Ikigai LawIkigai LawIkigai LawIkigai Law
  • About Us
    • About
    • Our Team
    • FinTales
    • Tech Ticker
  • Practice Areas
  • Blog
  • News & Events
    • Ikigai Law in the news
    • Ikigai Law at events
    • Ikigailaw on the social media
  • Careers

Mapping comments to the Srikrishna Committee on data protection (Part III): Scope of the law

    Home Data Governance Mapping comments to the Srikrishna Committee on data protection (Part III): Scope of the law
    NextPrevious

    Mapping comments to the Srikrishna Committee on data protection (Part III): Scope of the law

    By Ikigai Law | Data Governance | 0 comment | 27 July, 2018 | 8

    This note maps the opinions of some stakeholders on the White Paper of the Committee of Experts on a Data Protection Framework for India, released on 27 November, 2017 (“White Paper”).

    While all responses to the White Paper are currently unavailable, responses of twenty-seven (27) stakeholders are available on Dvara Research’s blog, here.

    Background

    In July 2017, the Ministry of Electronics and Information Technology (“MeitY”) had constituted a Committee of Experts, chaired by Justice B.N. Srikrishna (“the Srikrishna Committee” or “the Committee”) to frame recommendations for a data protection framework for India. In January 2018, the Srikrishna Committee concluded a nation-wide stakeholders’ consultation on key issues of data protection. This consultation was based on two hundred and thirty (230) questions that it had raised in the White Paper. Final recommendations of the Srikrishna Committee are awaited.

    Among many issues raised, the Srikrishna Committee had flagged the scope of the proposed data protection law as an important issue in Chapter 1 and Chapter 2 of Part II of the White Paper. As we have stated earlier, while all stakeholder submissions to the Srikrishna Committee have not been made public, Dvara Research has published a list of twenty-seven (27) publicly available comments. This note maps responses of these stakeholders on the scope of the proposed data protection law.

    The White Paper raises the following questions on scope of the proposed data protection law in Chapter 1 and Chapter 2 of Part II:

    1. What are your views on what the territorial scope and the extra-territorial application of a data protection law in India should be?
    2. What measures should be incorporated in the law to ensure effective compliance by foreign entities inter alia when adverse orders (civil or criminal) are issued against them?
    3. What are your views on the issues relating to applicability of a data protection law in India in relation to (i) natural/juristic persons; (ii) public and private sector; and (iii) retrospective application of such law?
    4. Should the law provide for a time period within which all regulated entities will have to comply with the provisions of the data protection law?
    5. Are there any other views relating to the above concepts?

    Detailed Mapping of Responses

    A detailed mapping of the responses of all the twenty seven (27) stakeholders to questions in Chapter 1 and Chapter 2 of Part II of the White Paper on Data Protection Law for India is available here.

     

    INSIGHTS

     

    1. Extra-territorial application of data protection law in India:

    The Srikrishna Committee is of the opinion that, the data protection law shall be applicable to any entity which does not have a presence in India but offers a good or service to Indian residents over the Internet or carries on business in India. This ensures that the law is applicable to anyone who would processes personal data of the data subject. It is also proposed that the extent of jurisdiction may not be so wide as to constitute an unnecessary interference with the jurisdiction of other states or have the effect of making the law a general law of the Internet. The Committee’s call for views on this issue has generated the following responses, broadly:

    1.1       Extra-territorial application of data protection law should be adopted (13 responses): iSPIRT, Access Now, CCG, CIS, Harvard FXB Center, IDP, Professor Graham Greenleaf, SFLC, Legal Academics and Advocates, Takshashila Foundation, Dvara Research, Omidyar Network, Privacy International.

    1.1.1    Access Now is of the opinion that the jurisdictional scope of the law should not be from an “establishment” perspective but from a user’s perspective.

    1.1.2 CIS is of the opinion that the proposed law must be applicable to India entirely and to any offence or contravention committed outside India by any person, if it is related to the personally identifiable information of an Indian resident.

    1.1.3 Harvard FXB Center, IDP, SFLC, Legal Academics and Advocates, Omidyar Network and Privacy International proposed that the law should be applicable to an entity which does not have a presence in India but offers a good or service to Indian residents over the Internet, or carries on business in India or processes personal data of Indian residents, irrespective of its location.

    1.1.4 Professor Graham Greenleaf and Takshashila Foundation is of the view that the proposed law should not be applicable simply because a website is accessible in India.

    1.2       Extra-territorial application of data protection law should not be adopted (2 responses): BSA and ITI.

    1.2.1    BSA and ITI are of the opinion that the proposed law should be applicable to entities/data subjects established or residing in a certain country.

    1.3       Extra-territorial application of data protection law may be adopted (4 responses): (1) Mozilla Foundation; (2) Bhandari, Kak, Parsheera,Rahman and Sane; (3) Suyash Rai; (4) The Hoot.

    1.3.1 Mozilla foundation is of the view that is suggested that India should adopt a GDPR-like model and its several mechanisms of regulating entities which offer goods or services in India.

    1.3.2 The Hoot has suggested that the data protection authority cannot have jurisdiction over the Indian media.

    1.3.3 Suyash Rai has suggested that it might be difficult and expensive to establish jurisdiction over foreign organizations.

    1.4       No response (8 responses): (1) Centre for Trade and Investment Law; (2) ORF; (3) Anupam Saraph; (4) DEF; (5) EFF ; (6) EPIC; (7) IFF ; (8) Subhasis Banerjee.

     

    2. Applicability of a data protection law in India to natural/juristic persons:

    The Srikrishna Committee is of the opinion that the data protection law may apply to natural persons only. Protection of the informational privacy right of an individual is the objective of the proposed legislation. It should not be extended to include data relating to juristic entities.

    2.1 The proposed data protection law should be applicable to natural person (8 responses): (1) BSA; (2) CIS; (3) IDP; (4) Professor Graham Greenleaf; (5) SFLC; (6) Takshashila Foundation; (7) Dvara Research; (8) Privacy International.

    2.1.1 BSA, CIS, IDP, SFLC, Takshashila Foundation, Dvara Research and Privacy International are of the opinion that the data protection law should not be applicable to juristic persons.

    2.1.2 Professor Graham Greenleaf suggests that the data protection law should not be applicable to a deceased person.

    2.2       The proposed law should be applicable to both natural and juristic persons (3 responses): (1) iSPIRT; (2) CCG; (3) Harvard FXB Center.

    2.2.1 iSPIRT, CCG and Harvard FXB Center are of the opinion that the data protection law may extend to both natural as well as juristic persons.

    2.3       No response ( 13 responses): (1) ITI; (2) Access Now; (3) Centre for Trade and Investment Law; (4) Mozilla Foundation; (5) Legal Academics and Advocates; (6) Anupam Saraph; (7) Bhandari, Kak, Parsheera, Rahman and Sane; (8) DEF; (9) EFF; (10) EPIC; (11) IFF; (12) Omidyar Network; (13) The Hoot.

     

    3. Applicability of a data protection law in India to the public and private sector:

    The Srikrishna Committee has proposed that the law may apply to data about natural persons processed both by the public and private entities with limited exemptions for well-defined categories of public or private sector entities.

    3.1       The proposed data protection law should be applicable to public and private sector (11 responses): (1) iSPIRT; (2) Access Now; (3) CCG; (4) CIS; (5) Harvard; (6) SFLC; (7) Takshashila Foundation; (8) Dvara Research; (9) Privacy International,; (10) Suyash Rai; (11) Subhasis Banerjee.

    3.1.1 Takshashila Foundation is of the opinion that law should be horizontally applicable to both government/ public and private sectors.

    3.1.2 Suyash Rai is of the opinion that small sector organizations should be exempted from being subject to the new data protection law.

    3.1.3 Subhasis Banerjee is of the view that the same privacy protection principles cannot be horizontally applied to the state and other essential bureaucracies.

    3.2       The proposed data protection law should not be applicable to public and private sector (0 responses).

    3.3       No response (13 responses): (1) ITI; (2) BSA; (3) Centre for Trade and Investment Law; (4) Mozilla Foundation; (5) Legal Academics and Advocates; (6) Anupam Saraph; (7) Bhandari, Kak, Parsheera, Rahman and Sane; (8) DEF; (9) EFF (10) EPIC; (11) IFF; (12) Omidyar Network; (13) The Hoot.

     

    4. Retrospective application of data protection law:

    The Srikrishna Committee has suggested that the law may have a transitory provision to address the issue of retrospective application.

    4.1 The proposed data protection law should have retrospective application (3 responses): (1) IDP; (2) CIS; (3) Harvard FXB Center.

    4.1.1 CIS is of the opinion that the data protection law can be retrospective in respect of the continued processing of data, but not to the extent that may require re-obtaining of consent.
    4.1.2    Harvard FXB Center and IDP suggested that the proposed data protection law may have a transitory provision to address the issue of retrospective application.

    4.2 The proposed data protection law should not have retrospective application (2 responses): (1) ITI and (2) Takshashila Foundation

    4.2.1 Takshashila Foundation is of the opinion that the retrospective applicability of the law would impose significant and unwarranted challenges for entities collecting and processing data.

    4.3 No response (17 responses): (1) Access Now; (2) iSPIRT; (3) BSA; (4) CCG; (5) Centre for Trade and Investment Law; (6) Mozilla Foundation; (7) SFLC; (8) Dvara Research; (9) Legal Academics and Advocates; (10) Anupam Saraph; (11) Bhandari, Kak, Parsheera, Rahman and Sane; (12) DEF; (13) EFF; (14)  EPIC; (15) IFF; (16) Omidyar Network; (17) The Hoot.

     

    [This post is co-authored by Adyasha Mohanty, a fourth-year student of Symbiosis Law School, Noida, Karan Dhingra, a fifth-year student of Jindal Global Law School, and Raghav Mudgal, a fourth-year student of RGNUL during their internships with TRA, with inputs from Nehaa Chaudhari, Public Policy Lead, TRA and Pushan Dwivedi, Associate, TRA.]

     

    Data Protection, Extra-Territorial Application, Ikigai Law, Internet, Jurisdiction, Juristic Person, Law, Ministry of Electronic and Information Technology, Natural Person, Private Sector, Public Sector, Recommendations, Retrospective Application, Scope of Law, Srikrishna Committee, Territorial Scope, White Paper

    Ikigai Law

    More posts by Ikigai Law

    Related Post

    • Stakeholders’ responses to the TRAI privacy consultation paper

      By Ikigai Law | 0 comment

      In a 12 part series, we have mapped stakeholders’ comments to the Consultation Paper on Privacy, Security and Ownership of the Data in the Telecom Sector by Telecom Regulatory Authority of India (TRAI). In order toRead more

    • Mapping comments to the Srikrishna Committee on data protection (Part IV): Grounds of processing

      By Ikigai Law | 0 comment

      This note maps the opinions of some stakeholders to the White Paper of the Committee of Experts on a Data Protection Framework for India, released on 27th November, 2017 (“White Paper”). While all responses toRead more

    • Mapping comments to the Srikrishna Committee on data protection (Part II): Data localisation

      By Ikigai Law | 0 comment

      This note maps the opinions of some stakeholders to the White Paper of the Committee of Experts on a Data Protection Framework for India, released on 27 November, 2017 (“White Paper”). While all responses toRead more

    • Mapping comments to the Srikrishna Committee on data protection (Part I): Cross-border data flows

      By Ikigai Law | 0 comment

      This note maps the opinions of some stakeholders to the White Paper of the Committee of Experts on a Data Protection Framework for India, released on 27 November, 2017 (“White Paper”). While all responses toRead more

    • Stakeholders’ responses to the TRAI privacy consultation paper (Part VI of XII): Legitimate exceptions, exemptions and lawful surveillance

      By Ikigai Law | 0 comment

      This is the sixth post, in a twelve (12) part series of posts, to map the opinions of all the stakeholders on the basis of their responses to the consultation paper on Privacy, Security, andRead more

    Leave a Comment

    Cancel reply

    Your email address will not be published. Required fields are marked *

    NextPrevious

    Tags

    #DataProtection #Fintales bitcoin Blockchain Budget Consent Consultation Consultation Paper cryptocurrency data Data Controllers data governance Data localisation Data Protection Data Subjects digital economy Digital India Drones E-Commerce Facebook Fintech Government Government of India healthtech Ikigai Law India Indian government Innovation MeITY Notice Payments Personal Data policy Privacy RBI Recommendation Regulation Srikrishna Committee Stakeholders Startups Surveillance Technology Tech Policy TechTicker TRAI

    Connect with Ikigai Law

    Copyright 2018 Ikigai Law | All Rights Reserved             

    Information

    • Practice Areas
    • Blog
    • Careers
    • Contact Us
    • Privacy Policy

    Contact us

    Office
    T-7/402, Commonwealth Games Village Apartment,
    New Delhi, Delhi 110092 India.

    Email Address

    contact@ikigailaw.com

    • About Us
      • About
      • Our Team
      • FinTales
      • Tech Ticker
    • Practice Areas
    • Blog
    • News & Events
      • Ikigai Law in the news
      • Ikigai Law at events
      • Ikigailaw on the social media
    • Careers
    Ikigai Law