Digital Personal Data Protection Bill, 2022: Understanding the Key Provisions The Digital Personal Data Protection Bill, 2022 is a proposed law that aims to regulate the collection, storage, processing, and transfer of personal data in India. The bill is currently under review by the Indian…
Data protection is a critical issue in India, with the increasing use of technology and the internet. The Indian government has taken steps to address this issue by enacting laws and regulations that protect personal data and privacy. In this article, we will explore the…
In today’s digital age, cybercrime or computer crime is an increasingly prevalent threat that affects individuals, businesses, and governments alike. With the rise of technology, more and more people are vulnerable to cyber attacks, which can result in financial losses, identity theft, and even physical…
Outsourcing legal services to India can offer several benefits for businesses and law firms. Some of the reasons why you should outsource legal services to India: Cost savings: Legal services in India are generally much cheaper than in the US or Europe. This means that…
Saachi Kale Penultimate Year Student, SLS Pune. INTRODUCTORY NOTE Technology and intellectual property (IP) are the keys to winning the commercial battle at a time when artificial intelligence (AI) is making remarkable progress. A target company’s history, relevant qualifications, material assets and liabilities (including intellectual…
Drone Law, Technology, Privacy Rights & Cyber Security The regulation on drones is an area of law that often gets overlooked in the discussions surrounding privacy rights and data protection of individuals. In recent years, the usage of drone technology in India, especially by the…
INTRODUCTION Do you remember the time when the whole Indian Banking sector was shaken? It’s the Cosmo Bank Cyber Attack which happened in Pune. The hackers stole Rs. 94.42 crores from Cosmos Cooperative Bank Ltd. and took advantage of the bank’s ATM server access to…
APPREHENSIVE ASSOCIATION OF DATA PRIVACY LEGISLATIONS AND UX DESIGN DARK PATTERNS Abstract: UX designers often inherit principles of psychology and other human behavioural and cognitive sciences while designing and the said practice is naturally aimed at improving seamless, visceral escapade to the users of the…
Introduction The pandemic has catapulted the world into an online-mode. With social-distancing norms in place, a host of activities from meetings to tuitions are being conducted online and as a result, people are spending substantially more time on social media platforms which have emerged as…
Written By – Shreyas Shetty (Associate – Netlawgic Legal)
Introduction
DNA (Deoxyribonucleic acid) is one of the most recognizable words when any individual speaks about the realm of science. We all have watched movies, read books and even seen the odd reality TV Shows whereby detectives, experts and scientists swear by the absolute-ness of DNA when identifying people. While this may have seemed fictional up until 40 years back, it has become a relative norm in the modern era. We often hear and see people engage services to learn more about themselves via DNA testing and learn other such undiscovered information.
There is no denying the absolute bounty of information about an individual that can be learnt from the study of their genetic material. But once one is to see underneath the absolute futuristic glow and enthrallment of DNA testing, there lies an extremely dark underbelly of rampant violations by public and private entities of individuals who are wholly ignorant of the value of their DNA data and privacy attached with the same. With the radical changes that the concept of privacy has undergone in the last decade, it perhaps comes as no surprise that consumer societies and concerned citizens have been raising their voices in regards to the same.
In India, the Puttaswamy judgement[1] caused a massive boom in awareness which has led to each and every action of the Government being scrutinised when there has been an attempt made at the pillars of privacy. Since the last year, the contentious DNA Technology (Use and Application) Bill, 2019 has come in the crosshairs. In this Article, we shall journey through the genesis of the bill and subsequently arsing concerns in regards to the same.
Concurrent Legislation implemented worldwide on use of DNA Technology:
Most developed and developing nations around the world have some form of legislation, either general or specific, in regards to the use, collection, storage and the evidentiary value of DNA in legal matters. In India, regulation regarding commercial use of DNA Data can be seen under the IT (Reasonable practices and Procedures) Rules, 2011 wherein “biometric information” is recognised as Sensitive Personal Data/Information and protected accordingly under the Rules.
The Law Commission of India in its report[2] has done an extremely detailed dive into various legislations that are implemented worldwide in regards to DNA Technology. For the purpose of brevity, we shall see the legislations of the United Kingdom and the United States of America.
In the United Kingdom, DNA as a tool for determining the identity of an individual / suspect was allowed for police officers circa 1984. They had to contact a medical practitioner and use their assistance to verify the same. In 1993 the Royal Commission on Criminal Justice recommended that the British Government create a forensic DNA database so as to boost public confidence in the law enforcement and judicial system after the Birmingham Six debacle[4].
The Criminal Justice and Public Order Act (CJPOA), 1994 was one of the early legislations passed in regards to the same. Subsequently there were numerous modifications made to the legislation to keep abreast of the technological and common law advancements of the 21st Century. The Marper judgement of the European Court of Human Rights [5] was a landmark judgement in the retention of Civilian DNA data and the United Kingdom Government formulated the Crime and Security Act, 2010 in response to the same.
The United States of America has always tried to be at the forefront of technological innovations in the field of criminal forensics. We see attempts made by some of the states in the 80’s to enact legislations to regulate and standardise the use of DNA from crime scenes to identify individuals. The Federal Bureau of Investigations (FBI) set up an expert body in regards to the collection and assessment of DNA in the late 80’s which was subsequently made into a recognised body under federal law[7]. In 1998 the FBI launched the National Index System (NDIS) to keep a repository of DNA data accessible to FBI officials around the country. In 2004, the Justice for All Act, 2004 [8] was passed which established procedures for post-conviction DNA testing in the federal courts.
The DNA Technology (Use and Application) Bill, 2019:
The DNA Technology (Use and Application) Bill, 2019 finds its roots in a seminar held in Hyderabad in 2003 on the topic of “Impact of new Biology on justice delivery system”. The Seminar was organised by the Centre for DNA Fingerprinting and Diagnostics (CDFD) along with National Academy of Legal Studies and Research (NALSAR), both based in Hyderabad[9]. On the basis of suggestions put forth by eminent individuals at the seminar, the Indian government began to prepare drafts of the proposed legislation which finally bore fruition in 2018, around 15 years later. There have been two expert committees, namely the Malimath Committee and the A.P Shah Committee which have delved into the intricacies of DNA data. The former looked at DNA Data more from the point of view of the Criminal Procedure Code whereas the latter was solely focussed on the numerous drafts compiled by the Government of India since 2003. The Law Commission of India after due deliberation put forward a draft bill as part of its report titled “Human DNA Profiling – A draft bill for the Use and regulation of DNA –Based Technology”
While the initial effort to bring the bill for due deliberation at the lower house lapsed due to the dissolving of the same, it was brought back in 2019 and subsequently forwarded to the Parliamentary Standing Committee on Science and Technology, environment, forests and climate for a proper report on the Bill. The Committee, under the chairmanship of Mr Jairam Ramesh submitted a report to both the Houses on 3rd February 2021. The report is a detailed study of the purpose of the bill, its potential impacts and suggested changes.
The highlights of the Bill can be summarised as follows:
Concerns raised against the Bill
Since the introduction of the Bill, there has been a steady stream of legal luminaries, parliamentarians and privacy experts who have called for greater scrutiny and certain changes in the Bill so as to make it conform to the privacy rights as recognised by the Supreme Court of India and in the Constitution. Some of the major issues raised are as follows:
One of the biggest concerns that have been raised in regards to the Bill is the information that it seeks to access, store and share i: e genetic information of individuals. As mentioned earlier, the recognition of privacy as fundamental right has brought forward a sense of sanctity to the concept of privacy and any attempt to besmirch the same is seen as an absolute sacrilege to not only the right in itself, but also the very foundation of constitutional ethos so propounded by the Supreme Court in its landmark judgment. The Bill is a bit vague to some extent on the procedure for removal of DNA data of innocent individuals and the Parliamentary Committee has requested that more clarity be shed on the same.
Privacy is viewed to be based on consent and can be breached only once the concerned individual / party agrees to the same. The concerns raised in regards to the aspect of Consent is that while it is required under the Bill, non – granting of the same can be easily overturned by the Courts of law if they deem so to be necessary. Moreover, the consent of individuals who are arrested for criminal matter carrying a punishment of more than seven years (specified offences) is not mandatory and can be collected from them without their consent as well.
The DNA Regulatory Board (“Board”) is a board that is to be set up under the Bill and can be considered as the main functioning authority. From advising the government on steps to be taken in regards to DNA laboratories and banks, supervising their working to granting accreditation to laboratories and banks across the country, the Board can be construed to be the main authority under the Act. Given its due importance, concerns were raised in regards to its composition as it majorly consisted of bureaucrats and/ or individuals associated with the executive wing of the Indian government. Fears were raised that no one arm of a government should have such overreaching control over a body that is dealing with such an important aspect of sensitive data/information. The Parliamentary Committee too has raised this concern and called for greater diversity in the Board[10].
There have been several concerns raised in regards to the possibility of the DNA data collected being used for purposes apart from those as deemed appropriate, especially in regards to individuals belonging to the marginalised section of society. Former Supreme Court Judge Justice Madan Lokur has raised similar concerns in his expert note to the Parliamentary Committee[11]. Such concerns were based on certain documents of the Centre for DNA Fingerprinting and Diagnostics (CDFD) which required the caste and other such sensitive information to be shared as part of its Identification Form[12]. Parliamentarians and rights activists have asked that there be stringent procedural additions made to the Bill. There have also been requests made to the Government to clarify on its stance in regards to the same when the Bill is presented to both the Houses.
DNA Data banks are being set up to act as a one stop repository of all DNA data and samples so collected from individuals by authorised personals. However, concerns have been raised on two major grounds against the concept of DNA banks, namely in regards to there being one bank for both civil and criminal matters along with concerns of potential data breach which may lead to a large volume of highly sensitive data being released to companies / individuals / parties to use the same for their own nefarious purposes.
Conclusion:
It is rightly said that with great power comes great responsibility. By putting forward this Bill, the Indian government is undertaking a truly monumental task of DNA Technology Regulation. Given its high sensitivity and immensely valuable nature, there is an ardent requirement on part of the Government to uphold, protect, add, amend and maintain the Bill should it convert into an Act extremely carefully so as to avoid treading over any right of the individuals whose DNA is collected that are recognised by the courts of the Country and/or under the law of the land.