Taking cues from the European Union’s data protection norms, the Justice Srikrishna committee on July 27, 2018, created an India draft bill on data protection.
The Srikrishna Committee’s proposed draft data protection law has adopted principles like right to access and correction, right to portability, right to be forgotten, but the extent of an individual’s rights is limited compared with the EU law.
The proposed law imposes data localization requirements for different kinds of data. It mandates absolute localization – that is, complete storage and processing – of critical personal data in India.
The law also mandates ‘mirroring’ of data, which requires a copy of an entity’s personal information to be kept in a server or data center in India.
Data protection bill- a necessity for the nation
According to the India Data Threat Report 2018, published recently by defense grade technology-maker Thales eSecurity, incidents of data breaches in India are higher than the global average. The report further emphasizes that India needs to change its security strategies to prevent increasing cases of data breaches.
The study also found that Indian companies are adopting advanced technologies such as blockchain, big data, IoT, mobile payments, etc. on a large scale. This makes it all the more urgent for the Indian government as well as enterprises to formulate and implement strict, well-defined security policies and strategies to curb data breaches.
In such a scenario, the draft bill on data protection is highly welcoming. Data privacy has been a concern for long and an Indian version of the GDPR will surely bring a lot of relief to us troubled Indian consumers who are bombarded with numerous calls and emails on an everyday basis asking for personal details. Also, such a law would ensure that when we willingly share any information with a known vendor or person, it remains confined to the premises. We would definitely feel more secure in this world if we have an Indian Data Protection Law. Looking forward!