to control people’s freedom and liberties while introducing right to privacy laws. No law should encroach on people’s right to know. The respective committees in the parliament and the parliamentarians involved in them should remember this while deliberating on privacy bill. 

Besides, the government should create the office of privacy commissioner or an ombudsman for investigation of complaints related to breach of privacy rights. 

The author, Freedom of Expression and Information expert, is currently affiliated with Freedom Forum

tndahal@yahoo.com


Leave A Comment