GS3 PYQ 2018 (Mains Answer Writing): Data Protection | UPSC Mains: Internal Security & Disaster Management PDF Download

Data security has assumed significant importance in the digitized world due to rising cybercrimes. The Justice B. N. Srikrishna Committee Report addresses issues related to data security. What, in your view, are the strengths and weaknesses of the Report relating to protection of personal data in cyber space? (UPSC MAINS GS3 2018)

Recently Justice B.N. Srikrishna Committee submitted its report on data protection along with draft data protection bill. With progress in the field of digital world the privacy, safety and security of data is one of the major concerns.
This committee was formed to look into the matter protection of data and providing a framework for regulation of data. Strengths: 

• Rights of the individual: The Bill sets out certain rights of the individual. 
• These include: 
  • Right to obtain confirmation from the fiduciary on whether its personal data has been processed,
  • Right to seek correction of inaccurate, incomplete, or out-of-date personal data, and
  • Right to have personal data transferred to any other data fiduciary in certain circumstances.
• Obligations of the data fiduciary: The Bill sets out obligations of the entity who has access to the personal data (data fiduciary). 
• Data Protection Authority: The Bill provides for the establishment of a Data Protection Authority. 

The Authority is empowered to: 

• take steps to protect interests of individuals, 
• prevent misuse of personal data, and 
• ensure compliance with the Bill. 
• Grounds for processing personal data and sensitive personal data:  
• The Bill allows processing of data by fiduciaries if consent is provided. However, in certain circumstances, processing of data may be permitted without consent of the individual like in case of any function of Parliament or state legislature for providing benefits to the individual, for the compliance of any court judgement, to respond to a medical emergency etc. 
• Sensitive personal data includes passwords, financial data, biometric data, genetic data, caste, religious or political beliefs, or any other category of data specified by the Authority. 
• Transfer of data outside India: Personal data (except sensitive personal data) may be transferred outside India under certain conditions.  
• These include: 
  • where the central government has prescribed that transfers to a particular country are permissible, or 
  • where the Authority approves the transfer in a situation of necessity. 
• Exemptions: The Bill provides exemptions from compliance with its provisions, for certain reasons including: 
  • state security, 
  • prevention, investigation, or prosecution of any offence, or 
  • personal, domestic, or journalistic purposes. 
• Offences and Penalties: Under the Bill, the Authority may levy penalties for various offences by the fiduciary including 
  • failure to perform its duties, 
  • data processing in violation of the Bill, and 
  •  failure to comply with directions issued by the Authority. 
• Amendments to other laws:  The Bill makes consequential amendments to the Information Technology Act, 2000.  It also amends the Right to Information Act, 2005, and to permit non-disclosure of personal information where harm to the individual outweighs public good. Weaknesses: 
• Heavy penalties: It recommends heavy penalties for private sector’s breach of data privacy laws but adopts a lenient stand regarding the state’s infractions. 
• Large number of amendments: Amendment in existing 50 laws/ regulation would be a tough task for Government. 
• Dilution of laws: Amendment in RTI and Aadhar act may dilute the existing laws. 
• Impact on enforcement mechanisms: Critics says inclusion of provision of bill treating violations as criminal offences along with fine and compensation is excessive and would impact the enforcement mechanism greatly. 
• Additional cost on companies: The storage of one copy of personal data in India will impose additional cost to companies. 
• Classification of sensitive data: Under the bill all financial data has been classified as sensitive personal data which may be detrimental to Financial institutions. 
• Restrictions on data flow: Restriction on cross border flow of data may prove detrimental in era of digital global economy.

Topics Covered - Data Security