India: White Paper for Data Protection released

January 4, 2018

Brief Introduction to “Data Protection” –

Data protection is the process of protecting data and involves the relationship between the collection and dissemination of data and technology, the public perception and expectation of privacy and the political and legal underpinnings surrounding that data. It aims to strike a balance between individual privacy rights while still allowing data to be used for business purposes. Data protection is also known as data privacy or information privacy.[1]

Constitution of Srikrishna Committee –

Recognizing the importance of data protection and keeping personal data of the citizens secure and protected, the Ministry of Electronics and Information Technology (hereinafter referred to as the “Ministry”) on July 31, 2017, constituted a Committee of Experts under the Chairmanship of Justice B.N. Srikrishna, Former Judge, Supreme Court of India and comprising of members from Government, Academia and Industry to study and identify key data protection issues and recommend methods for addressing them. The role of the committee was to suggest a draft Data Protection Bill, which would provide a big boost to the Digital economy of the country.[2]

Introduction of “White Paper [3]” –

The Srikrishna Committee on November 27, 2017, released a white paper as part of its work to prepare a data protection framework

This white paper includes a questionnaire for stakeholders in companies on certain issues. These issues will revolve around topics such as Aadhaar, data collection by corporates, and consent of consumers.

The main purpose for introducing the white paper is to get comments and perspectives on a variety of issues pertaining to data protection and privacy before the government starts the process of drafting legislation for data protection.

This initiative by the Committee gives an opportunity to not just the residents of the country but also corporates, academia as well as think tanks to share their views on how the architecture of the country’s data protection framework should look.

The white paper includes questions on topics such as how much data can app service providers collect and hold, as well as the issue of consent of the consumer in using data. The paper also addresses concerns about how much data should government and private agencies gather and store. The data protection law is going through a tight scrutiny phase wherein it is being continuously monitored. This is to test its implications on both Indian as well as global technology giants.
Seven Principles of the Data Protection Framework
The white paper lays out

seven key principles for a data protection framework –

  • The law must be flexible to take into account changing technologies and standards of compliance
  • The law must apply to both private sector entities and government.
  • The law must ensure that the consent is informed, genuine and meaningful.
  • Data processing should be minimal and only for the purpose for which it is sought
  • The data controller shall be held accountable for any processing of data, whether by itself or entities with whom it may have shared the data for processing
  • Enforcement of the data protection framework must be by a high-powered statutory authority
  • Penalties on wrongful processing must be adequate to ensure deterrence

Conclusion –

This is the first time that India has taken a step towards the implementation of a specific data protection law, which looks at aspects such as data sovereignty, data retention and responsibilities of government, companies as well as individuals while handling third-party data.

With the growing economy and the never-ending entry of new companies and e-commerce businesses in the market, it is definitely the duty of the Government of India to protect the privacy of the citizens and their businesses as well.





For more information please contact us at :