The talk of the tech policy circles in Delhi these days is about the delays in the release of the Srikrishna Committee report on Privacy: Will they release a law, or will it just be recommendations? Have the recommendations been delayed because the committee is indecisive now about data localisation, given the reaction to the RBI's seemingly "out of the blue" diktat regarding localisation of financial transaction data? Is the iSpirt/UIDAI/"Nandan-Nilekani-friendly" faction in the Srikrishna Committee digging its heels in about data localisation? Or is it that they don't want it to affect Aadhaar and Justice Srikrishna does? Is there a point to the Srikrishna Committee, since the bill may never get tabled: the opposition may not let the Monsoon session to run in Parliament, and there's very little chance of any work in the winter session? In that context, the TRAI's recommendations are very important, especially given that the TRAI Chairman is the former CEO of the UIDAI, the fact that the TRAI took on this consultation suo moto, and there's talk of him possibly becoming head of India's first data protection authority after his term finishes at the TRAI. These recommendations are being seen as a signal for what's to come from the Srikrishna Committee. Issues that the TRAI has avoided Before we get into what the TRAI has recommended, I think it's worth looking at what the TRAI has avoided talking about: Data Localisation, Cross-border data flows, Legitimate Exceptions to privacy, Lawful interception, responsibilities of data controllers…
