India moves closer to first data privacy law
Panel moots authority to prevent ‘misuse’; lays down ‘exceptions’
NEWDELHI: Recommending what it termed a “fourth way to privacy, autonomy and empowerment” that was distinct from other international experiences, the Justice BN Srikrishna Committee on Friday proposed a draft Personal Data Protection Bill that could form the basis of India’s first data privacy law.
The committee, which said it had combined the principles of individual ‘privacy’ with using data for ‘empowerment’, also proposed the constitution of a Data Protection Authority (DPA) of India with the mandate of protecting the interests of users who it described as “data principals”, and preventing the “misuse of personal data”. It called for financial penalties and jail terms in the case of violations. The committee — set up to recommend a legislative framework for data privacy in 2017 — submitted its report and the proposed bill to the Union minister for law and justice, and electronics and IT, Ravi Shankar Prasad. The proposed bill makes individual consent the centrepiece of data sharing, awards rights to users, imposes obligations on “data fiduciaries”— all those entities, including the State, which determine purpose and means of data processing.
It also lays out provisions on data storage, making it mandatory for a copy of personal data to be stored in India, and called for amendments to other laws, including RTI.
CONTINUED ON P 8 ››RELATED REPORTS, P10