The government has extended the deadline for public comments on white paper pertaining to data protection framework by a month to January 31, 2018. “The last date for submission of response to the white paper is extended up to January 31, 2018,” The Ministry of Electronics and IT said in a note. The data protection framework will have an impact on privacy of people in the country.
The Supreme Court in a judgement on August 24, 2017 declared right to privacy a fundamental right, a far-reaching verdict that could impact a range of life choices of Indians, including food habits and sexual orientation. The government had constituted a 10-member committee in July 2017 to recommend a framework for securing personal data in the increasingly digitised economy as also address privacy concerns and build safeguards against data breaches. The experts committee formed under Justice BN Srikrishna, a former Supreme Court judge, has sought public feedback on a white paper over data protection framework.
It has noted that both public and private sectors are collecting and using personal data on an unprecedented scale and for various purposes. It said that while the data can be put to beneficial use, the unregulated and arbitrary use, especially that of personal data, has raised concerns about privacy and autonomy of an individual. “Some of the concerns relate to centralisation of databases, profiling of individuals, increased surveillance and a consequent erosion of individual autonomy,” the paper noted.
It stated that data about an individual like race and religion can be used to discriminate against them. “There are also some actions of the state which may threaten an individual’s privacy. For instance, surveillance activities by the government or private organisations can disrupt peace of mind and create chilling effects by making people conform to societal expectations,” the paper said. The white paper suggests linking of penalty of firm violating data protection rules to its global turnover. “In the context of a data protection law, civil penalties may be calculated in a manner to ensure the quantum of civil penalty imposed not only acts as a sanction, but also acts as a deterrence to data controllers which have violated their obligations under the data protection law,” said the white paper of the experts panel.
Among various options to calculate penalty, the panel has provisionally suggested that the “highest form of deterrence in relation to civil penalties may be where a per day civil penalty is imposed subject to a fixed upper limit or a percentage of the total worldwide turnover of the defaulting data controller of the previous financial year, whichever is higher”.
According to the findings of the committee, the IT Act does not appear to prescribe civil penalty provisions specifically for violation of data protection obligations and is limited in applicability. Moreover, the quantum of penalty under the provisions of the IT Act appears inadequate and may not act as a deterrence to emerging e-commerce and other technology based players in India.