Justice Srikrishna committee formulated Personal Data Protection Bill 2018. Government has taken very positive step to share it with the general public requesting comments till September 10, 2018. After reviewing the comments and due consideration the Government is expected to table the bill in Parliament in December.
EU General Data Protection Regulations and now Indian Personal Data Protection Bill attempt to guard individuals against misuse of information shared on Internet. One of the tenets of the Indian bill attempts to separate personal information from sensitive personal information to uphold fundamental Right to Privacy. The very first statement brings out the essence of bill stating
“the right to privacy is a fundamental right and it is necessary to protect personal data as an essential facet of informational privacy”.
One of requirements of this bill states that the personal sensitive data needs to be stored within territorial limits of India. The large global firms believe they will need to increase investments in Data Centers in India to meet this requirement and they expect to lobby against this stipulation. Conceding the point that storage of data within bounds of India may not necessarily result in increased security it is still in their own interest to prove that such protection can be offered from any location around the globe. And of course their argument that data localisation may lead to more governmental controls.
Also there is quite a bit of criticism on internet that the bill needs to clarify what constitutes personal sensitive information. Given that all such suggestions and proposals need to be addressed it is still a very welcome step to bring such bill to legislators for their consideration.
We are sure that if not in the bill, subsequent notifications and regulations will bring required clarity!