Congratulate the Income Tax authorities for innovatively adopting Data Protection Principles

The Indian Budget proposal presented yesterday had an interesting sidelight. While discussing the proposal on the TV, Mr Piysuh Goyal, the interim Finance Minister  said that the Government is taking steps to ensure that in order to reduce harassment of IT payers if any from the department, the Government would be adopting a new system of assessment of returns.

The minister said

“Within the next two years, almost all verification and assessment of returns selected for scrutiny will be done electronically through anonymized back office, manned by tax experts and officials, without any personal interface between taxpayers and tax officers. “

It appears that the IT department has given a commitment to the tax payers that the principle of “Pseudonymization” as we use in the Data Protection scenario would be applied in the IT assessment arena as well.

In simple terms, the assessment officer would receive the returns in a pseudonymized(de-identified) set of data and make his assessment without knowing who the assessee is. It is however understood that in case the Assessment officer finds reasons to go deeper into assessment, he would recommend the return for a more detailed assessment where there may be a need to know the assessee.

However, this second level assessment will be required only for specific reasons which can be recorded in writing and reviewed if required.

IT department is the most hated of the Government departments when it comes to “Privacy” protection and “Limitation of Surveillance Rights”. It is ironic that it has become the first Government department to have indicated its commitment to the use of Privacy Protection principles in the administrative context. We need to appreciate its innovative use of the thought of de-identification.

We may recall that the Indian IT department was the first to adopt the technology innovation of “Digital Signature”, first to properly bring to the notice of the public, phishing mails in the name of the department. Now being the first Indian Government department to use “pseudonymization” marks another feather in its cap.

This development should also be taken note of by the Supreme Court which is set to hear an objection on the recent notification of the Ministry of Home Affairs about  designating 10 agencies for surveillance under Section 69 of ITA 2000. IT department (CBDT) is one of the designated agencies where there will be a nodal officer and whenever the competent authority under Section 69 of ITA 2000 (viz Home Secretary) has a requirement for interception of any information under the control of the department, the competent authority can invoke its powers.

The Supreme Court is being mislead by some of the petitioners that the MHA order of December 20, 2018 gives roving powers to the IT department to indulge in surveillance. This is a malicious interpretation as the MHA order only restricted the use of powers under Section 69 to only 10 designated agencies and no body else and the IT department was one among them.

Now with the IT department exhibiting its awareness about Privacy Protection and the main tool of such protection in the form of Pseudonymization as well as demonstrated how it can be used innovatively in its administration, the Supreme Court should accept that there is enough awareness in the department to trust it with the responsibility which may be entrusted to them under section 69 of ITA 2000 by the competent authority.

Naavi

This entry was posted in Cyber Law. Bookmark the permalink.

Leave a Reply

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.