By Rahul Matthan, Manasa Venkataraman, and Ajay Patri
The Justice Srikrishna Committee (formally called the Committee of Experts under the Chairmanship of Justice B N Srikrishna) is tasked with framing a robust data protection law for India. In November, 2017, the Committee released the White Paper – exploring the contours of data protection legislation across the world, and called upon stakeholders to comment on what the Indian law on this subject should contain.
For the upcoming law on data protection, we propose that it should be based on these principles:
- Reducing information asymmetry between the various stakeholders in the data ecosystem by creating clear reporting and compliance frameworks;
- Ensuring that the data collecting/processing entity continues to remain accountable and does not use the user’s consent as a shield against abiding by the law;
- Creating and empowering “Learned Intermediaries”, or independent professional data auditors, to conduct periodic checks on the data controllers and ensure that their processes are secure and transparent; and
- Crystallising the data rights that every individual is entitled to, and outlining harms that could arise from an abuse of these rights.
The comments to the White Paper are built upon the principle that the ideal data protection law should be based on a “ConsentPlus” model. The weight of accountability of the data collecting or processing entity should be equal, if not more than that of consent. The responses to the White Paper have been built on the frameworks crystallised in a 2017 Discussion Document, Beyond Consent: A New Paradigm for Data Protection.TPA-Data-Protection-Framework-for-India-RM-MV-AP-2018-01