Data privacy

Srikrishna panel wants fines linked to firms' global turnover for data breach

data-protect-privacy-pix Representational image | File

IT Act does not prescribe civil penalty provisions specifically for violation of data protection obligations

An experts committee under the IT ministry yesterday sought public feedback on a white paper over data protection framework where it has suggested linking penalty to the global turnover of an entity that violates rules.

"In the context of a data protection law, civil penalties may be calculated in a manner to ensure the quantum of civil penalty imposed not only acts as a sanction, but also acts as a deterrence to data controllers which have violated their obligations under the data protection law," said the white paper of the experts panel under Justice B.N. Srikrishna, a former Supreme Court judge.

The panel was formed after the Supreme Court ruled that privacy is a fundamental right and asked the government to frame rules around it.

Among various options to calculate penalty, the panel has provisionally suggested that the "highest form of deterrence in relation to civil penalties may be where a per day civil penalty is imposed subject to a fixed upper limit or a percentage of the total worldwide turnover of the defaulting data controller of the previous financial year, whichever is higher".

According to the findings of the committee, the IT Act does not appear to prescribe civil penalty provisions specifically for violation of data protection obligations and is limited in applicability. Moreover, the quantum of penalty under the provisions of the IT Act appears inadequate and may not act as a deterrence to emerging e-commerce and other technology based players in India.

The panel—set up by Ministry of Electronics and IT—noted that both public and private sectors are collecting and using personal data on an unprecedented scale and for various purposes. It said that while the data can be put to beneficial use, the unregulated and arbitrary use, especially that of personal data, has raised concerns about privacy and autonomy of an individual.

"Some of the concerns relate to centralisation of databases, profiling of individuals, increased surveillance and a consequent erosion of individual autonomy," the paper noted.

It stated that data about an individual like his race and religion can be used to discriminate against them.

"There are also some actions of the state which may threaten an individual's privacy. For instance, surveillance activities by the government or private organisations can disrupt peace of mind and create chilling effects by making people conform to societal expectations," the paper said.

The panel has fixed December 31 as the last date for comment on the white paper. 

This browser settings will not support to add bookmarks programmatically. Please press Ctrl+D or change settings to bookmark this page.

Related Reading