Its recommendations have been appreciated by the industry and data protection activists. The Committee wants citizens’ privacy levels strengthened, and its recommendations will surely affect technology and ecommerce companies, and redefine government’s access to personal information.
If accepted by the government, it will change the way Aadhaar, right to information and information technology are being handled at present.
The Committee has recommended strict financial penalties and criminal prosecution for companies violating data privacy rules. For technology and internet companies, recommendations on storing one copy of ‘personal data’ in India – that is, creating a mirror of data stored in servers abroad – will mean higher costs and major change in business models.
As per Committee’s report, citizens and internet users will have the final say on how and for which purpose personal data can be used and they will also have the right to withdraw consent. There will also be the option of ‘right to be forgotten’, subject to certain conditions.
The Bill presented by the Committee makes senior management of companies and heads of government departments accountable for any breach in data privacy. It calls for mandatary security audits of all companies, both foreign and Indian; appointment of data protection officers by them; setting up of a data protection authority on the lines of regulators such as Sebi and a data protection fund.
Chairman of Infosys and founder chairman of Aadhaar, Nandan Nilekani called the Bill a landmark in India’s privacy and data protection landscape.