The government has the authority to relax conditions on local storage of data based on the criticality of information, said former Supreme Court Judge BN Srikrishna.
This comes in the backdrop of the Justice Srikrishna Committee report on Personal Data Protection, which has recommended that every data fiduciary should store one live, serving copy of personal data in India.
This, in industry parlance, is called data localisation, which businesses believe would impose additional costs. “The government has the authority to relax conditions based on the criticality of information and the situation,” Srikrishna told BusinessLine through email. He added that the government may alter the settings as things progress.
Data Protection Bill
On July 27, the Srikrishna committee released a draft Bill setting the framework for India’s first comprehensive law on privacy and data protection. The Committee’s recommendations came almost a year after the Supreme Court recognised privacy as a fundamental right guaranteed by the Constitution. These recommendations will be discussed before the Bill is moved in Parliament.
These recommendations have the potential to reshape the users, the industry and the government deal with data. The Committee has recommended setting up a Data Protection Authority (DPA) which will be responsible for monitoring, enforcement, standard setting, awareness creation and grievance handling.
But it is the data localisation part that has rattled the industry. Industry body Nasscom along with the Data Security Council of India (DSCI) pointed out that mandating localisation of all personal data, as proposed in the draft Bill, can become a trade barrier in key markets.
Srikrishna is of the view that the country needs to take the middle path, thereby balancing interests of both the people and businesses. Globally, a debate has been raging on use of people’s data by companies such as Google, Facebook, and Amazon, without clearly stating the purpose. In India, too, there have been widespread debates around Aadhaar and the fact that information can be hacked.
“When this collision happens, rights of the citizen must always prevail as it is for the sake of a citizen that business exists and not the other way,” said Srikrishna. He also said that no business or industry can ever be totally free of monitoring. In any new legislation, there are concerns as to how it affects any section of society but as people get used to the new legislation, such fears subside.
Nasscom-DSCI, however, pointed out that policies that govern data protection, storage and classification need to be carefully crafted given the global footprint of the IT-BPM sector. Service providers in India process financial, healthcare and other data from all over the globe. India is also the destination for R&D, product development, analytics and shared services, they said in a statement.
Comments
Comments have to be in English, and in full sentences. They cannot be abusive or personal. Please abide by our community guidelines for posting your comments.
We have migrated to a new commenting platform. If you are already a registered user of TheHindu Businessline and logged in, you may continue to engage with our articles. If you do not have an account please register and login to post comments. Users can access their older comments by logging into their accounts on Vuukle.