Key takeaways from the Indian Data Protection Bill

Introduced in December 2019, the bill is still under review of the Standing Committee referred to by the Parliament's House of People

With its new Bill, India adopts and further develops many GDPR-style privacy regulations as well as some aspects of the US model of data privacy laws.

Companies will now have to update their policies to address the requirements set forward by the IDP Bill alongside GDPR and CCPA to efficiently carry out their business.

The Bill establishes a Data Protection Authority and seeks to protect personal data of individuals (or data principals)

“We are keen to promote India as a large centre for data economy and we will also finalise the data protection law very soon,”-Shri Ravi Shankar Prasad, Union IT Minister

Pic Credits: business-standard.com This is a paragraph (p)

The new Bill also endows certain rights with the Data Principals:

-Right to confirmation and access of data processing and its details -Right to correction of inaccurate or misleading personal information -Right to Data Portability -Right to erasure of data

Companies or individuals who decide on the means and purpose of processing personal data will be termed as a data fiduciary

A data fiduciary shall:

1. establish a specific, clear and lawful purpose to process any personal information 2. implement security safeguards to prevent misuse of personal data

A data fiduciary shall:

3. establish structured redressal mechanisms for effective customer complaint management 4. institute mechanisms for age verification and parental consent when processing sensitive personal data of children.

Consent forms the foundation for processing personal data unless required by the state for national security purposes The notion of consent remains the same as in European framework

Data transfer to foreign nations

Sensitive personal data such as financial and health data, can be transferred abroad, but should also be stored within India.

Social Media Intermediaries

Any public platform that enables online interaction between two or more users and allows them to create, upload or share information has to also allow voluntary user verification mechanism for users in India.

It is noteworthy that India has taken a restrictive approach for its data protection regulation

Compiled by Apana Radhakrishnan (aparna@data-privacy.ie) See more at data-privacy.ie

Key takeaways from the Indian Data Protection Bill

With its new Bill, India adopts and further develops many GDPR-style privacy regulations as well as some aspects of the US model of data privacy laws.

The Bill establishes a Data Protection Authority and seeks to protect personal data of individuals (or data principals)

“We are keen to promote India as a large centre for data economy and we will also finalise the data protection law very soon,”-Shri Ravi Shankar Prasad, Union IT Minister

The new Bill also endows certain rights with the Data Principals:

Companies or individuals who decide on the means and purpose of processing personal data will be termed as a data fiduciary

A data fiduciary shall:

A data fiduciary shall:

Data transfer to foreign nations

Social Media Intermediaries

It is noteworthy that India has taken a restrictive approach for its data protection regulation

This strict approach will have a significant effect on India's booming IT sector in the long run