The much-awaited Data Protection Bill is likely to be tabled in the Winter Session of Parliament, according to a senior Union government official.

S Gopalakrishnan, Joint Secretary in the Union Ministry of Electronics and Information Technology, said that about 600 entities had given their feedback on the draft Bill, which seeks to ensure data privacy.

He was addressing the inaugural of the annual conference of Digital Identity Research Initiative (DIRI) at the Indian School of Business (ISB) on Friday.

Strict penalties

Referring to criticism on likely hefty penalties under the Data Protection regime, S Gopalakrishnan said the idea was not to penalise but to bring in a culture of privacy. He said the law would provide for strict penalties and punishments for violations. It would also pave the way for appointment of a regulator to ensure a proper data protection environment and address grievances.

He said that work was in progress to decide on how to tackle non-personal data. A committee headed by Infosys’ co-founder Kris Gopalakrishnan will recomend how to use and handle data such as community, anonymous and data sets such as weather.

Asked whether the data protection statute would also cover the social platforms, Gopalakrishnan said that when the law came into force it will cover both the physical and virtual entities to honour the provisions. Referring to the proposals to link voter ID cards with Aadhar, he said that it all depended on enacting law to allow such linkages.

RBI’s norms

He added that the law would factor in the RBI’s norms that mandate the organisations to store all payment data within the country. As far as the financial matters are concerned RBI would have the last word. The MeITy official said the Bill would insist on storing crtical data within the country.

If the RBI says the payment data was critical and it had to be localised, it will also be in harmony with what the data protection law says.

Later, participating in a discussion on data privacy, he said that Aadhaar didn’t deserve the bad name it got considering the amount of profiling that was being done in the mobile phones.

Prasanth Sugathan of Software Freedom Law Centre (SFLC) said that the data protection norms would have purpose limitations, mandating the user of Aadhaar data to limit to the purpose that the data is taken.