Srikrishna Committee on data protection issued a white paper on 27 November 2017. The nine-member expert committee, headed by former Supreme Court judge Justice BN Srikrishna, was set up on July 31 by the Union government. 




The white paper covers wide range of issues and asks questions related to the protection and ownership of citizens’ data and its use by interested parties.

The white paper lays out seven key principles for a data protection framework:

1. Technology agnosticism- The law must be technology agnostic. It must be flexible to take into account changing technologies and standards of compliance.

2. Holistic application- The law must apply to both private sector entities and government. Differential obligations may be carved out in the law for certain legitimate state aims.

3. Informed consent- Consent is an expression of human autonomy. For such expression to be genuine, it must be informed and meaningful. The law must ensure that consent meets the aforementioned criteria.

4. Data minimisation- Data that is processed ought to be minimal and necessary for the purposes for which such data is sought and other compatible purposes beneficial for the data subject.

5. Controller accountability- The data controller shall be held accountable for any processing of data, whether by itself or entities with whom it may have shared the data for processing.

6. Structured enforcement- Enforcement of the data protection framework must be by a high-powered statutory authority with sufficient capacity. This must coexist with appropriately decentralised enforcement mechanisms.

7. Deterrent penalties- Penalties on wrongful processing must be adequate to ensure deterrence.

The members include 
  • Ajay Bhushan, CEO of the Unique Identification Authority of India; 
  • Ajay Kumar, additional secretary, Ministry of Electronics and Information Technology; 
  • Aruna Sundararajan, secretary of Department of Telecom; 
  • Gulshan Rai, National Cyber Security Coordinator; 
  • Arghya Sengupta, research director, Vidhi Centre for Legal Policy; 
  • Rama Vedashree, CEO of Data Security Council of India, 
  • Rishikesha T. Krishnan, Director of IIM Indore, 
  • Rajat Moona; and director of IIT Raipur.

This is a very well written 243 page document. The paper includes questions to which stakeholders can respond by 31 December 2017, after which the panel will go ahead with drafting the data protection law.

You can submit responses to this whitepaper on below URL or physical address.

https://innovate.mygov.in/data-protection-in-india/

OR

Shri Rakesh Maheshwari
Scientist G & Group Co-ordinator, Cyber laws
Ministry of Electronics and Information Technology (MeitY),
Electronics Niketan, 6, CGO Complex,
Lodhi Road, New Delhi- 110003.

The deadline for submission of responses is 31st December, 2017.

Copy of White Paper on Data Protection is embedded below.


Post A Comment:

0 comments: