Flat 70% Discount On Pendrive / Android Courses, Valid Till 29th Feb'20 Call On : 9354229384, 9315859773, 9354252518, 9999830584

Current Affairs

Data localisation

Date: 05 October 2019 Tags: Bills & Laws

Issue

The Indian government is planning to introduce a law to compulsorily force firms to store sensitive data in India.

 

Background

A committee headed Justice B N Srikrishna had submitted a draft legislation for data protection in India. Eventhough the government recognises the importance of free data flow, it has made it clear that “super-sensitive data” would have to reside in India.

 

Details

  • The government is yet to decide the criteria for classifying data as “super-sensitive” and is waiting for the final bill to take shape.

  • The IT ministry last month constituted a committee to look at ways to regulate non-personal category of data that includes community data and anonymised data.

  • Non-personal data was kept out of the purview of the personal data protection bill that the Srikrishna panel recommended.

  • Large data is usually held by large commercial entities like cab-aggregators, e-commerce companies, etc that use the community data generated on their platforms to improve their services.

  • Large scale anonymised datasets are also being provided to government bodies and departments by large internet companies to assist in policymaking.

  • The government intends to bring a law that respects private data of individuals but makes use of non-personal data to formulate better policies and services.

 

Srikrishna committee on Data protection

The ten-member committee headed by Justice B.N Srikrishna, was tasked with studying and identifying key data protection issues and recommend methods for addressing them.

 

Highlights

  • The Committee has recommended setting up a Data Protection Authority which is supposed to “protect the interests of data principals”

  • The Committee recommends that “sensitive” personal data (such as passwords, sexual orientation, biometric data etc) should not be processed unless someone gives explicit consent.

  • Personal data will need to be stored on servers located within India, and transfers outside the country will need to be subject to safeguards.

  • The committee recommends giving “data principals” (persons whose personal data is being processed) the ‘right to be forgotten’.This means they will be able to restrict or prevent any display of their personal data once the purpose of disclosing the data has ended.

  • The committee suggests that the personal data may be processed by the government if this is considered necessary for any function of Parliament or State Legislature. 

  • The committee recommends that processing (collection, recording, analysis, disclosure, etc) of personal data should be done only for clear, specific and lawful purposes.

  • The Committee recommends the amendment amend section 8(1)(j) of the RTI Act that pertains to the disclosure of personal information in the larger public interest.

  • The Committee has suggested recommendations to the Aadhaar Act 2016 to ensure autonomy of the UIDAI and bolster data protection.