Defender of your Digital Freedom

Home > RTI > [RTI] Minutes of the third meeting of the Expert Committee on Data Protection
Data Protection

[RTI] Minutes of the third meeting of the Expert Committee on Data Protection

Jul 24,2018 | 02:30 pm

The minutes of the first and second meetings of the Committee of Experts on data protection framework held on September 11, 2017 and October 3, 2017 respectively were disclosed in February 2018 in response to an RTI request made by a private citizen. It informed us that the Committee had been divided into four working groups and each working group was tasked with specific issues related to the proposed framework.

We filed a similar RTI application to MeitY asking for the minutes of all the subsequent meetings held after October 3, 2017. However, we were only provided details of the third meeting. It was communicated to us that the third meeting took place on November 13, 2017 and a fourth meeting was scheduled to take place on December 28, 2017.

The agenda of the third meeting of the Group of Experts on Data Protection, as provided in the response was as follows:

1. Discussion of respective parts of the White Paper:

a. Presentation to be made by Working Group on Grounds of Processing;

b. Presentation to be made by Working Group on Regulation and Enforcement; and

c. Presentation to be made by Working Group on Scope and Exemptions

3. Discussion on standard-setting under the proposed bill

4. Discussion on Key Issues raised by Dr. Gulshan Rai on the Draft MeitY Bill

5. Strategy for Public Consultation / Stakeholder Consultation and timelines.

The minutes of the meeting revealed that Dr. Arghya Sengupta and his team from Vidhi Centre for Legal Policy gave a detailed presentation on the consolidated white paper. The committee members deliberated on the issues outlined in the white paper and some of the important discussion points made during the presentation are:

  • Right of the data subject and harm incurring to him due to personal data collection, use and disclosure needs to be kept at the core of the Act.

  • The definition of identified, identifiable or reasonably identifiable personal data needs to be explicitly provided.

  • The implicit / explicit consent for the purpose and its use needs to be amply clear, which is a major ground for lawful processing of personal data. A checkbox method is one such option.

  • Besides the Data controller, whether the category of data processor and others need to be defined separately?

  • For child consent, while considering two options-putting in place an age bar and obtaining parental consent for the purpose of making a valid contract through some mechanisms. It was stated that Indian Contract Act require age of 18 years or more for the ability to sign a valid contract. It was also deliberated that owing to variety of target audience, one single model of consent may not work.

  • Data Controller should be more responsible in case of child’s consent and data processing. Australian Privacy Act model may also be looked at.

  • Notice to be made comprehensible for data subject to understand the meaning and the consequences arising thereof.

  • The purpose specification, use limitation, storage limitation and data quality, automated data, processing on the automated data and right to be forgotten needs to be clearly defined for the individual participation rights. Dr. Gulshan Rai opined that the white paper may include a question like “Whether Right to be Forgotten should be there or not?” He further opined that this will also help Government to get more insight of how technology companies view this issue.

  • Liability on data controller and processor connected to dealing with data.

  • Data Protection Authority and its functional rights similar to SEBI or IRDA may be explored. Data Protection body should be an independent body.

  • Strategy to adopt when imposing a penalty- percentage of global turnover or fixed optimum rupee limit.

  • The possibility of including class action suits and provisions of other Acts for compensation/offences.

  • The problem of enforceability of law against foreign entities dealing with the data of Indian subjects.

  • The concept of co-regulation or self regulation for he data controller needs to be examined.

  • The data audit of data controller to be done internally as well as externally.

  • Definitions of journalistic, artistic, literary exemptions to be reviewed or expanded.

  • Data Localization concept needs to be clarified in the context of globalization of data and its impact on the digital economy.

  • In the adjudicating mechanism, expenditure incurred can be of very high value due to high infrastructure requirements. The judicial impact assessment of this legislation can also be part of the white paper.

  • Every chapter of the white paper should include an open ended question in respect of suggesting “Any other alternative”.

  • Provisions for security standards which can be incorporated through subordinate legislation.

RTI: MeitY provides details of Blocked Websites/URLs

On August 28, 2017, SFLC.in filed an application under the Right to Information Act, 2005 seeking the following information: 1. ...

Government Refuses To Reveal Phone Interception Procedure

On 10th January 2014, several Indian national newspapers ran reports on a fresh set of procedures for interception of telephones ...

RTI reveals expenditure/organizational details of the 3rd Annual IGF Meeting held at Hyderabad

The Tunis Agenda envisaged convening the Internet Governance Forum (IGF) as a multi-stakeholder platform to discuss public policy issues related ...

[RTI] Darjeeling Internet Ban: 3 months and counting

The ongoing Internet shutdown in Darjeeling, West Bengal completes 3 months today. This day, three months earlier, mobile Internet was ...

RTI responses provide copies of Internet shutdown orders

India has seen a steep rise in the number of Internet shutdowns over the last few years. At SFLC.in, we ...

Information received regarding SWAYAM under Right To Information Act, 2005

SWAYAM, the national Massive Open Online Courses (MOOCs) project established by Ministry of Human Rights Development (MHRD), is a laudatory ...

Information on India’s surveillance practices received under the Right to Information Act, 2005

  In order to procure details on India's communications surveillance practices, SFLC.in had filed a number of applications over the ...

DEITY provides list of sites blocked in 2013, but withholds orders!

Sri.Kapil Sibal, Hon'ble Minister of Communications & Information Technology informed the Lok Sabha on Dec 11, 2013 that the Government ...

Look Who’s Watching

Do you think someone is looking over your shoulder as you type an email, buy grocery or fill a simple ...