'The data protection legislation has to balance many interests and issues'
“One of the things that I would like to start my discussion on Data Protection framework in the country is that any legislation has to balance many interests and issues. In data protection there has to be a balance between the rights of an individual to self-determination but at the same time we have to foster the innovation ecosystem; there has to be a process that incentivizes positively. We need positive incentives for the data controllers and processors to comply with that and then there has to be a remedial process in terms of grievance addressable etc. if there is any breach. So that’s the broad framework on which it has to be made. When we look at Justice Srikrishna’s whitepaper which has come out, one of the important things that I have noticed this time when compared to the IT Act is that the Act also has the provision for example section 43 A but that applies only to body corporate whereas in this whitepaper the proposal is applied for both private as well as public sector. Some exceptions must be there like national security.
Second, in terms of consent if you see section 43 A, it is only about consent whereas now the proposal is about not only consent but other basis as well including legitimate interest and contractual obligations etc. In that you can have scenarios like prevention of financial frauds, law enforcement activities and the purpose of ensuring cyber security within a frame of legal interests. Going beyond that one of the important things is we must have judicial oversight for certain type of ask from the law enforcement or other agencies how this is being practiced.
We should remember that data transfer and even internet are not unidirectional, they are multi-directional and if you are looking from a frame of national borders, it’s bi-directional, there are things which go out and comes in. India has been the greatest beneficiary of cross border data transfers for past few decades and that is how we have created the 150 bn IT industry in the country. So we should not only think of data going out but we should also think that there are people who are sending data in. The whole notion that if data in India it is safe, I think that is slightly misplaced. We should also look at that aspect.”
Deepak Maheshwari
Head of Govt. Affairs- Symantec Corporation
See What’s Next in Tech With the Fast Forward Newsletter
Tweets From @varindiamag
Nothing to see here - yet
When they Tweet, their Tweets will show up here.