The recommendations of Srikrishna Committee on data privacy bill are strong in intent but there are many challenges ahead.
The Justice BN Srikrishna Committee’s report on data privacy that was submitted to the Government this week is a landmark for three reasons. First, it upheld the right to consent of the citizens in sharing personal data. Second, it provides legal protection to citizens and calls for the formulation of a law on data privacy to meet this end. Third, it seeks to impose strict punishment and fines for those who intentionally and/or unintentionally leak personal information. While the 200-page report will require a lot of reading and explanation, the essential point it makes is that the views of the ten-member Committee are in consonance with the Supreme Court’s order last year which upheld the contention that there is a fundamental right to privacy of every Indian citizen and that the state or private companies cannot interfere with their lives. In fact, the report is if anything even more robust in calling for legislation on the right to privacy and data protection, which is a must in this age of information-sharing. Data is shared within seconds and at every possible opportunity even as the right to privacy suffers. The Srikrishna panel calls for strict auditing to ensure that any violators of privacy are held accountable and do not shift responsibility. In essence, the report seeks to preserve the right of citizens in the sharing of personal information with other individuals and/or organisations, which the panel makes clear cannot and should not be shared without their approval. The committee has made broad classification of what may be considered ‘personal data’ and what is ‘sensitive personal data.’ While the former pertains to any generic details of a person, the latter is the most crucial as it pertains to areas like health, identification of sex, biometric data among others. But there is a flip side too: It gives the state the leeway to process data that it deems to be necessary for its functioning.
While the ramifications of the commission’s report remain to be seen, the proposed legislation makes citizens the supreme commander of their personal data. How to protect the grabbing of information by foreign technology companies, however, remains an issue to be addressed in greater detail. The most significant of all the recommendations was perhaps on Aadhaar which is now under the scrutiny of the apex court on account of a bunch of petitions challenging the validity of Aadhaar itself. The Committee’s recommendations may be crucial in providing inputs to the Court. The views of the panel, perhaps natural given the complexity of the issue itself, are complex. It strives to strike a balance by, on the one hand, calling for ensuring autonomy of the UDAI while on the other the consent-exemption clauses appear to enable the Aadhaar system to function without hitches. The hope is that the Committee’s report will push the legislature and the executive towards guaranteeing data privacy even as technology is used for the benefit of India’s millions. The onus now is on the Government — which must go through the nitty-gritty of the Committee’s report — as also the elected representatives to discuss threadbare the Bill on data privacy and protection before it is passed into law.
Courtesy: The Pioneer