Data Privacy Bill and BN Srikrishna Committee Report
This article deals with ‘Data Privacy Bill and BN Srikrishna Committee Report- UPSC.’ This is part of our series on ‘Science and Technology’ which is important pillar of GS-3 syllabus . For more articles , you can click here
Issues at hand
- SC in K.S. Puttaswamy case has declared Right to Privacy as Fundamental right.
- Most of the data storage companies are based abroad. They also export data to other jurisdiction making it difficult to apply Indian laws.
- India does not have any dedicated legal framework for data protection.
- India does not have provisions for data localization i.e. to store data within country .
- Volume of data on internet is expanding exponentially
- RBI announced that the payment system providers (Visa, Mastercard, PayTM etc) need to store entire payments data in a system only in India
Data Protection Bill and Justice BN Srikrishna Committee report
Provisions of Data Protection Bill which is based upon the recommendations of Justice BN Srikrishna Report are as follows :-
- Fiduciary relationship: Relationship between individual and service provider must be viewed as a fiduciary . Therefore, the service provider is under an obligation to use data fairly and for the authorised purposes only.
- In case of violation, he can be punished.
- Rights of the individual: Certain rights regarding data has been given to individual.
- right to be forgotten.
- right to seek correction of inaccurate, incomplete, or out-of-date personal data, and
- right to have personal data transferred to any other data fiduciary
- Data localization: It mandates Data localization of at least one copy in India by data fiduciary
- **Data Protection Authority: to protect interests of individuals, prevent misuse of personal data, and ensure compliance with the Bill
- Define Sensitive personal data: It includes passwords, financial data, genetic data, caste, religious or political beliefs, or any other category of data specified by the Authority.
- explicit consent of the individual is required for Processing of sensitive personal data
- Exemptions from compliance: It also gives exemptions for processing of personal data for certain purposes, such as journalistic activities, law enforcement, security of state.
- Recognises privacy as a fundamental right
Importance of Data Localisation
- Data is the new oil fueling the 4th Industrial Revolution and Artificial Intelligence led economy
- Increase revenue and create jobs as technology companies will be forced to open up offices in India and cant shift their profits to outside locations to avoid taxes.
- Maintain data sovereignty and privacy of citizens
- Important for national security as any data can be retrieved for investigation of crime
Issues with the Bill
- Issues with data localization
- There is no evidence that data localization leads to better privacy and security of data.
- The industry will have to incur the additional costs given the bill proposes that companies ensure the storage, on a server or data centre located in India, of at least one copy of personal data.
- Keeping a copy in India does not really guarantee against breach of security or privacy.
- exemption on the ground of security of state may be too broad and may lead to surveillance and systematic access to citizens’ data by the state.
- Protectionist measures in the law => US and European Union countries are planning to take India to WTO on these issues.
Data localisation in other countries
|Russia and China||Strict data localisation|
|EU||General Data Protection Regulation 2018 (GDPR) which mandates that every EU citizen’s data be stored within the EU.|