Data Protection Law

Why in News?

The ministry of electronics and information technology (MEITY) has released a white paper on data protection framework, prepared by a committee of experts headed by justice BN Srikrishna.



It was constituted in July 2017 to study various issues relating to data protection in India and make specific suggestions on principles to be considered for data protection and suggest a draft data protection bill.


Seven Key Proposals

  1. Technology agnostic: The data protection law must take into account the continuous change in technology and standards of compliance.


  1. Holistic application: The law must cover both the private sector and the government sector.


  1. Informed consent: The white paper states that consent should be “informed and meaningful”. It is not clear what “informed consent” means.


  1. Data minimisation: The data collected or being processes should be minimal.


  1. Controller accountability: The data controller should be held accountable for any processing of data


  1. Structured enforcement: The committee proposes to set up “a high-powered statutory authority”, which “must co-exist with appropriately decentralised enforcement mechanisms.”


  1. Deterrent penalties: It proposes for “adequate” penalties for “wrongful processing” to ensure deterrence.



Even though the Information Technology Act contains certain provisions about data protection and handling, experts are of the opinion that India needs a fresh data protection law with the increased digitisation led by Aadhaar, the Goods and Service Tax and the push towards a digital economy. IT Act may also be inadequate to deal with the current requirements since it was drafted almost 17 years ago in 2000 and was amended last in 2008.




SOURCE– The Economic Times.