Justice BN Srikrishna, one of the key architects of the first draft of the Personal Data Protection Bill, highlighted concerns around the new rules for social media and digital news platforms, and warned that the misuse of data collected under the "garb of health security" is "ever present."
Here is an excerpt of the email interview:
Q: There have been several largescale data breaches reported in recent months , including credit card numbers, KYC details etc. of as many as 100 million Indians. What are the learnings for us and how in your opinion can such massive and sensitive data breaches be prevented?
The absence of a robust personal data protection law is the reason for such frequent data breaches. If the law is put in place, it obliges the data fiduciary to take all measures to prevent data breaches and imposes severe liability for failure. That is the way to prevent data breaches. Along with the law will come the obligation to secure the data by the best available cyber technology and that is needed too.
Q: Has the delay in getting a data protection law made Indians' data vulnerable?
Indubitably so. Today, there is vacuum on the subject and nobody seems to take data breaches seriously, because there are no stinging consequences following data breaches.
Q: Did you send your comments to the Joint Parliamentary Committee (JPC) on the Data Protection Bill. Have they taken any of your inputs?
No, I did not send any comments to the committee because nobody invited me to. I never received any invitation from the JPC and I was not going to seek any invitation.
Once the real value data and the real consequences breach thereof are spelt out by an appropriate law, then the Competition Commission may look at it more strictly.
Q: The new social media and over-the-top (OTT) rules have been criticised for giving the government more control on content and oversight on online news portals. The rules also call for identification of first originator of information for serious offences, which means breaking of end-to-end encryption. How are you looking at these rules? What could the implications be?
While there may have to be some control over social media, I am not in favour of vesting such control completely in the hands of the government. Such control should ideally be vested in an independent oversight body of which the majority members should be professionals, academics, lawyers and other non-government persons from civil society. As far as controlling electronic media disseminating news is concerned, I am opposed to it. In my opinion, there should be no pre-publishing control on them just as in the case of print media. "PPublish at your peril", should be the motto.
Q: You had raised your concerns regarding Aarogya Setu last year? Could you highlight your specific concerns with the app?
Absence of a parliamentary legislation declaring its objectives. The two acts relied upon do not give such authority to some committee which had issued the Aarogya Setu rules making it compulsory. That is why though declared as mandatory initially, later the government stepped down and made it voluntary. The looming threat that data collected under the garb of health security could be misused for other purpose, is ever present in the absence of a data protection law.
(Edited by: By Jomy)