After a long wait of a year, finally, a panel chaired by Justice BN Srikrishna has submitted data protection report to the government.
The former Apex Court judge said that the draft bill was prepared through an open process where they consulted stakeholders in the major information technology hubs– Delhi, Mumbai, Bengaluru and Hyderabad in India.
“Although even the ordinary citizen will be affected, the major IT centres are the ones which need to have come under data control or the data protection law,” said Justice Srikrishna handing over the report to union minister for electronics and IT, law and justice, Ravi Shankar Prasad.
This is the first step towards fine-tuning the data law. It is an overreaching law and not limited to Aadhaar, he added.
As the report is pretty long, almost 166-page, Entrackr has made an attempt to see broad recommendations by the committee.
The data protection law will set up a DPA (Data Protection Authority) which will be an independent regulatory body responsible for the enforcement and effective implementation of the law. DPA will be responsible for enforcement, legal affairs, policy and grievances handling, among many things.
It will also have powers to issue warnings, reprimands, ordering data fiduciaries to cease and desist, modify or temporarily suspend businesses or activities of data fiduciaries.
The law will have jurisdiction over the processing of personal data if such data has been used, shared, disclosed, collected or otherwise processed in India.
Additionally, personal data collected, used, shared, disclosed or otherwise processed by companies incorporated under Indian law will be covered, irrespective of where it is actually processed in India.
Penalties may be imposed for violations of the data protection law.
The state can process data without the consent of the user on the ground of public welfare, law and order, emergency situations where the individual is incapable of providing consent, employment, and reasonable purpose.
The Srikrishna committee was formed in July 2017 to form a comprehensive report on data protection. The recommendations are expected to prompt amendments to nearly 70 legislation.
In Nov 2017, a white paper was released, which suggested the need for a framework to help protect India citizens data.