In our opinion an ideal Data Protection Bill would ideally manage both the Fundamental Right to Privacy and National Security Concerns. Our new law may focus on personal data and exclude non personal data which was included earlier. Personal data includes our name, phone number, chat history, credit history, profile details etc. Moreover, this law may extend some privacy principles to data processing by law enforcement agencies, in keeping with the fundamental right to privacy. For example, we could minimize the data to be collected by security agencies and limiting how long it can be stored and adopt security measures to safeguard the information in storage. Of course, this would not hold for violators of law. Also, data processing may not be consent linked always, but under basic principles and industry codes of practice and regulations. Businesses need to process data for product and service improvements. The proposed law may enable and encourage cross border flows and limit data localization to critical and sensitive data. Business Process Outsourcing would be impossible without cross border data flow. Moreover, the new law could be framed with stakeholder consultation at each stage of regulation. Finally, if a new Data Regulator is formed, the organization must be strong and coordinate with other Regulators.
What are your views on this? Please share with us.