“The Data Protection Authority telling the data fiduciary to notify data principals can be long enough to give time to the miscreants to use information to the detriment of the data principals,” said SFLC.in in its response to the additional comments sought by the Ministry of Electronics and Information Technology (MEITY) on the Personal Data Protection Bill, commenting on data breaches. The ministry had privately sought responses to fresh questions on the data protection bill from select stakeholders – a development MediaNama made public last month. Commenting on the process, SFLC.in said that “a secret process with selective participants is harmful to the democratic nature of our country”. They also appealed that MEITY be “more transparent and open” with such processes in the future. Please note that SFLC.in wasn’t among the few stakeholders that the ministry sought comments from. Also, the questions asked by MEITY didn’t appear to be clarifications, and some of them covered new points of discussion not covered in the data protection bill consultation. Here are detailed notes from SFLC.in’s responses: ‘Data Localisation might result in a net negative GDP’ Study economic and environmental impact of data localisation: It is not necessary to restrict the storage of any category of data within India. The storage of a very narrowly defined category of data such as state secrets could be restricted to India. A detailed study is required on the economic, environmental and opportunity costs associated with storing data within India before taking such a step. Data localisation…
