New Delhi: As the country is trying to get its head around the data leaks and political parties are accusing each other of using the services of foreign firms to influence Indian voters, Justice BN Srikrishna told News18 that India has no legal infrastructure to deal with issues pertaining to data theft.
British consultancy firm Cambridge Analytica has been accused of harvesting data of over 50 million Facebook users and helping political parties getting ahead of their opposition by tailoring election material and influencing voters.
According to SCL India, which is owned by SCL group and Ovleno Business, India's two major political parties - Congress and BJP - are clients of the firm. However, both parties have denied any links with SCL India.
Justice Srikrishna, who is spearheading the data protection law committee, said that India has "no legal infrastructure to deal with issues pertaining to big data, data theft/mining or analytics" and hence Indians have no remedy against such leaks.
"Big data and analytics have been tackled by us in the draft law. Today, there is no law. Take, for example, cryptocurrency on which there is no legislation and hence everyone says something or the other. Arun Jaitely says something, the RBI Governor says something and nobody knows what they are talking about because there is no law to deal with it," said Justice Srikrishna.
The committee is now in the final stage of drafting the data protection bill after several rounds of consultations and the former SC judge has informed News18 that the "draft bill would be sent to the government by the end of April".
Responding to the data breach on Wednesday, information technology minister Ravi Shankar Prasad warned Facebook founder Mark Zuckerberg against "any data theft" and said that India will not stop short of taking stringent actions, even if it "includes summoning you".
He also said that the current legislation is geared to tackle such a problem.
However, Justice Srikrishna feels that such a statement is only good for "public consumption" because even if the government files a case against the accused, proving it would be a lengthy, complicated and difficult process.
"The government can resort to criminal procedure code and file a suit claiming theft. But that would be very complicated. IT law does not easily fit into CrPC. Talking of theft in IT situation is not an easy job. Hence it will be difficult and a long process to prove such a thing. But of course making a statement for public consumption is good. They can arm twist the companies act too to hold these firms responsible, but again they are all foreign firms with responsible people outside. Hence, suit can be initiated but it would be million miles away from being proven," said the data protection committee head.
"If IT law was good enough then what was the need for data protection law. IT law deals with issues involved in information technology. But what about data theft? It's not a physical theft hence the act is nebulous and hence we need proper infrastructure," said Justice Srikrishna.
Cambridge Analytica has denied media accusations that it improperly accessed millions of Facebook users' information and said it deleted the data after learning that it did not adhere to data protection rules. The government has now banned the India website of the British Consultancy.
Justice Srikrishna feels banning Facebook or such forms is not the way out as in an "international arena such practices would only push us way back to 1855."
"Banning such firms is like cutting your off your nose to spite your face. The question is how to control it. Today you cannot say that no foreign firm can come to India. That would be the safest method but that would take you back to 1855. This is an international arena which needs give and take," said Justice Srikrishna.