Srikrishna Data Protection Report: "Entities Must Maintain Quality, Data Security"

Bill on the Protection of Personal Data was submitted by Judge BN Srikrishna's committee. In this photo, Judge BN Srikrishna submits the report to the Minister of Information Technologies, RS Prasad. (Image Source: PTI)

Friday's Srikrishna Data Protection Report Stresses Individual's Constitutional Rights to Their Data, Contrary to TRAI's Recent Set of Recommendations Focusing on Individual Property Datas. With his data, Srikrishna's recommendations go further by legally limiting what these entities do with these data regardless of consent.

The Srikrishna report centralizes the fact that data are protected when fiduciary data (entities that collect and process individual data) is obliged to limit their collection of data for specific and lawful purposes. The TRAI document, published almost three weeks ago, mentions very briefly these notions of "limiting objectives" and "minimizing collections", but leaves it largely to the committee to legislate on the responsibilities of companies and governments. Srikrishna's report states that entities must maintain the quality and security of data.

Despite the conceptual difference between property and rights, some specific recommendations align. Both are in agreement on what is considered personal data (essentially data that identifies the individual) and sensitive personal data (a specific list of categories such as pbadwords, finances, medical information).

of other services (data portability) and delete data about oneself (right to forgetfulness), but the Srikrishna committee goes further to give the individual the right correct your own data.

The Srikrishna report of data relating to children, excluding any profiling, monitoring, surveillance or other data processes that may harm anyone under 18 years of age.

The two conditions specified for notifications in case of data breach the concept of a common platform to disclose data security breaches.

The TRAI report made specific guidelines to device manufacturers, including allowing the user to remove a pre-ins Talled application and disclosure of terms and conditions prior to the sale of the device, which have not been discussed in the Srikrishna report. In addition, the discussion of TRAI on a data sandbox, or a test environment that anonymizes data to experiment with new products, was not included in Srikrishna's report.

TRAI has not made concrete recommendations on exceptions. across borders – two of the most discussed concepts of Srikrishna's project. The TRAI document, however, indicated that the country's data protection framework should also apply to public and private entities.

Some doubted TRAI's willingness to influence the Srikrishna Committee when drafting the Data Protection Act. jurisdiction. While the Authority is only mandated to regulate TSPs, it has made numerous recommendations in this report for "all entities" rather than only telecommunications service providers

For all the latest technology news, download Indian Express App