BN Srikrishna committee

BN Srikrishna Committee

Tittle – a free and fair digital economy protecting privacy, empowering Indians 

Introduction: 

 A Committee on data protection, this committee was constituted by the union government {the union ministry of electronics and information technology (MEITY)} to make data protection framework the report has emphasized that interest of the citizen and the responsibilities of the state have to be protected but not at the cost of trade and industry 

Members in committee :

There were 10 Members in the committee

Report was submitted to IT Minister Ravi Shankar prasad.

Recommendations given by the committee :

1. Processing and collection of personal data
2. Right to be forgotten 
3. Right to confirm 
4. Data localization 
5. Processing of sensitive personal data to require explicit consent 
6. This committee suggested amendment in more than 50 acts 

Two of are :

1. RTI act amendment 

2. Aadhar act amendment 

This committee also suggested to establish ‘Data protection authority’ 

                RECOMMENDATIONS BY THE COMMITTEE 

1. Processing and collection of personal data – only the particular data which is necessary for such processing is to be collected (if it is necessary for any function) this was criticized as personal data can be misused (data of license and Aadhar etc.)

2. Right to be forgotten – the committee recommended the right to be forgotten (that once the purpose is over one can be able to restrict or prevent any display of his data)

  This also provides the ‘right to confirm’.

    One can ask the entity about the data which was taken from him has been destroyed or not if the purpose of such is completed 

3. Data localization – the personal data will need to be stored on servers located within India and transfer of data outside the country will need to be subject to safeguard.  

   Critical personal data, however will only be processed in India.

4. Processing of sensitive personal data to require explicit consent- committee recommends that the sensitive personal data such as: -passwords, biometric data, religion or caste etc. should not be processed unless someone gives explicit consent – which factors in the purpose of processing

This committee recommended amendments to more than 50 acts two of the important were RTI act amendment, Aadhar act amendment 

1. RTI act amendment – the old 8 (1)(j) said there would be no obligation to reveal personal information to reveal personal information which was not related to public or would be an invasion of privacy 

          The new 8 (1)(j) pertain to the disclosure of personal information in the larger public interest  

       The new 8 (1)(j) looks at a ‘balancing act’ between the public interest in accessing the information on one hand, and the harm that could be caused to the data principal on the other

2. Aadhar act amendment 

Has suggested recommendation to the Aadhaar act 2016 

To ensure autonomy of the UIDAI and ‘bolster data protection’ these include offline verification of Aadhaar number and new civil and criminal penalties (though the ability to file complaints will remain with the UIDAI alone)  

 This committee also recommended to establish a ‘Data protection authority’

• Committee envisaged it as an Independent regulatory body and will be responsible for the enforcement for and effective implementing of the law

• Authority will be governed by 6 whole time and a chairperson appointed by the union government on the recommendation of a selection committee 

Selection committee it shall consist of chief justice of India or his nominee (who is a judge of the supreme court of India), the cabinet secretary of government of India and one expert who has special knowledge and professional experience in areas related to data protection information  technology data management data science , cyber and internet laws and culture subject the report said

• Members of data protection authority they should have special knowledge of such and should have professional experience of not less than 10 years in areas related to data protection information technology, data management data science, cyber and internet laws and related subjects 

• Term of DPA (data protection authority member) five-year term subject to suitable retirement age and their salaries will be prescribed by the central government 

• DPA will have four departments and related function 

 

1. Monitoring and enforcement; legal affairs

2.  Policy and standard setting 

3. Research and awareness 

4. Inquires grievance handling and adjudication 

The DPA will be setting the code of practice, conducting inquires and issuing `warning and injunctions.

New recommendations made by the committee: –

1- Defined non-personal data in three categories : 

1. 1. public non-personal data

   2. Community non-personal data

   3. Private non-personal data 

     

2- Create a new category of business named Data business in which the industry sector collecting data crosses the threshold level of data will be categorised under this.

3- Data business will be applicable on commercial sector, government sector and non-government organisations

4- It defined the “Sensitivity of non-personal data” as data might not be sensitive in one case but could be sensitive for national security

5- It also suggested for a separate regulator called “non-personal data authority” to oversee issues related to non personal data

The new recommendation also empower the government to exempt any agency from having the data based on sovereignty and integrity of India

 

Source-

1- https://meity.gov.in › 

Report – MeitY

2- The Quint

3- Economic Times

–Deoshish Attri