Though there are three foci in the report on data protection, the principal focus is on citizens’ rights Srikrishna, HD, Data Protection Panel, tells ET Now

Edited excerpts: 

The report is finally out. What are your overall impressions? Have you taken a middle ground between Europe’s GDPR and the free market US? 

During the press interview which ensured immediately after the presentation of the report to the minister, I made a point and said that there are three foci in this report. The principal focus is a citizen whose right has to be protected. The state also needs protection as otherwise it cannot be administered and then the industry and trade also have to be protected and not get throttled. We have done a balancing act among all three . 

Let’s start with data localisation. You have taken a very different stance from the RBI which said all payment data needs to be stored in India. You have given a three-fold approach. How is that going to work out? What part will be only in India,? What part will be only abroad? How will the regulators take a call? 

Depending on the criticality of the data, the regulatory may say we will not allow it to be stored anywhere else. These are the top most things. Some of it will be allowed to be stored elsewhere if a mirror image is kept in India and is easily accessible. Finally, there is the overriding power for the government to transfer from one to the other depending on circumstances.

On Aadhaar you have suggested two amendments. One is with regard to how you need to bolster privacy. 

Aadhaar is a collateral thing. Aadhaar was really one of the basic things about the present terms of reference but I cannot say that it is totally irrelevant because it is also going to be affected. 

We have suggested that you better strengthen Aadhaar, make it amenable to the general scheme of the Data Protection Act in the manner that we have suggested. The government will probably deal with it independently. It has nothing to do with the bill that we had done. 

In the runup to this report there were criticisms that the committee did not make the minutes of the meeting and submissions public. How do you respond to that? Could there have been a more transparent way of going about drafting the data protection act?

Look I am a transparent person but that does not mean that I am going to allow my bathroom windows to be open all the time. When I am having a bath, I close the window. There is a limit to which what you can see. A work in progress should not be interrupted by this kind of queries. After it is over, put it in public domain that is transparency. Give a reason why you have said so. That is transparency and this is exactly what we have done.

In terms of having a data regulator as well as penalties, can you take us through that how strict is this going to be? Will it also be criminally punishable?

There is a provision for civil penalties but if somebody refused to follow what do you do, there has to be some kind of sanction against this. If somebody obstinately says I will not care, you do what you like I will not pay their amounts, I will keep on doing what I am doing, what do you do with such people? There has to be a set of agenda. Otherwise, will be civil penalties subject to adjudication. 

How long is it going to take before it becomes law? Has minister Ravi Shankar Prasad given you any indication on the timeline?

The minute I sign the report and hand it to the minister, I am out of the picture. You can address all the questions to the minister now. I am nowhere in the picture, I do not control the parliamentary process. My job is done, I am going home. 

On the user part of the report, what rights does this give the user in terms of control over their data, ownership over their data, the right to be forgotten and eraser, just give us that part? 

Yes, the right to be forgotten. We have dealt with all this right to be forgotten, right to have it rectified, right to withdraw totally consent. but all subject to certain consequences that are enumerated there. Please look at it carefully you will get answers to all these queries. 

How did the meeting with Mr Ravi Shankar Prasad go? How open is the government in its commitment to come out with a data protection law because that is indeed the next step? 

My impression is that the government is very serious about it. They are going to take it forward without undue delay and they also want to make sure that the digital economy is going to be empowered by it and India will be the frontrunner in the digital space. That is exactly the impression that I got and I am sure the minister intends to follow it up.

Can you just tell us a little about localisation of data that has been spoken about a lot?


Those questions are clearly answered in the report. Take time off to read the report and then get back to me if you still cannot follow it.

Read more at: https://economictimes.indiatimes.com/markets/expert-view/aadhaar-has-to-be-made-amenable-to-the-general-scheme-of-the-data-protection-act-bn-srikrishna/articleshow/65173149.cms