Q19. Data security has assumed significant importance in the digitised world due to rising cyber crimes. The Justice B. N. Srikrishna Committee Report addresses issues related to data security. What, in your view, are the strengths and weaknesses of the Report relating to the protection of personal data in cyberspace?

Model Answer:

Introduction

The Justice B.N. Srikrishna Committee Report on data protection, titled "A Free and Fair Digital Economy: Protecting Privacy, Empowering Indians," was released in 2018 to address the growing concerns around data security and privacy in India. The report is the foundation for the Personal Data Protection Bill, 2019, which aims to regulate how personal data is collected, processed, and stored. 

Body

Strengths of the Justice B.N. Srikrishna Committee Report

1. Comprehensive Framework:
   • The report provides a broad, well-rounded framework for data protection. It addresses various aspects of personal data processing, including data collection, storage, transfer, and deletion. It categorizes data into different types—such as sensitive personal data—and suggests higher protection for sensitive categories.
   • It is modelled after global standards like the General Data Protection Regulation (GDPR), ensuring India aligns with international norms of data protection and privacy.
2. Focus on Individual Rights:
   • The report emphasizes the importance of user consent. It introduces principles such as purpose limitation (data collected for a specific purpose should not be used for another), data minimization, and the right to be forgotten, which aim to give individuals more control over their data.
   • The inclusion of the right to access and right to correction ensures that individuals can review and amend their personal data, fostering transparency.
3. Accountability of Data Processors:
   • The report suggests stringent obligations on data fiduciaries (entities collecting and processing data). They must ensure accountability and transparency through measures like conducting data impact assessments and maintaining data protection officers.
   • A Data Protection Authority (DPA) is recommended to oversee compliance, monitor processing activities, and take enforcement actions, ensuring a regulatory framework to protect personal data.
4. Data Localization:
   • The report suggests localization of certain categories of data, requiring critical personal data to be stored and processed only in India. This can bolster national security and enable local law enforcement to access data quickly for investigations.
5. Grievance Redressal Mechanism:
   • The report emphasizes the establishment of grievance redressal mechanisms for individuals whose data has been misused or compromised, enhancing user protection.

Weaknesses of the Justice B.N. Srikrishna Committee Report

1. Ambiguity in Certain Provisions:
   • While the report advocates for data localization, it lacks clarity on what constitutes "critical personal data," leading to uncertainty for organizations that handle cross-border data. This ambiguity could potentially disrupt global business operations.
   • There are also concerns over the vagueness surrounding the "right to be forgotten," as it can conflict with freedom of speech, particularly when removing data from the public domain.
2. Overbearing Data Localization:
   • Though data localization is intended to secure sensitive data, it has been criticized for imposing onerous requirements on multinational companies. Compliance costs are expected to rise as companies may need to invest heavily in local data centres, potentially slowing down innovation and global collaboration.
   • Additionally, critics argue that localization doesn’t necessarily improve data security but may increase vulnerability by creating centralized data repositories, which could become single points of attack for hackers.
3. State Surveillance Concerns:
   • The report allows the government to access personal data under certain circumstances, raising concerns about state surveillance. Although there are provisions for judicial oversight, privacy advocates argue that these exceptions could be abused, especially in a country where citizens' rights are not always uniformly protected.
   • The report lacks strong safeguards against state overreach, raising concerns over the potential for government misuse of data for political or other purposes.
4. Absence of Stronger Encryption Mandates:
   • While the report touches upon data security, it does not sufficiently emphasize encryption standards or mandatory security protocols for safeguarding personal data in cyberspace. Given the rising sophistication of cyber-attacks, a stronger focus on encryption and other cutting-edge cybersecurity measures would have been beneficial.
5. Enforcement and Implementation Gaps:
   • Although the report proposes a Data Protection Authority, it does not fully detail the enforcement mechanisms or the capacity-building measures needed to ensure effective implementation. Without strong enforcement, the regulatory framework might remain more theoretical than practical, leaving individuals' data still vulnerable.
   • There is also a lack of clear punitive measures for non-compliance by data processors, which could dilute the effectiveness of the framework.

Conclusion

The Justice B.N. Srikrishna Committee Report is a landmark attempt to protect personal data in the digital age. Its strengths lie in its comprehensive framework, individual rights protection, and emphasis on accountability. However, it also faces criticism for ambiguity, potential state overreach, and practical challenges like data localization and enforcement. The report represents a significant step forward, but additional refinements and clear safeguards are needed to strike the right balance between privacy, security, and economic growth in cyberspace. 

‍

Instant Mains Evaluation with SuperKalam

✅ Now that you have gone through the model answer, try practicing and writing it in your own words and evaluate it instantly with SuperKalam here - Evaluate Mains Answer instantly