Budget 2021

Associate Partners:

  • SMC
  • Samsung
  • Volvo


Budget 2021

Associate Partners:

  • SMCSamsungVolvo
Webinar :Join an expert panel for a webinar on Smart investments for a secure retirement January 28, 2021. Register now!
you are here: HomeNewsIndia

Key takeaways from the Srikrishna panel's draft data privacy bill

The panel, established in August last year, is headed by retired Supreme Court Judge BN Srikrishna

July 30, 2018 / 04:28 PM IST

The Srikrishna panel on Friday submitted a draft bill on data privacy to the government. The report has outlined suggestions to protect the privacy of citizen's data.

The panel, established in August last year, is headed by retired Supreme Court Judge BN Srikrishna.

  1. Personal data has been specified as any information that works as an identifier

  2. The bill also clarifies 'sensitive personal data' as any information on a person's ethnicity, sexual orientation, finances, passwords, caste, biometric data, health and official identifiers.

  3. The panel has also suggested establishing a Data Protection Authority (DPA) to regulate data processing activities.

  4. The Right to be Forgotten can be adopted, subject to the DPA's Adjudication Wing discretion. Five criteria have been set, which include sensitivity of the data and role of the data in public.

  5. Data localization has been made mandatory. Companies collecting data on Indians must store their data in a server in India.

  6. Companies need to appoint a data protection officer  who will act as a point of contact for individuals to raise grievances.

  7.  The government (both Parliament and state legislatures) can access personal data if required.

  8. Cross-border transfer of data is allowed, with some conditions or "standard contractual clauses. Entities still need to preserve a copy of the data in India.

  9. The Act will not be applied retrospectively, and will be applied in a phased and structured manner.

What is the penalty for violation? 

Corporates will have to pay up to Rs 5 crore or two percent of their turnover, whichever is higher, for violating non-sensitive personal data.

The penalty for violation of sensitive personal data is a fine of up to Rs 15 crore or four percent of the company's turnover, whichever is higher.

The bill has proposed to make the offences cognizable and non-bailable.
Moneycontrol News
first published: Jul 30, 2018 04:28 pm

stay updated

Get Daily News on your Browser