SlideShare ist ein Scribd-Unternehmen logo

Privacy issues in data analytics

Als PPTX, PDF herunterladen
S
shekharkanodia

Data has emerged as one of the most important resources of today's world. However, there does not exist clear rules on how to make use of this resource. There are spillover effects and negative externalities in the form of privacy breaches while exploiting this resource. In such a situation, what should be the legal remedy? The law should find a balance between the interests of the customers and the corporations. The customers want safety and privacy, whereas corporations want commercial use of data which risks the customer's interests.

Daten & Analysen
1 von 15
Business Law Report Privacy regulations for data driven businesses Team Contents 1. Problem description • Data Analytics and Privacy • Challenges posed by IoT, Big Data, Cloud • Pros and Cons of strong regulation 2. Privacy laws around the globe • Timeline of data protection laws • Challenges in enactment and enforcement 3. Personal Data Protection Bill • Evolution of the bill • Features of the bill • Critical analysis of the bill • Industry's view • Opposition's view • International opinion • Civil Society’s perspective • Miscellaneous 5. Conclusion • The way forward Kanchan Kalra 1916024 Saurabh Kanaujia 1916025 Shekhar Kanodia 1916026 Shashikumar Kulkarni 1916027 Devishree Shekar 1916058
Problem Description: Data Analytics and Privacy • Data has emerged as one of the most important resources of today's world. However there does not exist clear rules on how to make use of this resource. • There are spillover effects and negative externalities in the form of privacy breaches while exploiting this resource. In such a situation, what should be the legal remedy? • The law should find a balance between the interests of the customers and the corporations. The customers want safety and privacy, whereas corporations want commercial use of data which risks the customer's interests. • Although a relatively new area, there have been some standards which have evolved to balance the interests of the stakeholders. Anonymization, de-identification, privacy by design and security by design have been accepted as norms. • However, still there are some contentious issues such as the principles of data minimization, data retention and data localization that need closer scrutiny. • Similarly operational and contractual safeguards have also been accepted by all the stakeholders. They include privacy impact assessment, encryption of data and legally enforceable confidentiality obligations.
Challenges posed by IoT, Big Data, Cloud • The move to build artificial intelligence(using big data, IoT and Cloud), requires collection and analysis of a lot of data. • The challenge here is that when data is collected, one knows neither the exact regression which will be run nor the data interpolation as analysis starts with no preset agenda. One cannot predict what will be inferred and what might be outcome. • This poses problem that, data collection cannot be kept minimal and even if data is anonymized, when data is collected from different sources and analyzed or regressed together, one cannot rule out the possibility that an individual can be identified. • Suggestions like calling out purpose of data collection at the time of collection, Anonymization, de- identification, privacy by design and security by design is difficult to enforce/ensure besides this would hinder progress in critical areas such as healthcare.
Pros of strong regulation • Curbs ‘big brother’, ‘creepy’, ‘spooky’ activities • Could have prevented the below: • Facebook - Cambridge Analytica scandal • WhatsApp - Pegasus snooping row • Cyber crimes and frauds can be prevented • Prevents breaches that hurt businesses and data subjects/principals • Maintains and improves brand value and competitive advantage for businesses • Builds public, investor and customer trust and loyalty Cons of strong regulation • Compliance costs would increase • Curb innovation and startups • Global expansion would be difficult, would act like a trade barrier • Criminal provisions would deter investments • Weak regulatory body can be misused • Bona fide purposes such as public service delivery would be impacted • Less data and poor-quality data would impact data models
Privacy Laws around the globe
USA • Has no all-encompassing federal data privacy law • Has only sector specific laws: Example healthcare HIPPA • There are a bunch of state privacy laws : example California online privacy protection act 2003 • Any unfair and deceptive practices are enforced by FTC (Federal Trade Commission) • Some Examples:  COPPA: Children's Online privacy protection act  CAN-SPAM: For e marketing regime  FCRA: Fair credit reporting act  Gramm leach Bliley: For personal info held by financial institutions  HIPPA: Health insurance portability and accountability act EU • Data protection directive(95/46) and e privacy directive (2002/58) only provides directive to member states • National implementation must be done by each member state • There are separate Data protection authority for each member state • EU has simpler data protection narrative by which Personally identifiable information (PII) includes cookies, IP address etc. • GDPR: General data protection regulation  A regulation in EU law on data protection and privacy for all individual citizens of the European Union and the European Economic Area.  It also addresses the transfer of personal data outside the EU and EEA areas.  Hospitals, Government Agencies and journalists are exempted  Citizens have the right to be forgotten if they are irrelevant/inadequate Others • Singapore: PDPA (Personal Data Protection Act) 2014: regulates way personal data is collected, stored and used. Apart from establishing a general data protection regime, the Act also regulates telemarketing practices • Hong Kong Personal Data Ordinance: users must be informed of the purpose of any personal data collection and the classes of people the data may be transferred to • Malaysia’s Personal Data Protection Act: Requires users consent before collecting personal data or sharing it with any third parties • Australia’s Privacy Principles: 13 principles guiding handling of personal data. Privacy Laws around the globe
Source: https://iapp.org/ Timeline of Data Protection laws
Source: UNCTAD Challenges in enactment and enforcement of data protection laws Enactment Challenges Enforcement Challenges
Personal Data Protection Bill - Evolution • The SC has declared privacy as a fundamental right under Article 21 of the constitution; subsequently, the government of India constituted a "Committee of Experts on Data Protection" to examine the issues relating to data protection. • On the basis of the recommendations received, it proposed to enact the Personal Data Protection Bill, 2019 - to bring a strong and robust data protection framework for India and to set up an authority for protecting personal data and empowering the citizens' with rights relating to their personal data ensuring their fundamental right to privacy. • The Data Protection Act will provide guidance and best practices for organizations and the government on data protection and usage. Broadly it is expected to cover the following: • Regulating the processing of personal data • Protecting the rights of the data subjects • Enabling the Data Protection Authority to enforce rules • Holding organizations liable to fines in the event of a breach of the rules
Features of the bill • To promote the concepts such as consent framework, purpose limitation, storage limitation and the data minimization. Lay down obligations on entities collecting personal data (data fiduciary) to collect only required data and with the express consent of the individual (data principal). Right to obtain personal data, correct inaccurate data, erase data, update the data, port the data to other fiduciaries and the right to restrict or prevent the disclosure of personal data. data, ensure compliance with the provisions of the proposed legislation and promote awareness about the data protection. Establish "Data Protection Authority of India” which shall protect the interests of data principals, prevent any misuse of personal To specify a provision relating to "social media intermediary” to empower the GOI, with the Authority, to notify the said intermediary as a significant data fiduciary. To empower the Central Government to exempt any agency of Government from application of the proposed Legislation. • Confer a "right of grievance" on data principal to make a complaint against the grievance to the data fiduciary 1. Appoint the "Adjudicating Officer" for adjudging the penalties to be imposed. 2. Establish an "Appellate Tribunal” 3. Imposes severe "fines and penalties" for contravention 4. Empower the Authority to specify the "code of practice" for data protection.
Critical analysis of the bill Industry’s view: • IMAI (Industry body Internet and Mobile Association of India) has expressed concerns over upcoming data protection authority and its roles. • Industries are not happy with the clause of getting repeated consent at every step of data processing. They are of opinion that if the purpose of data processing is not violated then repeated consent may not necessary. • Every discrimination is not bad. Industries discriminate among the users using the data for creating the balance between customer’s interest and business interest. The new law considers discrimination caused by data harmful and heavy penalty can be imposed on businesses. • Industry finds ambiguity in the definitions of types of data and types of consent etc. • Compliance cost will increase for the industry especially for startups. • As per Oracle, the bill will create the new opportunities for cloud services companies since sensitive data needs to be resided in country. Opposition’s view: • Opposition parties have expressed concerns over the growing snooping industry under government watch and want the bill to be thoroughly reviewed by a parliamentary committee. • Some of the opposition parties have demanded the wider public consultation of bill. International opinion: • US tech companies such as Google, Mastercard, Visa and Amazon have expressed the concern on increasing costs due to mandatory data localization. • US has raised concerns over fair treatment and level playing field for its companies. • Bilateral strain is going to increase as per some of the joint INDO-US think tanks. • As per US treasury secretary, America has no problem if countries want to have local data for regulatory purposes if they do not eliminate it outside.
Critical analysis of the bill • The biggest criticism about this bill is that the government at any given time can exempt any investigation agency and enforcement agency from this bill. This defeats the point of data protection. Even security crisis definition is narrow and vague which can be misused by the government • Justice Srikrishna himself has criticized the bill saying “There should be restrictions on access to data of citizens without his consent. Government has got the blank cheque in this case leading to breach of privacy.” As per him, this bill can turn India into ‘Orwellian State’. • Threat of surveillance from government is high since government can ask any type of data from companies. • Government can also take the non personal data from the companies. Some of the critics say that this provision could allow government to get the access of intellectual property of various organizations. • As per the CEO of Nasscom’s Data Security Council of India, data localization will likely make India an infeasible market for services. Civil Society’s perspective:
Critical analysis of the bill • Data ownership is not clearly spelt out in the bill. • Right to be forgotten: • It only restricts the organization from using the data, it should allow complete deletion of personal data. • Process of exercising this right should be easy. • Data principal has no right to compensation. The penalties are given to DPA. • There is no provision to notify or inform the data principal about data breach. There should be a provision for public disclosure of data breaches. • The bill suggests to amend the RTI Act for nondisclosure of harmful information related to the Data Principal, the conditions should be clearly spelt out. • In the security safeguards, the encryption standards should be updated on a timely basis. That should be one of the mandates of the DPA. Miscellaneous
• The DPA has been given extreme powers of arresting and detaining without approval of courts. • If the data fiduciary is not registered in India, then accessing the local data (for law enforcement) may not be possible in certain cases. • The onus of proving that damage has been done due to the violation of the provisions of the law, lies on the data principal. This seems to be a regressive step. Critical analysis of the bill • The bill mentions that the legal consequences of withdrawal of consent should be borne by the data principal. The DPA should make sure that this does not act as deterrent for bona-fide withdrawal and the consequences should be clearly spelt out in the contract itself and proper details should be provided to the data principal while entering the contract. • The proposed bill is silent on individual rights around processing activities involving automated profiling and decision making.
Conclusion…the way forward • Peer review and periodic auditing can bring checks and balances. • Use of blockchains can help in implementation of privacy provisions. • At international level, World Data Organization (on similar lines as the World Trade Organization) can be conceptualized. It can help in the international standardization of regulations and consensus-building among nations. • Bilateral or multilateral data protection treaties & MoUs would also build trust and promote data monetization. • Chief Privacy Officer(CPO) or Data Protection Officers (DPO) roles may be strengthened by the companies. • Government should refrain from taking the non-personal data under normal circumstances from company. • Data makes accurate prediction and reduces costs. This enable companies to sell things at lower prices and in most of the cases user experience is improved due to data. Hence the guiding force behind the legislations should enable the commercial use of data by companies. • Starts ups should be provided safeguards from this law for the initial 5 years since it will be huge cost burden on them. Once enough awareness and required skill force are there, the law can be made applicable to start ups. • Single time consent from user is enough. Repeat consent will add cost and reduce user experience. • Types of harm, types of data, security reasons should be defined clearly by the Data Protection Authority.

Empfohlen

Data Privacy: What you need to know about privacy, from compliance to ethics
Data Privacy: What you need to know about privacy, from compliance to ethicsData Privacy: What you need to know about privacy, from compliance to ethics
Data Privacy: What you need to know about privacy, from compliance to ethicsAT Internet
 
Privacy in the digital space
Privacy in the digital spacePrivacy in the digital space
Privacy in the digital spaceYves Sinka
 
Data & Privacy: Striking the Right Balance - Jonny Leroy
Data & Privacy: Striking the Right Balance - Jonny LeroyData & Privacy: Striking the Right Balance - Jonny Leroy
Data & Privacy: Striking the Right Balance - Jonny LeroyThoughtworks
 
Big data privacy security regulation
Big data privacy security regulation Big data privacy security regulation
Big data privacy security regulationcjw119
 
GDPR Presentation slides
GDPR Presentation slidesGDPR Presentation slides
GDPR Presentation slidesNaomi Holmes
 
Getting Started with GDPR Compliance
Getting Started with GDPR ComplianceGetting Started with GDPR Compliance
Getting Started with GDPR ComplianceDATAVERSITY
 
12th July GDPR event slides
12th July GDPR event slides12th July GDPR event slides
12th July GDPR event slidesExponential_e
 
GDPR: Threat or Opportunity?
GDPR: Threat or Opportunity?GDPR: Threat or Opportunity?
GDPR: Threat or Opportunity?Samuel Pouyt
 

Empfohlen

Data Privacy: What you need to know about privacy, from compliance to ethics
Data Privacy: What you need to know about privacy, from compliance to ethicsData Privacy: What you need to know about privacy, from compliance to ethics
Data Privacy: What you need to know about privacy, from compliance to ethicsAT Internet
 
Privacy in the digital space
Privacy in the digital spacePrivacy in the digital space
Privacy in the digital spaceYves Sinka
 
Data & Privacy: Striking the Right Balance - Jonny Leroy
Data & Privacy: Striking the Right Balance - Jonny LeroyData & Privacy: Striking the Right Balance - Jonny Leroy
Data & Privacy: Striking the Right Balance - Jonny LeroyThoughtworks
 
Big data privacy security regulation
Big data privacy security regulation Big data privacy security regulation
Big data privacy security regulationcjw119
 
GDPR Presentation slides
GDPR Presentation slidesGDPR Presentation slides
GDPR Presentation slidesNaomi Holmes
 
Getting Started with GDPR Compliance
Getting Started with GDPR ComplianceGetting Started with GDPR Compliance
Getting Started with GDPR ComplianceDATAVERSITY
 
12th July GDPR event slides
12th July GDPR event slides12th July GDPR event slides
12th July GDPR event slidesExponential_e
 
GDPR: Threat or Opportunity?
GDPR: Threat or Opportunity?GDPR: Threat or Opportunity?
GDPR: Threat or Opportunity?Samuel Pouyt
 
Data Privacy
Data PrivacyData Privacy
Data Privacycliff_rudolph
 
Preparing for GDPR: What Every B2B Marketer Must Know
Preparing for GDPR: What Every B2B Marketer Must KnowPreparing for GDPR: What Every B2B Marketer Must Know
Preparing for GDPR: What Every B2B Marketer Must KnowIntegrate
 
Privacy & Data Protection in the Digital World
Privacy & Data Protection in the Digital WorldPrivacy & Data Protection in the Digital World
Privacy & Data Protection in the Digital WorldArab Federation for Digital Economy
 
DAMA Webinar: The Data Governance of Personal (PII) Data
DAMA Webinar: The Data Governance of Personal (PII) DataDAMA Webinar: The Data Governance of Personal (PII) Data
DAMA Webinar: The Data Governance of Personal (PII) DataDATAVERSITY
 
Data Privacy Introduction
Data Privacy IntroductionData Privacy Introduction
Data Privacy IntroductionG Prachi
 
Ensuring GDPR Compliance - A Zymplify Guide
Ensuring GDPR Compliance - A Zymplify GuideEnsuring GDPR Compliance - A Zymplify Guide
Ensuring GDPR Compliance - A Zymplify GuideZymplify
 
Consumer Privacy
Consumer PrivacyConsumer Privacy
Consumer PrivacyAshish Jain
 
Six Steps to Addressing Data Governance under GDPR and US Privacy Shield Regu...
Six Steps to Addressing Data Governance under GDPR and US Privacy Shield Regu...Six Steps to Addressing Data Governance under GDPR and US Privacy Shield Regu...
Six Steps to Addressing Data Governance under GDPR and US Privacy Shield Regu...DATUM LLC
 
Ritz 4th-july-gdpr
Ritz 4th-july-gdprRitz 4th-july-gdpr
Ritz 4th-july-gdprExponential_e
 
The Evolution of Data Privacy - A Symantec Information Security Perspective o...
The Evolution of Data Privacy - A Symantec Information Security Perspective o...The Evolution of Data Privacy - A Symantec Information Security Perspective o...
The Evolution of Data Privacy - A Symantec Information Security Perspective o...Symantec
 
GDPR Breakfast Briefing for Business Advisors
GDPR Breakfast Briefing for Business AdvisorsGDPR Breakfast Briefing for Business Advisors
GDPR Breakfast Briefing for Business AdvisorsHarrison Clark Rickerbys
 
Introduction to Ethics of Big Data
Introduction to Ethics of Big DataIntroduction to Ethics of Big Data
Introduction to Ethics of Big Data28 Burnside
 
What's Next - General Data Protection Regulation (GDPR) Changes
What's Next - General Data Protection Regulation (GDPR) ChangesWhat's Next - General Data Protection Regulation (GDPR) Changes
What's Next - General Data Protection Regulation (GDPR) ChangesOgilvy Consulting
 
Introduction to Ethics of Big Data
Introduction to Ethics of Big DataIntroduction to Ethics of Big Data
Introduction to Ethics of Big Data28 Burnside
 
Data Privacy and Security by Design
Data Privacy and Security by DesignData Privacy and Security by Design
Data Privacy and Security by DesignData Con LA
 
GDPR for Dummies
GDPR for DummiesGDPR for Dummies
GDPR for DummiesAtif Ghauri
 
Web Analytics and Privacy
Web Analytics and Privacy Web Analytics and Privacy
Web Analytics and Privacy Piwik PRO
 
Privacy Regulations and Your Digital Setup
Privacy Regulations and Your Digital SetupPrivacy Regulations and Your Digital Setup
Privacy Regulations and Your Digital SetupPiwik PRO
 
Ekwensi ACC article
Ekwensi ACC articleEkwensi ACC article
Ekwensi ACC articleRonke Ekwensi
 
GDPR and evolving international privacy regulations
GDPR and evolving international privacy regulationsGDPR and evolving international privacy regulations
GDPR and evolving international privacy regulationsUlf Mattsson
 
Gdpr demystified - making sense of the regulation
Gdpr demystified - making sense of the regulationGdpr demystified - making sense of the regulation
Gdpr demystified - making sense of the regulationJames Mulhern
 
IT risk discusion qustion.pdf
IT risk discusion qustion.pdfIT risk discusion qustion.pdf
IT risk discusion qustion.pdfstirlingvwriters
 

Weitere ähnliche Inhalte

Was ist angesagt?

Preparing for GDPR: What Every B2B Marketer Must Know
Preparing for GDPR: What Every B2B Marketer Must KnowPreparing for GDPR: What Every B2B Marketer Must Know
Preparing for GDPR: What Every B2B Marketer Must KnowIntegrate
 
DAMA Webinar: The Data Governance of Personal (PII) Data
DAMA Webinar: The Data Governance of Personal (PII) DataDAMA Webinar: The Data Governance of Personal (PII) Data
DAMA Webinar: The Data Governance of Personal (PII) DataDATAVERSITY
 
Data Privacy Introduction
Data Privacy IntroductionData Privacy Introduction
Data Privacy IntroductionG Prachi
 
Ensuring GDPR Compliance - A Zymplify Guide
Ensuring GDPR Compliance - A Zymplify GuideEnsuring GDPR Compliance - A Zymplify Guide
Ensuring GDPR Compliance - A Zymplify GuideZymplify
 
Consumer Privacy
Consumer PrivacyConsumer Privacy
Consumer PrivacyAshish Jain
 
Six Steps to Addressing Data Governance under GDPR and US Privacy Shield Regu...
Six Steps to Addressing Data Governance under GDPR and US Privacy Shield Regu...Six Steps to Addressing Data Governance under GDPR and US Privacy Shield Regu...
Six Steps to Addressing Data Governance under GDPR and US Privacy Shield Regu...DATUM LLC
 
The Evolution of Data Privacy - A Symantec Information Security Perspective o...
The Evolution of Data Privacy - A Symantec Information Security Perspective o...The Evolution of Data Privacy - A Symantec Information Security Perspective o...
The Evolution of Data Privacy - A Symantec Information Security Perspective o...Symantec
 
GDPR Breakfast Briefing for Business Advisors
GDPR Breakfast Briefing for Business AdvisorsGDPR Breakfast Briefing for Business Advisors
GDPR Breakfast Briefing for Business AdvisorsHarrison Clark Rickerbys
 
Introduction to Ethics of Big Data
Introduction to Ethics of Big DataIntroduction to Ethics of Big Data
Introduction to Ethics of Big Data28 Burnside
 
What's Next - General Data Protection Regulation (GDPR) Changes
What's Next - General Data Protection Regulation (GDPR) ChangesWhat's Next - General Data Protection Regulation (GDPR) Changes
What's Next - General Data Protection Regulation (GDPR) ChangesOgilvy Consulting
 
Introduction to Ethics of Big Data
Introduction to Ethics of Big DataIntroduction to Ethics of Big Data
Introduction to Ethics of Big Data28 Burnside
 
Data Privacy and Security by Design
Data Privacy and Security by DesignData Privacy and Security by Design
Data Privacy and Security by DesignData Con LA
 
GDPR for Dummies
GDPR for DummiesGDPR for Dummies
GDPR for DummiesAtif Ghauri
 
Web Analytics and Privacy
Web Analytics and Privacy Web Analytics and Privacy
Web Analytics and Privacy Piwik PRO
 
Privacy Regulations and Your Digital Setup
Privacy Regulations and Your Digital SetupPrivacy Regulations and Your Digital Setup
Privacy Regulations and Your Digital SetupPiwik PRO
 
GDPR and evolving international privacy regulations
GDPR and evolving international privacy regulationsGDPR and evolving international privacy regulations
GDPR and evolving international privacy regulationsUlf Mattsson
 

Was ist angesagt? (20)

Data Privacy
Data PrivacyData Privacy
Data Privacy
 
Preparing for GDPR: What Every B2B Marketer Must Know
Preparing for GDPR: What Every B2B Marketer Must KnowPreparing for GDPR: What Every B2B Marketer Must Know
Preparing for GDPR: What Every B2B Marketer Must Know
 
Privacy & Data Protection in the Digital World
Privacy & Data Protection in the Digital WorldPrivacy & Data Protection in the Digital World
Privacy & Data Protection in the Digital World
 
DAMA Webinar: The Data Governance of Personal (PII) Data
DAMA Webinar: The Data Governance of Personal (PII) DataDAMA Webinar: The Data Governance of Personal (PII) Data
DAMA Webinar: The Data Governance of Personal (PII) Data
 
Data Privacy Introduction
Data Privacy IntroductionData Privacy Introduction
Data Privacy Introduction
 
Ensuring GDPR Compliance - A Zymplify Guide
Ensuring GDPR Compliance - A Zymplify GuideEnsuring GDPR Compliance - A Zymplify Guide
Ensuring GDPR Compliance - A Zymplify Guide
 
Consumer Privacy
Consumer PrivacyConsumer Privacy
Consumer Privacy
 
Six Steps to Addressing Data Governance under GDPR and US Privacy Shield Regu...
Six Steps to Addressing Data Governance under GDPR and US Privacy Shield Regu...Six Steps to Addressing Data Governance under GDPR and US Privacy Shield Regu...
Six Steps to Addressing Data Governance under GDPR and US Privacy Shield Regu...
 
Ritz 4th-july-gdpr
Ritz 4th-july-gdprRitz 4th-july-gdpr
Ritz 4th-july-gdpr
 
The Evolution of Data Privacy - A Symantec Information Security Perspective o...
The Evolution of Data Privacy - A Symantec Information Security Perspective o...The Evolution of Data Privacy - A Symantec Information Security Perspective o...
The Evolution of Data Privacy - A Symantec Information Security Perspective o...
 
GDPR Breakfast Briefing for Business Advisors
GDPR Breakfast Briefing for Business AdvisorsGDPR Breakfast Briefing for Business Advisors
GDPR Breakfast Briefing for Business Advisors
 
Introduction to Ethics of Big Data
Introduction to Ethics of Big DataIntroduction to Ethics of Big Data
Introduction to Ethics of Big Data
 
What's Next - General Data Protection Regulation (GDPR) Changes
What's Next - General Data Protection Regulation (GDPR) ChangesWhat's Next - General Data Protection Regulation (GDPR) Changes
What's Next - General Data Protection Regulation (GDPR) Changes
 
Introduction to Ethics of Big Data
Introduction to Ethics of Big DataIntroduction to Ethics of Big Data
Introduction to Ethics of Big Data
 
Data Privacy and Security by Design
Data Privacy and Security by DesignData Privacy and Security by Design
Data Privacy and Security by Design
 
GDPR for Dummies
GDPR for DummiesGDPR for Dummies
GDPR for Dummies
 
Web Analytics and Privacy
Web Analytics and Privacy Web Analytics and Privacy
Web Analytics and Privacy
 
Privacy Regulations and Your Digital Setup
Privacy Regulations and Your Digital SetupPrivacy Regulations and Your Digital Setup
Privacy Regulations and Your Digital Setup
 
Ekwensi ACC article
Ekwensi ACC articleEkwensi ACC article
Ekwensi ACC article
 
GDPR and evolving international privacy regulations
GDPR and evolving international privacy regulationsGDPR and evolving international privacy regulations
GDPR and evolving international privacy regulations
 

Ähnlich wie Privacy issues in data analytics

Gdpr demystified - making sense of the regulation
Gdpr demystified - making sense of the regulationGdpr demystified - making sense of the regulation
Gdpr demystified - making sense of the regulationJames Mulhern
 
IT risk discusion qustion.pdf
IT risk discusion qustion.pdfIT risk discusion qustion.pdf
IT risk discusion qustion.pdfstirlingvwriters
 
Data theft rules and regulations things you should know (pt.1)
Data theft rules and regulations things you should know (pt.1)Data theft rules and regulations things you should know (pt.1)
Data theft rules and regulations things you should know (pt.1)Faidepro
 
GDPR clinic - CloudWATCH at Cloud Security Expo 2017
GDPR clinic - CloudWATCH at Cloud Security Expo 2017GDPR clinic - CloudWATCH at Cloud Security Expo 2017
GDPR clinic - CloudWATCH at Cloud Security Expo 2017CloudWATCH Consortium
 
Big data needs big protection
Big data needs big protectionBig data needs big protection
Big data needs big protectionNoel Hatch
 
Francoise Gilbert Proposed EU Data Protection Regulation-20120214
Francoise Gilbert Proposed EU Data Protection Regulation-20120214Francoise Gilbert Proposed EU Data Protection Regulation-20120214
Francoise Gilbert Proposed EU Data Protection Regulation-20120214Francoise Gilbert
 
Data Privacy Trends in 2021: Compliance with New Regulations
Data Privacy Trends in 2021: Compliance with New RegulationsData Privacy Trends in 2021: Compliance with New Regulations
Data Privacy Trends in 2021: Compliance with New RegulationsPECB
 
GDPR Enforcement is here. Are you ready?
GDPR Enforcement is here. Are you ready? GDPR Enforcement is here. Are you ready?
GDPR Enforcement is here. Are you ready? SecurityScorecard
 
Anne Cameron - An Introduction to the Data Protection Act for Researchers
Anne Cameron - An Introduction to the Data Protection Act for ResearchersAnne Cameron - An Introduction to the Data Protection Act for Researchers
Anne Cameron - An Introduction to the Data Protection Act for Researcherskclcompbio
 
Data breach protection from a DB2 perspective
Data breach protection from a DB2 perspectiveData breach protection from a DB2 perspective
Data breach protection from a DB2 perspectiveCraig Mullins
 
When Past Performance May Be Indicative of Future Results - The Legal Implica...
When Past Performance May Be Indicative of Future Results - The Legal Implica...When Past Performance May Be Indicative of Future Results - The Legal Implica...
When Past Performance May Be Indicative of Future Results - The Legal Implica...Jason Haislmaier
 
3-Professional Ethics Issues.pptx
3-Professional Ethics Issues.pptx3-Professional Ethics Issues.pptx
3-Professional Ethics Issues.pptxJohnLagman3
 
Scotland legal update 25 sept
Scotland legal update 25 septScotland legal update 25 sept
Scotland legal update 25 septRachel Aldighieri
 
Websites: do you tick all the boxes?
Websites: do you tick all the boxes?Websites: do you tick all the boxes?
Websites: do you tick all the boxes?walescva
 
Introduction to US Privacy and Data Security: Regulations and Requirements
Introduction to US Privacy and Data Security: Regulations and RequirementsIntroduction to US Privacy and Data Security: Regulations and Requirements
Introduction to US Privacy and Data Security: Regulations and RequirementsFinancial Poise
 
Privacy and Data Protection CLE Presentation for Touro Law Center
Privacy and Data Protection CLE Presentation for Touro Law CenterPrivacy and Data Protection CLE Presentation for Touro Law Center
Privacy and Data Protection CLE Presentation for Touro Law CenterJonathan Ezor
 

Ähnlich wie Privacy issues in data analytics (20)

Gdpr demystified - making sense of the regulation
Gdpr demystified - making sense of the regulationGdpr demystified - making sense of the regulation
Gdpr demystified - making sense of the regulation
 
IT risk discusion qustion.pdf
IT risk discusion qustion.pdfIT risk discusion qustion.pdf
IT risk discusion qustion.pdf
 
Data theft rules and regulations things you should know (pt.1)
Data theft rules and regulations things you should know (pt.1)Data theft rules and regulations things you should know (pt.1)
Data theft rules and regulations things you should know (pt.1)
 
GDPR clinic - CloudWATCH at Cloud Security Expo 2017
GDPR clinic - CloudWATCH at Cloud Security Expo 2017GDPR clinic - CloudWATCH at Cloud Security Expo 2017
GDPR clinic - CloudWATCH at Cloud Security Expo 2017
 
Big data needs big protection
Big data needs big protectionBig data needs big protection
Big data needs big protection
 
Francoise Gilbert Proposed EU Data Protection Regulation-20120214
Francoise Gilbert Proposed EU Data Protection Regulation-20120214Francoise Gilbert Proposed EU Data Protection Regulation-20120214
Francoise Gilbert Proposed EU Data Protection Regulation-20120214
 
Cloud primer
Cloud primerCloud primer
Cloud primer
 
Data Privacy Trends in 2021: Compliance with New Regulations
Data Privacy Trends in 2021: Compliance with New RegulationsData Privacy Trends in 2021: Compliance with New Regulations
Data Privacy Trends in 2021: Compliance with New Regulations
 
GDPR Enforcement is here. Are you ready?
GDPR Enforcement is here. Are you ready? GDPR Enforcement is here. Are you ready?
GDPR Enforcement is here. Are you ready?
 
Anne Cameron - An Introduction to the Data Protection Act for Researchers
Anne Cameron - An Introduction to the Data Protection Act for ResearchersAnne Cameron - An Introduction to the Data Protection Act for Researchers
Anne Cameron - An Introduction to the Data Protection Act for Researchers
 
Data breach protection from a DB2 perspective
Data breach protection from a DB2 perspectiveData breach protection from a DB2 perspective
Data breach protection from a DB2 perspective
 
When Past Performance May Be Indicative of Future Results - The Legal Implica...
When Past Performance May Be Indicative of Future Results - The Legal Implica...When Past Performance May Be Indicative of Future Results - The Legal Implica...
When Past Performance May Be Indicative of Future Results - The Legal Implica...
 
Get you and your business GDPR ready
Get you and your business GDPR readyGet you and your business GDPR ready
Get you and your business GDPR ready
 
GDPR for Dummies
GDPR for DummiesGDPR for Dummies
GDPR for Dummies
 
3-Professional Ethics Issues.pptx
3-Professional Ethics Issues.pptx3-Professional Ethics Issues.pptx
3-Professional Ethics Issues.pptx
 
Scotland legal update 25 sept
Scotland legal update 25 septScotland legal update 25 sept
Scotland legal update 25 sept
 
Websites: do you tick all the boxes?
Websites: do you tick all the boxes?Websites: do you tick all the boxes?
Websites: do you tick all the boxes?
 
Introduction to US Privacy and Data Security: Regulations and Requirements
Introduction to US Privacy and Data Security: Regulations and RequirementsIntroduction to US Privacy and Data Security: Regulations and Requirements
Introduction to US Privacy and Data Security: Regulations and Requirements
 
Privacy and Data Protection CLE Presentation for Touro Law Center
Privacy and Data Protection CLE Presentation for Touro Law CenterPrivacy and Data Protection CLE Presentation for Touro Law Center
Privacy and Data Protection CLE Presentation for Touro Law Center
 
Ppt
PptPpt
Ppt
 

Kürzlich hochgeladen

TrafficWave Generator Will Instantly drive targeted and engaging traffic back...
TrafficWave Generator Will Instantly drive targeted and engaging traffic back...TrafficWave Generator Will Instantly drive targeted and engaging traffic back...
TrafficWave Generator Will Instantly drive targeted and engaging traffic back...SOFTTECHHUB
 
Gartner's Data Analytics Maturity Model.pptx
Gartner's Data Analytics Maturity Model.pptxGartner's Data Analytics Maturity Model.pptx
Gartner's Data Analytics Maturity Model.pptxchadhar227
 
怎样办理圣地亚哥州立大学毕业证(SDSU毕业证书)成绩单学校原版复制
怎样办理圣地亚哥州立大学毕业证(SDSU毕业证书)成绩单学校原版复制怎样办理圣地亚哥州立大学毕业证(SDSU毕业证书)成绩单学校原版复制
怎样办理圣地亚哥州立大学毕业证(SDSU毕业证书)成绩单学校原版复制vexqp
 
7. Epi of Chronic respiratory diseases.ppt
7. Epi of Chronic respiratory diseases.ppt7. Epi of Chronic respiratory diseases.ppt
7. Epi of Chronic respiratory diseases.pptibrahimabdi22
 
Top profile Call Girls In Satna [ 7014168258 ] Call Me For Genuine Models We ...
Top profile Call Girls In Satna [ 7014168258 ] Call Me For Genuine Models We ...Top profile Call Girls In Satna [ 7014168258 ] Call Me For Genuine Models We ...
Top profile Call Girls In Satna [ 7014168258 ] Call Me For Genuine Models We ...nirzagarg
 
Jual obat aborsi Bandung ( 085657271886 ) Cytote pil telat bulan penggugur ka...
Jual obat aborsi Bandung ( 085657271886 ) Cytote pil telat bulan penggugur ka...Jual obat aborsi Bandung ( 085657271886 ) Cytote pil telat bulan penggugur ka...
Jual obat aborsi Bandung ( 085657271886 ) Cytote pil telat bulan penggugur ka...Klinik kandungan
 
Top profile Call Girls In Bihar Sharif [ 7014168258 ] Call Me For Genuine Mod...
Top profile Call Girls In Bihar Sharif [ 7014168258 ] Call Me For Genuine Mod...Top profile Call Girls In Bihar Sharif [ 7014168258 ] Call Me For Genuine Mod...
Top profile Call Girls In Bihar Sharif [ 7014168258 ] Call Me For Genuine Mod...nirzagarg
 
Kings of Saudi Arabia, information about them
Kings of Saudi Arabia, information about themKings of Saudi Arabia, information about them
Kings of Saudi Arabia, information about themeitharjee
 
Lecture_2_Deep_Learning_Overview-newone1
Lecture_2_Deep_Learning_Overview-newone1Lecture_2_Deep_Learning_Overview-newone1
Lecture_2_Deep_Learning_Overview-newone1ranjankumarbehera14
 
Gulbai Tekra * Cheap Call Girls In Ahmedabad Phone No 8005736733 Elite Escort...
Gulbai Tekra * Cheap Call Girls In Ahmedabad Phone No 8005736733 Elite Escort...Gulbai Tekra * Cheap Call Girls In Ahmedabad Phone No 8005736733 Elite Escort...
Gulbai Tekra * Cheap Call Girls In Ahmedabad Phone No 8005736733 Elite Escort...gragchanchal546
 
Top profile Call Girls In Tumkur [ 7014168258 ] Call Me For Genuine Models We...
Top profile Call Girls In Tumkur [ 7014168258 ] Call Me For Genuine Models We...Top profile Call Girls In Tumkur [ 7014168258 ] Call Me For Genuine Models We...
Top profile Call Girls In Tumkur [ 7014168258 ] Call Me For Genuine Models We...nirzagarg
 
Top profile Call Girls In dimapur [ 7014168258 ] Call Me For Genuine Models W...
Top profile Call Girls In dimapur [ 7014168258 ] Call Me For Genuine Models W...Top profile Call Girls In dimapur [ 7014168258 ] Call Me For Genuine Models W...
Top profile Call Girls In dimapur [ 7014168258 ] Call Me For Genuine Models W...gajnagarg
 
Digital Advertising Lecture for Advanced Digital & Social Media Strategy at U...
Digital Advertising Lecture for Advanced Digital & Social Media Strategy at U...Digital Advertising Lecture for Advanced Digital & Social Media Strategy at U...
Digital Advertising Lecture for Advanced Digital & Social Media Strategy at U...Valters Lauzums
 
In Riyadh ((+919101817206)) Cytotec kit @ Abortion Pills Saudi Arabia
In Riyadh ((+919101817206)) Cytotec kit @ Abortion Pills Saudi ArabiaIn Riyadh ((+919101817206)) Cytotec kit @ Abortion Pills Saudi Arabia
In Riyadh ((+919101817206)) Cytotec kit @ Abortion Pills Saudi Arabiaahmedjiabur940
 
SAC 25 Final National, Regional & Local Angel Group Investing Insights 2024 0...
SAC 25 Final National, Regional & Local Angel Group Investing Insights 2024 0...SAC 25 Final National, Regional & Local Angel Group Investing Insights 2024 0...
SAC 25 Final National, Regional & Local Angel Group Investing Insights 2024 0...Elaine Werffeli
 
Computer science Sql cheat sheet.pdf.pdf
Computer science Sql cheat sheet.pdf.pdfComputer science Sql cheat sheet.pdf.pdf
Computer science Sql cheat sheet.pdf.pdfSayantanBiswas37
 
Predicting HDB Resale Prices - Conducting Linear Regression Analysis With Orange
Predicting HDB Resale Prices - Conducting Linear Regression Analysis With OrangePredicting HDB Resale Prices - Conducting Linear Regression Analysis With Orange
Predicting HDB Resale Prices - Conducting Linear Regression Analysis With OrangeThinkInnovation
 
DATA SUMMIT 24 Building Real-Time Pipelines With FLaNK
DATA SUMMIT 24 Building Real-Time Pipelines With FLaNKDATA SUMMIT 24 Building Real-Time Pipelines With FLaNK
DATA SUMMIT 24 Building Real-Time Pipelines With FLaNKTimothy Spann
 
Nirala Nagar / Cheap Call Girls In Lucknow Phone No 9548273370 Elite Escort S...
Nirala Nagar / Cheap Call Girls In Lucknow Phone No 9548273370 Elite Escort S...Nirala Nagar / Cheap Call Girls In Lucknow Phone No 9548273370 Elite Escort S...
Nirala Nagar / Cheap Call Girls In Lucknow Phone No 9548273370 Elite Escort S...HyderabadDolls
 

Kürzlich hochgeladen (20)

TrafficWave Generator Will Instantly drive targeted and engaging traffic back...
TrafficWave Generator Will Instantly drive targeted and engaging traffic back...TrafficWave Generator Will Instantly drive targeted and engaging traffic back...
TrafficWave Generator Will Instantly drive targeted and engaging traffic back...
 
Gartner's Data Analytics Maturity Model.pptx
Gartner's Data Analytics Maturity Model.pptxGartner's Data Analytics Maturity Model.pptx
Gartner's Data Analytics Maturity Model.pptx
 
怎样办理圣地亚哥州立大学毕业证(SDSU毕业证书)成绩单学校原版复制
怎样办理圣地亚哥州立大学毕业证(SDSU毕业证书)成绩单学校原版复制怎样办理圣地亚哥州立大学毕业证(SDSU毕业证书)成绩单学校原版复制
怎样办理圣地亚哥州立大学毕业证(SDSU毕业证书)成绩单学校原版复制
 
7. Epi of Chronic respiratory diseases.ppt
7. Epi of Chronic respiratory diseases.ppt7. Epi of Chronic respiratory diseases.ppt
7. Epi of Chronic respiratory diseases.ppt
 
Top profile Call Girls In Satna [ 7014168258 ] Call Me For Genuine Models We ...
Top profile Call Girls In Satna [ 7014168258 ] Call Me For Genuine Models We ...Top profile Call Girls In Satna [ 7014168258 ] Call Me For Genuine Models We ...
Top profile Call Girls In Satna [ 7014168258 ] Call Me For Genuine Models We ...
 
Jual obat aborsi Bandung ( 085657271886 ) Cytote pil telat bulan penggugur ka...
Jual obat aborsi Bandung ( 085657271886 ) Cytote pil telat bulan penggugur ka...Jual obat aborsi Bandung ( 085657271886 ) Cytote pil telat bulan penggugur ka...
Jual obat aborsi Bandung ( 085657271886 ) Cytote pil telat bulan penggugur ka...
 
Top profile Call Girls In Bihar Sharif [ 7014168258 ] Call Me For Genuine Mod...
Top profile Call Girls In Bihar Sharif [ 7014168258 ] Call Me For Genuine Mod...Top profile Call Girls In Bihar Sharif [ 7014168258 ] Call Me For Genuine Mod...
Top profile Call Girls In Bihar Sharif [ 7014168258 ] Call Me For Genuine Mod...
 
Kings of Saudi Arabia, information about them
Kings of Saudi Arabia, information about themKings of Saudi Arabia, information about them
Kings of Saudi Arabia, information about them
 
Abortion pills in Jeddah | +966572737505 | Get Cytotec
Abortion pills in Jeddah | +966572737505 | Get CytotecAbortion pills in Jeddah | +966572737505 | Get Cytotec
Abortion pills in Jeddah | +966572737505 | Get Cytotec
 
Lecture_2_Deep_Learning_Overview-newone1
Lecture_2_Deep_Learning_Overview-newone1Lecture_2_Deep_Learning_Overview-newone1
Lecture_2_Deep_Learning_Overview-newone1
 
Gulbai Tekra * Cheap Call Girls In Ahmedabad Phone No 8005736733 Elite Escort...
Gulbai Tekra * Cheap Call Girls In Ahmedabad Phone No 8005736733 Elite Escort...Gulbai Tekra * Cheap Call Girls In Ahmedabad Phone No 8005736733 Elite Escort...
Gulbai Tekra * Cheap Call Girls In Ahmedabad Phone No 8005736733 Elite Escort...
 
Top profile Call Girls In Tumkur [ 7014168258 ] Call Me For Genuine Models We...
Top profile Call Girls In Tumkur [ 7014168258 ] Call Me For Genuine Models We...Top profile Call Girls In Tumkur [ 7014168258 ] Call Me For Genuine Models We...
Top profile Call Girls In Tumkur [ 7014168258 ] Call Me For Genuine Models We...
 
Top profile Call Girls In dimapur [ 7014168258 ] Call Me For Genuine Models W...
Top profile Call Girls In dimapur [ 7014168258 ] Call Me For Genuine Models W...Top profile Call Girls In dimapur [ 7014168258 ] Call Me For Genuine Models W...
Top profile Call Girls In dimapur [ 7014168258 ] Call Me For Genuine Models W...
 
Digital Advertising Lecture for Advanced Digital & Social Media Strategy at U...
Digital Advertising Lecture for Advanced Digital & Social Media Strategy at U...Digital Advertising Lecture for Advanced Digital & Social Media Strategy at U...
Digital Advertising Lecture for Advanced Digital & Social Media Strategy at U...
 
In Riyadh ((+919101817206)) Cytotec kit @ Abortion Pills Saudi Arabia
In Riyadh ((+919101817206)) Cytotec kit @ Abortion Pills Saudi ArabiaIn Riyadh ((+919101817206)) Cytotec kit @ Abortion Pills Saudi Arabia
In Riyadh ((+919101817206)) Cytotec kit @ Abortion Pills Saudi Arabia
 
SAC 25 Final National, Regional & Local Angel Group Investing Insights 2024 0...
SAC 25 Final National, Regional & Local Angel Group Investing Insights 2024 0...SAC 25 Final National, Regional & Local Angel Group Investing Insights 2024 0...
SAC 25 Final National, Regional & Local Angel Group Investing Insights 2024 0...
 
Computer science Sql cheat sheet.pdf.pdf
Computer science Sql cheat sheet.pdf.pdfComputer science Sql cheat sheet.pdf.pdf
Computer science Sql cheat sheet.pdf.pdf
 
Predicting HDB Resale Prices - Conducting Linear Regression Analysis With Orange
Predicting HDB Resale Prices - Conducting Linear Regression Analysis With OrangePredicting HDB Resale Prices - Conducting Linear Regression Analysis With Orange
Predicting HDB Resale Prices - Conducting Linear Regression Analysis With Orange
 
DATA SUMMIT 24 Building Real-Time Pipelines With FLaNK
DATA SUMMIT 24 Building Real-Time Pipelines With FLaNKDATA SUMMIT 24 Building Real-Time Pipelines With FLaNK
DATA SUMMIT 24 Building Real-Time Pipelines With FLaNK
 
Nirala Nagar / Cheap Call Girls In Lucknow Phone No 9548273370 Elite Escort S...
Nirala Nagar / Cheap Call Girls In Lucknow Phone No 9548273370 Elite Escort S...Nirala Nagar / Cheap Call Girls In Lucknow Phone No 9548273370 Elite Escort S...
Nirala Nagar / Cheap Call Girls In Lucknow Phone No 9548273370 Elite Escort S...
 

Privacy issues in data analytics

  • 1. Business Law Report Privacy regulations for data driven businesses Team Contents 1. Problem description • Data Analytics and Privacy • Challenges posed by IoT, Big Data, Cloud • Pros and Cons of strong regulation 2. Privacy laws around the globe • Timeline of data protection laws • Challenges in enactment and enforcement 3. Personal Data Protection Bill • Evolution of the bill • Features of the bill • Critical analysis of the bill • Industry's view • Opposition's view • International opinion • Civil Society’s perspective • Miscellaneous 5. Conclusion • The way forward Kanchan Kalra 1916024 Saurabh Kanaujia 1916025 Shekhar Kanodia 1916026 Shashikumar Kulkarni 1916027 Devishree Shekar 1916058
  • 2. Problem Description: Data Analytics and Privacy • Data has emerged as one of the most important resources of today's world. However there does not exist clear rules on how to make use of this resource. • There are spillover effects and negative externalities in the form of privacy breaches while exploiting this resource. In such a situation, what should be the legal remedy? • The law should find a balance between the interests of the customers and the corporations. The customers want safety and privacy, whereas corporations want commercial use of data which risks the customer's interests. • Although a relatively new area, there have been some standards which have evolved to balance the interests of the stakeholders. Anonymization, de-identification, privacy by design and security by design have been accepted as norms. • However, still there are some contentious issues such as the principles of data minimization, data retention and data localization that need closer scrutiny. • Similarly operational and contractual safeguards have also been accepted by all the stakeholders. They include privacy impact assessment, encryption of data and legally enforceable confidentiality obligations.
  • 3. Challenges posed by IoT, Big Data, Cloud • The move to build artificial intelligence(using big data, IoT and Cloud), requires collection and analysis of a lot of data. • The challenge here is that when data is collected, one knows neither the exact regression which will be run nor the data interpolation as analysis starts with no preset agenda. One cannot predict what will be inferred and what might be outcome. • This poses problem that, data collection cannot be kept minimal and even if data is anonymized, when data is collected from different sources and analyzed or regressed together, one cannot rule out the possibility that an individual can be identified. • Suggestions like calling out purpose of data collection at the time of collection, Anonymization, de- identification, privacy by design and security by design is difficult to enforce/ensure besides this would hinder progress in critical areas such as healthcare.
  • 4. Pros of strong regulation • Curbs ‘big brother’, ‘creepy’, ‘spooky’ activities • Could have prevented the below: • Facebook - Cambridge Analytica scandal • WhatsApp - Pegasus snooping row • Cyber crimes and frauds can be prevented • Prevents breaches that hurt businesses and data subjects/principals • Maintains and improves brand value and competitive advantage for businesses • Builds public, investor and customer trust and loyalty Cons of strong regulation • Compliance costs would increase • Curb innovation and startups • Global expansion would be difficult, would act like a trade barrier • Criminal provisions would deter investments • Weak regulatory body can be misused • Bona fide purposes such as public service delivery would be impacted • Less data and poor-quality data would impact data models
  • 6. USA • Has no all-encompassing federal data privacy law • Has only sector specific laws: Example healthcare HIPPA • There are a bunch of state privacy laws : example California online privacy protection act 2003 • Any unfair and deceptive practices are enforced by FTC (Federal Trade Commission) • Some Examples:  COPPA: Children's Online privacy protection act  CAN-SPAM: For e marketing regime  FCRA: Fair credit reporting act  Gramm leach Bliley: For personal info held by financial institutions  HIPPA: Health insurance portability and accountability act EU • Data protection directive(95/46) and e privacy directive (2002/58) only provides directive to member states • National implementation must be done by each member state • There are separate Data protection authority for each member state • EU has simpler data protection narrative by which Personally identifiable information (PII) includes cookies, IP address etc. • GDPR: General data protection regulation  A regulation in EU law on data protection and privacy for all individual citizens of the European Union and the European Economic Area.  It also addresses the transfer of personal data outside the EU and EEA areas.  Hospitals, Government Agencies and journalists are exempted  Citizens have the right to be forgotten if they are irrelevant/inadequate Others • Singapore: PDPA (Personal Data Protection Act) 2014: regulates way personal data is collected, stored and used. Apart from establishing a general data protection regime, the Act also regulates telemarketing practices • Hong Kong Personal Data Ordinance: users must be informed of the purpose of any personal data collection and the classes of people the data may be transferred to • Malaysia’s Personal Data Protection Act: Requires users consent before collecting personal data or sharing it with any third parties • Australia’s Privacy Principles: 13 principles guiding handling of personal data. Privacy Laws around the globe
  • 8. Source: UNCTAD Challenges in enactment and enforcement of data protection laws Enactment Challenges Enforcement Challenges
  • 9. Personal Data Protection Bill - Evolution • The SC has declared privacy as a fundamental right under Article 21 of the constitution; subsequently, the government of India constituted a "Committee of Experts on Data Protection" to examine the issues relating to data protection. • On the basis of the recommendations received, it proposed to enact the Personal Data Protection Bill, 2019 - to bring a strong and robust data protection framework for India and to set up an authority for protecting personal data and empowering the citizens' with rights relating to their personal data ensuring their fundamental right to privacy. • The Data Protection Act will provide guidance and best practices for organizations and the government on data protection and usage. Broadly it is expected to cover the following: • Regulating the processing of personal data • Protecting the rights of the data subjects • Enabling the Data Protection Authority to enforce rules • Holding organizations liable to fines in the event of a breach of the rules
  • 10. Features of the bill • To promote the concepts such as consent framework, purpose limitation, storage limitation and the data minimization. Lay down obligations on entities collecting personal data (data fiduciary) to collect only required data and with the express consent of the individual (data principal). Right to obtain personal data, correct inaccurate data, erase data, update the data, port the data to other fiduciaries and the right to restrict or prevent the disclosure of personal data. data, ensure compliance with the provisions of the proposed legislation and promote awareness about the data protection. Establish "Data Protection Authority of India” which shall protect the interests of data principals, prevent any misuse of personal To specify a provision relating to "social media intermediary” to empower the GOI, with the Authority, to notify the said intermediary as a significant data fiduciary. To empower the Central Government to exempt any agency of Government from application of the proposed Legislation. • Confer a "right of grievance" on data principal to make a complaint against the grievance to the data fiduciary 1. Appoint the "Adjudicating Officer" for adjudging the penalties to be imposed. 2. Establish an "Appellate Tribunal” 3. Imposes severe "fines and penalties" for contravention 4. Empower the Authority to specify the "code of practice" for data protection.
  • 11. Critical analysis of the bill Industry’s view: • IMAI (Industry body Internet and Mobile Association of India) has expressed concerns over upcoming data protection authority and its roles. • Industries are not happy with the clause of getting repeated consent at every step of data processing. They are of opinion that if the purpose of data processing is not violated then repeated consent may not necessary. • Every discrimination is not bad. Industries discriminate among the users using the data for creating the balance between customer’s interest and business interest. The new law considers discrimination caused by data harmful and heavy penalty can be imposed on businesses. • Industry finds ambiguity in the definitions of types of data and types of consent etc. • Compliance cost will increase for the industry especially for startups. • As per Oracle, the bill will create the new opportunities for cloud services companies since sensitive data needs to be resided in country. Opposition’s view: • Opposition parties have expressed concerns over the growing snooping industry under government watch and want the bill to be thoroughly reviewed by a parliamentary committee. • Some of the opposition parties have demanded the wider public consultation of bill. International opinion: • US tech companies such as Google, Mastercard, Visa and Amazon have expressed the concern on increasing costs due to mandatory data localization. • US has raised concerns over fair treatment and level playing field for its companies. • Bilateral strain is going to increase as per some of the joint INDO-US think tanks. • As per US treasury secretary, America has no problem if countries want to have local data for regulatory purposes if they do not eliminate it outside.
  • 12. Critical analysis of the bill • The biggest criticism about this bill is that the government at any given time can exempt any investigation agency and enforcement agency from this bill. This defeats the point of data protection. Even security crisis definition is narrow and vague which can be misused by the government • Justice Srikrishna himself has criticized the bill saying “There should be restrictions on access to data of citizens without his consent. Government has got the blank cheque in this case leading to breach of privacy.” As per him, this bill can turn India into ‘Orwellian State’. • Threat of surveillance from government is high since government can ask any type of data from companies. • Government can also take the non personal data from the companies. Some of the critics say that this provision could allow government to get the access of intellectual property of various organizations. • As per the CEO of Nasscom’s Data Security Council of India, data localization will likely make India an infeasible market for services. Civil Society’s perspective:
  • 13. Critical analysis of the bill • Data ownership is not clearly spelt out in the bill. • Right to be forgotten: • It only restricts the organization from using the data, it should allow complete deletion of personal data. • Process of exercising this right should be easy. • Data principal has no right to compensation. The penalties are given to DPA. • There is no provision to notify or inform the data principal about data breach. There should be a provision for public disclosure of data breaches. • The bill suggests to amend the RTI Act for nondisclosure of harmful information related to the Data Principal, the conditions should be clearly spelt out. • In the security safeguards, the encryption standards should be updated on a timely basis. That should be one of the mandates of the DPA. Miscellaneous
  • 14. • The DPA has been given extreme powers of arresting and detaining without approval of courts. • If the data fiduciary is not registered in India, then accessing the local data (for law enforcement) may not be possible in certain cases. • The onus of proving that damage has been done due to the violation of the provisions of the law, lies on the data principal. This seems to be a regressive step. Critical analysis of the bill • The bill mentions that the legal consequences of withdrawal of consent should be borne by the data principal. The DPA should make sure that this does not act as deterrent for bona-fide withdrawal and the consequences should be clearly spelt out in the contract itself and proper details should be provided to the data principal while entering the contract. • The proposed bill is silent on individual rights around processing activities involving automated profiling and decision making.
  • 15. Conclusion…the way forward • Peer review and periodic auditing can bring checks and balances. • Use of blockchains can help in implementation of privacy provisions. • At international level, World Data Organization (on similar lines as the World Trade Organization) can be conceptualized. It can help in the international standardization of regulations and consensus-building among nations. • Bilateral or multilateral data protection treaties & MoUs would also build trust and promote data monetization. • Chief Privacy Officer(CPO) or Data Protection Officers (DPO) roles may be strengthened by the companies. • Government should refrain from taking the non-personal data under normal circumstances from company. • Data makes accurate prediction and reduces costs. This enable companies to sell things at lower prices and in most of the cases user experience is improved due to data. Hence the guiding force behind the legislations should enable the commercial use of data by companies. • Starts ups should be provided safeguards from this law for the initial 5 years since it will be huge cost burden on them. Once enough awareness and required skill force are there, the law can be made applicable to start ups. • Single time consent from user is enough. Repeat consent will add cost and reduce user experience. • Types of harm, types of data, security reasons should be defined clearly by the Data Protection Authority.