India inches closer to data privacy law
The justice BN Srikrishna-led committee has submitted its draft of the Personal Data Protection Bill, 2018 to law and IT minister Ravi Shankar Prasad for the government’s review. The 10-member committee was set up by the government in July last year to identify overall data protection issues in India and recommend ways to address them. The draft has proposed setting up of a data protection authority (DPA) which will protect data principals and enforce the data protection laws. It also recommends that those processing data must acquire informed consent, state the purpose of collection and retain personal data only as long as necessary. Users will have a right to be forgotten, to know about how their personal data is processed, to make corrections and updates, and to receive details of their data. Storage of all critical personal data – a classification that the government will determine – should be within the country. All other personal data must be stored as a copy in India. Punishment for violating the law can range from ₹5 crore or two percent of total worldwide turnover to ₹15 crore or four percent of the worldwide turnover of the company involved. The law will not apply in cases involving national security, police investigations and legal proceedings.