Please enable JavaScript.
Coggle requires JavaScript to display documents.
Personal data protection bill 2018 (Provisions (Special provisions for…
Personal data protection bill 2018
Key terms
DATA: Information presented in a form that is more appropriate for processing
PROCESSING: Set of operations on personal data including collection, recording, organisation, structuring, storage, adaptation, indexing, eraser or destruction
PROFILING: Any form of processing personal data that analyses or predicts aspects concerning behaviour, attributes. interest of a data Principal
DATA PRINCIPAL: person, company or entity whose information is being collected
DATA FIDUCIARY: Person, state, company that decides why/how data should be processed ==> Data controller
DATA PROCESSOR: It is the third party conducting "data processing"
Personal data IDs person associated with data
Sensitive personal data: covers passwords, health, biometrics, caste etc
DATA trust score: Auditors giving score for data fiduciaries
Personam data breach: Any unauthorised or accidental disclosure, acquisition, sharing, use, alteration, destruction of personal data that comprises the confidentiality, integrity, availability of personal data to a data principal
RIGHT to be forgotten: It allows an individual to remove consent for data collection and disclosure
-In EU task for assessing removal requests fall on fiduciary
-In India, it falls on adjudicating officer to decide by balancing Individual freedom, freedom of speech and RTI
DATA localisation
It mandates fiduciary to store atleast one copy of personal data of India, with exceptions from central govt
It is in regards to regulation of transfer of data, outside national borders
DE-identification: masking markers of data
DATA portability: draft grants individuals this right or ability to access and transfer one's own data
-Fiduciaries may charge fees for this
Provisions
restricts and imposes conditions on
transfer of personal data.
Setting up of data protection Authority of India to prevent any misuse of personal information
provides the right to be forgotten and prescribed stiff penalties for violations
Imposes penalties of 15cr or 4% of turnover for any violations
Imposes penalty for failure to take prompt action on a security breach
Follows principle of 'Right to privacy" a fundamental right, and protecting personal data an essential facet of Information privacy
It allowed processing of personal data only for purpose of compliance of law, employment and function for state/ parliament
Processing of sensitive personal data should be on the basis of explicit consent
Critical personal data
should be processed in centers located within the country
This classification left to the govt
Other personal data can be transferred outside, by leaving atleast one copy of it in India
Data may be processed with consent of The Principal, not later than commencement of processing
It wont have retrospective application and will come into force in a phased manner
Recognizes privacy principles on how a notice should be sent to individuals for data collection
Says consent should be
-Free
-informed
-specific
-clear
-capable of being withdrawn
Prescribes explicit consent for sensitive personal data
Special provisions for children
Companies barred from behavioral monitoring, tracking, targeted advertisements, because children are unable to fully understand consequence of actions
DPA has authority to designate websites as "gaurdian data fiducairies"(meaning they are responsible for processed/accessed data)
Approach of placing onus of properly processing data of child on the company preferrable than existing regulatory approach, based on parental consent
Exemptions
Processing of data for state or societal interest
DPA
Sector agnostic
governed by a Board consisting of
six whole time members and a chairperson appointed by Union govt on recommendations of selection committee
Selection committee
-CJI or her nominee(judge of SC)
-cabinet secretary, GoI
-one expert of repute who is experienced in area of data protection/IT
Members of DPA are to be individuals of integrity and ability with special knowledge and professional experience of not less than 10 years in areas of data protection, IT, Cyber laws etc
5 year term for members, salaries prescribed by Central govt
Functions
Monitoring and enforcement
• Legal affairs, policy and standards setting
• Research and awareness
• Enquires, grievance handling and adjudication
Provides for setting up of an appellate tribunal
will be stating codes of practise, conducting enquiries and issueing warning & Injunctions