The Personal Data Protection Bill is in some aspects very similar with some differences to global standards such as European Union’s General Data Protection Regulation. Here is how:
Must read:
Major similarities
[1] Consent
- EU: Users must have informed consent about the way their data is processed so that they can opt in or out.
- India: Processing of data should be done in a fair and transparent manner, while also ensuring privacy
[2] Breach
- EU: Supervisory authority must be notified of a breach within 72 hours of the leak so that users can take steps to protect information
- India: Data Protection Authority must be informed within 72 hours; DPA will decide whether users need to be informed and steps to be taken
[3] Transition period
- EU: Two-year transition period for provisions of GDPR to be put in place
- India: 24 months overall; 9 months for registration of data fiduciaries, 6 months for DPA to start
[4] Data fiduciary
- EU: Data fiduciary is any natural or legal person, public authority, agency or body that determines purpose and means of data processing
- India: Similar suggestions; additionally, NGOs which also process data to be included as fiduciaries
Differences:
[1] Anonymous information
- EU: Principles of data protection do not apply to anonymous information since it is impossible to tell one from another
- India: Non-personal data must come under the ambit of data protection law such as non-personal data
[2] Punishment
- EU: No jail terms. Fines up to 20 million euros, or in the case of an undertaking, up to 4 % of their total global turnover of the preceding fiscal year
- India: Jail term of up to 3 years, fine of Rs 2 lakh or both if de-identified data is re-identified by any person.
UPSC 2022 countdown has begun! Get your personal guidance plan now! (Click here)
