Srikrishna Panel Releases White Paper For Stakeholder Views On Data Protection [Read White Paper]
Justice B.N. Srikrishna Committee on data protection has released a white paper inviting public comments on the shape a data protection law must take. Stakeholders have been asked to send their comments by 31 December, 2017.As per a press release, the paper "outlines the issues that a majority of the members of the Committee feel require incorporation in a law, relevant experiences from...
Justice B.N. Srikrishna Committee on data protection has released a white paper inviting public comments on the shape a data protection law must take. Stakeholders have been asked to send their comments by 31 December, 2017.
As per a press release, the paper "outlines the issues that a majority of the members of the Committee feel require incorporation in a law, relevant experiences from other countries and concerns regarding their incorporation, certain provisional views based on an evaluation of the issues vis-à-vis the objectives of the exercise, and specific questions for the public".
It lays down the following seven principles on which the data protection framework in India must be based:
- Technology agnosticism- The law must be technology agnostic. It must be flexible to take into account changing technologies and standards of compliance.
- Holistic application- The law must apply to both private sector entities and government. Differential obligations may be carved out in the law for certain legitimate state aims.
- Informed consent- Consent is an expression of human autonomy. For such expression to be genuine, it must be informed and meaningful. The law must ensure that consent meets the aforementioned criteria.
- Data minimization- Data that is processed ought to be minimal and necessary for the purposes for which such data is sought and other compatible purposes beneficial for the data subject.
- Controller accountability- The data controller shall be held accountable for any processing of data, whether by itself or entities with whom it may have shared the data for processing.
- Structured enforcement- Enforcement of the data protection framework must be by a high-powered statutory authority with sufficient capacity. This must coexist with appropriately decentralized enforcement mechanisms.
- Deterrent penalties- Penalties on wrongful processing must be adequate to ensure deterrence.
The paper then poses several questions for stakeholders, on issues ranging from definition of "personal data" to enforcement of the legislation.
The comments can be sent to :
Shri Rakesh Maheshwari
Scientist G & Group Co-ordinator, Cyber laws
Ministry of Electronics and Information Technology (MeitY),
Electronics Niketan, 6, CGO Complex,
Lodhi Road, New Delhi- 110003.