SlideShare ist ein Scribd-Unternehmen logo

(SAOCN) Aaron kamath - India's Personal Data Protection Bill - an overview

Priyanka Aash
Priyanka Aash

India's Personal Data Protection Bill (PDPB) has been in the news for a while now. One of the most awaited legislations around the world, the bill has intoduced many new ideas which are different from other legislations like the EU GDPR,etc. The bill has also raised many controversies and debates both in India and globally. This session focuses on what the India PDPB is all about.

Technologie
1 von 8
Mumbai | Silicon Valley | Bangalore | Singapore | Mumbai-BKC | New Delhi | Munich | New York © Nishith Desai Associates SACON 2020 India’s Proposed Privacy and Personal Data Protection Law - Aaron Kamath Leader - Technology & Privacy Law Practice February 22, 2020 Draft for discussion purposes only
Regulation as a Facilitator  Privacy • Control over data • Transfer to jurisdictions with less protection  Cybersecurity • In 2015, 70% of all internet traffic was passing through cloud data centers – how secure is that cloud?  Law enforcement • Government access • Data localization • Solutions – MLATs and data sharing agreements  Competition • Protect domestic companies from online competition  Equating digital and non-digital players • TSPs v. OTTs 2
Changing Landscape of Privacy and Data Protection in India  India, the largest consumer of mobile data in the world, is acknowledging the importance of data, its uses and security.  The Apex court declared the right to privacy as a fundamental right guaranteed under the Constitution.  In December 2019, the Indian Government introduced in the lower house of parliament the Personal Data Protection Bill, 2019.  The Bill on December 12, 2019 was referred to a Joint Parliamentary Committee (“JPC”) for further debate and examination.  Presently stakeholder recommendations are invited by the JPC until 25th February 2020.  JPC to submit its report to Parliament by mid-end March. 3
Existing Framework  The Information Technology Act, 2000  The Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011 • Protects ‘Sensitive Personal Data’ • Purpose, collection and storage limitation • Privacy Policy and disclosures • Consent requirements • Transfers • Reasonable security practices and procedures • Grievance officer  State of compliance  Sectoral requirements • Data localization– banking and payments, insurance, telecom 4
Overview of the Personal Data Protection Bill,2019  Applicability • Extra-territorial • Exemption for manual processing and outsourcing activities in certain cases  Wider categories of data protected • Personal data • Sensitive personal data – biometric, financial, religious, caste data included  Peculiarities in other categories of data • Critical personal data (no guidance) • Anonymized / non-personal data (Government requests)  Enhanced data controller obligations • Notice and consent requirements – for personal and sensitive data • Purpose, collection and storage limitations • Privacy by design • Transparency and security safeguards (CoPs) • Data breach notifications (to DPA)  Significant data fiduciary • Impact assessments • Maintenance of records and audits • Data protection officer • Social media intermediaries 5
Overview of the Personal Data Protection Bill,2019 (contd.)  Rights conferred on data subjects (flavors of GDPR) • Confirmation and access • Correction and erasure • Data portability (extends to data generated by fiduciary and profile data) • Right to be forgotten (limited right)  Special provisions on children’s data • Age-verification and parental consent • Guardian data fiduciary • Restrictions in profiling, tracking, monitoring, targeted advertising directed at children or other potentially harmful activities  Independent Data Protection Authority • Codes of Practice  Regulatory sandbox  Enhanced penalties linked to % of worldwide turnover in some grave cases 6
7 Data Fiduciary Data Processor Data transfer (unless categorized as Critical Personal Data) Overseas INDIA Data Localization andCross-Border DataTransfers - Sensitive Personal Data Server / Data Centre Data Principal Explicit consent -- Data ProtectionAuthority approved contract or intra-group schemes, or - Transfer to Government notified countries or class of entities or international organizations; or - DPA approved transfer for a specific purpose Data copy stored (unless specifically exempted by the Central Government)
Thank You! nda@nishithdesai.com Mumbai | Silicon Valley | Bangalore | Singapore | Mumbai-BKC | New Delhi | Munich | New York © Nishith Desai Associates Aaron Kamath – aaron.kamath@nishithdesai.com

Empfohlen

(SACON) Nandan Nilekani - Identity Payments and Data Empowerment 
(SACON) Nandan Nilekani - Identity Payments and Data Empowerment (SACON) Nandan Nilekani - Identity Payments and Data Empowerment 
(SACON) Nandan Nilekani - Identity Payments and Data Empowerment 
Priyanka Aash
 
(SACON) Shivangi Nadkarni & Sandeep Rao - An introduction to Data Privacy
(SACON) Shivangi Nadkarni & Sandeep Rao - An introduction to Data Privacy(SACON) Shivangi Nadkarni & Sandeep Rao - An introduction to Data Privacy
(SACON) Shivangi Nadkarni & Sandeep Rao - An introduction to Data Privacy
Priyanka Aash
 
Data Privacy
Data PrivacyData Privacy
Data Privacy
cliff_rudolph
 
Data Protection in India
Data Protection in IndiaData Protection in India
Data Protection in India
Home
 
S719a
S719aS719a
S719a
ecommerce
 
An overview of the Indian Data Privacy Bill
An overview of the Indian Data Privacy Bill An overview of the Indian Data Privacy Bill
An overview of the Indian Data Privacy Bill
Komal Gadia
 
Overview Data Privacy Bill India
Overview Data Privacy Bill IndiaOverview Data Privacy Bill India
Overview Data Privacy Bill India
ITS Technology Solution Private Limited
 
BigID GDPR Compliance Automation Webinar Slides
BigID GDPR Compliance Automation Webinar SlidesBigID GDPR Compliance Automation Webinar Slides
BigID GDPR Compliance Automation Webinar Slides
Dimitri Sirota
 

Empfohlen

(SACON) Nandan Nilekani - Identity Payments and Data Empowerment 
(SACON) Nandan Nilekani - Identity Payments and Data Empowerment (SACON) Nandan Nilekani - Identity Payments and Data Empowerment 
(SACON) Nandan Nilekani - Identity Payments and Data Empowerment 
Priyanka Aash
 
(SACON) Shivangi Nadkarni & Sandeep Rao - An introduction to Data Privacy
(SACON) Shivangi Nadkarni & Sandeep Rao - An introduction to Data Privacy(SACON) Shivangi Nadkarni & Sandeep Rao - An introduction to Data Privacy
(SACON) Shivangi Nadkarni & Sandeep Rao - An introduction to Data Privacy
Priyanka Aash
 
Data Privacy
Data PrivacyData Privacy
Data Privacy
cliff_rudolph
 
Data Protection in India
Data Protection in IndiaData Protection in India
Data Protection in India
Home
 
S719a
S719aS719a
S719a
ecommerce
 
An overview of the Indian Data Privacy Bill
An overview of the Indian Data Privacy Bill An overview of the Indian Data Privacy Bill
An overview of the Indian Data Privacy Bill
Komal Gadia
 
Overview Data Privacy Bill India
Overview Data Privacy Bill IndiaOverview Data Privacy Bill India
Overview Data Privacy Bill India
ITS Technology Solution Private Limited
 
BigID GDPR Compliance Automation Webinar Slides
BigID GDPR Compliance Automation Webinar SlidesBigID GDPR Compliance Automation Webinar Slides
BigID GDPR Compliance Automation Webinar Slides
Dimitri Sirota
 
BigID & Collibra Joint Deck: Using BigID’s Privacy-centric Data Discovery to...
BigID & Collibra Joint Deck: Using BigID’s Privacy-centric Data Discovery to...BigID & Collibra Joint Deck: Using BigID’s Privacy-centric Data Discovery to...
BigID & Collibra Joint Deck: Using BigID’s Privacy-centric Data Discovery to...
BigID Inc
 
GDPR and Blockchain
GDPR and BlockchainGDPR and Blockchain
GDPR and Blockchain
Salman Baset
 
Data security and privacy
Data security and privacyData security and privacy
Data security and privacy
rajab ssemwogerere
 
BigID Data sheet: Consent Governance & Orchestration
BigID Data sheet: Consent Governance & OrchestrationBigID Data sheet: Consent Governance & Orchestration
BigID Data sheet: Consent Governance & Orchestration
BigID Inc
 
GDPR considerations for blockchain solution architects.
GDPR considerations for blockchain solution architects.GDPR considerations for blockchain solution architects.
GDPR considerations for blockchain solution architects.
Salman Baset
 
Data Privacy & Security
Data Privacy & SecurityData Privacy & Security
Data Privacy & Security
Eryk Budi Pratama
 
BigID GDPR Privacy Automation Data Sheet
BigID GDPR Privacy Automation Data SheetBigID GDPR Privacy Automation Data Sheet
BigID GDPR Privacy Automation Data Sheet
Dimitri Sirota
 
BigID Data Sheet: Smart Data Labeling and Tagging
BigID Data Sheet: Smart Data Labeling and TaggingBigID Data Sheet: Smart Data Labeling and Tagging
BigID Data Sheet: Smart Data Labeling and Tagging
BigID Inc
 
BigID DataSheet: Data Access Intelligence
BigID DataSheet: Data Access IntelligenceBigID DataSheet: Data Access Intelligence
BigID DataSheet: Data Access Intelligence
BigID Inc
 
BigID, OneTrust, IAPP Webinar: Bridging the Privacy Office with IT
BigID, OneTrust, IAPP Webinar: Bridging the Privacy Office with ITBigID, OneTrust, IAPP Webinar: Bridging the Privacy Office with IT
BigID, OneTrust, IAPP Webinar: Bridging the Privacy Office with IT
BigID Inc
 
Privacy & Data Protection in the Digital World
Privacy & Data Protection in the Digital WorldPrivacy & Data Protection in the Digital World
Privacy & Data Protection in the Digital World
Arab Federation for Digital Economy
 
BigID's Smart Data Labeling and Tagging
BigID's Smart Data Labeling and TaggingBigID's Smart Data Labeling and Tagging
BigID's Smart Data Labeling and Tagging
Dimitri Sirota
 
BigID Data Sheet HIPAA Data Security & Privacy
BigID Data Sheet HIPAA Data Security & Privacy BigID Data Sheet HIPAA Data Security & Privacy
BigID Data Sheet HIPAA Data Security & Privacy
BigID Inc
 
Evolving regulations are changing the way we think about tools and technology
Evolving regulations are changing the way we think about tools and technologyEvolving regulations are changing the way we think about tools and technology
Evolving regulations are changing the way we think about tools and technology
Ulf Mattsson
 
ISSA Atlanta - Emerging application and data protection for multi cloud
ISSA Atlanta - Emerging application and data protection for multi cloudISSA Atlanta - Emerging application and data protection for multi cloud
ISSA Atlanta - Emerging application and data protection for multi cloud
Ulf Mattsson
 
GDPR practical info session for development
GDPR practical info session for developmentGDPR practical info session for development
GDPR practical info session for development
Tomppa Järvinen
 
Isaca atlanta - practical data security and privacy
Isaca atlanta - practical data security and privacyIsaca atlanta - practical data security and privacy
Isaca atlanta - practical data security and privacy
Ulf Mattsson
 
Protecting Data Privacy in Analytics and Machine Learning
Protecting Data Privacy in Analytics and Machine LearningProtecting Data Privacy in Analytics and Machine Learning
Protecting Data Privacy in Analytics and Machine Learning
Ulf Mattsson
 
Jul 16 isaca london data protection, security and privacy risks - on premis...
Jul 16 isaca london data protection, security and privacy risks - on premis...Jul 16 isaca london data protection, security and privacy risks - on premis...
Jul 16 isaca london data protection, security and privacy risks - on premis...
Ulf Mattsson
 
A practical data privacy and security approach to ffiec, gdpr and ccpa
A practical data privacy and security approach to ffiec, gdpr and ccpaA practical data privacy and security approach to ffiec, gdpr and ccpa
A practical data privacy and security approach to ffiec, gdpr and ccpa
Ulf Mattsson
 
Privacy issues in data analytics
Privacy issues in data analyticsPrivacy issues in data analytics
Privacy issues in data analytics
shekharkanodia
 
Smart_cities_and_sustainability_Korpisaari.pdf
Smart_cities_and_sustainability_Korpisaari.pdfSmart_cities_and_sustainability_Korpisaari.pdf
Smart_cities_and_sustainability_Korpisaari.pdf
Päivi Korpisaari
 

Weitere ähnliche Inhalte

Was ist angesagt?

BigID Data sheet: Consent Governance & Orchestration
BigID Data sheet: Consent Governance & OrchestrationBigID Data sheet: Consent Governance & Orchestration
BigID Data sheet: Consent Governance & Orchestration
BigID Inc
 
BigID DataSheet: Data Access Intelligence
BigID DataSheet: Data Access IntelligenceBigID DataSheet: Data Access Intelligence
BigID DataSheet: Data Access Intelligence
BigID Inc
 
BigID, OneTrust, IAPP Webinar: Bridging the Privacy Office with IT
BigID, OneTrust, IAPP Webinar: Bridging the Privacy Office with ITBigID, OneTrust, IAPP Webinar: Bridging the Privacy Office with IT
BigID, OneTrust, IAPP Webinar: Bridging the Privacy Office with IT
BigID Inc
 
BigID Data Sheet HIPAA Data Security & Privacy
BigID Data Sheet HIPAA Data Security & Privacy BigID Data Sheet HIPAA Data Security & Privacy
BigID Data Sheet HIPAA Data Security & Privacy
BigID Inc
 
Evolving regulations are changing the way we think about tools and technology
Evolving regulations are changing the way we think about tools and technologyEvolving regulations are changing the way we think about tools and technology
Evolving regulations are changing the way we think about tools and technology
Ulf Mattsson
 
ISSA Atlanta - Emerging application and data protection for multi cloud
ISSA Atlanta - Emerging application and data protection for multi cloudISSA Atlanta - Emerging application and data protection for multi cloud
ISSA Atlanta - Emerging application and data protection for multi cloud
Ulf Mattsson
 
Protecting Data Privacy in Analytics and Machine Learning
Protecting Data Privacy in Analytics and Machine LearningProtecting Data Privacy in Analytics and Machine Learning
Protecting Data Privacy in Analytics and Machine Learning
Ulf Mattsson
 
A practical data privacy and security approach to ffiec, gdpr and ccpa
A practical data privacy and security approach to ffiec, gdpr and ccpaA practical data privacy and security approach to ffiec, gdpr and ccpa
A practical data privacy and security approach to ffiec, gdpr and ccpa
Ulf Mattsson
 

Was ist angesagt? (20)

BigID & Collibra Joint Deck: Using BigID’s Privacy-centric Data Discovery to...
BigID & Collibra Joint Deck: Using BigID’s Privacy-centric Data Discovery to...BigID & Collibra Joint Deck: Using BigID’s Privacy-centric Data Discovery to...
BigID & Collibra Joint Deck: Using BigID’s Privacy-centric Data Discovery to...
 
GDPR and Blockchain
GDPR and BlockchainGDPR and Blockchain
GDPR and Blockchain
 
Data security and privacy
Data security and privacyData security and privacy
Data security and privacy
 
BigID Data sheet: Consent Governance & Orchestration
BigID Data sheet: Consent Governance & OrchestrationBigID Data sheet: Consent Governance & Orchestration
BigID Data sheet: Consent Governance & Orchestration
 
GDPR considerations for blockchain solution architects.
GDPR considerations for blockchain solution architects.GDPR considerations for blockchain solution architects.
GDPR considerations for blockchain solution architects.
 
Data Privacy & Security
Data Privacy & SecurityData Privacy & Security
Data Privacy & Security
 
BigID GDPR Privacy Automation Data Sheet
BigID GDPR Privacy Automation Data SheetBigID GDPR Privacy Automation Data Sheet
BigID GDPR Privacy Automation Data Sheet
 
BigID Data Sheet: Smart Data Labeling and Tagging
BigID Data Sheet: Smart Data Labeling and TaggingBigID Data Sheet: Smart Data Labeling and Tagging
BigID Data Sheet: Smart Data Labeling and Tagging
 
BigID DataSheet: Data Access Intelligence
BigID DataSheet: Data Access IntelligenceBigID DataSheet: Data Access Intelligence
BigID DataSheet: Data Access Intelligence
 
BigID, OneTrust, IAPP Webinar: Bridging the Privacy Office with IT
BigID, OneTrust, IAPP Webinar: Bridging the Privacy Office with ITBigID, OneTrust, IAPP Webinar: Bridging the Privacy Office with IT
BigID, OneTrust, IAPP Webinar: Bridging the Privacy Office with IT
 
Privacy & Data Protection in the Digital World
Privacy & Data Protection in the Digital WorldPrivacy & Data Protection in the Digital World
Privacy & Data Protection in the Digital World
 
BigID's Smart Data Labeling and Tagging
BigID's Smart Data Labeling and TaggingBigID's Smart Data Labeling and Tagging
BigID's Smart Data Labeling and Tagging
 
BigID Data Sheet HIPAA Data Security & Privacy
BigID Data Sheet HIPAA Data Security & Privacy BigID Data Sheet HIPAA Data Security & Privacy
BigID Data Sheet HIPAA Data Security & Privacy
 
Evolving regulations are changing the way we think about tools and technology
Evolving regulations are changing the way we think about tools and technologyEvolving regulations are changing the way we think about tools and technology
Evolving regulations are changing the way we think about tools and technology
 
ISSA Atlanta - Emerging application and data protection for multi cloud
ISSA Atlanta - Emerging application and data protection for multi cloudISSA Atlanta - Emerging application and data protection for multi cloud
ISSA Atlanta - Emerging application and data protection for multi cloud
 
GDPR practical info session for development
GDPR practical info session for developmentGDPR practical info session for development
GDPR practical info session for development
 
Isaca atlanta - practical data security and privacy
Isaca atlanta - practical data security and privacyIsaca atlanta - practical data security and privacy
Isaca atlanta - practical data security and privacy
 
Protecting Data Privacy in Analytics and Machine Learning
Protecting Data Privacy in Analytics and Machine LearningProtecting Data Privacy in Analytics and Machine Learning
Protecting Data Privacy in Analytics and Machine Learning
 
Jul 16 isaca london data protection, security and privacy risks - on premis...
Jul 16 isaca london data protection, security and privacy risks - on premis...Jul 16 isaca london data protection, security and privacy risks - on premis...
Jul 16 isaca london data protection, security and privacy risks - on premis...
 
A practical data privacy and security approach to ffiec, gdpr and ccpa
A practical data privacy and security approach to ffiec, gdpr and ccpaA practical data privacy and security approach to ffiec, gdpr and ccpa
A practical data privacy and security approach to ffiec, gdpr and ccpa
 

Ähnlich wie (SAOCN) Aaron kamath - India's Personal Data Protection Bill - an overview

Embedding GDPR Within Your Information and Library Service
Embedding GDPR Within Your Information and Library ServiceEmbedding GDPR Within Your Information and Library Service
Embedding GDPR Within Your Information and Library Service
CILIPScotland
 
GDPR Enforcement is here. Are you ready?
GDPR Enforcement is here. Are you ready? GDPR Enforcement is here. Are you ready?
GDPR Enforcement is here. Are you ready?
SecurityScorecard
 
GDPR for your Payroll Bureau
GDPR for your Payroll BureauGDPR for your Payroll Bureau
GDPR for your Payroll Bureau
BrightPay Payroll and Auto Enrolment Software
 

Ähnlich wie (SAOCN) Aaron kamath - India's Personal Data Protection Bill - an overview (20)

Privacy issues in data analytics
Privacy issues in data analyticsPrivacy issues in data analytics
Privacy issues in data analytics
 
Smart_cities_and_sustainability_Korpisaari.pdf
Smart_cities_and_sustainability_Korpisaari.pdfSmart_cities_and_sustainability_Korpisaari.pdf
Smart_cities_and_sustainability_Korpisaari.pdf
 
13687562.ppt
13687562.ppt13687562.ppt
13687562.ppt
 
When Big Data is Personal Data - Data Analytics in The Age of Privacy Laws
When Big Data is Personal Data - Data Analytics in The Age of Privacy LawsWhen Big Data is Personal Data - Data Analytics in The Age of Privacy Laws
When Big Data is Personal Data - Data Analytics in The Age of Privacy Laws
 
GDPR and IoT: What do you need to know?
GDPR and IoT: What do you need to know?GDPR and IoT: What do you need to know?
GDPR and IoT: What do you need to know?
 
What You Should Know About Data Privacy- Knobbe Martens Webinar Series for St...
What You Should Know About Data Privacy- Knobbe Martens Webinar Series for St...What You Should Know About Data Privacy- Knobbe Martens Webinar Series for St...
What You Should Know About Data Privacy- Knobbe Martens Webinar Series for St...
 
Embedding GDPR Within Your Information and Library Service
Embedding GDPR Within Your Information and Library ServiceEmbedding GDPR Within Your Information and Library Service
Embedding GDPR Within Your Information and Library Service
 
Building Consumers Trust: The role of transparency and control
Building Consumers Trust: The role of transparency and controlBuilding Consumers Trust: The role of transparency and control
Building Consumers Trust: The role of transparency and control
 
IT risk discusion qustion.pdf
IT risk discusion qustion.pdfIT risk discusion qustion.pdf
IT risk discusion qustion.pdf
 
GDPR Enforcement is here. Are you ready?
GDPR Enforcement is here. Are you ready? GDPR Enforcement is here. Are you ready?
GDPR Enforcement is here. Are you ready?
 
Real world data engineering practices for GDPR
Real world data engineering practices for GDPRReal world data engineering practices for GDPR
Real world data engineering practices for GDPR
 
GDPR in the Healthcare Industry
GDPR in the Healthcare IndustryGDPR in the Healthcare Industry
GDPR in the Healthcare Industry
 
National Data Sharing and Accessibility Policy [ NDSAP 2012 ]
National Data Sharing and Accessibility Policy [ NDSAP 2012 ]National Data Sharing and Accessibility Policy [ NDSAP 2012 ]
National Data Sharing and Accessibility Policy [ NDSAP 2012 ]
 
GDPR clinic - CloudWATCH at Cloud Security Expo 2017
GDPR clinic - CloudWATCH at Cloud Security Expo 2017GDPR clinic - CloudWATCH at Cloud Security Expo 2017
GDPR clinic - CloudWATCH at Cloud Security Expo 2017
 
GDPR for your Payroll Bureau
GDPR for your Payroll BureauGDPR for your Payroll Bureau
GDPR for your Payroll Bureau
 
Smart Cities in India: Privacy & Security Concerns and Strategies
Smart Cities in India: Privacy & Security Concerns and StrategiesSmart Cities in India: Privacy & Security Concerns and Strategies
Smart Cities in India: Privacy & Security Concerns and Strategies
 
GCCS-privacy-PP-final presentation-3-1.pptx
GCCS-privacy-PP-final presentation-3-1.pptxGCCS-privacy-PP-final presentation-3-1.pptx
GCCS-privacy-PP-final presentation-3-1.pptx
 
Gdpr action plan
Gdpr action plan Gdpr action plan
Gdpr action plan
 
Present european sdg summit template sdg roundtables_sitra_fibs
Present european sdg summit template sdg roundtables_sitra_fibsPresent european sdg summit template sdg roundtables_sitra_fibs
Present european sdg summit template sdg roundtables_sitra_fibs
 
Tim Willoughby - Presentation to Innovation Masters 2016
Tim Willoughby - Presentation to Innovation Masters 2016Tim Willoughby - Presentation to Innovation Masters 2016
Tim Willoughby - Presentation to Innovation Masters 2016
 

Mehr von Priyanka Aash

Ethical Hacking
Ethical HackingEthical Hacking
Ethical Hacking
Priyanka Aash
 

Mehr von Priyanka Aash (20)

Digital Personal Data Protection (DPDP) Practical Approach For CISOs
Digital Personal Data Protection (DPDP) Practical Approach For CISOsDigital Personal Data Protection (DPDP) Practical Approach For CISOs
Digital Personal Data Protection (DPDP) Practical Approach For CISOs
 
Verizon Breach Investigation Report (VBIR).pdf
Verizon Breach Investigation Report (VBIR).pdfVerizon Breach Investigation Report (VBIR).pdf
Verizon Breach Investigation Report (VBIR).pdf
 
Top 10 Security Risks .pptx.pdf
Top 10 Security Risks .pptx.pdfTop 10 Security Risks .pptx.pdf
Top 10 Security Risks .pptx.pdf
 
Simplifying data privacy and protection.pdf
Simplifying data privacy and protection.pdfSimplifying data privacy and protection.pdf
Simplifying data privacy and protection.pdf
 
Generative AI and Security (1).pptx.pdf
Generative AI and Security (1).pptx.pdfGenerative AI and Security (1).pptx.pdf
Generative AI and Security (1).pptx.pdf
 
EVERY ATTACK INVOLVES EXPLOITATION OF A WEAKNESS.pdf
EVERY ATTACK INVOLVES EXPLOITATION OF A WEAKNESS.pdfEVERY ATTACK INVOLVES EXPLOITATION OF A WEAKNESS.pdf
EVERY ATTACK INVOLVES EXPLOITATION OF A WEAKNESS.pdf
 
DPDP Act 2023.pdf
DPDP Act 2023.pdfDPDP Act 2023.pdf
DPDP Act 2023.pdf
 
Cyber Truths_Are you Prepared version 1.1.pptx.pdf
Cyber Truths_Are you Prepared version 1.1.pptx.pdfCyber Truths_Are you Prepared version 1.1.pptx.pdf
Cyber Truths_Are you Prepared version 1.1.pptx.pdf
 
Cyber Crisis Management.pdf
Cyber Crisis Management.pdfCyber Crisis Management.pdf
Cyber Crisis Management.pdf
 
CISOPlatform journey.pptx.pdf
CISOPlatform journey.pptx.pdfCISOPlatform journey.pptx.pdf
CISOPlatform journey.pptx.pdf
 
Chennai Chapter.pptx.pdf
Chennai Chapter.pptx.pdfChennai Chapter.pptx.pdf
Chennai Chapter.pptx.pdf
 
Cloud attack vectors_Moshe.pdf
Cloud attack vectors_Moshe.pdfCloud attack vectors_Moshe.pdf
Cloud attack vectors_Moshe.pdf
 
Stories From The Web 3 Battlefield
Stories From The Web 3 BattlefieldStories From The Web 3 Battlefield
Stories From The Web 3 Battlefield
 
Lessons Learned From Ransomware Attacks
Lessons Learned From Ransomware AttacksLessons Learned From Ransomware Attacks
Lessons Learned From Ransomware Attacks
 
Emerging New Threats And Top CISO Priorities In 2022 (Chennai)
Emerging New Threats And Top CISO Priorities In 2022 (Chennai)Emerging New Threats And Top CISO Priorities In 2022 (Chennai)
Emerging New Threats And Top CISO Priorities In 2022 (Chennai)
 
Emerging New Threats And Top CISO Priorities In 2022 (Mumbai)
Emerging New Threats And Top CISO Priorities In 2022 (Mumbai)Emerging New Threats And Top CISO Priorities In 2022 (Mumbai)
Emerging New Threats And Top CISO Priorities In 2022 (Mumbai)
 
Emerging New Threats And Top CISO Priorities in 2022 (Bangalore)
Emerging New Threats And Top CISO Priorities in 2022 (Bangalore)Emerging New Threats And Top CISO Priorities in 2022 (Bangalore)
Emerging New Threats And Top CISO Priorities in 2022 (Bangalore)
 
Cloud Security: Limitations of Cloud Security Groups and Flow Logs
Cloud Security: Limitations of Cloud Security Groups and Flow LogsCloud Security: Limitations of Cloud Security Groups and Flow Logs
Cloud Security: Limitations of Cloud Security Groups and Flow Logs
 
Cyber Security Governance
Cyber Security GovernanceCyber Security Governance
Cyber Security Governance
 
Ethical Hacking
Ethical HackingEthical Hacking
Ethical Hacking
 

Kürzlich hochgeladen

From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
Safe Software
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Miguel Araújo
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
Joaquim Jorge
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
Principled Technologies
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
panagenda
 

Kürzlich hochgeladen (20)

Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
 
Artificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyArtificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : Uncertainty
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of Terraform
 
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
 
MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...
 

(SAOCN) Aaron kamath - India's Personal Data Protection Bill - an overview

  • 1. Mumbai | Silicon Valley | Bangalore | Singapore | Mumbai-BKC | New Delhi | Munich | New York © Nishith Desai Associates SACON 2020 India’s Proposed Privacy and Personal Data Protection Law - Aaron Kamath Leader - Technology & Privacy Law Practice February 22, 2020 Draft for discussion purposes only
  • 2. Regulation as a Facilitator  Privacy • Control over data • Transfer to jurisdictions with less protection  Cybersecurity • In 2015, 70% of all internet traffic was passing through cloud data centers – how secure is that cloud?  Law enforcement • Government access • Data localization • Solutions – MLATs and data sharing agreements  Competition • Protect domestic companies from online competition  Equating digital and non-digital players • TSPs v. OTTs 2
  • 3. Changing Landscape of Privacy and Data Protection in India  India, the largest consumer of mobile data in the world, is acknowledging the importance of data, its uses and security.  The Apex court declared the right to privacy as a fundamental right guaranteed under the Constitution.  In December 2019, the Indian Government introduced in the lower house of parliament the Personal Data Protection Bill, 2019.  The Bill on December 12, 2019 was referred to a Joint Parliamentary Committee (“JPC”) for further debate and examination.  Presently stakeholder recommendations are invited by the JPC until 25th February 2020.  JPC to submit its report to Parliament by mid-end March. 3
  • 4. Existing Framework  The Information Technology Act, 2000  The Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011 • Protects ‘Sensitive Personal Data’ • Purpose, collection and storage limitation • Privacy Policy and disclosures • Consent requirements • Transfers • Reasonable security practices and procedures • Grievance officer  State of compliance  Sectoral requirements • Data localization– banking and payments, insurance, telecom 4
  • 5. Overview of the Personal Data Protection Bill,2019  Applicability • Extra-territorial • Exemption for manual processing and outsourcing activities in certain cases  Wider categories of data protected • Personal data • Sensitive personal data – biometric, financial, religious, caste data included  Peculiarities in other categories of data • Critical personal data (no guidance) • Anonymized / non-personal data (Government requests)  Enhanced data controller obligations • Notice and consent requirements – for personal and sensitive data • Purpose, collection and storage limitations • Privacy by design • Transparency and security safeguards (CoPs) • Data breach notifications (to DPA)  Significant data fiduciary • Impact assessments • Maintenance of records and audits • Data protection officer • Social media intermediaries 5
  • 6. Overview of the Personal Data Protection Bill,2019 (contd.)  Rights conferred on data subjects (flavors of GDPR) • Confirmation and access • Correction and erasure • Data portability (extends to data generated by fiduciary and profile data) • Right to be forgotten (limited right)  Special provisions on children’s data • Age-verification and parental consent • Guardian data fiduciary • Restrictions in profiling, tracking, monitoring, targeted advertising directed at children or other potentially harmful activities  Independent Data Protection Authority • Codes of Practice  Regulatory sandbox  Enhanced penalties linked to % of worldwide turnover in some grave cases 6
  • 7. 7 Data Fiduciary Data Processor Data transfer (unless categorized as Critical Personal Data) Overseas INDIA Data Localization andCross-Border DataTransfers - Sensitive Personal Data Server / Data Centre Data Principal Explicit consent -- Data ProtectionAuthority approved contract or intra-group schemes, or - Transfer to Government notified countries or class of entities or international organizations; or - DPA approved transfer for a specific purpose Data copy stored (unless specifically exempted by the Central Government)
  • 8. Thank You! nda@nishithdesai.com Mumbai | Silicon Valley | Bangalore | Singapore | Mumbai-BKC | New Delhi | Munich | New York © Nishith Desai Associates Aaron Kamath – aaron.kamath@nishithdesai.com