Data Protection Bill Should Be Reviewed Before Making It A Law: Justice BN Srikrishna

Justice BN Srikrishna, who led the personal data protection framework for the country panel and a draft data protection bill in July 2018, has said that he prefers the final version of the bill to be sent to a select committee of Parliament for a review before it becomes law.

The DPB will be placed before Parliament next week. “I would prefer it goes to a select committee,” Justice Srikrishna told ET. “It is too serious and too complicated an issue. It is better to give it to a select committee because what happens there is that they invite knowledgeable people, experts to present evidence and the committee assesses the whole thing,” he added.

Justice Srikrishna also recently said that the Indian government should frame new laws to regulate the monitoring of its citizens by state agencies that may use technology tools. The former Supreme Court judge added, “Data protection has become a buzzword in the country and simultaneously they (government) must ensure that breaches are stopped, security has to be improved.”

The bill is expected to help law enforcement agencies access information of individuals in cases of crime. Reacting to opinions on how this can curb privacy and freedom of expression, he said, “That (surveillance) is happening today without the law. Today, they are twisting your hand. Today, can you say no to Central Bureau of Investigation (CBI) asking for your data?

He added saying tomorrow one can and that if CBI is given an exemption to snoop, such a law will become unconstitutional. “This Act overrides all other laws in the country,” he said.

Earlier minister for electronics and information technology, Ravi Shankar Prasad, spoke about how the government shall be very firm. While it doesn’t want to breach the encryption of messages, for any specific case of a serious breach of law and order provoking violence, the social media platforms might be asked to share the origin of that message.

Prasad said, “The Supreme Court has also stated that a terrorist has no right to privacy; and the Supreme Court in the same judgment has also stated that a corrupt person has no right to privacy.”

Data localisation is also a vast subject covered by the Srikrishna Committee. According to the committee recommendations, critical data should be stored exclusively in India, while one copy of all personal data is required to be stored within the country.

Talking about the importance of data localisation, Justice Srikrishna had reiterated time and again that one copy of all personal data of Indian citizens need to be stored within the country as this will enable “access” in case of law and order situations. Sourcing data from foreign locations through processes like mutual legal assistance reportedly can take a long time, anywhere from 18 months to two years.

This bill, which will determine how global tech giants Amazon, Facebook, Alphabet’s Google and others process, store and transfer Indian consumers’ data, is based on the report of a committee headed by Srikrishna.

Note: We at Inc42 take our ethics very seriously. More information about it can be found here.