Storing passwords in mobile contact list or notes unsafe
x
The government is the biggest data fiduciary in the country as it controls the personal data of citizens starting from Aadhaar data to census data. Representative pic

DNA Bill raises concerns over misuse; MPs, experts want adequate safeguards


The DNA Technology (Use and Application) Regulation Bill 2019 which was presented in the Rajya Sabha on February 3 raises many critical questions: Does the bill provide any statutory mechanism to prevent violation of the right to privacy and the potential misuse of data for caste/community profiling? Experts and parliamentarians say it does not.

A parliamentary standing committee on science and technology headed by Jairam Ramesh has submitted a report with recommendations to address these concerns. Two members — Asaduddin Owaisi and Kerala’s Binoy Viswam — submitted detailed dissent notes as well. Owaisi has even proposed deferring the bill until Parliament passes a data protection law.

The Bill aims to establish the identity of certain category of persons, including the victims, offenders, suspects, undertrials, missing persons and unknown deceased persons. According to the draft bill, the DNA profiles to be stored are not for an entire population, but for specified categories of individuals such as convicts and suspects of major crimes, relatives of missing persons (so that their DNA profiles can be compared with profiles of unidentified deceased individuals).

The bill proposes to establish a DNA regulatory board and national and regional data banks to store and maintain the DNA profiles. The bill is intended to enable the identification of missing children and of unidentified deceased individuals, including disaster victims, and to enable the DNA profiling of habitual offenders for heinous crimes.

The parliamentary standing committee has expressed concern over the inclusion of ‘suspects and undertrials’ in the purview of the bill. The committee has recommended the deletion of these categories from the bill. The committee also proposes that the establishment of regional data banks may lead to the misuse of data and it proposes the establishment of national data bank which would be the sole repository of the data.

Risk of ethnic, racial profiling

Asaduddin Owaisi, in his dissent note, raises the concern that the bill carries the risk of the infringement of the right to privacy. He argues that the bill is not in consonance with the principles of the right to privacy set by judicial decisions.

“In Justice Puttuswamy Vs Union of India, the Supreme Court makes it clear that the protection of personal information is a facet of the right to privacy guaranteed in the Constitution,” says Owaisi in the memorandum submitted to the committee.

Binoy Viswam, MP from Kerala, argues in his dissent that the bill in its present form is susceptible to misuse and abuse.

Also read: Parliamentary panel grills Facebook India top executive on data protection

“This bill in its structure and imagination fails to address the lacunae created by the lack of a comprehensive data privacy law in the country,” says Binoy Viswam. “Without adequate statutory safeguards, the chances of misuse cannot be ruled out. The bill does not provide any such safeguards in its present form,” he adds.

Owaisi also argues that the possible risk of the data being misused to target a particular caste group or minorities cannot be ruled out. He substantiates his argument by the experience of data collection being done by Centre for DNA Fingerprinting and Diagnostics (CDFD). The pro forma used by CDFD has the column to be filled in by the caste and community identity of the person.

The view expressed by Justice Madan Lokur, the retired Supreme Court judge, goes with the concerns expressed by the members. In the expert opinion submitted to the committee, Justice Lokur states that the bill does not contain any safeguard or mechanism to prohibit processing of DNA samples for anything other than identification.

Clause 33 of the present Bill states: “All DNA data, including DNA profiles, DNA samples and records thereof, contained in any DNA laboratory and DNA data bank shall be used only for the purposes of facilitating identification of the person and not for any other purpose.” Justice Lokur observes that it is not mandatory but only directory in nature.

Also read: India’s data protection law can give big fillip to digital economy: Facebook

“It is directory in nature since there is no penalty for violating the prohibition, rendering it toothless. Further, there is no anti-discrimination clause in the Bill which would emphasize protection against targeting of any ethnic, racial or other group or community”.

The Standing Committee has also suggested changes with regard to the provisions of creating ‘crime scene index’. The present bill prescribes the tracing of DNA of every person present in a crime scene. According to the committee, this will lead to arbitrariness and the possible infringement of the violation of data privacy of innocent individuals. A lot of people might be present in a crime scene before or after the crime being committed. It has been suggested that the crime scene DNA profiles can be used for investigation, but not needed for storing in the data bank.

DNA testing is currently being done only on a limited scale, with approximately 30-40 DNA experts in 15-18 laboratories undertaking less than 3,000 cases per year, which represent 2-3% of the total requirement. However, the standards of the laboratories are not monitored or regulated. The bill is intended to implement regulating and monitoring mechanisms upon laboratories. According to the Department of Biotechnology, nearly 60 countries, including the USA and UK, have enacted similar legislation.

Read More
Next Story