Srikrishna Panel Report On Data Protection Likely To Be Submitted By August
The high-level panel crafting the data protection framework for India is expected to submit its report to the government by the first week of August, and could prompt amendments to a slew of existing legislations like Aadhaar and RTI.
The panel headed by retired Justice BN Srikrishna met for the final time today to discuss various aspects, including contentious ones like data localisation, classification of sensitive personal data and the telecom regulator TRAI's recent recommendations on data privacy and ownership.
Emerging from the two-and-a-half hour meeting, Justice Srikrishna declined to comment on the deliberations held at the closed-door meeting.
One of the members of the panel said the data protection framework will prompt amendments to nearly 70 legislations. The amendments will be needed as existing legislations will have to brought under the new data protection law, the member explained.
The experts committee formed under Justice Srikrishna, a former Supreme Court judge, had previously noted that both public and private sectors are collecting and using personal data on an unprecedented scale and for various purposes.
It had also said that while the data can be put to beneficial use, the unregulated and arbitrary use, especially that of personal data, has raised concerns about privacy and autonomy of an individual.
Two of the members present at the meeting today said the panel hopes to submit its report to the government by the first week of August, after which it could be placed in the public domain for comments.
It is learnt that there were dissenting voices within the panel on aspects like data localisation, categorisation of financial data as sensitive personal data and treating some violations as criminal offences.
One of the members cited above also said the Telecom Regulatory Authority of India recommendations on data ownership, security and privacy, issued last week, also figured in the discussions today.
The recommendations of TRAI were largely seen in line with the draft being worked on by the panel, they added.
TRAI has recommended regulation of all digital entities handling consumer data, and emphasised that users are the primary owners of their data. TRAI has termed entities controlling and processing user data as "mere custodians".
TRAI has argued that firms collecting user data do not have a right over it, and asserted that consumers' consent is a must for obtaining it.
Describing the existing data protection framework as inadequate, TRAI has said that the government must notify policy framework to regulate devices, operating systems, browsers and applications. It had also suggested that users be granted the right to choice, consent and, equally importantly, to be forgotten, to safeguard privacy.