Some members of Justice Srikrishna panel are also strongly opposed to making it mandatory to host data collected from Indian citizens in India.
New Delhi: Differences remained over hosting data within the country and whether or not to bring Aadhaar within the ambit of the proposed data protection law as the Justice Srikrishna Committee on Data Protection Framework met for possibly the last time Friday.
The much-awaited report is expected to be submitted to the government soon.
Sources in the panel told ThePrint that several members of the committee, including representatives of IT industry lobby NASSCOM, were strongly opposed to the plan to make it mandatory under the proposed law for companies to host all data collected from Indian citizens in India.
According to the draft report, contents of which were first reported in ThePrint, the panel was considering making it a punishable offence to take any personal data deemed ‘critical’ outside India. Critical personal data includes all data necessary for the smooth functioning of the economy and the nation-state.
However, some stakeholders say this would hurt the Indian IT sector as well as scare away foreign financial institutions, including banks, from investing more in India.
There are indications that some members could even give dissenting notes on this sensitive issue.
Asked when the report would be submitted, the source said: “We want to finalise it today itself. There is a meeting today. Then it will be for Justice Srikrishna to formally hand it over to the government.”
Aadhaar in or out?
The first draft report, circulated last month among members, indicated that the committee could propose that the data protection law should not be a retrospective one, which means data collected under Aadhaar so far would not be affected by it.
It also wanted penalties to be instituted for obtaining personal information without prior consent and unauthorised use of citizens’ biometric information. However, the draft proposed that only UIDAI should be given the power to lodge complaints to the proposed adjudicating authority.
However, sources told ThePrint, one section of the committee feels that the proposed law should not make any suggestions related to Aadhaar/UIDAI.
Some members feel it is not in the committee’s ambit to do so. “It has been indicated to the committee that the government of India will amend the Aadhaar Act to bring it in line or under the purview of the data protection law. But, that is a call for the government to take,” a member said.
In its draft report, the committee headed by the former Supreme Court judge had come to the conclusion that in the interest of “effective enforcement and fairness to data fiduciaries”, the first-of-its-kind data protection law will “not apply to any processing activity that has been completed prior to this law coming into effect”.
National security worries
While one section, which is in a minority, is pushing for intelligence and investigating agencies to also be governed by the proposed data protection law, the majority view is that such a move would work against national security.
Moreover, barring the NIA, which investigates terror cases, most of the national investigating and security data collecting agencies, including the CBI and NTRO, are not products of stand-alone laws.
The Central Bureau of Investigation (CBI), for example, is a creation under the Delhi Special Police Establishment Act.
Sources said the committee “is seized of” the recommendations made by the Telecom Regulatory Authority of India last week on data privacy, security and its ownership in the telecom industry.
“That will also be there in the report,” a source said.