CONTACT US

084594-00000

About Us  :  Online Enquiry

Download

BN Srikrishna Committee recommendations

The ministry of electronics and information technology (MEITY) has released a white paper on data protection framework, prepared by a committee of experts headed by justice BN Srikrishna. It has sought public feedback on the paper by December 31, 2017.

The ministry had formed the committee in July to “study various issues relating to data protection in India and make specific suggestions on principles to be considered for data protection and suggest a draft data protection bill”. The objective, the MEITY said, is to “ensure growth of the digital economy while keeping personal data of citizens secure and protected.”
Here are the seven key principles proposed in the 243-page white paper on data protection:
1. Technology agnostic: The data protection law must take into account the continuous change in technology and standards of compliance.
2. Holistic application: The law must cover both the private sector and the government sector. The committee of experts, however, also talks about “differential obligations” in case of “certain legitimate state aims”.
3. Informed consent: The white paper talks about “informed consent” and not just consent. It says the consent should be “informed and meaningful”. It is not clear what “informed consent” means. Whether it refers to collection of data from users while keeping them informed about the process of data collection or it refers to the usual sense of the word — wherein users’s permission will be sought first and they will have the right to opt out.
4.  Data minimisation: The data collected or being processes should be minimal — only that data which is necessary for the purpose for which it is being sought. However, the white paper also adds, the data will also be collected for “..and other compatible purposes beneficial for the data subject”.
5. Controller accountability: The committee is clear on fixing accountability of data controllers. It says, “The data controller should be held accountable for any processing of data, whether by itself or entities with whom it may have shared the data for processing.”
6. Structured enforcement: The committee proposes to set up “a high-powered statutory authority”, which “must co-exist with appropriately decentralised enforcement mechanisms.”
7. Deterrent penalties: It proposes for “adequate” penalties for “wrongful processing” to ensure deterrence.

Current Affairs 2020

Send this to a friend