Justice B N Srikrishna has said the committee headed by him on data protection took a ‘fairly balanced’ call after hearing all stakeholders, including the industry. Some industry stakeholders have sought clarity on the issue of sharing data with third parties claiming that the committee’s report did not include their inputs and a lot of grey areas had gone unaddressed.
Srikrishna said an industry representative and an academician had expressed their reservations during the deliberations. “No industry ever wants any restrictions on any of its operations and no country ever allows any industry to operate without no restrictions whatsoever. There was a representative of industry who vigorously advocated their viewpoints and an academician, both of whom have given their reservations. But, the committee has ultimately taken the call which, in my view, is fairly balanced,” he told PTI.
He also said every time any legislation affecting industry was passed, concerns were raised that it would increase the cost of operations. It it were to be true, all industries should be making losses, but on the contrary most of them were making profits.
Finally, the Data Protection Authority can always deal with marginal entities and give them suitable exemptions, Srikrishna said. The central government had constituted the 10-member committee in July 2017 to recommend a framework for securing personal data in the increasingly digitised economy as also to address privacy concerns and build safeguards against data breaches.
The committee submitted its report to the government on July 27 suggesting steps for safeguarding personal information, defining obligations of data processors as also rights of individuals, and mooting penalties for violation. On imposing “undue restrictions” on transferring personal data outside India by businesses, Srikrishna said it was a matter of perspective. The panel had taken a middle path, unlike China and Russia which make localisation absolute, he added.
“There have been extreme views on this like those in China and Russia which make localisation absolute and in other countries, where cross border transfer is allowed totally without restriction. We have taken a middle path as you will see form the report and Bill,” he said. Further, the criticality of data may require absolute prohibition from cross-border transfer in some cases, he added. “Hence, there is a leeway given that the authorities may relax restrictions on a case-by-case basis, depending on the type of data to be sent out and likelihood of any harm resulting therefrom,” Srikrishna said.
A provision for maintaining a copy in the country was absolutely necessary, he said. “If that data needs to be accessed by any authority, the matter would have to await diplomatic wrangles and acting in accordance with the law of another country. The answer to this dilemma would be to enter into an international instrument,” Srikrishna said.
On the role of central government in the affairs of Data Protection Authority, Srikrishna said section 94 of the report had made it clear that the government had been given overriding powers in policy matters only.
“Further, if there is a situation affecting the sovereignty of the country or its friendly relations with foreign countries, obviously the central government must intervene to set things right,” he said.