The data protection bill (DPB), which will be placed before Parliament in the current Winter session, will have a proper balancing of privacy and protection, said the minister for electronics and information technology Ravi Shankar Prasad.
Calling DPB a work in progress, he said that the bill would be brought to parliament very soon and that it would be a robust law.
“I want to say that we had the widest consultation possible including from eminent people from all over the country. When we come to you, you will surely feel that India’s data protection law is of a robust nature,” Prasad said during a discussion in Rajya Sabha on Thursday (November 28).
Earlier, MeitY minister of state Sanjay Dhotre informed the Lok Sabha in a written response the DPB would categorise personal data into three categories: personal data, sensitive personal data, and critical personal data. The proposal is in line with the recommendations made by the Justice BN Srikrishna Committee.
During the Rajya Sabha discussion, Prasad also spoke about how the government shall be very firm. While it doesn’t want to breach the encryption of messages, as far as any specific case of a serious breach of law and order leading to mayhem and violence is concerned, the social media platforms might be asked to share the origin of that message.
Prasad quoted the Supreme Court’s earlier statements, “The Supreme Court has also stated that a terrorist has no right to privacy; and the Supreme Court in the same judgment has also stated that a corrupt person has no right to privacy.”
According to a recent study by research firm Compritech, India fails to maintain data privacy. India is among the world’s top three surveillance states, said the report. The survey ranked countries based on constitutional protections, statutory protection, privacy enforcement, biometrics, data sharing and the government’s access to data among other things.
The Data Protection Bill (DPB) was proposed to the government of India in July 2018 by a nine-member expert committee headed by Justice BN Srikrishna.
According to the draft proposal, hefty penalties on entities that violate the privacy of users will be imposed. It also added that failure to take prompt action on a data security breach can lead to a penalty of up to INR 5 Cr or 2% of turnover, whichever is higher.
The DPB will also include data localisation and the government has been working on the same. The data localisation norms will prevent any global companies to make a data bank outside India, further ensuring that its citizens remain immune in case of any global data breach.
The government has been consulting experts for the proposed bill. It has also set up a committee headed by Infosys cofounder S Gopalakrishnan to decide how to regulate non-personal data. Ecommerce platforms including Amazon, Flipkart and others like Ola and Uber have also been reportedly approached to seek views on data regulation.