Everything You need to know about Justice Srikrishna Report On Data Protection - Indian GDPR
On Friday, the Government released Justice BN Srikrishna Committee of Experts Report on Data Protection as well as a Personal Data Protection Bill, 2018.
The report is titled, “A Free and Fair Digital Economy – Protecting Privacy, Empowering Indians”
The 10-member committee was set up in July 2017 to recommend a framework for securing personal data in the digital world as below:
The report is titled, “A Free and Fair Digital Economy – Protecting Privacy, Empowering Indians”
The 10-member committee was set up in July 2017 to recommend a framework for securing personal data in the digital world as below:
- The committee focusses on measures to be taken when it comes to protecting the personal information of Indian citizens, the role and duties of data processors, and the rights of individuals.
- The report also talks about the penalties that should be imposed for violation of these data protection measures. So, this is the Indian government attempt at implementing data protection law similar to European GDPR.
- “The right to privacy is a fundamental right and it is necessary to protect personal data as an essential facet of informational privacy. Protect the autonomy of individuals in relation with their personal data, to specify where the flow and usage of personal data are appropriate, to create a relationship of trust between persons and entities processing their personal data…”
- ‘Data principal’ which means the individual or the person providing their data, has the “right to restrict or prevent continuing disclosure.” This means they will be able to restrict or prevent any display of their personal data once the purpose of disclosing the data has ended, or when the data principal withdraws consent from disclosure of their personal data.
- The right to confirm what information is being held or disclosed about them, and to get this corrected if necessary.
- The Bill also calls for privacy by design on part of data processors.
- Personal data will need to be stored on servers located within India, and transfers outside the country will need to be subject to safeguards. Critical personal data, however, will only be processed in India.
- “Sensitive” personal data (such as passwords, financial data, sexual orientation, biometric data, religion or caste) should not be processed unless someone gives explicit consent.
- The Aadhaar Act too needs to be amended to bolster data protection.
The report, however, focuses more on personal data stored online but soon may also cover the user data for ads.
Leave a Comment