Decoded: What criminal data Bill, passed by Parliament, is all about

The Criminal Procedure (Identification) Bill was strongly criticised by Opposition parliamentarians as anti-people and draconian

The Rajya Sabha on Wednesday passed the Criminal Procedure (Identification) Bill, 2022, two days after the Lok Sabha cleared it. The Bill, which empowers investigating officers to collect biometric, physical and biological samples of those who have been convicted, arrested or held in preventive detention, was strongly criticised by Opposition parliamentarians as anti-people and draconian. The government, however, maintains it has been brought in with the sole intention of increasing convictions and protecting the rights of law-abiding citizens. Here is what this Bill, now cleared by Parliament, is all about.

Why was the new Bill brought in and what are its key aspects?

According to the government, the Bill was introduced to equip law enforcement with modernisation and help increase the conviction rate, as it replaces a colonial law (Identification of Prisoners Act, 1920) that is inadequate considering the technological advancements in crime and law enforcement.

The Bill seeks to authorise law enforcement agencies to collect data of convicts and other persons for their identification and investigation in criminal cases, and also to preserve rec­ords. The data includes biometric as well as physical and biolo­gical samples of those who have been convicted, arrested or even held in preventive detention.

It provides legal sanction for taking measurements, which could include “finger-impressions, palm-print and foot-print impressions, photographs, iris and retina scan, physical, biolog­ical samples, and their analysis”.

According to the Delhi-based non-profit PRS Leg­islative Res­earch, the Bill also emp­owers the Nat­ional Crime Rec­o­rds Bureau to coll­ect data from state governments, Un­ion Territories and other law enforcement agencies.

The Bill requires data to be retained in digital form for 75 years, while there are provisions for destroying details in cases where the persons have not been previously convicted and are released without trial, discharged or acquitted by court.

How does it differ from the existing law?

The new Bill expands the type of data that can be collected, as well as the type of persons from whom details can be sought, and lastly the authority who collects the data. Under the 1920 law, data that could be collected was restricted to fingerprints, foot-print impressions and photographs. Besides the details mentioned earlier, the new Bill adds behavioural attributes (signatures, handwriting) and examinations under Sections 53 and 53A of the Code of Criminal Pro­cedure (includes blood, semen, hair samples, and swabs, and analyses such as DNA profiling).

Another vital difference is that the earlier law allowed the police to collect data from those convicted or arrested for offences punishable with rigorous imprisonment of one year or more. The new Bill is applicable to those convicted or arrested for any offence and allows forcible collection of biological samples from anyone arrested for crimes against women and children, or if the offence carries a minimum of seven years’ imprisonment.

The existing law allowed investigating officers or those in charge of police stations ranked not lower than a sub-inspector to direct collection of data. The new Bill widens the scope to include head constable of a police station and head warder of a prison.

Why has the Bill drawn fire from the Opposition and lawyers?

The political opposition and activists have raised fears of the Bill paving the way for greater state surveillance and violating privacy and fundamental rights of citizens, thereby silencing dissent further.

In the absence of a data protection law in India, the new Bill should have built in safeguards that are lacking sadly, says Pra­santh Sugathan, lawyer and legal director at Software Freedom Law Center, New Delhi.

Sugathan points out that there have been instances of data breaches within government ag­encies. As a result, collection of data and its storage for decades pose huge concerns of leakage. “In a country where it takes years for a criminal matter to get over, if somebody is arrested for a long time before being acquitted, we don’t know with whom the data gets shared, even if it is government agencies. How do you en­sure that data gets deleted from wherever it is shared?” he says, and adds that proportionality is another concern with the Bill, as it leaves a problematic scope for extracting private biometric inf­ormation even for petty offences.

It is also feared that data coll­e­ction in most cases could in eff­e­ct become mandatory, rather than voluntary, given the power imbalance between the police and ordinary citizens.

Are there any implications for big tech in the Bill?

No, since the Bill allows government agencies to gather inform­ation directly from individuals. However, although no company is impacted by the Bill, there is a message from the government in its approach, says Raman Jit Singh Chima, Asia Pacific Policy Director at Access Now, a digital rights defender — that it is, thr­ough the Bill, le­gitimising data collection, sharing and retention rather than creating safeguards. The government’s rationale of modernisation isn’t flawed. But, Chima says, countries elsewhere have more robust mechanisms with greater checks on the police in terms of data collection. As an example, he cites the Protection of Freedoms Act 2012 in the UK, which implemented the government’s agreement “to reform DNA and fingerprint retention so that only people convicted of an offence will have their fingerprint records and DNA profiles retained indefinitely”.