7 Principles of Srikrishna Committee on Data Protection. Protecting Individual Data (Important) (Download PDF)

Doorsteptutor material for IAS is prepared by world's top subject experts: Get detailed illustrated notes covering entire syllabus: point-by-point for high retention.

Download PDF of This Page (Size: 173.33 K)

Spread of IT and “Aadhaar” based services in India not only increases beneficial use of data but also allows unregulated and arbitrary use of personal data. Data protection laws are required to guard such unauthorized use.

Image of Srikrishna Committee on Data Protection aadhar

Image of Srikrishna Committee on Data Protection Aadhar

Image of Srikrishna Committee on Data Protection aadhar

  • Databases are vulnerable to unauthorized leaks, hacking, and cybercrimes threatening loss of individual autonomy.

  • White Paper made public by the Justice B. N. Srikrishna Committee elicits views from the public on the shape and substance of a comprehensive data protection law.

7 Principles of Srikrishna Committee on Data Protection (Important)

Government of India constituted a Committee of Experts under former Supreme Court Justice Shri B N Srikrishna to study various issues relating to data protection in India and make specific suggestions on principles to be considered for data protection in India and suggest a draft Data Protection Bill. The objective is to “ensure growth of the digital economy while keeping personal data of citizens secure and protected. “

1. Technology Agnostic

Take into account the continuous change in technology and standards of compliance.

2. Holistic Application

  • Recommends a holistic approach applying to both government and private entities, but with “differential obligations”- requires careful drafting and strictly defined concepts.

  • In public domain it is legitimate to collect personal data in the public interest, but this information should be protected and used only for the purposes it was collected.

3. Informed Consent

“Informed consent” must be “informed and meaningful”. Consent is an expression of human autonomy. For such expression to be genuine, it must be informed and meaningful. The law must ensure that consent meets the aforementioned criteria

4. Data Minimization

Data collected or processes should be minimal- necessary for the purpose for which it is being sought.

5. Controller Accountability

Data controller should be held accountable for any processing of data, whether by itself or entities with whom it may have shared the data for processing.

6. Structured Enforcement

Proposes to a high-powered statutory authority, which co-exists with appropriately decentralized enforcement mechanisms.

7. Deterrent Penalties

  • Adequate penalties for wrongful processing should be used to ensure deterrence.

  • Law must provide for a suitably empowered statutory authority to enforce its promised protection to citizens’ data.

Current State of Data Protection in India

  • India does not have a separate law for data protection but Section 43A of the Information Technology Act provides legal protection of personal information.

  • Justice A. P. Shah Committee recommended a legal framework for protecting privacy based on Organisation for Economic Co-operation and Development guidelines:

    • Provide sufficient notice and disclosure to citizens when data are collected

    • Limit data collection and use

    • Create norms related to data security and accountability.

International Practices

Instrumentally, a firm legal framework for data protection provides foundation for data-driven innovation and entrepreneurship. Fostering such innovation and entrepreneurship is essential if India is to lead its citizens and the world into a digital future committed to empowerment, experiment, and equal access.

  • Rights-based approach is followed by European Union’s General Data Protection Regulation, 2016 that makes data protection comprehensive and exemptions are limited.

  • American data protection mechanisms provide stringent norms for government departments to process personal information and private entities have to abide by the norms of giving notice and receiving consent.

- Published/Last Modified on: December 18, 2017


Developed by: