The Leaflet

| @theleaflet_in | July 30,2018

The Justice Srikrishna Committee submitted its much awaited report on data protection to IT Minister Ravi Shankar Prasad. The 213-page report titled “A Free and Fair Digital Economy – Protecting Privacy, Empowering Indians” was accompanied by a Data Protection Bill, and will now be reviewed by the IT Ministry before being forwarded to the Prime Minister.

Though the ten-member committee recognised various amendments to the Aadhaar Act in order to bring it line with the fundamental right of privacy as elucidated upon by the Puttaswamy verdict, it did not address concerns beyond those which purely pertain to data protection.

Below are a few comments based upon an initial perusal of the Committee’s submissions from Prasanna Srinivasan, a lawyer who specialises in tech laws.

  1. In light of the Aadhaar Act and the entire Aadhaar programme being challenged at the Supreme Court, and the Court’s subsequent reservation of its judgment, the suggested recommendations to the Act by the Report was an avoidable exercise.
  2. The exemptions granted to the government and its functionaries under the Act’s various provisions are counter intuitive to the principle of the Government acting akin to a fiduciary or as a model data controller.
  3. When compared to the global standard of best practices, the provisions on data breach notifications appear to be incomprehensive.
  4. The necessity to establish the likelihood of harm, as well as the Unique Identification Authority of India (UIDAI) being given the mandate to decide whether the person whose data has been breached or the Data Principal is to be informed to not, is completely at variance with the premise of data protection obligations being directly related to the rights of the Data Principal.
  5. Provisions that permit personal data processing without express consent are clearly overbroad in comparison to comparable frameworks such as General Data Protection Regulation (GDPR) brought forth by the European Union (EU).
  6. The non requirement of necessity and proportionality with respect to personal data processing by the State prima facie seems regressive and violative of the tests laid down by the Puttaswamy verdict.
  7. A number of provisions of the Act possess no strict guarantees, hence rendering the Right to Privacy realisable only upon litigation.
  8. Vague terminology such as “reasonable”, “reasonably”, “practicably”, and “practicable” appear no less than 41 times in the proposed legislature, inviting criticism on the grounds of its framing being overbroad.

Upon a basic textual perusal, the Committee’s submissions should undergo the necessary pre-legislative consultative process as per the 2014 Pre-legislative Consultation Policy. This would be followed by the standard review by the Union Cabinet and both houses of Parliament, where it may be subject to further scrutiny by departmental standing committees or a specially constituted select committee.

Leave a Reply

avatar
  Subscribe  
Notify of

Also Read

After #MeToo, beyond POSH

November 13,2018

Who was Justice Holmes?

October 23,2018

In pursuit of justice

October 9,2018

Humanity deported

October 6,2018

A liberal court

October 3,2018

Ambedkar's feminism

September 18,2018

Azadi for LGBTQI communities

September 8,2018

Mother like no other

September 7,2018

Why Article 35A matters

August 15,2018

Challenges beyond 377

August 13,2018

A positive beginning

August 10,2018

WSS condemn transphobia

August 6,2018

Blame it on Collegium

August 5,2018

Scroll Up