0.1515
900 319 0030
x
x
x

Announcement

All India Online Mock Test 4 is available now.


Click here for Paper I G.S


Click here for Paper II CSAT


Online test and the performance analytics will remain available for 24 hrs

For queries, reach us on prestorming@shankarias.in

  1. Home
  2. CURRENT AFFAIRS
  3. COMPARISON BETWEEN DATA PROTECTION LAWS

Comparison between Data Protection Laws

iasparliament Logo
July 27, 2018

What is the issue?

  • In 2017, Union government constituted the Srikrishna Committee to help frame the country’s data protection law.
  • At the same time various government authorities also insisting on data protection frameworks.

What is union government’s plan Data protection framework?

  • TRAI is an important regulator has formulated its own set of data framework policies.
  • The telecom regulator has vacillated between making wide-ranging recommendations on data protection generally.
  • Ignoring their impact on non-telecom sectors on the one hand, and deferring to the Srikrishna Committee on the other.
  • At the same time Union government has constitutes Srikrishna Committee’s to frame the nation’s data protection framework.
  • It views will finally take, the committee’s provisional views found in its year-old consultation paper, may contain some clues.
  • The Srikrishna Committee cannot ignore TRAI’s recommendations not only are they sweeping and impact privacy as a whole, but also, telecom is a critical national infrastructure.

What are the similarities between both the frameworks?

  • Both, TRAI and the Srikrishna Committee agree that the country’s current data protection framework is inadequate.
  • They also agree that the data protection law should apply to entities regardless of where they are physically located, so long as they process the data of Indian residents/citizens.
  • TRAI and the Srikrishna Committee have both opined that it is important to specify what information is protected under data protection law and what is not, although they disagree on the specifics.
  • They both agree that the law should protect individuals’ personal data, but disagree on what personal data actually is.
  • Under current Indian law, data which can be used to identify an individual is “personal data” and conversely, that which does not result in such identification is not personal data.

What are the areas where both frameworks differ?

  • Rule of law - TRAI is satisfied with this understanding, finding it to be in line with international standards.
  • For the Srikrishna Committee, identifiability or the lack thereof is a false binary in a world of new technologies, and feels that the current approach is unworkable.
  • Data Controllers - TRAI and the Srikrishna Committee both appear to agree that the law needs to clearly spell out who is accountable for breaches of data protection standards, but differ on how this should play out in practice.
  • Specifically, the Srikrishna Committee seems to be leaning towards holding only data controllers liable.
  • While TRAI has adopted a more hardline stance and feels that data controllers, data processors and any other entity handling the personal data of the user should be made accountable for any unintended harm to users.
  • User rights and consent - The committee has identified certain additional user rights, which are not a part of TRAI’s recommendations.
  • These include the right of users to access and rectify personal data, the right to object to and restrict processing (including for direct marketing), and the right against decisions being made only by automated processing
  • Data Protection - On the other hand, on data ownership, TRAI has gone a step beyond the Srikrishna Committee.
  • While the latter has acknowledged the need to ensure that data subjects have “full power” over their data.
  • TRAI has categorically said users own their personal information, whereas entities that control or process user data “are mere custodians” with no primary rights over user data.
  • On consent specifically, TRAI’s recommendations go well beyond the Srikrishna Committee’s provisional views.
  • Data localisation - The Srikrishna Committee is of the opinion that data localisation requirements may be considered for certain sensitive sectors, but may not be advisable across the board.
  • while TRAI has restricted itself to a general analysis on the merits and demerits of mandatory data localisation, without issuing concrete recommendations, citing that these issues are pertinent to all sectors of the economy.

What is the way forward?

  • TRAI’s vacillation aside, its privacy recommendations are the first that have seen from a regulator point of view.
  • Whatever are the Srikrishna Committee’s final recommendations on the issues mentioned above, it is certain that sectoral regulators including TRAI, RBI, and others, will play a crucial role in shaping India’s data protection law in the years to come.
  • There will no doubt see a country-wide data protection law, operationalising it in different sectors will be the responsibility of the respective regulators.
  • Given this, TRAI’s recommendations are a useful insight into the regulator’s thinking.

 

Source: Business Line

 
Login or Register to Post Comments
There are no reviews yet. Be the first one to review.

ARCHIVES

MONTH/YEARWISE ARCHIVES

Free UPSC Interview Guidance Programme