Daily Current Affairs for UPSC CSE
- Discretionary Powers of Governor
- The Personal Data Protection Bill, 2019
- Spyware and Stalkerware Apps
1 . Discretionary Powers of Governor
Context : Rajasthan Governor Kalraj Mishra returning the fresh proposal by the state Cabinet – seeking to convene a session of the Assembly on 31 July – has raised fresh legal questions on the powers of the Governor. This is the second time that the Governor has put off the request, which would allow Congress Chief Minister Ashok Gehlot to prove his strength on the floor of the House. In 2016, in a different case, the Supreme Court dealt with the issue of powers of the Governor to summon, dissolve the House.
Who has the powers to summon the House?
- It is the Governor acting on the aid and advice of the cabinet.
- Article 174 of the Constitution gives the Governor the power to summon from time to time “the House or each House of the Legislature of the State to meet at such time and place as he thinks fit…”
- However, the phrase “as he thinks fit” is read as per Article 163 of the Constitution which says that the Governor acts on the aid and advice of the cabinet. Article 163(1) essentially limits any discretionary power of the Governor only to cases where the Constitution expressly specifies that the Governor must act on his own and apply an independent mind.
What has the Supreme Court said in the past about the Governor’s power to summon the House?
- It is settled law that the Governor cannot refuse the request of the Cabinet to call for a sitting of the House for legislative purposes or for the chief minister to prove his majority. In fact, on numerous occasions, including in the 2016 Uttarakhand case, the court has clarified that when the majority of the ruling party is in question, a floor test must be conducted at the earliest available opportunity.
- In 2016, a Constitution Bench of the Supreme Court in Nabam Rebia and Bamang Felix vs Deputy Speaker, the Arunachal Pradesh Assembly case, expressly said that the power to summon the House is not solely vested in the Governor.
What did the SC say in the Arunachal case?
- Referring to discussions in the Constituent Assembly, the court noted that the framers of the Constitution expressly and consciously left out vesting powers to summon or dissolve the House solely with the Governor.
- In paragraph 162 of the judgment, the court discussed that draft Article 153 (which later became Article 174), that dealt with the powers of the Governor, was substantially altered to indicate that the framers did not want to give Governors the discretion.
- “The most significant feature of draft Article 153 was expressed in sub-article (3) thereof, wherein it was provided, that the functions of the Governor with reference to sub-clauses (a) and (c), namely, the power to summon and dissolve the House or Houses of the State Legislature “… shall be exercised by him in his discretion,” the court noted.
- “The manner in which draft Article 153(3) was originally drawn, would have left no room for any doubt, that the Governor would definitely have had the discretion to summon or dissolve the House or Houses of the State Legislature, without any aid or advice. After the debate, draft Article 153 came to be renumbered as Article 174. Article 174 reveals, that sub-article (3) contained in draft Article 153 was omitted. The omission of sub-article (3) of draft Article 153, is a matter of extreme significance, for a purposeful confirmation of the correct intent underlying the drafting of Article 174,” it added.
- After debating the intention of the framers, the court concluded that “the only legitimate and rightful inference, that can be drawn in the final analysis is, that the framers of the Constitution altered their original contemplation, and consciously decided not to vest discretion with the Governor, in the matter of summoning and dissolving the House, or Houses of the State Legislature, by omitting sub-article (3), which authorized the Governor to summon or dissolve, the House or Houses of Legislature at his own, by engaging the words “… shall be exercised by him in his discretion…”. In such view of the matter, we are satisfied in concluding, that the Governor can summon, prorogue and dissolve the House, only on the aid and advice of the Council of Ministers with the Chief Minister as the head. And not at his own.”
When can a Governor use his discretion?
- Article 163(1) of the Constitution says that “there shall be a council of Ministers with the Chief Minister at the head to aid and advise the Governor in the exercise of his functions, except in so far as he is by or under this constitution required to exercise his functions or any of them in his discretion.”
- When the chief minister has lost the support of the House and his strength is debatable, then the Governor need not wait for the advice of the council of ministers to hold a floor test. Generally, when doubts are cast on the chief minister that he has lost the majority, the opposition and the Governor would rally for a floor test and the ruling party would attempt to stall the process to buy time and keep its flock together. In a puzzling situation, in Rajasthan’s case, despite requests from chief minister Gehlot, the Governor has returned requests to call for a session.
- However, in the current case, the 19 rebel MLAs have not defected from the Congress Party and have repeatedly stated before the Rajasthan HC that they are merely expressing their dissent within the party and have not shifted to the BJP.
- The court in Paragraph 153 the 2016 Arunachal Pradesh ruling, clarifies this question as well. “In ordinary circumstances during the period when the CM and his council of ministers enjoy the confidence of the majority of the House, the power vested with the Governor under Article 174 to summon, prorogue and dissolve the house(s) must be exercised in consonance with the aid and advice of the chief minister and his council of ministers. In the above situation, he is precluded [from taking] an individual call on the issue at his own will, or in his own discretion. Only in a situation where the government in power – on holding of such floor test – is seen to have lost the confidence of the majority, would it be open to the Governor to exercise the powers vested with him under Article 174 at his own, and without any aid and advice,” the court said.
2 . The Personal Data Protection Bill, 2019
Context : At a meeting of the Joint Committee on the Personal Data Protection Bill, 2019, members from both opposition and BJP opposed certain sections of the legislation that can be invoked to exempt government agencies, such as the National Investigation Agency (NIA), from the provisions of the law.
- The Personal Data Protection Bill, 2019 was introduced in Lok Sabha by the Minister of Electronics and Information Technology, Mr. Ravi Shankar Prasad, on December 11, 2019. The Bill seeks to provide for protection of personal data of individuals, and establishes a Data Protection Authority for the same.
About the Issue
- Section 35 of the law says that “in the interest of sovereignty and integrity of India, the security of the State, friendly relations with foreign States, public order” all or any provisions of this act shall not apply to any agency of the government.
- And as per Section 36 of the law the “safeguards for an individual can also be suspended in the interests of prevention, detection, investigation and prosecution of any offence or any other contravention of any law for the time being in force.”
- NIA, National Crime Record Bureau, Narcotics Control Bureau and the Registrar of General of India should be exempt from the provisions of the data protection law under Section 35 and Section 36 of the law.
- The members demanded that both these clauses of the law need to be revisited. They also argued that the government does not have a clear justification for seeking these exemptions.
- According to them the law flows out of a Supreme Court judgement which upheld privacy as a fundamental right. These clauses allow the state instruments to remove safeguards provided to an individual, thus completely diluting the essence of the law
- Since the law only mentions any government agency, the exemptions could practically be extended to any government body, another member said.
- In August 2017, the Supreme Court held that privacy is a fundamental right, flowing from the right to life and personal liberty under Article 21 of the Constitution. The Court also observed that privacy of personal data and facts is an essential aspect of the right to privacy.
About Data Protection Law
- Applicability: The Bill governs the processing of personal data by: (i) government, (ii) companies incorporated in India, and (iii) foreign companies dealing with personal data of individuals in India. Personal data is data which pertains to characteristics, traits or attributes of identity, which can be used to identify an individual. The Bill categorises certain personal data as sensitive personal data. This includes financial data, biometric data, caste, religious or political beliefs, or any other category of data specified by the government, in consultation with the Authority and the concerned sectoral regulator.
- Obligations of data fiduciary: A data fiduciary is an entity or individual who decides the means and purpose of processing personal data. Such processing will be subject to certain purpose, collection and storage limitations. For instance, personal data can be processed only for specific, clear and lawful purpose. Additionally, all data fiduciaries must undertake certain transparency and accountability measures such as: (i) implementing security safeguards (such as data encryption and preventing misuse of data), and (ii) instituting grievance redressal mechanisms to address complaints of individuals. They must also institute mechanisms for age verification and parental consent when processing sensitive personal data of children.
- Rights of the individual: The Bill sets out certain rights of the individual (or data principal). These include the right to: (i) obtain confirmation from the fiduciary on whether their personal data has been processed, (ii) seek correction of inaccurate, incomplete, or out-of-date personal data, (iii) have personal data transferred to any other data fiduciary in certain circumstances, and (iv) restrict continuing disclosure of their personal data by a fiduciary, if it is no longer necessary or consent is withdrawn.
- Grounds for processing personal data: The Bill allows processing of data by fiduciaries only if consent is provided by the individual. However, in certain circumstances, personal data can be processed without consent. These include: (i) if required by the State for providing benefits to the individual, (ii) legal proceedings, (iii) to respond to a medical emergency.
- Social media intermediaries: The Bill defines these to include intermediaries which enable online interaction between users and allow for sharing of information. All such intermediaries which have users above a notified threshold, and whose actions can impact electoral democracy or public order, have certain obligations, which include providing a voluntary user verification mechanism for users in India.
- Data Protection Authority: The Bill sets up a Data Protection Authority which may: (i) take steps to protect interests of individuals, (ii) prevent misuse of personal data, and (iii) ensure compliance with the Bill. It will consist of a chairperson and six members, with at least 10 years’ expertise in the field of data protection and information technology. Orders of the Authority can be appealed to an Appellate Tribunal. Appeals from the Tribunal will go to the Supreme Court.
- Transfer of data outside India: Sensitive personal data may be transferred outside India for processing if explicitly consented to by the individual, and subject to certain additional conditions. However, such sensitive personal data should continue to be stored in India. Certain personal data notified as critical personal data by the government can only be processed in India.
- Exemptions: The central government can exempt any of its agencies from the provisions of the Act: (i) in interest of security of state, public order, sovereignty and integrity of India and friendly relations with foreign states, and (ii) for preventing incitement to commission of any cognisable offence (i.e. arrest without warrant) relating to the above matters. Processing of personal data is also exempted from provisions of the Bill for certain other purposes such as: (i) prevention, investigation, or prosecution of any offence, or (ii) personal, domestic, or (iii) journalistic purposes. However, such processing must be for a specific, clear and lawful purpose, with certain security safeguards.
- Offences: Offences under the Bill include: (i) processing or transferring personal data in violation of the Bill, punishable with a fine of Rs 15 crore or 4% of the annual turnover of the fiduciary, whichever is higher, and (ii) failure to conduct a data audit, punishable with a fine of five crore rupees or 2% of the annual turnover of the fiduciary, whichever is higher. Re-identification and processing of de-identified personal data without consent is punishable with imprisonment of up to three years, or fine, or both.
- Sharing of non-personal data with government: The central government may direct data fiduciaries to provide it with any: (i) non-personal data and (ii) anonymised personal data (where it is not possible to identify data principal) for better targeting of services.
- Amendments to other laws: The Bill amends the Information Technology Act, 2000 to delete the provisions related to compensation payable by companies for failure to protect personal data.
3 . Spy and Stalkerware Apps
Context : Global cyber-security leader Avast has in a note warned that there was a 51 per cent increase in the use of spyware and stalkerware during the lockdown period from March to June. The usage of these apps, the company had in its note said, increased during lockdown in the backdrop of heightened domestic violence cases.
What are spy and stalkerware apps?
- Spy and stalkerware apps, like viruses and other malware, infect devices that are connected to the internet.
- While viruses and malware can be detected by anti-virus software, spyware and stalkerware apps disguise themselves as useful and send out stolen data to central servers without the knowledge of the users.
- Ironically, most spyware and stalkerware apps disguise themselves as anti-theft applications that can be used to track in case the device is stolen or gets lost, cyber-security experts warn.
- A spyware app, which can also be installed remotely, accesses the data usage pattern of the device, gains access to photos and videos as well as other personal information of the user, and then passes it off to a central server.
- On the other hand, in most cases, a stalkerware app can be installed only when someone has physical access to the digitally connected device. Though the app works in a manner similar to spyware apps, it goes a step ahead and also gives out the location of the device to a master device which controls the stalkerware app.
- “Most stalkerware apps work in stealth mode with no trace of the app having ever been installed. Once installed, such apps can allow the master device to control, intercept, and even change your emails, text messages and your communication on social media platforms,” a Pune-based cyber-security expert said.
How do such apps work?
- There are two of three-types of spyware and stalkerware applications. For spyware apps, the easiest method is to disguise the spying code inside the unauthorised versions of premium apps.
- “For example, someone can claim to have a cracked version of a premium app such as Spotify. Now, whoever installs such apps can be remotely tracked easily. Since the code of the application (inside which the spyware codes are hidden) do not spy on the users, such codes pass the scrutiny of anti-virus programmes,” said the expert, who also works with government and security agencies.
- Stalkerware apps on the other hand, seek explicit permissions at the time of their installation. Once the app is installed in the phone, it can be hidden from the apps menu into the background, from where they continue functioning.
- “There are some dedicated apps which people install on their partners’ or their kids’ phones. When you install such apps, it asks for permissions such as access to gallery locations, call logs among other things. Once you do that, the master device which has a dashboard can see whatever is going on with the other device,” Guwahati-based independent cyber-security researcher Indrajeet Bhuyan said.