In the discussion that ensues, this article delves into an analysis of a facet that has not been given enough consideration relative to its possible consequences – the foundational principles and attributes that define the Data Protection Board. It also examines the critical question of whether the Board aligns with the concept of a tribunal, given its quasi-judicial role in data protection matters. Furthermore, the paper explores the constitutional implications of not mandating a judicial member within the Board, assessing potential conflicts with the doctrine of separation of powers. 

Establishment of a Data Protection Board

For the first time in India’s legal landscape, the Legislators have proposed the establishment of a Board which would be entrusted with overseeing and addressing multifaceted aspects of data protection – the Data Protection Board. On the face of it, the Board seems to be a strategic endeavour to alleviate the burden on the judiciary by facilitating the resolution of data-related disputes. 

Section 18[1] of the Act provides for the establishment of the Board, wherein it has been stated that this institution shall be a “body corporate”; this legal status grants the Board certain rights and powers, similar to a legal person, which enables it to function independently in legal and financial matters. The provision also grants the Board the authority to acquire, possess, and transfer both movable and immovable property. More importantly, the Board will have the capacity to initiate legal actions (sue) or be subject to legal actions (sued) in its own name.

Section 19(3)[2] sets forth the criteria for the selection of individuals who will serve as the Chairperson and Members of the Board. The Section outlines the qualifications required for individuals who are to be appointed as the Chairperson and other Members of the Board. According to the said clause, these individuals are expected to possess specific attributes and a background that encompasses specialised knowledge or practical experience in various areas. Especially, the provision mandates that at least one of the appointed individuals must be an expert in the “field of law”.

With an emphasis on leveraging technology, the Board is set to function as an independent entity, adopting a digital approach to its operations.  

Is the Data Protection Board Equivalent to a Tribunal?

The term “tribunal” has not been defined explicitly in any law in India, however, there are judgments wherein Courts have laid down the requisites or features of tribunals. The Law Commission of India in its 272^nd report defined it as an administrative body created to carry out quasi-judicial functions. Additionally, an administrative tribunal is not an executive body or a court; it occupies a space in the middle between an administrative body and a court.

In Jaswant Sugar Mills Ltd., Meerut v. Lakshmichand[3], the primary criteria for identifying a tribunal was established – authority to determine matters, compel witness attendance, follow essential rules of evidence, and wield sanctioning powers.  The legal understanding of a tribunal extends beyond mere courtroom connotations. As elucidated in Durga Shankar Mehta v. Raghuraj Singh[4], the Apex Court held that the expression “tribunal” according to Article 136 of the Constitution does not mean “Court” but includes within it, all adjudicating bodies, provided they are constituted by the State to exercise judicial powers. In Virindar Kumar Satyawadi v. The State of Punjab[5], the court has emphasised that tribunals, akin to Courts, hold the responsibility to decide disputes judiciously, offering parties the right to be heard, adduce evidence, and obtain judgments based on sound legal reasoning.

The Board as envisaged under the Digital Personal Data Protection Act, 2023, bears a striking resemblance to the legal concept of a tribunal, serving as an institutional mechanism for adjudication. Section 27(1)[6] of the Act confers powers upon the Board, akin to those of a tribunal. It responds to various breaches, such as personal data breaches and violations by data fiduciaries, consent managers, and intermediaries. This proactive role mirrors the adjudicatory function of a tribunal, which often investigates alleged violations and imposes penalties. Furthermore, the Board’s process of inquiry, during which affected parties can present their case and respond to allegations, resonates with the principles of natural justice, an essential trait of tribunal proceedings.

The pivotal role of the Board becomes even more pronounced when considered in tandem with Section 28[7] of the Act. This section outlines the Board’s functioning as an independent body, which not only enhances efficiency but also resembles the autonomous nature of a tribunal. The ability of the Board to issue interim orders, a power typical of tribunals, underscores its capacity to intervene promptly and effectively in disputes. The said Section also specifies that the Board shall have the same power as that of a civil court under the Code of Civil Procedure, 1908 in discharging its functions.

In essence, the attributes and functions prescribed in the Digital Personal Data Protection Act, 2023 undeniably establish the Board as a tribunal, holding the central role of quasi-judicial adjudication in matters of data protection.

Absence of a Judicial Member in the Data Protection Board

The composition and qualifications for the appointment of the Chairperson and Members of the Board are outlined under Section 19(3)[8] of the Act. The provision mandates that the members possess expertise in various fields, including data governance, administration, etc. However, it does not explicitly require the presence of a judicial member, which contrasts with certain landmark judgments emphasising the importance of including judicial experts in tribunals.

In the case of L Chandra Kumar v. Union of India[9], the Supreme Court deliberated on the competence of members in administrative tribunals. It highlighted the significance of a balanced blend of judicial and administrative members to ensure efficient and specialised adjudication. The judgment acknowledged that purely judicial members might undermine the primary rationale behind tribunals’ creation, while a combination of legal and administrative expertise would provide the best framework for delivering speedy and effective justice.

The Administrative Tribunals Act, 1985, and the case of S.P. Sampath Kumar v. Union of India & Ors.[10] further underscore the importance of insulation of tribunals from executive interference. The Court observed that total independence of the judiciary from executive pressure is a fundamental constitutional feature. The appointment process of tribunal members should involve consultation with the Chief Justice of India or a high-powered selection committee to ensure meaningful and effective appointments, preserving the tribunals’ independence and integrity. In the Rojer Mathew v. South Indian Bank Limited & Ors[11] case, the Court highlighted the necessity of a judicial member’s presence within tribunals. It emphasised that the performance of judicial functions cannot be effectively carried out by technical members alone, and the absence of judicial input impairs the tribunals’ efficacy.

The absence of a requirement for a judicial member in the Data Protection Board raises pertinent concerns, not only from the perspective of tribunal expertise but also in the context of the separation of powers.

Repercussions

The doctrine of separation of powers is a foundational principle in a democratic system, aimed at preventing the concentration of unchecked power in any one branch of government. By omitting the necessity of a judicial member, the Act deviates from this principle, potentially jeopardising the independence and impartiality of the Data Protection Board. The Act’s provisions empower the Central Government to appoint members of the Board based on their expertise in various fields, without explicitly mandating judicial representation. This situation creates a potential avenue for exploitation, as the Central Government could theoretically appoint individuals who align with its interests, potentially undermining the impartiality of the Board in cases involving disputes between individuals and the government or government entities. Such a scenario could lead to a perceived lack of objectivity and raise concerns about the Board being utilised as a tool for the government’s advantage.