Subject: Internal Security

The rising menace of cybercrimes and data breaches has necessitated robust frameworks for data protection. The Justice B.N. Srikrishna Committee Report (2018) laid the foundation for India's data protection regime, significantly influencing the Digital Personal Data Protection Act, 2023.

Strengths of the Report

1. Comprehensive Framework:

• Establishes a robust framework for data protection aligned with global standards like GDPR.
• Introduces the concept of data localization for sensitive personal data to ensure better control and security.
• Emphasizes informed consent as a fundamental principle for data processing.

2. Institutional Mechanism:

• Recommends establishment of an independent Data Protection Authority (DPA) for oversight and enforcement.
• Proposes penalties and compensation mechanisms for data breaches.
• Creates accountability frameworks for data fiduciaries and processors.

3. Rights-Based Approach:

• Recognizes individual rights over personal data including right to access, correction, and erasure.
• Mandates privacy by design principles in data processing systems.
• Introduces the concept of data portability enhancing user control.

Weaknesses of the Report

1. Implementation Challenges:

• Lacks clear guidelines on technological infrastructure needed for data localization.
• Potential increased compliance costs for small businesses and startups.
• Ambiguity in defining certain key terms and concepts.

2. State Powers:

• Critics argue potential for state overreach through broad exemptions.
• Balance between national security and individual privacy remains contentious.
• Limited safeguards against government surveillance.

3. Operational Issues:

• Inadequate attention to cross-border data flows in an interconnected world.
• Complex consent requirements might lead to consent fatigue.
• Recent data shows rising cybercrimes (43,797 WhatsApp complaints in early 2024) indicating need for stronger measures.

The Srikrishna Committee Report represents a significant step towards data protection in India, though implementation challenges remain. The success of the framework will depend on balancing security with innovation, as demonstrated by recent incidents like Telegram investment scams in Mysuru. Moving forward, continuous evolution of the framework in response to emerging threats and technologies is crucial.