How India’s proposed data privacy bill compares with protection laws across the world
India’s draft of the Personal Data Protection Bill, 2018, provides for regulations of users’ personal data that is collected by various third parties, including the state.india Updated: Jul 28, 2018 14:27 IST
India moved closer to its first data privacy law on Friday after a committee, headed by former Supreme Court judge BN Srikrishna, proposed a draft Personal Data Protection Bill.
The draft bill provides for the formation of a Data Protection Authority of India to protect citizens’ data and privacy — a growing concern in an increasingly digitising economy.
The proposed bill makes individual consent the centrepiece of data sharing, awards rights to users, imposes obligations on “data fiduciaries”— all those entities, including the State, which determine purpose and means of data processing.
It also lays out provisions on data storage, making it mandatory for a copy of personal data to be stored in India, and called for amendments to other laws, including the Right to Information. Though the bill does not mention it directly, the report also suggests changes to the Aadhaar Act.
In essence, the Data Protection Authority will function as India’s privacy regulator.
Several countries across the world have already implemented similar data protection laws. The focus on users right to their data and its protection comes after the scandal this March over access gained by political marketing firm Cambridge Analytica to data collected through Facebook.
Here is a look at how other countries have approached the data privacy issue:
- Has an all-encompassing law ‘General Data Protection Regulations,’ which came into effect on May 25, 2018.
- User consent needs to be explicit n Right to be forgotten, a concept that arose in the EU
- Right to be forgotten, a concept that arose in the EU
- Applies to businesses anywhere in the world that handle European data
- Penalties for non-compliance are up to 4 percent of the company’s global turnover, or 20 million Euros, whichever is higher
- Data protection fragmented invarious federal and state laws
- Each sector will deem what isprivate or personal data
- A movement to pass a new law onconsumer privacy protectionsfailed in the Congress in 2017.
- California, with ‘Shine the LightLaw,’ was one of the first states inthe US to implement privacy laws
- The Privacy Act of 1988 regulates the handling of personalinformation of individuals
- n Privacy is not a fundamental right
- Does not apply to governmentagencies, political parties
First Published: Jul 28, 2018 14:25 IST