New Delhi: The right to privacy is a fundamental right which necessitates protection of personal data as an essential facet of informational privacy, says the draft Personal Data Protection bill, 2018 submitted to the government by a high-level expert group headed by former Supreme Court judge B.N. Srikrishna on Friday.
The much-awaited bill, drafted to establish a consent framework, including provisions for withdrawal of consent and penalty to be imposed for its violation, was submitted to IT minister Ravi Shankar Prasad for the government’s review and has been made public.
Prasad said the government will go through the draft bill and apply its mind, consult stakeholders along with taking Cabinet approval before finalizing legislation. “The entire Parliamentary process will be followed,” he said without setting a timeline for it. The report was earlier expected to be submitted by May.
Also read: Why Indian companies fear data storage norms
The bill meticulously deals with issues such as collection and processing of personal data, consent of individuals, penalties and compensation, code of conduct and an enforcement model.
It proposes setting up of a Data Protection Authority of India (DPA), an independent regulatory body responsible for the enforcement and effective implementation of the law, consisting of a chairperson and six whole-time members. In case of any appeal against an order of the DPA, an appellate tribunal should be established or an existing appellate tribunal should be granted powers to hear and dispose of any appeal, said the expert panel in its report.
“Data protection law will be an over-arching law that will be applicable to all the entities,” said Srikrishna.
The 10-member committee constituted by the government in July last year to study various issues relating to data protection has identified a list of 50 statutes and regulations which have a potential overlap with the data protection framework.
“Concerned ministries may take note of this and ensure appropriate consultation to make complementary amendments where necessary,” said the committee in its report. It has also suggested amendments to the Aadhaar Act to strengthen data protection.
However, Srikrishna said matters related to Aadhaar are still under consideration of the Supreme Court and advised people to wait for the judgment.
Also read: Bit by byte protecting her privacy
The committee which also includes telecom secretary Aruna Sundararajan, Unique Identification Authority of India chief executive Ajay Bhushan Pandey and National Cyber Security coordinator Gulshan Rai, drafted a white paper on data protection framework which was put up for public consultation by the ministry of electronics and information technology on 27 November.
According to the draft bill, personal data collected, used, shared, disclosed or otherwise processed by companies incorporated under Indian law will be covered, irrespective of where it is actually processed in India.
This localization of personal data is likely become a trade barrier in key markets, said a statement from software industry lobby Nasscom Data Security Council of India (DSCI).
“Start-ups from India that are going global may not be able to leverage global cloud platforms and will face similar barriers as they expand in new markets,” it added.
The draft bill is largely based on the white paper which was modified after public comments and consultation with the stakeholders.
“The committee has recommended phased timelines for the adoption of different aspects of the privacy law, making data protection a critical component in India’s security posture rather than a mere compliance prerequisite. Also, the stringent penalties proposed on the misuse of data would create deterrence and also compel organizations to build a controls-led environment while processing or storing personal data,” said Vidur Gupta, partner, government and public sector, EY India.
Catch all the Politics News and Updates on Live Mint. Download The Mint News App to get Daily Market Updates & Live Business News.
MoreLess