The Justice Srikrishna committee recently submitted it's report on data protection law. Justice Srikrishna said data privacy is a burning issue and there are three parts to the triangle.The citizens rights have to be protected, the responsibilities of the states have to be defined but the data protection can't be at the cost of trade and industry.
Important recommendations include :
1.The creation of Data Protection Authority of India (DPA). It will be an independent regultory body responsible for the enforcement and effective implementation of the data protection law.
2.Either create an appellate tribunal or grant powers to an existing tribunal to hear and dispose of any appeal against the order of DPA.
3.Personal data shall be processed only for purpose that are clear , specific and lawful.
4.Consent will be a lawful basis for processing of personal data. Individuals will have the right to withdraw consent.
5.All firms and agencies will have to appoint data protection officers. Firms will have to ensure atleast one copy of pesonal data to be stored in India.
6.Critical personal data shall only be processed in a server or data centre located in India.
7.Existing Acts such as Right to Information, Aadhaar and Information Technology will have to be amended to bolster data protection.
8.Penalties may be imposed for violations of the data protection law. Penalties range from 2-4% of a company's worlwide turnover or fines between Rs 5 crore and Rs 15 crore, whichever is higher.
9.Creation of data protection fund and data protection awareness fund through proceeds from the penalties and the fines.
10.The state can process data without consent of the user on ground of public welfare, law and order, emergency situations where the individual is incapable of providing consent. The law will cover processing of personal data by both public and private entities.