Digital economy to become more accountable with Data protection framework
The draft data protection bill will create a framework for all stakeholders in the digital economy to be more responsible while dealing with customer's personal data.
The draft which comes within months of the European Union enforcing similar safeguards for user data -- provides for a penalty of Rs 15 crore or 4 percent of the total worldwide turnover of any data collection entity, including the state, for violation of personal data processing provisions.
The draft has also asked the Centre to identify "critical personal data" that would have to be mandatorily processed within Indian borders, a move that is likely to have implications for technology firms, especially those in areas like finance and healthcare.
"Every data fiduciary shall ensure the storage, on a server or data center located in India, of at least one serving a copy of personal data to which this Act applies... The Central Government shall notify categories of personal data as critical personal data that shall only be processed in a server or data center located in India," the draft Bill said.
A high-level committee, headed by Justice BN Srikrishna, today handed over the draft Data Protection Bill to IT Minister Ravi Shankar Prasad, who said the framework will now go through inter-ministerial consultation, Cabinet approval, and Parliamentary process.
Once enforced, the framework will apply to all entities including Aadhaar.
"Mandating localization of all personal data as proposed in the bill is likely to become a trade barrier in the key markets. Startups from India that are going global may not be able to leverage global cloud platforms and will face similar barriers as they expand in new markets," IT industry body Nasscom said.
It advocated that a healthy balance between privacy and innovation is important, given that India is today emerging as a preferred hub for innovation and hi-tech talent globally.
"Policies that govern data protection, storage and classification need to be carefully crafted given the global footprint of the IT-BPM sector," it said, referring to the over USD 150-billion Indian IT sector.
"The draft does not give users ownership of their data and deprives them of control that they need to be able to delete data from collectors like Facebook and Google. Also, there is no restriction on mass surveillance by the government," Nikhil Pahwa, a digital rights activist, said.
"The recommendation of bringing public entities under the ambit of law would not only strengthen the confidence of citizens but also define specific safety measures for their personal data while using eGovernance services," he said.
(This story has not been edited by Devdiscourse staff and is auto-generated from a syndicated feed.)