In the lead-up to the release of the BN Srikrishna-led Committee's Personal Data Protection Bill, 2018, there were two civil society attempts to create a bill on their own. Dvara Research, formerly the IFMR Finance Foundation, created what it called a "skeletal legislative document" that was essentially a bill of its own. The other attempt was by SaveOurPrivacy.in, who created an "Indian Privacy Code, 2018". Below is a tabular comparison of these two attempts with the bill eventually submitted by the Srikrishna Committee. Ownership, consent, portability and localisation Localisation is probably the most glaring departure from both businesses' and civil society's expectations. The committee's bill requires all entities to store a copy of an individual's personal data in India, which will have huge associated costs. Data ownership is not asserted as the sole domain of the data subject, which weakens somewhat the foundations of a data protection bill. Consent requirements are still stringent, though, with multiple requirements needed to be satisfied for the consent to be regarded as explicit. Portability is required as it is in the SaveOurPrivacy.in privacy code. Right to be forgotten, transparency, and surveillance The Srikrishna Committee's bill includes a right to be forgotten. The Adjudicating Officer, who is appointed under the data protection authority of India, will process applications based on sensitivity and necessity, among other factors. Anonymised data is not regulated by the bill, provided that the anonymisation is irreversible (the word anonymisation is itself defined as irreversible in all the bills). While the civil…
