7/27/2018 Srikrishna Committee report recommends penalties for misuse of data - The Hindu

NATIONAL

Srikrishna committee recommends strict monetary penalties for data privacy breaches

T.C.A. Sharad Raghavan

NEW DELHI, JULY 27, 2018 17:36 IST
UPDATED: JULY 27, 2018 18:12 IST

It notes that consent should be the lawful basis for processing of personal data and the consent should be ''free, informed, specific
, clear and capable of being withdrawn.”

The Justice B.N. Srikrishna-led committee on data protection on Friday submitted its report, comprising recommendations, including on what
personal data is, the consent requirements for using such data, and the penalties for misuse of personal data.
The report said, “Sensitive personal data will include passwords, financial data, health data, official identifier, sex life, sexual orientation,
biometric and genetic data, and data that reveals transgender status, intersex status, caste, tribe, religious or political beliefs or affiliations of an
individual.”

It noted that consent should be the lawful basis for the processing of personal data and the consent should be “free, informed, specific, clear and
capable of being withdrawn.” For sensitive personal data, consent should be explicit, it said.

The committee came out with a recommendation on the right to be forgotten. It said that the right should be adopted, with the proposed data
protection authority determining the eligibility of the application on the basis of five points.

Five points
The five points are i) the sensitivity of the personal data sought to be restricted, (ii) the scale of disclosure sought to be restricted; (iii) the role of
the data principal (whose data it is) in public life, (iv) the relevance of the personal data to the public, and (v) the nature of the disclosure.

https://www.thehindu.com/news/national/srikrishna-committee-report-recommends-penalties-for-misuse-of-data/article24532466.ece?homepage=true 1/3
7/27/2018 Srikrishna Committee report recommends penalties for misuse of data - The Hindu
Regarding data misuse, the committee recommended a penalty of either a certain percentage of the total worldwide turnover of the data
misuser, or a fixed amount set by the law.
It recommended that the penalty may extend up to ₹5 crore or 2% of the data misuser’s total worldwide turnover of the preceding financial year,
whichever is higher in situations where the company fails to take “prompt and appropriate action” in response to a data security breach.
In situations where the norms on personal data, sensitive personal data, and the personal data on children are violated, the report has
recommended a penalty of ₹15 crore or 4% of the total worldwide turnover of the preceding financial year of the company.
Ad Flat 20% Off On Watches
titan.co.in

Printable version | Jul 27, 2018 10:16:25 PM | https://www.thehindu.com/news/national/srikrishna-committee-report-recommends-penalties-

for-misuse-of-data/article24532466.ece

© The Hindu

https://www.thehindu.com/news/national/srikrishna-committee-report-recommends-penalties-for-misuse-of-data/article24532466.ece?homepage=true 2/3
7/27/2018 Srikrishna Committee report recommends penalties for misuse of data - The Hindu

ROLLOVER TO EXPLO
VDX BY EXPONENT

https://www.thehindu.com/news/national/srikrishna-committee-report-recommends-penalties-for-misuse-of-data/article24532466.ece?homepage=true 3/3