Data localisation divides Srikrishna Committee
TheJusticeBNSrikrishnaCommittee, setup forexaminingissuesofdataprotectionand draftingaprivacylaw, isinthefinalstagesof producingareport. Itistryingtoironoutthe wrinklesthathavedividedmembers, sourcessaid. Accordingtoanofficial, the committeeiswitnessingheateddebates aroundtheinclusionofAadhaarinits privacyframework. MAYANK JAIN writes
The B N Srikrishna committee, asked to examine issues on data protection and to draft a privacy law, is in the final stages of producing a report.
Before it finalises this, it has to address a couple of issues which have divided the members, say sources.
The committee, constituted in July 2017, met on Monday. An official with knowledge of the matter says the panel has been witnessing heated debate around the inclusion in the proposed privacy framework of Aadhaar, the citizen identity number based on personal detail.
If the suggested code is made applicable with retrospective effect, as some want, the unique identity project will be affected. For, the data collected under Aadhaar will come under the purview of the privacy law. A majority of the members are said to be backing the position that the law should not apply retrospectively. That apart, it is still being discussed as to how the law will function with regard to Aadhaar.
“The committee is trying to give final touches to the report, making sure every member is on board with the recommendations, a difficult task,” said an informed source.
The retrospective clause is important because Aadhaar is continuously collecting data of new citizens being enrolled in the system, as well as data of authentication made by existing Aadhaar holders. The committee is trying to suggest a framework by which Aadhaar data could be governed.
Another issue being debated by the members is on data localisation (storage within the country), where there is again a divide. The reluctance of entities in the relevant sector has been noted, subsequent to the Reserve Bank rule that storing of all financial data pertaining to Indians must be in this country only.
Sources indicate the members are broadly in favour of data localisation. What is unclear is if the final report will recommend hard or soft localisation.
“A hard data localisation policy says you can only store data in India — all financial, personal, Aadhaar, biometric and health data cannot go out of the country for even an on-the-spot transaction,” said a person associated with the stakeholder meetings. “The committee has seen industry demands where they broadly agree to storing a copy of the data in India — this still allows global platforms to be used for processing. There’s no final view on this yet.”
Apart from this, the committee is expected to recommend the formation of a data and privacy regulator. This authority will have powers to regulate data collecting entities through monitoring, controls, issuing suspension notices and penalising for breach of the privacy norms.
The committee was expected to give its report two weeks ago but these points of difference delayed it. “They are not running against the timeline of a specific date of submission but, by the looks of it, if there are more meetings beyond Monday, this week will go in finalising the report. So, the submission can get delayed to early next month but that’s the extreme case,” according to a source.