NEW DELHI: The government has strongly defended provisions in the draft data protection bill to allow the Centre to utilise anonymous data for improving public services and exemptions to law enforcement in processing personal data under prescribed safeguards and oversight.
The contentious issues, which have been criticised by Justice Srikrishna, who headed a panel that examined data issues, are seen as reasonable requirements that go along with a detailed framework that gives individuals a consent framework and differentiates between critical and non-critical data as also compensation harmed by breach of data.
Section 35 of the draft bill, currently being examined by a joint parliamentary committee, states the central government can, in interests of security of the state, exempt any or all provisions of the proposed Act “to any agency in respect of processing personal data subject to safeguards and oversight”.
The view in the government is that the formulation balances the practical requirement of law enforcement agencies with the enabling provisions laid down by Supreme Court in its verdict holding that right to privacy is a fundamental right. The government draft differs with the Sri Krishna committee which said processing of personal data shall not be permitted unless pursuant to a law and in accordance to procedure. It also said this should be proportionate to security interests.
The provisions are likely to be subject to a lively discussion in the JPC and the government has made a case that the scale, reach and anonymity of internet platforms needs a quick law enforcement response.
The view in government is that it is possible for just about anybody to participate from anywhere in the world to post information and while this is an empowering attribute, it also provides anonymity for mischief makers to propagate hate, fake news and dangerous rumours. The bill seeks to obligate large social media entities be classified as significant data fiduciaries and provide categorisation of users.
The bill, sources said, is however conscious of the need to protect individuals and Indian interests and will look to create and promote concepts such as consent framework, purpose and storage limitation and data minimisation. They will be required to collect data required for a specific purpose with consent of the individual who will also be notified about any transfer or processing of that data.
The draft bill seeks to grant the data principal (individual) the right to obtain a summary of data and thereafter correct or even erase it. It will incorporate an individual’s right to be forgotten too. Taking note of the argument that mandatory placing of servers in India may be impractical, the bill says Centre has the right to notify “critical personal data” to be processed here.


Source link