The Justice BN Srikrishna committee has submitted its report on data protection to IT Minister Ravi Shankar Prasad. Titled, “A Free and Fair Digital Economy – Protecting Privacy, Empowering Indians”, the report was submitted during a press event at the IT Ministry, along with a draft Data Protection Bill.
Amba Kak, India Policy Advisor, Mozilla, pointed out the loopholes in the draft bill and raises the key concern of a public consultation process, something the Committee had received criticism for.
“This bill provides a strong foundation of protection for Indians’ privacy, but it is not without loopholes – in particular, the requirement to store a copy of all personal data within India, creating broad permissions for government use of data, and the independence of the regulator’s adjudicatory authority. We welcome the Government’s commitment to a public consultation process, which we hope will rectify the cracks in this foundation.”
Possible Privacy Violations ?
Chinmayi Arun, law professor at National Law University, New Delhi, flagged possible violations of privacy within the provisions of the draft bill. She highlighted six such sections that raise serious questions about data privacy.
Concerns About Surveillance
Smriti Parsheera, Consultant, National Institute of Public Finance & Policy, weighed in on non-consensual processing of data and issues concerning lawful interception.
She said, “The report contains a chapter on non-consensual processing of data, under which they include exemptions like "security of the state" and prevention, investigation and prosecution of offences. The draft bill says that these exemptions would apply only if the access to personal data is done in accordance with the procedure established by law, and is necessary and proportionate for achieving such interests.
“Essentially, it incorporates the tests given by the judges in the Puttaswamy case to govern any surveillance related activities, which was expected.
“The more notable thing is that the Committee has spoken at length about the need for the Government to expeditiously bring in a law for the oversight of intelligence gathering agencies in the country.
“They have cited work done by the Technology Policy team at NIPFP in their recommendations on ex ante access controls (prior judicial approval), ex post accountability (review by a Parliamentary committee) and adoption of risk-management techniques.
“It would have been ideal if the Committee had gone a step further in terms of suggesting specific amendments to the Telegraph Act and the IT Act, existing laws that govern lawful interception practices. Nevertheless, this is the beginning of an important conversation, without which any data protection framework would not be complete.”
A Failure to Protect Data ?
Medianama founder Nikhil Pahwa has been most scathing in his criticism of the draft bill. He questioned issues of data ownership, control – issues that have been discussed extensively in the run up to the bill. Pahwa also raised concerns regarding the core issue of consent and notice that lie at the heart of a strong data protection code.
Does it Match up to the Model Data Protection Code?
The Internet Freedom Foundation, which has spearheaded the #SaveOurPrivacy campaign and published the model Indian Privacy Code, 2018, provided context to the draft bill ahead of its release. It summed up the responsibilities of the Committee and what the key concerns were.