Science & Technology

BN Krishna Committee Submits Data Protection Framework Report

News World India | 0
| July 27 , 2018 , 23:08 IST

A committee headed by retired Judge BN Srikrishna submitted a report on data protection framework to the government on Friday. The committee handed over its report to Information and Technology Minister Ravi Shankar Prasad.

The report comprises recommendations, including on what personal data is, the consent requirements for using such data, and the penalties for misuse of personal data.

While addressing the media, Ravi Shankar Prasad said, “It is a monumental law and we would be like to have widest parliamentary consultation… We want Indian data protection law to become a model globally, blending security, privacy, safety, and innovation.”

Earlier in August last year, the government had set up a committee under the chairmanship of retired Supreme Court judge BN Srikrishna.

The law will have jurisdiction over the processing of personal data if such data has been used, shared, disclosed, collected or otherwise processed in India.

According to the report, “Sensitive personal data will include passwords, financial data, health data, official identifier, sex life, sexual orientation, biometric and genetic data, and data that reveals transgender status, intersex status, caste, tribe, religious or political beliefs or affiliations of an individual. However, the DPA will be given the residuary power to notify further categories in accordance with the criteria set by law. “

Some Other Recommendations of the Committee

  • Personal data collected, used, shared, disclosed or processed by companies incorporated under Indian law will be covered, irrespective of where it is actually processed in India.
  • The data protection law may empower the Central Government to exempt such companies which only process the personal data of foreign nationals not present in India.
  • The data protection law will set up a DPA which will be an independent regulatory body responsible for the enforcement and effective implementation of the law.
  • The Central Government shall establish a tribunal or grant powers to an existing appellate tribunal to hear and dispose of any appeal against an order of the DPA.
  • Penalties may be imposed for violations of the data protection law. The penalties imposed would be an amount up to the fixed upper limit or a percentage of the total worldwide turnover of the preceding financial year, whichever is higher.
  • Cross-border data transfers of personal data, other than vital personal data, will be through model contract clauses containing key obligations with the transferor being liable for harms caused to the principal due to any violations committed by the transferee.
  • Personal data determined to be critical will be a subject to the requirement to process only in India.