The government has released a white paper looking into the scope of a data protection law, and opened
up for public discussion till December 31, issues pertaining to its ambit, what constitutes personal data,
what is sensitive data, and the international applicability of such a law
BN Krishna Committee
- The B.N. Srikrishna committee, set up under the Ministry of Electronics and Information Technology, in the white paper recommended that the law be applicable to all processing of personal data that takes place within India or by an entity that has a presence in India
- Personal data: According to the committee, personal data “ought to include any kind of information including opinions or assessments irrespective of their accuracy.”
Mandate of the committee
- The government led ten-member committee will “identify key data protection issues in India and recommend methods of addressing them
- It will further make specific suggestions for consideration of the Central Government on principles to be considered for data protection in India and suggest a draft data protection bill
Sweeping jurisdiction: Within India & abroad
the paper noted that it may be necessary to make the law applicable to all kinds of processing that the government may have a “legitimate interest in regulating” even though it may not be entirely based in India or may be carried out by non-Indian entities that do not have a presence in India
Committee against it
The committee set limits on this extended jurisdiction, though, saying that the law should not be so wide as to constitute an unnecessary interference with the jurisdiction of other countries or have the effect of making it a general law of the Internet
Why, a separate data protection law when IT Act already exists?
Even though the Information Technology Act contains certain provisions about data protection and handling, experts are of the opinion that India needs a fresh data protection law with the increased digitisation led by Aadhaar, the Goods and Service Tax and the push towards a digital economy
- IT Act may also be inadequate to deal with the current requirements since it was drafted almost 17 years ago in 2000 and was amended last in 2008.