NEW DELHI: The much-awaited report on data protection - which would keep in check free processing by data corporate and government entities, and bring them under a jurisdiction of law - was finally submitted by retired justice B N Srikrishna led-committee to IT minister Ravi Shankar Prasad on Friday.
The report, at large, promises that right to data is an important part to one’s individuality and any misconduct by data fiduciaries will be thoroughly dealt with. In a first, it broadly describes the definition of personal data and the importance of consent in processing them.
The report, The Personal Data Protection Bill 2018, carries a number of rights - Right to Confirmation, Right to Correction, Right to Portability and Right to be Forgotten - that give individuals a feeling of ownership on their data. Moreover, setting up of Data Protection Authority to monitor and enforce provisions of the Bill and a fine of up to Rs 5 crore or 2 per cent of the worldwide turnover of the entity found guilty, would make companies such as Facebook and others extra cautious when it comes to playing with one’s data.
The hint given by Srikrishna himself that all kinds of data will be covered under the Act (including the Aadhaar data, the focal point of all discussions) is a compelling move to ensure people that their data will be safeguarded.
However, to feel that your data is fully secure and you have the utmost right over your own privacy is too much to ask in the submitted draft Bill. A number of commentators on the subject said that the Bill needs major changes before it is passed.
Nikhil Pahwa, founder of MediaNama and co-founder of savetheinternet.in, termed the report a failure and asked for fixing. He raised 12 points on Twitter, including why citizens are avoided giving data ownership, why one can access only a summary of data and not in full, and why no surveillance reforms.
On minute inspection, one realises that the questions raised by Pahwa have not been answered to the point in the Bill. Analysts say the TRAI recommendation that ‘the ownership of data must rest with the individual’ should have been taken into account by the committee, instead of partial ownership.
The Bill is also being criticised for giving the State enormous power to control one’s data. It has provisions where in, if the government feels, depending on the criticality, it can access data. Consent can be ignored if one is carrying journalistic, research and other works.