Swathi Moorthy

India’s proposed data protection authority in its current form will be a government stooge, diluting the very idea behind such a body, justice BN Srikrishna, one of the architects of the landmark personal data bill, has said.

Speaking at an ITechLaw conference in Bengaluru, the former Supreme Court judge said ideally the data protection authority should be independent and headed by the Chief Justice of India or a person nominated by the CJI. It should also have experts, both from corporates and field of academics, as members.

“DPA should not be selected by a group of babus (bureaucrats). It weakens it,” he said.

Srikrishna was also critical of the government getting free access to citizens’ data. Contrary to what was proposed in the draft that was drawn up by a panel led by him, the bill passed in December 2019 has exemptions for the government and its agencies.

It fails to protect people from invasion by the State, he said. “However this can be challenged in the Supreme Court,” Srikrishna said. “But we don’t know what the Supreme Court will say.”

The draft personal data protection and privacy bill came out in 2018.

Justice Srikrishna committee recommended data localisation for overseas firms, which didn’t go down well with tech giants companies, and also laid out parameters for the government to access citizens’ data.

The localisation of data has implications for tech giants such as Amazon, Facebook and Google. The bill that was tabled and passed by Parliament was a watered-down version of the draft.