Introducing
Your new presentation assistant.
Refine, enhance, and tailor your content, source relevant images, and edit visuals quicker than ever before.
Trending searches
Tanin Chakraborty
Fellow of Information Privacy (FIP)
Universal Declaration of Human Rights
- GDPR is a broader legislation that supervises any organization handling personally identifiable information (PII) of an EU citizen (from 2018)
- HIPAA is focused on healthcare organizations and how personal health information is used in the US (from1996)
- Supreme Court recognized "Right to Privacy" as a fundamental right (petition by Puttaswamy v. Union of India case, 2017)
- First in 2019 after rejection in parliament and than later in 2022, the Privacy Bill was presented for the public review after lot of debates, postponements and negotiations
- In the monsoon session of 2023, the bill was finally passed by both the houses
- Finally, 11th Aug 2023 - Digital Personal Data Protection Act of India (DPDP) sprinted out
- almost took 6 years from a out come of the above judment by Supreme Court back than to have a Privacy Bill
- India is the latest country to have a privacy act (around 137 out of 194 countries had put in place legislation to secure the protection of data and privacy)
ex# 2
ex# 1
- Tanin, as an employee
- Yubi & its Subsidaries, as a company
- ICICI, as a bank which process Yubi's salary
- LIC, as a third party insurance vendor
- Yubi, as a company
- HDFC, as a bank who is a client of Yubi
- Mr. X, an customer of the HDFC
- Amazon, as a service provider to Yubi
Digital Personal Data Protection Act
A DAWN OF A NEW ERA FOR DATA PROTECTION IN INDIA
- applies to the processing of digital personal data within India, whether collected online or offline and digitized later on
- also extends its applicability to data processing conducted outside India if it involves offering goods or services within India
- doesn't
- offline data
- Personal data processed by an individual for any personal or domestic purpose
- Personal data that is made or caused to be made publicly available
- under an obligation under any law
- if personal data is publicly available due to voluntary actions of the person such as opinions on social media, or due to disclosures made under applicable law.
- unlike other privacy laws; India is yet to share the white listed countries where data adequacy is provided
- an equivalent level of protection for personal data is required to transfer data outside India*
- RBI recognize having or implementing international standards like - ISO 27001 controls
- RBI also emphasize on regular audits of the implemented controls/standards
*RBI restricts transfer of any financial data outside India
- Central Government has the power to exempt certain Data Fiduciaries or a class of Data Fiduciaries, based on the volume and nature of personal data they process, from certain provisions of the Act
- Personal data is processed in the interest of prevention, detection, investigation or prosecution of any offence or contravention of any law
- processing of personal data is necessary for enforcing any legal right or claim
Central Government will establish the Data Protection Board of India to adjudicate on non-compliance with the provisions of the Bill
- Phasewise (expected in 10 months from now)
- Even if you are a Privacy Compliant, still few extra responsibilities an organization will have to fulfil: like getting consent, data security, data principle rights, reporting breaches to the board
- Till than IT Act 2000
- SPDI Rules
- RTI Act
- Telecom Regulatory Authority of India Act
Security Safe Guard
Data Principle
Assessment
Children Data
#1
#2
#3
#4
- know your rights
- check & enquire if your data has been processed for other reason than that you have subscribed for
- keep yourself updated & know how to report such issues
- ask questions on why you are asked to provide your certain personal data
- ask for data deletion post processing of your personal data (if not legally obliged to store it)
- if you are parent, make sure your child data is not processed without your consent
- make sure none of personal data is being processed without your consent
"be vigilant than being sorry"