The DNA Technology (Use and Application) Regulation Bill, 2018 was introduced in Lok Sabha by the Minister for Science and Technology, Mr. Harsh Vardhan, on August 9, 2018. The Bill provides for regulation of use of DNA technology for establishing the identity of certain persons.
Use of DNA Data: Under the Bill, DNA testing is allowed only in respect of matters listed in the schedule to the Bill (such as, for offences under the Indian Penal Code, 1860, for paternity suits, or to identify abandoned children).
Permission for use of DNA Data: While preparing a DNA profile, bodily substances of persons may be collected by the investigating authorities. Authorities are required to obtain consent for collection in certain situations. For arrested persons, authorities are required to obtain consent if the offence carries a punishment of up to seven years. If the offence carries more than seven years of imprisonment or death, consent is not required. Further, if the person is a victim, or relative of a missing person, or a minor or disabled person, the authority is required to obtain the consent of such victim, or relative, or parent or guardian of the minor or disabled person. If consent is not given in either case, the authorities can approach the Magistrate.
DNA Data Bank: The Bill provides for the establishment of a National DNA Data Bank and regional DNA Data Banks, for every state, or two or more states. The National Data Bank will store DNA profiles received from DNA laboratories and receive DNA data from the regional Banks. Every Data Bank will be required to maintain indices for the following categories of data: (i) a crime scene index, (ii) a suspects’ or undertrials’ index, (iii) an offenders’ index, (iv) a missing persons’ index, and (v) an unknown deceased persons’ index.
Protection of information: Under the Bill, the Board is required to ensure that all information relating to DNA profiles with the Data Banks, laboratories and other persons are kept confidential. DNA data may only be used for identification of the person. However, the Bill allows for access to information in the Data Bank for the purpose of a one-time keyboard search. This search allows for information from a DNA sample to be compared with information in the index without information from the sample being included in the index.
Retention of DNA Data: The Bill states that the criteria for entry, retention or removal of the DNA profile will be specified by regulations. However, the Bill provides for removal of the DNA Data of the following persons: (i) of a suspect if a police report is filed or court order given, (ii) of an undertrial if a court order is given, (iii) on request, of persons who are not a suspect, offender or undertrial from the crime scene or missing persons’ index. Further, the Bill provides that information contained in the crime scene index will be retained.
DNA Regulatory Board: The Bill provides for the establishment of a DNA Regulatory Board, which will supervise the DNA Data Banks and DNA Laboratories. The Secretary, Department of Biotechnology, will be the ex officio Chairperson of the Board. The Board will comprise an additional 12 members including: (i) an eminent person with at least 25 years’ experience in biological sciences, as the Vice Chairperson, and (ii) Director General of the National Investigation Agency and the Director of the Central Bureau of Investigation or their nominees (of at least the rank of Joint Director).
Functions of the Board: The functions of the Board include: (i) advising governments on all issues related to establishing DNA laboratories or Data Banks, (ii) granting accreditation to DNA Laboratories, and (iii) developing training modules and framing guidelines for training manpower to deal with DNA related matters.
DNA Laboratories: Any laboratory undertaking DNA testing is required to obtain accreditation from the Board. The Board may revoke the accreditation for reasons including, failure to: (i) undertake DNA testing, or (ii) comply with the conditions attached to the accreditation. If the accreditation is revoked, an appeal will lie before the central government or any other authority notified by the central government.
Obligations of DNA Laboratories: Under the Bill, every DNA laboratory is required to perform various functions, including: (i) following standards for quality assurance in collection, storing, testing, and analysis of DNA samples, and (ii) depositing DNA samples with the Data Bank. After depositing the sample for ongoing cases, the Laboratory is required to return the biological sample to the investigating officer. In all other cases, the sample must be destroyed and intimated to the concerned person.
Offences: The Bill specifies penalties for various offences, including: (i) for disclosure of DNA information, or (ii) using DNA sample without authorization. For instance, disclosure of DNA information will be punishable with imprisonment of up to three years and fine of up to one lakh rupees.
The Committee of Experts on a Data Protection Framework for India (Chair: Justice B. N. Srikrishna) submitted its report and draft Bill to the Ministry of Electronics and Information Technology on July 27, 2018. The Committee was constituted in August, 2017 to examine issues related to data protection, recommend methods to address them, and draft a data protection Bill.
Fiduciary relationship: The Committee observed that the regulatory framework has to balance the interests of the individual with regard to his personal data and the interests of the entity such as a service provider who has access to this data. It noted that the relationship between the individual and the service provider must be viewed as a fiduciary relationship. This is due to the dependence of the individual on the service provider to obtain a service. Therefore, the service provider processing the data is under an obligation to deal fairly with the individual’s personal data, and use it for the authorised purposes only.
Obligations of fiduciaries: To prevent abuse of power by service providers, the law should establish their basic obligations, including: (i) the obligation to process data fairly and reasonably, and (ii) the obligation to give notice to the individual at the time of collecting data to various points in the interim.
Definition of personal data: The Committee noted that it is important to define what constitutes personal information. It defined personal data to include data from which an individual may be identified or identifiable, either directly or indirectly. The Committee sought to distinguish personal data protection from the protection of sensitive personal data, since its processing could result in greater harm to the individual. Sensitive data is related to intimate matters where there is a higher expectation of privacy (e.g., caste, religion, and sexual orientation of the individual).
Consent-based processing: The Committee noted that consent must be treated as a pre-condition for processing personal data. Such consent should be informed or meaningful. Further, for certain vulnerable groups, such as children, and for sensitive personal data, a data protection law must sufficiently protect their interests, while considering their vulnerability, and exposure to risks online. Further, sensitive personal information should require explicit consent of the individual.
Non-consensual processing: The Committee noted that it is not possible to obtain consent of the individual in all circumstances. Therefore, separate grounds may be established for processing data without consent. The Committee identified four bases for non-consensual processing: (i) where processing is relevant for the state to discharge its welfare functions, (ii) to comply with the law or with court orders in India, (iii) when necessitated by the requirement to act promptly (to save a life, for instance), and (iv) in employment contracts, in limited situations (such, as where giving the consent requires an unreasonable effort for the employer).
Participation rights: The rights of the individual are based on the principles of autonomy, self-determination, transparency and accountability to give individuals control over their data. The Committee categorised these rights in three categories: (i) the right to access, confirmation and correction of data, (ii) the right to object to data processing, automated decision-making, direct marketing and the right to data portability, and (iii) the right to be forgotten.
Enforcement models: The Committee also recommended setting up a regulator to enforce the regulatory framework. The Authority will have the power to inquire into any violations of the data protection regime, and can take action against any data fiduciary responsible for the same. The Authority may also categorise certain fiduciaries as significant data fiduciaries based on their ability to cause greater harm to individuals. Such fiduciaries will be required to undertake additional obligations.
Amendments to Other Laws: The Committee noted that various allied laws are relevant in the context of data protection because they either require or authorise the processing of personal data. These laws include the Information Technology Act, 2000, and the Census Act, 1948. It stated that the Bill provides minimum data protection standards for all data processing in the country. In the event of inconsistency, the standards set in the data privacy law will apply to the processing of data. The Committee also recommended amendments to the Aadhaar Act, 2016 to bolster its data protection framework.
Rights of the individual: The Bill sets out certain rights of the individual. These include: (i) right to obtain confirmation from the fiduciary on whether its personal data has been processed, (ii) right to seek correction of inaccurate, incomplete, or out-of-date personal data, and (iii) right to have personal data transferred to any other data fiduciary in certain circumstances.
Obligations of the data fiduciary: The Bill sets out obligations of the entity who has access to the personal data (data fiduciary). These include: (i) implementation of policies with regard to processing of data, (ii) maintaining transparency with regard to its practices on processing data, (iii) implementing security safeguards (such, as encryption of data), and (iv) instituting grievance redressal mechanisms to address complaints of individuals.
Data Protection Authority: The Bill provides for the establishment of a Data Protection Authority. The Authority is empowered to: (i) take steps to protect interests of individuals, (ii) prevent misuse of personal data, and (iii) ensure compliance with the Bill. It will consist of a chairperson and six members, with knowledge of at least 10 years in the field of data protection and information technology. Orders of the Authority can be appealed to an Appellate Tribunal established by the central government and appeals from the Tribunal will go to the Supreme Court.
Grounds for processing personal data: The Bill allows processing of data by fiduciaries if consent is provided. However, in certain circumstances, processing of data may be permitted without consent of the individual. These grounds include: (ii) if necessary for any function of Parliament or state legislature, or if required by the state for providing benefits to the individual, (iii) if required under law or for the compliance of any court judgement, (iv) to respond to a medical emergency, threat to public health or breakdown of public order, or, (v) for reasonable purpos¬¬es specified by the Authority, related to activities such as fraud detection, debt recovery, and whistle blowing.
Grounds for processing sensitive personal data: Processing of sensitive personal data is allowed on certain grounds, including: (i) based on explicit consent of the individual, (ii) if necessary for any function of Parliament or state legislature, or, if required by the state for providing benefits to the individual, or (iii) if required under law or for the compliance of any court judgement.
Sensitive personal data includes passwords, financial data, biometric data, genetic data, caste, religious or political beliefs, or any other category of data specified by the Authority. Additionally, fiduciaries are required to institute appropriate mechanisms for age verification and parental consent when processing sensitive personal data of children.
Transfer of data outside India: Personal data (except sensitive personal data) may be transferred outside India under certain conditions. These include: (i) where the central government has prescribed that transfers to a particular country are permissible, or (ii) where the Authority approves the transfer in a situation of necessity.
Exemptions: The Bill provides exemptions from compliance with its provisions, for certain reasons including: (i) state security, (ii) prevention, investigation, or prosecution of any offence, or (iii) personal, domestic, or journalistic purposes.
Offences and Penalties: Under the Bill, the Authority may levy penalties for various offences by the fiduciary including (i) failure to perform its duties, (ii) data processing in violation of the Bill, and (iii) failure to comply with directions issued by the Authority. For example, under the Bill, the fiduciary is required to notify the Authority of any personal data breach which is likely to cause harm to the individual. Failure to promptly notify the Authority can attract a penalty of the higher of Rs 5 crore or 2% of the worldwide turnover of the fiduciary.
Amendments to other laws: The Bill makes consequential amendments to the Information Technology Act, 2000. It also amends the Right to Information Act, 2005, and to permit non-disclosure of personal information where harm to the individual outweighs public good.
Highlights of the Bill The Right to Education Act, 2009 prohibits detention of children till they complete elementary education i.e., class 8. The Bill amends this provision to state that a regular examination will be held in class 5 and class 8 at the end of every academic year. If a child fails the exam, he will be given additional instruction, and take a re-examination.
If he fails in the re-examination, the relevant central or state government may decide to allow schools to detain the child.
Key Issues and Analysis There are differing views on whether children should be detained for failing examinations in elementary school. Some argue that automatic promotion reduces incentive for children to learn and for teachers to teach. Others argue that detaining a child leads to drop outs and does not focus on the systemic factors that affect learning such as quality of teachers, schools, and assessment.
Provisions of the Bill regarding assessment and detention are at variance with what most states have demanded. In this context, the question is whether these decisions should be taken by Parliament or left to state legislatures.
It is unclear as to who will conduct the examination (which may lead to detention): centre, state, or the school
Highlights of the Bill This Bill amends the principal Act passed in 2013. The Bill enables the government to exempt five categories of projects from the requirements of: (i) social impact assessment, (ii) restrictions on acquisition of multi-cropped land, and (iii) consent for private projects and public private partnerships (PPPs) projects.
The five categories of projects are: (i) defence, (ii) rural infrastructure, (iii) affordable housing, (iv) industrial corridors, and (v) infrastructure including PPPs where government owns the land.
The Act would apply retrospectively, if an award had been made five years earlier and compensation had not been paid or possession not taken. The Bill exempts any period when a court has given a stay on the acquisition while computing the five year period.
The Act deemed the head of a government department guilty for an offence by the department. The Bill removes this, and adds the requirement of prior sanction to prosecute a government employee.
Key Issues and Analysis The five types of projects being exempt from the provisions of social impact assessment, restrictions in case of multi-cropped land and consent are broad and may cover many public purpose projects.
The Act requires consent of 70% of landholders for PPP projects, and 80% for private projects. Acquisition, being different from purchase, implies that land owners were unwilling to part with the land. Requiring consent from them may be impractical. Also, it is not clear why the consent requirement depends on who owns the project.
The amendments in the Bill propose to expedite the process of acquisition. However, the changes in the Bill will reduce the time for acquisition from 50 months to 42 months.
The removal of the provision that deemed the head of department guilty, and addition of a new requirement of prior sanction to prosecute government employees may raise the bar to hold them accountable.
The change in the retrospective provision may be ineffective in cases instituted until 2014 in light of a recent Supreme Court judgment.
The Lokpal and Lokayuktas and other related Law (Amendment) Bill, 2014 was introduced in Lok Sabha on December 18, 2014 by the Minister for Personnel, Public Grievances and Pensions, Dr. Jitendra Singh.
The Bill amends the Lokpal and Lokayuktas Act, 2013 and the Delhi Special Police Establishment Act, 1946.
The Lokpal Act provides for a Selection Committee for making appointments to the Lokpal. The Committee includes the Leader of Opposition (LoP) in the Lok Sabha. The Bill amends this provision to state that the Leader of the single largest Opposition party in the House would be part of the Selection Committee, in the absence of a recognised LoP in the Lok Sabha.
The Lokpal Act states that one eminent jurist, to be recommended by the other members of the Selection Committee, will also be part of that Committee. The Bill adds that such eminent jurist is to be nominated for a single term of three years.
The Act states that no appointment of a Chairperson or member of the Lokpal shall be invalidated for reasons of vacancy in the Selection Committee. The Bill adds that the proceedings of the Committee would not be invalidated also on account of absence of a member.
The Lokpal Act requires the Selection Committee to constitute a Search Committee to make nominations for appointments to the Lokpal. The Bill clarifies that no proceedings related to the Search Committee shall be invalidated for reasons of: (i) vacancy or absence of member in the Selection Committee, or (ii) absence of a person in the Search Committee.
Under the Lokpal Act, the Secretary to the Lokpal is of the rank of Secretary. The Bill amends this provision to now mandate that the Secretary to the Lokpal would be in the rank of Additional Secretary.
The Lokpal Act requires that the Director of Inquiry and Director of Prosecution of the Lokpal would be at least of the rank of Additional Secretary. The Bill now requires that these posts be filled by officers of at least the rank of Joint Secretary.
Under the Lokpal Act, the benches of the Lokpal would sit in New Delhi, and other places to be specified in the regulations. The Bill states that the headquarters of the Lokpal would be in the NCR, and the seat of benches would be specified in the regulations.
Under the Lokpal Act, the power of the Lokpal to grant sanction for prosecution overrides provisions of the Criminal Procedure Code, Section 6A of the Delhi Special Police Establishment (DSPE) Act, 1946 or the Prevention of Corruption Act, 1988. The Bill omits Section 6 A of the DSPE Act. This follows from a Supreme Court judgment which struck down Section 6A of the DSPE Act.
The Lokpal Act requires a public servant to declare his assets within thirty days of assuming office. The details of such declaration would include: (i) liabilities and (ii) assets jointly owned by him, his spouse and dependent children, or assets for which they are beneficiaries.
The Bill replaces this provision to require that the declaration contain information of all his assets, including: (i) movable and immovable property owned, inherited, acquired, or held on lease by him or his family; and (ii) debts and liabilities incurred directly or indirectly by him. Provisions related to public servants under the Representation of the People Act, 1951, All India Services Act, 1951, and rules and regulations prescribed in this regard would also apply.
The DSPE Act provides for a Directorate of Prosecution which is headed by a Director, of a rank not below that of Joint Secretary, for conducting prosecution of cases. The Bill introduces eligibility criteria in this regard. It states that an officer from the Indian Legal Services, of the rank of Joint Secretary and eligible to become a Special Public Prosecutor may be appointed as Director of Prosecution. In the absence of such a candidate, an advocate with at least 15 years experience in handling cases of corruption, money laundering, etc. may be appointed.
The Bill adds that if there is a difference of opinion between the Director and the Director of Prosecution, the matter is to be referred to the Attorney General, whose advice shall be binding.
The Bill introduces provisions that empower the centre to make rules in relation to the DSPE Act.