The Justice Srikrishna committee, in a report and a draft Bill, recommended the creation of a Data Protection Authority that will be in charge of ensuring that entities processing data do so in keeping with the law.

“The DPA, a sector agnostic body, will ensure that every entity that handles data is conscious of its obligations and that it will be held to account in case of failure to comply,” the report said.

The authority will be governed by a board consisting of six whole-time members and a chairperson appointed by the Union government on the recommendation of a selection committee.

“The selection committee shall consist of the Chief Justice of India or her nominee (who is a judge of the Supreme Court of India), the Cabinet Secretary, Government of India, and one expert of repute who has special knowledge of, and professional experience in, areas related to data protection, information technology, data management, data science, cyber and Internet laws and related subjects,” the report said.

The members of the DPA are to be “individuals of integrity and ability” with special knowledge of, and professional experience of not less than 10 years in, areas related to data protection, information technology, data management, data science, cyber and internet laws and related subjects.

The DPA members will have a five-year term, subject to a suitable retirement age and their salaries will be prescribed by the Central government.

Broadly, the DPA will have four departments and related functions: monitoring and enforcement; legal affairs, policy and standard setting; research and awareness; and inquiries, grievance handling and adjudication.

The DPA will be stating codes of practice, conducting inquiries, and issuing warnings and injunctions.

Source: Read Full Article