The union also asserted that the proposed Data Protection Authority (DPA) needs to be allowed to function independently and impartially.
In its submission to the Indian IT Ministry, the delegation of the European Union to India and Bhutan said the law, if adopted, will contribute to facilitating data flows between the EU and India, and could open the way for a possible adequacy dialogue between the two sides.
However, it also made certain observations across various aspects of the Bill that was drafted by the committee led by Justice BN Srikrishna to develop a framework on data protection norms in India.
“In general, the draft law in a number of places leaves discretion to decide key matters in the hands of the Central Government or the DPA rather than dealing with them in the draft itself. This could create some uncertainties which could perhaps be avoided by providing further clarifications,” it noted.
The submission pointed out that having a data protection authority is important for both — citizens and businesses.
It emphasised that to effectively play its role, it is essential that the authority “acts with complete independence and impartiality in performing its duties and exercising its powers, free from any external influence”.