C&L_December 2017 (1)
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
Cover Story+<br />
Towards an Indian Data<br />
Protection Regime<br />
Extracts from the issues raised for discussion by the expert<br />
committee appointed to create a draft data protection bill for India<br />
By CIO&Leader<br />
On 24 August <strong>2017</strong>, in a historic judgment, a ninejudge<br />
bench of the Supreme Court ruled that<br />
right to privacy is a fundamental right, while<br />
hearing a case on the legality of Aadhaar.<br />
“We are in an information age. With the growth and<br />
development of technology, more information is now<br />
easily available. The information explosion has manifold<br />
advantages but also some disadvantages. The access to<br />
information, which an individual may not want to give,<br />
needs the protection of privacy. The right to privacy is<br />
claimed qua the State and non-State actors. Recognition<br />
and enforcement of claims qua non-state actors may<br />
require legislative intervention by the State,” Justice Sanjay<br />
Kishan Kaul, one of the judges, said in his judgment.<br />
“There is an unprecedented need for regulation<br />
regarding the extent to which such information can be<br />
stored, processed and used by non-State actors. There is<br />
also a need for protection of such information from the<br />
State,” he noted.<br />
“We commend to the Union Government the need<br />
to examine and put into place a robust regime for data<br />
protection. The creation of such a regime requires a careful<br />
and sensitive balance between individual interests and<br />
legitimate concerns of the state,” noted Justice DY Chandrachud’s<br />
judgment, delivered on behalf of four judges<br />
including then then CJI Jagdish Singh Khehar.<br />
Towards a Data<br />
Protection Regime<br />
By that time, the government had already appointed a<br />
committee to look into the issues regarding enacting such<br />
a legislation, under the chairmanship of Justice B N Srikrishna,<br />
former Judge of the Supreme Court. Their brief<br />
was to identify key data protection issues and recommend<br />
methods for addressing them and ultimately come out<br />
with a draft data protection bill. The other members of the<br />
committee are Ajay Bhushan, CEO, Unique Identification<br />
Authority of India; Ajay Kumar, Additional Secretary,<br />
MeitY; Arghya Sengupta, Research Director, Vidhi Center<br />
for Legal Policy; Aruna Sundararajan, Secretary, Department<br />
of Telecom; Gulshan Rai, National Cyber Security<br />
Coordinator; Rajat Moona, Director, lIT, Raipur; Rama<br />
Vedashree, CEO, Data Security Council of India; and<br />
Rishikesha T Krishnan, Director, IIM, Indore.<br />
Four months after it was formed, on 27 November, the<br />
committee released a detailed whitepaper outlining all the<br />
issues that they found to be relevant, seeking responses<br />
from the public on these questions.<br />
The document goes into various issues, discusses how<br />
other such legislation such as EU’s GDPR have handled<br />
it and has listed its views on those issues while raising<br />
explicit questions. The last date for submission for the<br />
responses is 31 <strong>December</strong>, unless it is extended.<br />
14 CIO&LEADER | <strong>December</strong> <strong>2017</strong>