As the Justice Srikrishna committee submitted its report on Friday, it’s noticeable that the committee’s decision is greatly inspired by the data protection law of the European Union.
According to the GDPR or General Data Protection Regulation of the EU, the telecom companies are restricted from using data of the users. On the other hand, the law allows the residents of the EU right to protection of their individual information.
The Srikrishna committee has implemented some principles from the GDPR in their draft of the data protection law. Even though the committee’s report allows the Indian users the right to be overlooked, the right to access and correct information and the right to portability, the personal rights are quite limited in comparison with that of EU GDPR.
According to the draft law, different types of data should have different localization. In other words, it means that the critical individual data should be stored and processed completely to maintain absolute localization in India.
The law also focuses on the fact that the data of each individual should be copied and kept in the data center or the server in India. However, in EU data processors and controllers are allowed to transfer every individual’s data outside of the European Union only if they abide by some specific conditions.
Another major difference is also noted between the Srikrishna committee’s draft law and the EU’s GDPR. A telecom company may need to pay either 4% of the annual global turnover or EUR 20ml as a fine. On the contrary, the draft law of India prescribes criminal offenses as well as civil penalties.
If a telecom company in India is found to be guilty of misusing personal information, as per the draft law of the Srikrishna committee, the company will have to pay either Rs. 2lakh or the owners will be jailed for 2years or even both.