Top News
Srikrishna Committee suggests amendments in Aadhaar Act for data protection
New Delhi, July 27 (IANS) The Justice B.N. Srikrishna Committee on data protection in India has suggested amendments to various laws including the Aadhaar Act to provide for imposition of penalties on data fiduciaries and compensations to data principals for violations of the data protection law.
The 213-page report, prepared by a 10-member committee set up last year under the chairmanship of the retired Supreme Court judge, was submitted to Law and Electronics Minister Ravishankar Prasad who said that the government will go through the draft bill and take stakeholder comments before taking Cabinet approval for finalising the legislation.
Justice Srikrishna said data privacy is a burning issue and there are three parts to the triangle. “The citizen’s rights have to be protected, the responsibilities of the states have to be defined but the data protection can’t be at the cost of trade and industry.”
The report assumes significance in the context of controversies over alleged leakage of biometric details of Aadhaar card holders and the ongoing Supreme Court hearing in the case related to data protection.
The report has proposed penalties for violations, criminal proceedings, setting up of a data authority, provision of withdrawal of consent and concept of consent fatigue.
In its recommendationsm, the committee has said the data protection law will set up a Data Protection Authority (DPA), an independent regulatory body responsible for the enforcement and implementation of the law. Broadly, it will perform the functions of monitoring and enforcement, legal affairs, policy and standard setting, research and awareness and enquiry, grievance handling and adjudication.
The draft law has suggested that penalties may be imposed on data fiduciaries and compensations may be awarded for violations of data protection law.
“The penalties imposed would be an amount up to the fixed upper limit or a percentage of the total worldwide turnover of the proceeding financial year, whichever is higher. Offences created under the law should be limited to any intentional or reckless behaviour, or to damage caused with knowledge to the data principals in question.”
The law will have jurisdiction over the processing of personal data if such data has been used, shared, disclosed, collected or otherwise processed in India.
However, in respect of processing by fiduciaries that are not present in India, the law shall apply to those carrying on business in India or other activities such as profiling which could cause privacy harms to data principals in India.
Additionally, personal data collected, used, shared, disclosed or otherwise processed by companies under Indian law will be covered, irrespective of where it is actually processed.
However, the data protection law can empower government to exempt companies which only process the personal data of foreign nationals not present in India.
The law will not have retrospective application and will come into force in structured and phased manner.
The report suggests amendments to the Aadhaar Act from a data protection perspective. Read along with the provisions of the proposed data protection bill, the amendments will deal with enforcement action and individual remedies.
Under the Chapter Processing, the report says the definition of personal data will be based on identifiability. The law will cover processing of personal data by both public and private entities.
Standards for anonymisation and de-identification (including pseudonymisation) may be laid down by the authority.
Sensitive poersonal data will include passwords, financial data, health data, official identifier, sex life, sexual orientation, biometric and genetic data and data that reveals transgender status, inter-sex status, caste, tribe, religious or political beliefs or affiliations of an individual.
The authority will be given the residuary power to notify further categories in accordance with the criteria set by law.
Consent will be a lawful basis for processing of personal data. However, the law will adopt a modified consent framework which will apply a product liability regime to consent, thereby making the data fiduciary liable for harms caused to the data principal.
For consent to be valid it should be free, informed, specific, clear and capable of being withdrawn. For sensitive personal data, consent will have to be explicit.
A data principal below 18 years of age will be considered a child. Data fiduciaries have a general obligation to ensure that processing is undertaken keeping the best interests of the child in mind.
Further, data fiduciaries capable of causing significant harm to children will be identified as guardian data fiduciaries. All data fiduciaries (including guardian data fiduciaries) shall adopt appropriate age verification mechanism and obtain parental consent.
Furthermore, guardian data fiduciaries, specifically, shall be barred from certain practices. Guardian data fiduciaries exclusively offering counselling services or other similar services will not be required to take parental consent.
Under data principal rights, the right to confirmation, access and correction should be included in the data protection law.
Similarly, the right to data portability, subject to limited exceptions, should be included in the law. The right to object to processing; right to object to direct marketing, right to object to decisions based on solely automated processing, and the right to restrict processing need not be provided in the law for the reasons set out in the report.
The right to be forgotten may be adopted, with the Adjudication Wing of the DPA determining its applicability on the basis of the five-point criteria as follows:
(i) the sensitivity of the personal data sought to be restricted;
(ii) the scale of disclosure or degree of accessibility sought to be
restricted;
(iii) the role of the data principal in public life (whether the data principal
is publicly recognisable or whether they serve in public office);
(iv) the relevance of the personal data to the public (whether the passage
of time or change in circumstances has modified such relevance for
the public); and
(v) the nature of the disclosure and the activities of the data fiduciary
(whether the fiduciary is a credible source or whether the disclosure is
a matter of public record; further, the right should focus on restricting
accessibility and not content creation).
Cross-border data transfers of personal data, other than critical personal data, will be through model contract clauses containing key obligations with the transferor being liable for harms caused to the principal due to any violations committed by the transferee.
–IANS
vsc-rrb/vd
Top News
Dr. Abhishek Verma Dedicates a Shelter in Memory of His Mother, Veena Verma, at KGMU; Inaugurated by Daughter Nicolle Verma
World-renowned business tycoon Dr. Abhishek Verma has supported Foodman Vishal Singh’s Hunger-Free World mission. In memory of his mother, Late Veena Verma, who was a 3 term Rajya Sabha MP.
Dr. Verma dedicated a state-of-the-art free permanent shelter for the attendants of patients at KGMU Medical University, Lucknow, under the aegis of Vijay Shree Foundation. His daughter, Nicolle Verma, inaugurated the shelter.
During the event, Foodman Vishal Singh honored Nicolle Verma by presenting her with a memento. Mrs. Nidhi Sharma and Avantika Yadav, associated with the organization, welcomed her with garlands. Following this, Nicolle Verma distributed essential items to the attendants and also handed out fruits. She became emotional remembering her grandmother on her birth anniversary.
On this occasion, she also inaugurated the “Veena Verma Sevalaya” in memory of her grandmother, Veena Verma, to serve the attendants. She expressed, “I feel proud that my family is engaged in nation-building as well as social service. Today, in collaboration with Vijay Shree Foundation founder Foodman Vishal Singh Ji, I feel immensely proud to dedicate this shelter for the poor, helpless, and needy attendants of patients battling serious illnesses like cancer. I am honored to be associated with the Hunger-Free World Mission for humanity.”
Inspired by the continuous humanitarian service provided by Vijay Shree Foundation over the past 17 years, Nicolle Verma donated 10 lakh rupees to support the cause. The purpose of this donation is to ensure that services continue for the needy attendants of patients suffering from severe illnesses in hospitals, as facilitated by Foodman Vishal Singh.
It is noteworthy that Dr. Abhishek Verma’s family has a legacy of public and philanthropic service. They are helping millions to carry forward the values and service work of their parents. On the occasion of his mother’s birth anniversary, Dr. Abhishek Verma dedicated this state-of-the-art permanent shelter at Lucknow Medical College to serve the attendants of patients through the Vijay Shree Foundation.
Supporting Foodman Vishal Singh’s Hunger-Free World mission, Dr. Abhishek Verma assured that he would continually support keeping this flame of humanity alive. He also promised to assist in providing medicines to the helpless patients.
Continuing her grandmother’s legacy of service, Nicolle Verma personally served food to the needy patients and attendants. She said, “It is our good fortune to have received the joy of doing this noble work today through Foodman Vishal Singh. I have taken another step forward in carrying my family’s values and cooperation by joining hands with the Vijay Shree Foundation. My father taught me to serve and help the needy, and I feel happy when I bring a smile to someone’s face.”
On the birth anniversary of the late Veena Verma, the event organizer, Vijay Shree Foundation founder Foodman Vishal Singh, said, “We feel proud and happy that Dr. Abhishek Verma, a globally renowned business tycoon, has extended his support to uplift our country from the hunger index. Today, on his mother’s birth anniversary, he inaugurated a state-of-the-art permanent shelter at Lucknow Medical College, which will always be helpful for the needy attendants of patients. It is a pleasure for me and the organization to receive the affection of Mr. Verma.”
The event was attended by General Manager Verma Family Office Hemant Garg, Sonu Rajput, and the organization’s volunteers, including Sandeep Singh, Parmeshwar Ji, Prashant Rao Gautam, Balram Singh, Ramesh Chaudhary, Suman, Jeetu, Anil, Suraj, Vinay, Manish Bhadauria, Manas Mehrotra, Vivek, Apurv, Happy, and others.