Moneycontrol PRO
HomeNewsTechnologyPersonal Data Protection Bill | Hackers having field day as Centre dithers: Justice BN Srikrishna

Personal Data Protection Bill | Hackers having field day as Centre dithers: Justice BN Srikrishna

Justice BN Srikrishna chaired a 10-member committee that proposed a Personal Data Protection Bill for India three years ago.

May 25, 2021 / 08:31 IST
Justice Srikrishna gave an exclusive interview to Moneycontrol on Justice Srikrishna gave an exclusive interview on Personal Data Protection Bill to Moneycontrol.

Justice BN Srikrishna, who chaired a 10-member committee that proposed a Personal Data Protection Bill for India three years ago, hit out at the Government, stating that citizens have no recourse from frequent data breaches as the bill to protect their data is still hanging fire.

"This is happening because there is no law controlling it. The draft was submitted, they sat on it for two years and made all kinds of changes. It is now pending before the JPC (Joint Parliamentary Committee)," Justice Srikrishna told Moneycontrol.

His comments come in the light of the massive breach at Domino's Pizza, where user information related to 18 crore orders has been made public. Security researchers Moneycontrol spoke to said the leak happened due to a compromise in the Amazon Web Services (AWS) key, similar to what had happened during the Mobikwik breach. The last six months have seen a series of data breaches- from BigBasket to JusPay to Mobikwik, Upstox, and Air India.

While some experts said users can use provisions under the Consumer Protection (e-commerce) rules 2019 or Section 43A or Section 72A of the IT rules 2011, that has provisions for data protection, there haven't been precedents where companies have been held accountable.

"Those are vague things scattered in different places, that is the reason why we need a new law. IT rules were not framed with personal data protection in mind. Under the Personal Data Protection (PDP)Bill, if your data is stolen, then the data fiduciary who stores your data is responsible. If the PDP was law, Domino's would have been liable as the data fiduciary here," Justice Srikrishna said.

The recommendations in the PDP bill include the setting up of a Data Protection Authority or a DPA, an independent regulatory body responsible for the enforcement and effective implementation of the data protection law. In the framework, while the individual is defined as the 'data principal', the entities with whom the individual shares his/her personal data are defined as the 'data fiduciaries'.

"Notwithstanding any contractual relationship, an individual expects that her personal data will be used fairly, in a manner that fulfils her interest and is reasonably foreseeable. This is the hallmark of a fiduciary relationship. In the digital economy, depending on the nature of data that is shared, the purpose of such sharing and the entities with which sharing happens, data principals expect varying levels of trust and loyalty," the bill states.

The Ministry for Electronics & Information Technology (MEiTY) had set up a 10-member expert committee under Justice Srikrishna in August 2017 to identify key data protection issues and recommend methods to address them.

The committee released the proposed Personal Data Protection Bill (India) in July 2018. Legislation is still some time away as the Joint Committee of Parliament is still examining the Bill and recently sought an extension for the fourth time up to the Monsoon session to submit its report.

Invite your friends and family to sign up for MC Tech 3, our daily newsletter that breaks down the biggest tech and startup stories of the day

Chandra R Srikanth is Editor- Tech, Startups, and New Economy
first published: May 25, 2021 08:27 am

Discover the latest Business News, Sensex, and Nifty updates. Obtain Personal Finance insights, tax queries, and expert opinions on Moneycontrol or download the Moneycontrol App to stay updated!

Subscribe to Tech Newsletters

  • On Saturdays

    Find the best of Al News in one place, specially curated for you every weekend.

  • Daily-Weekdays

    Stay on top of the latest tech trends and biggest startup news.

Advisory Alert: It has come to our attention that certain individuals are representing themselves as affiliates of Moneycontrol and soliciting funds on the false promise of assured returns on their investments. We wish to reiterate that Moneycontrol does not solicit funds from investors and neither does it promise any assured returns. In case you are approached by anyone making such claims, please write to us at grievanceofficer@nw18.com or call on 02268882347