Guest Post: The Democracy Branch – Reimagining the Role of the Data Protection Authority

[This is a guest post by Nikhil Pratap.]

In Justice K.S.Puttaswamy (Retd) v. Union of India (2017), the Supreme Court instructed the Justice Srikrishna Committee to formulate a comprehensive legislation for personal data protection. A law was deemed necessary in the context of the surveillance and privacy threats to individuals, primarily from the executive action. The main purpose of the law would be to incorporate data protection principles and also ensure accountability of government use of data.

The efforts on instructions of the Supreme Court eventually culminated in The Personal Data Protection Bill, 2019 (“PDP Bill”) which sets out data protection principles for collection and processing of personal data, both by government and private parties. It envisages a Data Protection Authority (“DPA”) having wide powers to carry out policy setting, monitoring enforcement, investigation, research, awareness and grievance redressal functions. The powers and the structure of the DPA in the PDP Bill are largely inspired from other sectoral regulatory bodies – such as SEBI or TRAI, which carry out core economic functions of the executive and are under its direct supervision and control.

It is the author’s argument that the proposed DPA in its current form greatly deviates from its originally envisaged primary function i.e. to ensure accountability of the executive (both Central Government and State Governments and its various arms) – while it collects and processes personal data of its citizens. Given the intent and context of the PDP Bill, setting up the DPA as a sectoral economic regulator under the control of the Central Government, amounts to defeating its mandate. To ensure that the Bill effectively meets its purpose, the DPA should be reimagined as a ‘Fourth Branch’ Institution or a ‘Democracy Branch’ Institution.

Fourth Branch Institutions

Constitutional theory traditionally divides the State into three branches – the Legislature, the Executive and the Judiciary. Under this traditional conception of State, institutional accountability of executive action lies with the other two branches of the government – namely, legislature and the judiciary. However, due to the design constraints of parliamentary democracy and collective responsibility, legislative accountability tends to get weakened as the executive usually commands the support of a parliamentary majority. (See recent decision of the Parliamentary Committee on review of PM Cares). This means that the judiciary is effectively the only institution responsible for protection of Constitutional checks and balances.

In such a context, the concept of a ‘Fourth Branch’ of the State gains immense significance and potential. There is growing literature which classifies institutions protecting the core ideals of democracy, as the ‘Fourth Branch’ or the ‘Democracy Branch’. (See Professor Bruce Ackerman and Professor Tarunabh Khaitan). The core democratic ideals which the Fourth Branch ought to protect depends on the conception of the democracy embraced by the Constitution. A ‘thinly’ defined democracy would limit these core ideals to fair processes such as free and transparent elections, oversight, impartiality and civil and political liberties whereas a ‘thickly’ defined democracy would also require protection of other constitutional values such as socio-economic rights and distribution of financial resources. The protection offered by the fourth branch institutions would thus vary depending on the constitutional values. However, in either case, these institutions are independent from the other branches of the State and provide for an additional layer of institutional accountability- apart from the judiciary.

Good examples of fourth branch institutions are the ‘Chapter IX’ institutions in the South African Constitution, which are called ‘State Institutions Supporting Constitutional Democracy’. These include institutions such as the South African Human Rights Commission, Electoral Commission, the Auditor General and the Commission for Gender Equality. Similarly in India, institutions such as the Finance Commission, Election Commission, the CAG, Lokpal, Information Commission, National Human Rights Commission may be considered as examples of the fourth branch even though they are not explicitly enumerated as such. The distinctive characteristic of the ‘Fourth Branch’ institution is that they are independent from the direct influence and control of the Executive.

While some of these fourth branch institution are constitutional bodies, they may be created through a statutory enactment as well. Gautam Bhatia argues that statutory bodies that provide a framework towards implementation of core fundamental rights or a democratic ideal are elevated to the status ‘constitutional statutes’. He draws a functional equivalence between constitutional bodies (such as the Election Commission) and the institutions created by constitutional statutes (such as Information Commission, CBI, CVC)- as both of them serve core democratic functions and ensure accountability- and concludes that both types of bodies are fourth branch institutions. As such they deserve equal protection of their independence from the executive, irrespective of their structure or manner of enactment. In this context, he argues that the recent Right to Information (Amendment) Act, 2019, which removed the fixed tenure and salary of the Information Commissioners is unconstitutional because it dilutes their constitutionally protected independence.

To ensure independence, members of the fourth branch institutions are usually not appointees of the executive but are appointed by a committee often having bipartisan legislative representation and in some cases representatives from the judiciary. Examples of appointment through such selection committees include the Information Commissioners, Central Vigilance Commissioners or the members of the National Human Rights Commission. Many fourth branch institutions have fixed terms and salary for their members. For example, the Comptroller and Auditor General of India has a fixed term of 6 years and can only be removed from office in the same manner and on the same grounds as that of a judge of the Supreme Court and his/her salary can be altered only by a law by the Parliament. Similarly, members of the National Human Rights Commission can be removed on ground of proved misbehaviour or incapacity as prescribed in law.


The question which then arises for consideration is why must the DPA be considered a fourth branch institution instead of a mere sectoral regulator such as TRAI, SEBI or CERC. To answer this question, we must first understand that in a welfare state such as India, the executive branch continues to play a dominant role in individual lives, and they process a wide range of personal data for functions such as healthcare, subsidies, census, surveillance and targeted governance. Intelligence and law enforcement agencies also collect and process swathes of personal data of individuals. Given the width and scale of executive action related to personal data, accountability of executive actions becomes necessary. This sentiment was captured in Puttaswamy, where Chandrachud J. observed :

180. (…) In a social welfare state, the government embarks upon programmes which provide benefits to impoverished and marginalised sections of society. There is a vital state interest in ensuring that scarce public resources are not dissipated by the diversion of resources to persons who do not qualify as recipients (…) Data mining with the object of ensuring that resources are properly deployed to legitimate beneficiaries is a valid ground for the state to insist on the collection of authentic data. But, the data which the state has collected has to be utilised for legitimate purposes of the state and ought not to be utilised unauthorizedly for extraneous purposes. This will ensure that the legitimate concerns of the state are duly safeguarded while, at the same time, protecting privacy concerns.


The potential dangers of privacy and surveillance posed by the executive has already been made evident in the constitutional challenge to the AADHAR scheme, where the Petitioners exhaustively presented the privacy, surveillance and security dangers to unchecked data processing by the government.

Further, the right to privacy has already been recognized as a civil political right which requires heightened protection from the executive abuse, for they are inextricably linked to a free exercise of other democratic rights such as a right to vote or the right to freedom of movement and association. Thus, protection of right to privacy as a fundamental right is not merely an end in itself but also instrumental in protecting the minimum democratic core of our Constitution. It is for safeguarding this fundamental right of privacy that the Supreme Court instructed the Committee chaired by Justice B N Srikrishna to draft an appropriate legislation, knowing fully well that an unchecked collection and use of personal data can lead to executive aggrandizement and adversely affect democracy.

The mandate of the PDP Bill was to constitute an independent body which would facilitate democratic and institutional accountability of the executive but in stark contrast, the DPA has now been modelled as a sectoral regulator; and much like any other sectoral regulator, the central government has retained executive control and supervision over the DPA. For example, the Selection Committee which appoints the members of the DPA comprises entirely of members from the executive i.e. secretaries from different departments of the Central Government. Their salaries and allowances are to be prescribed by the Central Government. The Central Government has also been empowered under the Act to remove any member of the DPA on the grounds enumerated in the PDP Bill. Emulating economic regulators, the PDP Bill has also vested its adjudicatory function in adjudicatory officers. The manner and term of appointment of these officers shall be decided by the Central Government.

Such pervasive executive control built into sectoral regulators is justified as they are bodies which set out, regulate and monitor economic policy. Since economic policy is a core function of the executive, it is only appropriate that the government has the functional autonomy and powers related to it. However, the same principal cannot apply to an accountability and democracy body such as DPA. Given the key role of DPA in protecting a core democratic ideal of the Constitution (and that too largely against the Executive itself), it neatly fits into the category of a fourth branch institution and not a sectoral regulator. It is therefore necessary that the DPA is reimagined as a robust and independent part of the ‘Fourth Branch’ lest the right to privacy becomes illusory over time.

One thought on “Guest Post: The Democracy Branch – Reimagining the Role of the Data Protection Authority

  1. Thanks for posting such an informative article. However one can question the need to create a fourth pillar in the present democratic system when the Data Protection Authority can be submerged in the Judicial pillar, like in the case of RERA Authority. keeping in mind the new trend of judicial activism encompassing the adjudicatory as well as supervisory functions.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s