THE issues that raised concern about the Personal Data Protection Act 2022 when its draft was put online in April to elicit public opinions are still there in the revised draft, adding to the fears that the legal provisions could be misused to partisan end and further raising fears for a journey towards a more surveillance-based society. There were the absence of the proper definition of some terms in the draft, ambiguity in some sections that could be issues of debates regarding their misinterpretation and the misplacement of the enforcement of the law. The revision of the draft contains all the flaws and fears, as civic group members, businesspeople and journalists said at a discussion that the Information and Communications Technology Division organised on July 17. The revised draft has no proper definitions of terms such ‘personal data’ and ‘information’ although the law means to protect personal data. While the absence of proper definitions will leave the scope for misinterpretation of the terms, leading to a likely misuse or abuse, it is feared that the law could be misused or abused the way the Digital Security Act 2018 has so far largely been misused or abused.

The proposition becomes further fearful as even the revised draft of the law makes the Digital Security Authority, the highest authority of the Digital Security Act 2018, also the highest authority of the legislation at hand. This sets up a fearful connection between the two laws and the authorities of enforcement. Experts believe that such a proposition is contradictory. While the Digital Security Agency acts to monitor private data or information, the Data Protection Office should act to protect private data or information. The government, of course, needs to gather information for legitimate purposes such as pattern recognition aimed at good governance, but members of the government and security agencies can even then use the data for illegitimate purposes and misuse or abuse the data by way of individual profiling because of the power, reach and resources that they have. The misuse or abuse of a law depends on the character of the state and the character of a state depends on the government. Experts, therefore, believe that the way the law has been drafted suggests that the government tries to pry into people’s privacy while the law should, in effect, safeguard citizens’ privacy and in no way jeopardise civil liberty.

A law is needed to protect personal data and stop their unauthorised use. But the law must in no way invade individual’s privacy and must not allow any illegitimate use of personal data. The law minister hopes to hold more discussions on the revision. It is, therefore, expected that the authorities would purge the legislation of any provisions that could allow its misuse. The government must also set up an independent commission beyond the control and framework of the government, as has been done in many other countries, to effectively deter any misuse of the law.