Dalvoy Logo
Dalvoy
UPSC MainsGENERAL-STUDIES-PAPER-III201815 Marks250 Words
हिंदी में पढ़ें
Q15.

Data Security: Srikrishna Committee Report Analysis

Data security has assumed significant importance in the digitized world due to rising cyber crimes. The Justice B. N. Srikrishna Committee Report addresses issues related to data security. What, in your view, are the strengths and weaknesses of the Report relating to protection of personal data in cyber space?

How to Approach

This question requires a critical assessment of the Justice B.N. Srikrishna Committee Report on data protection. The answer should begin by briefly outlining the context of rising cybercrime and the need for data security. Then, systematically analyze the strengths of the report (like its comprehensive scope and principles) and its weaknesses (such as concerns about implementation and potential impact on innovation). A balanced approach, acknowledging both sides, is crucial. Structure the answer into introduction, strengths, weaknesses, and conclusion.

Model Answer

0 min read

Introduction

In the increasingly digitized world, data has become a valuable asset, simultaneously fueling economic growth and presenting significant security risks. The escalating frequency and sophistication of cybercrimes, including data breaches and ransomware attacks, underscore the urgent need for robust data protection frameworks. Recognizing this, the Indian government constituted the Justice B.N. Srikrishna Committee in 2017 to study data protection issues and propose a draft legislation. The Committee submitted its report in 2018, advocating for a comprehensive law to safeguard personal data. This answer will critically evaluate the strengths and weaknesses of the Srikrishna Committee Report in relation to protecting personal data in cyberspace.

Strengths of the Srikrishna Committee Report

The Srikrishna Committee Report possesses several notable strengths:

  • Comprehensive Scope: The report addressed a wide range of data protection concerns, encompassing personal data, sensitive personal data, and critical data. It considered various aspects like data collection, processing, storage, and transfer.
  • Principles-Based Approach: The report adopted a principles-based approach, emphasizing concepts like data minimization, purpose limitation, and accountability. This allows for flexibility in application across different sectors and technologies.
  • Data Localization: A key recommendation was data localization, mandating storage of certain categories of personal data within India. This aimed to enhance data security and sovereignty, and facilitate law enforcement access.
  • Establishment of Data Protection Authority (DPA): The report proposed the creation of an independent DPA with powers to investigate, adjudicate, and enforce data protection laws. This is crucial for effective implementation and oversight.
  • Right to be Forgotten: The report recognized the ‘right to be forgotten’, allowing individuals to request the deletion of their personal data under certain circumstances, empowering individuals with greater control over their information.

Weaknesses of the Srikrishna Committee Report

Despite its strengths, the report also faced criticism regarding several weaknesses:

  • Implementation Challenges: The stringent data localization requirements raised concerns about increased compliance costs for businesses, particularly multinational corporations, and potential disruptions to cross-border data flows.
  • Impact on Innovation: Some argued that the report’s provisions, particularly those related to consent and data processing, could stifle innovation and hinder the growth of the digital economy.
  • Ambiguity in Definitions: Certain definitions, such as ‘personal data’ and ‘sensitive personal data’, were considered ambiguous and open to interpretation, potentially leading to legal uncertainties.
  • Exemptions for Government Agencies: The report included broad exemptions for government agencies, raising concerns about potential misuse of personal data for surveillance and other purposes. This was seen as a deviation from the principle of equal treatment under the law.
  • Lack of Clarity on Cross-Border Data Transfers: While advocating for data localization, the report lacked clear guidelines on legitimate cross-border data transfers, creating potential conflicts and uncertainties.

Comparison with the Digital Personal Data Protection Act, 2023

The Digital Personal Data Protection (DPDP) Act, 2023, enacted based on the Srikrishna Committee’s recommendations, reflects some modifications. While it retains the principle of data minimization and establishes a Data Protection Board, it significantly dilutes the data localization requirements and expands exemptions for government agencies. This shift has sparked debate about whether the DPDP Act adequately addresses the concerns raised by the original report.

Feature Srikrishna Committee Report Digital Personal Data Protection Act, 2023
Data Localization Strongly advocated for Diluted; allows cross-border data transfer with certain conditions
Government Exemptions Limited Expanded; broad exemptions granted
Consent Requirements Strict More flexible; allows for certain legitimate uses without explicit consent
Data Protection Authority Proposed independent DPA Established Data Protection Board

Conclusion

The Justice B.N. Srikrishna Committee Report was a landmark effort to address the critical issue of data protection in India. While it offered a comprehensive and principles-based framework, its weaknesses related to implementation, innovation, and government exemptions posed significant challenges. The subsequent DPDP Act, 2023, represents a pragmatic compromise, but its effectiveness in safeguarding personal data while fostering economic growth remains to be seen. Continuous monitoring, adaptation, and robust enforcement will be crucial to ensure that India’s data protection regime remains relevant and effective in the evolving digital landscape.

Answer Length

This is a comprehensive model answer for learning purposes and may exceed the word limit. In the exam, always adhere to the prescribed word count.

Evaluate your handwritten answer in under a minute

Free trial available • Trusted by 1,00,000+ aspirants

Additional Resources

Key Definitions

Data Localization
The practice of storing data on servers located within the geographical boundaries of a country. It aims to enhance data security, sovereignty, and law enforcement access.
Right to be Forgotten
The right to be forgotten, also known as the right to erasure, allows individuals to request the removal of personal information from the internet under certain circumstances, such as when the data is no longer necessary or has been unlawfully processed.

Key Statistics

India witnessed a 78% increase in cybercrime cases in 2022 compared to 2021, with a significant proportion involving data breaches.

Source: National Crime Records Bureau (NCRB) Report, 2022 (as of knowledge cutoff)

Global cost of cybercrime is estimated to reach $10.5 trillion annually by 2025.

Source: Cybersecurity Ventures (as of knowledge cutoff)

Examples

Cambridge Analytica Scandal

The Cambridge Analytica scandal (2018) highlighted the risks associated with the misuse of personal data collected through social media platforms, emphasizing the need for stronger data protection regulations.

Frequently Asked Questions

What is the difference between personal data and sensitive personal data?

Personal data refers to any information that can identify an individual, while sensitive personal data includes information like religious beliefs, caste, sexual orientation, and health data, which requires a higher level of protection due to its potential for discrimination or harm.

Topics Covered

ScienceTechnologyGovernanceData PrivacyCyber SecurityDigital Policy
Back to all GENERAL-STUDIES-PAPER-III 2018 questions