The Justice B N Srikrishna Committee had submitted its report on data protection to the law ministry last month. The report was highly awaited by all sections of society, the companies, the people, government, activists because data is the most important thing in modern day life and its protection concerns all. Union minister for electronics and IT, law and justice, Ravi Shankar Prasad said “the government will go through the draft bill and apply its mind, take stakeholder comments along with taking Cabinet approval before finalizing the legislation. The entire Parliamentary process will be followed.” The committee was set up in August last year by the government to scrutinize concerns over data security and prepare a bill which could provide a framework on data protection. Justice B N Srikrishna, the chairman of the committee is a retired judge of Supreme Court of India, he headed the “Srikrishna Commission” that investigated causes and apportioned blame for the Bombay riots of 1992–93 and is currently the chairman of the Financial Sector Legislative Reforms Commission (FSLRC).
Justice Srikrishna said data privacy is a burning issue and there are three parts to the triangle. “The citizen’s rights have to be protected, the responsibilities of the states have to be defined but the data protection can’t beat the cost of trade and industry.” The committee’s recommendations on key issues such as consent, setting up of a data authority, the definition of personal data and sensitive personal data along with data localization are keenly awaited for their implications on tech majors such as Google, Facebook, and Twitter among others.
Now the government has come out with a draft of the Personal Data Protection Bill, 2018 which aims at ensuring informational privacy as part of the Right to Privacy, a fundamental right. The bill provides to create Data Protection Authority of India, which aims to be an independent regulator like SEBI and TRAI. A regulatory agency is a public authority or government agency responsible for exercising autonomous authority over some area of human activity in a regulatory or supervisory capacity. The Data Protection Authority has been mandated to prevent any misuse of personal data, ensure compliance with the provisions of the Act, and promote awareness of data protection. The authority will consist of six full time members and a chairman who will be appointed by the central government on the recommendations of the selection committee. The Authority will have the power to call for information from relevant establishments and conduct an inquiry for discharging its functions under the Act. The bill also seeks to establish a data protection fund and an Appellate Tribunal which will hear and dispose of the appeals from an order passed by the Authority.
The bill is much required one because there have been debates and discussions around data protection issues. The Right to Privacy which was declared as a fundamental right by the Supreme Court of India could have created problems for programs like Aadhar. The UIADI program has been extremely beneficial to provide social security benefits like direct transfer of subsidies. It is also helpful in internal security measures but the problem was that the data was vulnerable to companies or anti-social elements, therefore, an independent regulatory body was required to look after data security.