The draft of the critical Data Protection Bill 2018 was submitted by the Justice B.N. Srikrishna-headed expert panel to the Union IT Ministry on Friday, proposing plans for government on how to protect personal data of every Indian citizen.
After over a year of consultation over data privacy and protection, the draft of Data Protection Bill reaches the final leg for approval, affirming the beginning of a solid foundation for protection of personal information. In the draft bill that is a sprawling 200-pages long documentation, the Srikrishna-led expert panel has presented a data protection framework, rights of Indian citizens as well as the core purpose of the proposal with reasons. The draft bill basically provides recommendations to the government about how to secure data of its citizen.
At the core, the Data Protection Bill draft suggests that all critical personal data of Indian citizens should be processed within the country. Also, considering the fundamental right to privacy, the draft suggests that explicit consent of individuals must be taken to collect sensitive personal information including religious or political beliefs, sexual orientation and biometric data. To conduct all this, the draft suggests formation of a data authority – the Appellate Tribunal and enforcement of the Act that covers punishment provisions for offenders. The bill also includes provisions of awarding penalties for violations by ‘data fiduciaries’ while defining personal data to be a fundamental right that is to be protected in all cases.
In a nutshell, the draft submitted by Srikrishna focuses on guidelines for government over data security but it has little to say about citizens and there is no mentioning of the users being the owners of their data. The good part of the proposed Data Protection Bill is that it is quite strict on how companies and government will be treated if they do not follow the data protection laws and framework; and the best part is that if any entity is found breaching the laws, the “head of the department or authority shall be deemed to be guilty of the offence and shall be liable to be proceeded against and punished accordingly” – ensuring that lower-level officers aren’t victimised.
However, the ugly side of the draft is – pitfalls in recommendations made for localisation of data storage, for which, the bill mandates the government and companies to “store a copy of data of Indian citizens”. This means, other copies of data can still be sent to other countries and giving out loop-holes to localisation of data storage – that can lead to information spreading beyond Indian borders and being spied/used by foreign entities. Also, the bill mentions nothing about individuals being the owners of their data. Perhaps, the draft will be closely looked into by the Parliament before making it an Act. The good part is, it surely is a solid foundation laid to protect data, which is becoming “burning” global issue and every effort must be made to protect data at ANY COST. Big changes are on the way.