The Justice B.N. Srikrishna Committee’s 2018 report – “A Free and Fair Digital Economy” – was India’s foundational attempt to translate the privacy jurisprudence of Puttaswamy (2017) into statutory architecture.
The Rising Scale of Cybercrime in India
Cybercrime cases rose from 10.29 lakh in 2022 to 28.15 lakh in 2025 (MHA, I4C).
Indians lost approximately
Cybercrime complaints have grown by over 623% between 2021 and 2024 on the NCRP portal.
77% of fraud losses stem from investment scams; digital arrests (9%) and sextortion (4%) are the fastest-growing categories (I4C, 2025).
I4C has frozen 24.67 lakh mule accounts and blocked 9.42 lakh SIM cards linked to cyber fraud
Key Recommendations of the Srikrishna Committee Report
Citizen reframed as data principal; entity as data fiduciary with trust obligations.
Enshrined principles of consent, purpose limitation, data minimisation, and storage limitation.
Heightened protection for sensitive personal data – health, biometric, financial, religious, genetic
Created an independent Data Protection Authority (DPA) with adjudicatory powers.
Mandated data localisation for critical and sensitive personal data within India.
Recognised new-age rights – confirmation, correction, portability, right to be forgotten.
Special safeguards for children’s data, including parental consent and a ban on profiling.
Cross-border transfer permitted only via adequacy mechanisms or contractual safeguards.
Strengths of the Report
Constitutional anchoring in Puttaswamy – privacy treated as a fundamental right, not a regulatory courtesy.
Fiduciary framing imposes a trust-based duty on data handlers, drawing from common law traditions.
GDPR-aligned principles of purpose limitation and accountability bring India to global standards.
Independent regulator (DPA) institutionalises enforcement beyond executive discretion.
Empowerment of citizens through actionable rights – correction, portability, erasure.
Sectoral sensitivity through layered protection for health, financial, biometric, and children’s data.
Digital sovereignty advanced through data localisation provisions for critical data.
Balanced approach – does not stifle innovation; permits research, journalism, and reasonable business processing.
Weaknesses of the Report
Broad State exemptions – surveillance under Section 35 permits processing in the interest of national security, public order, etc., without prior judicial oversight.
Weak independence of the DPA – appointment process dominated by the executive raises capture concerns.
Ambiguity on “critical” personal data – left to executive notification, creating regulatory uncertainty.
Data localisation costs disproportionately affect MSMEs, startups, and global service providers.
No clear remedy framework for data breaches – compensation provisions remain vague and non-deterrent.
Inadequate provisions on non-personal data – a critical gap addressed only later by the Kris Gopalakrishnan Committee.
No special framework for emerging threats – AI profiling, deepfakes, biometric coercion are underaddressed.
Limited attention to journalistic and whistleblower data, raising press-freedom concerns.
Way Forward
Operationalise the Digital Personal Data Protection Act, 2023, with timely framing of subordinate rules.
Establish the Data Protection Board of India (DPBI) as a genuinely independent authority, on the lines of TRAI or SEBI.
Bring State surveillance under judicial pre-authorisation, in line with the Puttaswamy proportionality test.
Strengthen CERT-In, I4C, and NCIIPC capacities with sustained funding and inter-agency coordination.
Mandate algorithmic transparency and AI-impact assessments for high-risk processing.
Operationalise the Cyber Fraud Mitigation Centre (CFMC) to scale real-time fraud interception.
Launch a national digital literacy mission focusing on Tier-2/3 cities, senior citizens, and first-time users.
Promote international cooperation through Budapest Convention engagement and bilateral data-sharing protocols.
“Data is the new oil.” Thus, protection of personal data is no longer a technological concern but a constitutional one.
2019 – What is CyberDome Project? Explain how it can be useful in controlling internet crimes in India.
(10)
The CyberDome Project is a high-tech PPP initiative of Kerala Police, established as a “Centre of Excellence” to combat emerging cyber threats through collaborative research and development.
Rising Internet Crimes in India
Cybersecurity incidents rose from 10.29 lakh in 2022 to 22.68 lakh in 2024 (120% increase in two years)
Massive Financial Toll- over as per NCRP.
Significant rise in AI-driven phishing and “Digital Arrest” scams
Enforcement agencies have blocked over 9.42 lakh SIM cards and 2.63 lakh IMEIs linked to fraudulent activities by early 2025.
Over 86% of households are now connected to the internet – High vulnerability
13.7% of global incidents target India (Cyfirma report)
Importance of CyberDome in Controlling Internet Crimes
Shift from “reactive investigation” approach to “proactive defense” model
Public-Private Collaboration bridges the talent gap by involving over 2,500 volunteers, including ethical hackers and IT experts
Real-Time Threat Intelligence using AI and machine learning. In 2024, it successfully thwarted a major DDoS attack on an Indian financial institution.
Combatting Online Exploitation through initiatives like “Hac’KP 2025” and the “KID GLOVE” program (international recognition from INTERPOL)
In September 2024, it launched a Security Operation Centre (SOC) to monitor police networks and prevent sensitive data breaches.
Specialized Cyber-Wings- It operates niche units like the “Ransomware School” and a Malware Analysis Lab, creating Standard Operating Procedures (SOPs).
Academic Synergy- Collaborations with institutions like NIT Calicut (2024 MoU)
Financial Fraud Mitigation detected vulnerabilities in 4 out of 10 banking apps tested (CAG report)
Officers and volunteers act as “Online Police Patrols,” monitoring social media for extremist propaganda, radicalization efforts, and the spread of fake news.
The CyberDome Project has transformed the Kerala Police into a tech-forward force, achieving a 25% increase in case resolution between 2022 and 2024.