wordpress blog stats
Connect with us

Hi, what are you looking for?

MeitY extends data protection comments deadline till October 10th

The IT Ministry, on Saturday, extended the public comment deadline for the Data Protection Bill by ten days, to October 10. The initial deadline of 15th September was previously extended to the end of September. MeitY said that this deadline of 10 October will be final.

This further consultation — which was announced on August 14 — takes special significance due to the contentious nature of the draft bill. There were voices of dissent from within the committee that found place on its official report. The data protection bill’s provisions on maintaining a copy of personal data in India and its stiff criminal penalties for breaches have also drawn criticism.

It’s unclear if the comments to the draft bill collected by MeitY will be made public. Public comments solicited by the Srikrishna Committee prior to the bill’s drafting stage were not made public. In fact, MeitY declined multiple RTI requests by MediaNama to publish stakeholder comments. It’s also unclear if MeitY will hold a counter-comment stage of consultation, where stakeholders will be able to comment on each other’s responses. This two-stage process is typical of TRAI consultations, where comments are made public and commented on in a counter-comment stage.

How the bill measures up

While comments to the Srikrishna Committee were not published, some organisations made their filings public voluntarily. Here’s a comparison of the Srikrishna Committee’s bill with the expectations of i) Dvara Research, which prepared a skeletal draft bill of its own, and ii) SaveOurPrivacy.in, a volunteers’ collective spearheaded by the Internet Freedom Foundation. (Note: MediaNama editor and publisher Nikhil Pahwa is a co-founder of IFF.)

Ownership, consent, portability and localisation

Localisation is probably the most glaring departure from both business’ and civil society’s expectations. The committee’s bill requires all entities to store a copy of an individual’s personal data in India, which will have huge associated costs. Data ownership is not asserted as the sole domain of the data subject, which somewhat weakens the foundations of a data protection bill. Consent requirements are still stringent, though, with multiple requirements needed to be satisfied for the consent to be regarded as explicit. Portability is required as it is in the SaveOurPrivacy.in privacy code.

Right to be forgotten, transparency, and surveillance

The Srikrishna Committee’s bill includes a right to be forgotten. The Adjudicating Officer, who is appointed under the data protection authority of India, will process applications based on sensitivity and necessity, among other factors. Anonymised data is not regulated by the bill, provided that the anonymisation is irreversible (the word anonymisation is itself defined as irreversible in all the bills). While the civil society bills allow users to access a copy of their information, the Srikrishna Bill only allows for a summary of that information to be accessed. On surveillance, the bill partially prohibits use of personal data for “security of the State” but doesn’t go as far as SaveOurPrivacy hoped it would in mandating oversight.

Penalties, data protection authority, and breaches

The bill goes farther than civil society expectations here by not only having stiff civil penalties, but also criminal penalties that could involve jail time. The bill sets up a data protection authority, but only one — individual states don’t get an authority of their own as the SaveOurPrivacy code hoped. Processing requirements are consistent with civil society attempts, but there exist carve-outs with fewer consent standards in the committee’s bill. Importantly, breaches don’t have to be disclosed to the public — only to the data protection authority.

You May Also Like


A database of phone numbers of around 500 million Facebook users is up for sale on Telegram, even allowing customers to look up these...


By Sarada Mahesh Earlier this month, residents from Madhya Pradesh were enrolled in the COVID-19 vaccine trial conducted by the People’s College of Medical...


Following the raging debate around the latest updates to WhatsApp’s privacy policy, RSS ideologue K.N. Govindacharya urged the government to tax data transfers between...


Digital sovereignty also involves the autonomy of Indians as far as ownership of that data is concerned, Ravi Shankar Prasad Union Minister for Electronics...

MediaNama is the premier source of information and analysis on Technology Policy in India. More about MediaNama, and contact information, here.

© 2008-2018 Mixed Bag Media Pvt. Ltd. Developed By PixelVJ

Subscribe to Daily Newsletter

    © 2008-2018 Mixed Bag Media Pvt. Ltd. Developed By PixelVJ