wordpress blog stats
Connect with us

Hi, what are you looking for?

Final Data Protection bill junked RTI dilution, introduced localisation: Report

The final Personal Data Protection bill drafted by the committee led by Justice BN Srikrishna did away with a couple problematic provisions, The Caravan reports. In a work-in-progress draft of the bill accessed by The Caravan, it was revealed that the Act vastly strengthened the power of public officials to decline RTI requests on personal privacy grounds. It also strengthened the exclusive right that the UIDAI had on filing Aadhaar-related complaints.

ReadJustice Srikrishna data protection draft bill is now public, highlights and what happens next

But in the final bill, these changes were no longer there — the RTI Act was amended, but the amendment in the final bill does not strengthen the pre-existing privacy clause significantly. The Aadhaar Act amendment was done away with, too. But then, the final version also added something else, per the report: localisation.

Localisation in the Data Protection bill

The localisation requirement in the Srikrishna Committee’s final bill is among the legislation’s most contentious features. The bill requires all data fiduciaries to store a copy of users’ personal data in India. As for what personal data will constitute in different contexts, that hasn’t been explicitly clarified. The previous draft bill that The Caravan obtained only had this localisation requirement for sensitive personal data, which is more clearly defined. Here’s the version of the localisation requirement in the final bill that came out on Friday.

Restrictions on Cross-Border Transfer of Personal Data. —

(1) Every data fiduciary shall ensure the storage, on a server or data centre located in India, of at least one serving copy of personal data to which this Act applies.
(2) The Central Government shall notify categories of personal data as critical personal data that shall only be processed in a server or data centre located in India.
(3) Notwithstanding anything contained in sub-section (1), the Central Government may notify certain categories of personal data as exempt from the requirement under subsection (1) on the grounds of necessity or strategic interests of the State.
(4) Nothing contained in sub-section (3) shall apply to sensitive personal data.

Advertisement. Scroll to continue reading.

(from the Personal Data Protection Bill, 2018; emphasis ours)

The localisation requirement has rattled both committee members and civil society. “Data localization is bad for business, users, and security,” Mozilla said in a statement. Rama Vedashree and Prof. Rishikesha T Krishnan, who were both members of the Srikrishna committee, put on record their dissent on keeping a copy of personal data in India. “This narrative [that localisation is a tool for domestic market development],” Vedashree said in her dissent, “seems fuelled by unfounded apprehensions and assumptions, rather than evidence and reasoning”.

Other parts remain intact

Other aspects of the bill — which among other things layout standards for consent and direct oversight of intelligence agencies — have mostly remained unchanged. However, the bill has raised some significant concerns on localisation and the room that the government has to process data without consent. In fact, a part of the bill that said that the government would have to prove that obtaining consent for processing personal data was too burdensome is no longer there in the final bill.

Rama Vedashree, who dissented to the localisation requirement, said that the MeitY should hold further public consultations before handing over the bill to the Cabinet. Ravi Shankar Prasad, the IT Minister, said on Friday that the bill would be subject to the “widest possible parliamentary consultation”.

Advertisement. Scroll to continue reading.
Written By

I cover the digital content ecosystem and telecom for MediaNama.

MediaNama’s mission is to help build a digital ecosystem which is open, fair, global and competitive.



While the market reality of popular crypto-assets like Bitcoin may undergo little change, the same can't be said for stablecoins.


Bringing transactions related to crypto-assets within the tax net could make matters less fuzzy.


Loopholes in FEMA and the decentralised nature of crypto-assets point to a need for effective regulations.


The need of the hour is for lawmakers to understand the systems that are amplifying harmful content.


For drone delivery to become a reality, a permissive regulatory regime is a prerequisite.

You May Also Like


Google has released a Google Travel Trends Report which states that branded budget hotel search queries grew 179% year over year (YOY) in India, in...


135 job openings in over 60 companies are listed at our free Digital and Mobile Job Board: If you’re looking for a job, or...


Rajesh Kumar* doesn’t have many enemies in life. But, Uber, for which he drives a cab everyday, is starting to look like one, he...


By Aroon Deep and Aditya Chunduru You’re reading it here first: Twitter has complied with government requests to censor 52 tweets that mostly criticised...

MediaNama is the premier source of information and analysis on Technology Policy in India. More about MediaNama, and contact information, here.

© 2008-2021 Mixed Bag Media Pvt. Ltd. Developed By PixelVJ

Subscribe to our daily newsletter
Your email address:*
Please enter all required fields Click to hide
Correct invalid entries Click to hide

© 2008-2021 Mixed Bag Media Pvt. Ltd. Developed By PixelVJ