The Ministry of Electronics and IT has confirmed to The Quint that it has reached out to select stakeholders to seek “clarification” on the comments received on the draft Data Protection Bill.
An expert Committee headed by Justice (retd) BN Srikrishna had submitted its report, along with a draft personal Data Protection Bill, to Electronics and IT Minister Ravi Shankar Prasad on 27 July 2018.
S Gopalakrishnan, Joint Secretary, MeitY, told The Quint that the Ministry had received over 600 comments from individuals and organisations on the draft Bill in October 2018. However, they are reaching out only to “about 10 to 15” for further clarification.
Two sets of consultations were held with respect to the draft Data Protection Bill. The first was in November 2017, when the Srikrishna Committee had released its white paper and the second was conducted by the Electronics and IT Ministry (MeitY) itself when it had solicited public comments from 14 August-10 October 2018.
S Gopalakrishnan has made clear that this isn’t a fresh round of consultation.
“No, it’s not a consultation. It is like some more clarification, that’s all. This is based on what they’ve given us. We have got feedback from 600 people and we wanted some more clarifications and we want some guys to clarify, that’s all.”S Gopalakrishnan, Joint Secretary, Ministry of Electronics and IT
India is among the handful of democracies across the globe without a data protection and privacy law. A year has passed since the draft Bill was submitted and it is yet to be tabled in the Parliament.
What Clarification are They Seeking?
Gopalakrishnan didn’t elucidate the details of the clarifications sought and said, “At this stage, we are only presenting the feedback, we had some doubts on the feedback, we are collecting it, that’s all.”
However, in a report, Medianama states that data localisation and e-commerce feature among the questions on which clarifications are sought. Some questions claimed to be put up to stakeholders are:
- The draft Bill proposes all personal data needs to be stored in India, whereas
a significant amount of the feedback received suggests that restriction on
cross-border flow of data may be limited to sensitive or critical personal data. Do you feel it is necessary to mandate storage of all types of personal data in India? - The role, scope, power and authority of the regulator proposed – Data Protection
Authority of India (DPA). - What can be the contours of a policy that should govern non-personal data, such as community data, anonymised data, e-commerce data etc?
“No, whatever was part of the report or the draft Bill, we are asking. Nothing else.”S Gopalakrishnan, Joint Secretary, Ministry of Electronics and IT
Bill’s Data Localisation Requirement Under Scanner?
A specific section of the draft Bill mandating data localisation has been a bone of contention.
According to the draft Bill, personal data will need to be stored on servers located within India, and transfers outside the country will need to be subjected to safeguards. Critical personal data, however, will only be processed in India.
When asked if data localisation is being re-examined by the Ministry, Gopalakrishnan replied, “No, not at this stage. It may re-looked at by Parliament or cabinet.”
Interestingly, a policy recommendation by an inter-ministerial committee on virtual currencies – headed by former Finance Secretary Garg – cautions that the adoption and the benefits of blockchain to Indian businesses and consumers can be ‘inhibited’ by data localisation.
“We have no clue about this,” the Joint Secretary replied when asked if this report has been considered by the Ministry. The joint secretary’s response comes as a surprise, given that the Secretary of IT Ministry, Ajay Prakash Sawney, was part of the four-member Committee which recommended a watering-down of the data protection requirements.
A Bill Shrouded in Secrecy
The draft Data Protection Bill has received sharp criticism, not only for provisions like data localisation but also for the Ministry’s lack of transparency on it.
Very little is known about the Committee’s workings and the submissions made by the public to the Committee and the Ministry on the draft Bill.
The workings of the ten-member Srikrishna Committee have been shrouded in secrecy since its formation on 31 July 2017. Dozens of RTIs seeking information on its formation, meetings and public consultations have been consistently denied.
On 25 July 2019, in a reply to Rajya Sabha MP Rajeev Gowda, IT Minister Ravi Shankar Prasad said that, “The submissions made to the Committee by any entity are confidential and meant for examination by the Committee.”
(At The Quint, we are answerable only to our audience. Play an active role in shaping our journalism by becoming a member. Because the truth is worth it.)