A 10-MEMBER committee headed by Justice B N Srikrishna, meant to suggest a framework to ensure the protection of digital data, including a draft law on data privacy, is set to submit its report to the government on June 18. Set up under the aegis of the Ministry of Electronics and Information Technology in August 2017, the committee has held four rounds of public consultations.
The law, which the government has indicated would be framed shortly after the committee submits its report, has been a significant crux of the Centre’s argument in the Aadhaar case. The Centre has held that the committee will safeguard privacy issues arising from Aadhaar, which the Centre seeks to make mandatory. A Constitution Bench of the Supreme Court has finished hearings on the matter and an order is expected after the summer vacation.
The Data Protection Framework Committee came out with a white paper on November 27, 2017 and set out seven principles, which it said would underpin the architecture to secure data.
The principles include: a flexible law to take into account changing technologies; the law must apply to both government and private sector entities; consent should be genuine, informed, and meaningful; processing of data should be minimal, and only for the purpose for which it is sought; entities controlling the data should be accountable for any data processing; enforcement of the data protection framework should be by a high-powered statutory authority; and penalties should be adequate to discourage any wrongful acts.
Last week, citizens, including those who argued for privacy as a fundamental right, made a Citizen’s Privacy Code public, under an initiative termed ‘Save Our Privacy’. The citizen’s draft code makes wide-ranging recommendations, including penalties, a privacy commission and a perspective of how citizens’ consent must be sought, how it must be interpreted, and unauthorised surveillance be penalised.