The government has asked for public comments on a white paper about developing a “data protection framework for India”, before a committee of experts begins consultations on the subject.
Neha Alawadhi
The government has asked for public comments on a white paper about developing a “data protection framework for India”, before a committee of experts begins consultations on the subject.
In August, the Ministry of Electronics and IT (MeitY) had taken the first steps towards drafting a data protection bill, by constituting a committee of ten experts, which is headed by former Supreme Court Judge BN Srikrishna.
“A White Paper has been drafted to solicit public comments on what shape a data protection law must take. The White Paper outlines the issues that a majority of the members of the Committee feel require incorporation in a law, relevant experiences from other countries and concerns regarding their incorporation, certain provisional views based on an evaluation of the issues vis-à-vis the objectives of the exercise, and specific questions for the public. On the basis of the responses received, the Committee will conduct public consultations with citizens and stakeholders shortly to hear all voices that wish and need to be heard on this subject,” said MeitY in a post on its website.
The deadline for submission of comments on the white paper is December 31.
The white paper details issues such as the need for data protection in an increasingly digital India, and the possible approaches that can be looked at.
It also discusses issues concerning the contentious data collection issues around India’s biometric identity document- Aadhaar.
“Despite its attempt to incorporate various data protection principles, Aadhaar has come under considerable public criticism,” the white paper notes. “First, though seemingly voluntary, possession of Aadhaar has become mandatory in practice, and has been viewed by many as coercive collection of personal data by the State. Concerns have also been raised vis-a-vis the provision on Aadhaar based authentication which permits collection information about an individual every time an authentication request is made to the UIDAI.”
The paper acknowledges that despite an obligation to adopt adequate security safeguards, “no database is 100 percent secure”, and proposes to study the “interplay between any proposed data protection framework and the existing Aadhaar framework”.
It also discusses whether wide exemptions can be made to the data protection norms in the interest of national security.
The white paper has asked for responses on specific issues of the territorial scope and application of a data protection law in India, ensuring effective compliance by foreign entities when adverse orders are issued against them, applicability and responsibility of individuals and corporate sector, personal data protection, retrospective protection to individuals under the proposed law.
It also seeks to define personal data, sensitive personal data, what processing of data collected by different entities mean, defining consent, child’s consent, and limiting data storage and so on.
A comprehensive legislation on data protection in the digital world has been a crying need in India for the past few years. With more and more dependence on electronic and digital systems, including the inter linkages to Aadhaar, it is pertinent that India come up with laws that will oversee and penalise the storage and misuse of data.
Also, in view of the massive data breaches and misuse that affect Indian and global organisations alike, a data protection in important.