SlideShare a Scribd company logo

India'a Proposed Privacy & Personal Data Protection Law

Priyanka Aash
Priyanka Aash

India'a Proposed Privacy & Personal Data Protection Law by Aaron Kamath

Technology
1 of 8
Mumbai | Silicon Valley | Bangalore | Singapore | Mumbai-BKC | New Delhi | Munich | New York © Nishith Desai Associates SACON 2020 India’s Proposed Privacy and Personal Data Protection Law - Aaron Kamath Leader - Technology & Privacy Law Practice February 22, 2020 Draft for discussion purposes only
Regulation as a Facilitator  Privacy • Control over data • Transfer to jurisdictions with less protection  Cybersecurity • In 2015, 70% of all internet traffic was passing through cloud data centers – how secure is that cloud?  Law enforcement • Government access • Data localization • Solutions – MLATs and data sharing agreements  Competition • Protect domestic companies from online competition  Equating digital and non-digital players • TSPs v. OTTs 2
Changing Landscape of Privacy and Data Protection in India  India, the largest consumer of mobile data in the world, is acknowledging the importance of data, its uses and security.  The Apex court declared the right to privacy as a fundamental right guaranteed under the Constitution.  In December 2019, the Indian Government introduced in the lower house of parliament the Personal Data Protection Bill, 2019.  The Bill on December 12, 2019 was referred to a Joint Parliamentary Committee (“JPC”) for further debate and examination.  Presently stakeholder recommendations are invited by the JPC until 25th February 2020.  JPC to submit its report to Parliament by mid-end March. 3
Existing Framework  The Information Technology Act, 2000  The Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011 • Protects ‘Sensitive Personal Data’ • Purpose, collection and storage limitation • Privacy Policy and disclosures • Consent requirements • Transfers • Reasonable security practices and procedures • Grievance officer  State of compliance  Sectoral requirements • Data localization– banking and payments, insurance, telecom 4
Overview of the Personal Data Protection Bill,2019  Applicability • Extra-territorial • Exemption for manual processing and outsourcing activities in certain cases  Wider categories of data protected • Personal data • Sensitive personal data – biometric, financial, religious, caste data included  Peculiarities in other categories of data • Critical personal data (no guidance) • Anonymized / non-personal data (Government requests)  Enhanced data controller obligations • Notice and consent requirements – for personal and sensitive data • Purpose, collection and storage limitations • Privacy by design • Transparency and security safeguards (CoPs) • Data breach notifications (to DPA)  Significant data fiduciary • Impact assessments • Maintenance of records and audits • Data protection officer • Social media intermediaries 5
Overview of the Personal Data Protection Bill,2019 (contd.)  Rights conferred on data subjects (flavors of GDPR) • Confirmation and access • Correction and erasure • Data portability (extends to data generated by fiduciary and profile data) • Right to be forgotten (limited right)  Special provisions on children’s data • Age-verification and parental consent • Guardian data fiduciary • Restrictions in profiling, tracking, monitoring, targeted advertising directed at children or other potentially harmful activities  Independent Data Protection Authority • Codes of Practice  Regulatory sandbox  Enhanced penalties linked to % of worldwide turnover in some grave cases 6
7 Data Fiduciary Data Processor Data transfer (unless categorized as Critical Personal Data) Overseas INDIA Data Localization andCross-Border DataTransfers - Sensitive Personal Data Server / Data Centre Data Principal Explicit consent -- Data ProtectionAuthority approved contract or intra-group schemes, or - Transfer to Government notified countries or class of entities or international organizations; or - DPA approved transfer for a specific purpose Data copy stored (unless specifically exempted by the Central Government)
Thank You! nda@nishithdesai.com Mumbai | Silicon Valley | Bangalore | Singapore | Mumbai-BKC | New Delhi | Munich | New York © Nishith Desai Associates Aaron Kamath – aaron.kamath@nishithdesai.com

Recommended

Overview Data Privacy Bill India
Overview Data Privacy Bill IndiaOverview Data Privacy Bill India
Overview Data Privacy Bill IndiaITS Technology Solution Private Limited
 
Data Protection in India
Data Protection in IndiaData Protection in India
Data Protection in IndiaHome
 
Data Privacy
Data PrivacyData Privacy
Data PrivacyHome
 
Data Privacy
Data PrivacyData Privacy
Data Privacycliff_rudolph
 
Data Privacy Introduction
Data Privacy IntroductionData Privacy Introduction
Data Privacy IntroductionG Prachi
 
Data and software privacy
Data and software privacyData and software privacy
Data and software privacyIntegral university, India
 
Privacy and Data Security
Privacy and Data SecurityPrivacy and Data Security
Privacy and Data SecurityWilmerHale
 
Privacy & Data Protection in the Digital World
Privacy & Data Protection in the Digital WorldPrivacy & Data Protection in the Digital World
Privacy & Data Protection in the Digital WorldArab Federation for Digital Economy
 

Recommended

Overview Data Privacy Bill India
Overview Data Privacy Bill IndiaOverview Data Privacy Bill India
Overview Data Privacy Bill IndiaITS Technology Solution Private Limited
 
Data Protection in India
Data Protection in IndiaData Protection in India
Data Protection in IndiaHome
 
Data Privacy
Data PrivacyData Privacy
Data PrivacyHome
 
Data Privacy
Data PrivacyData Privacy
Data Privacycliff_rudolph
 
Data Privacy Introduction
Data Privacy IntroductionData Privacy Introduction
Data Privacy IntroductionG Prachi
 
Data and software privacy
Data and software privacyData and software privacy
Data and software privacyIntegral university, India
 
Privacy and Data Security
Privacy and Data SecurityPrivacy and Data Security
Privacy and Data SecurityWilmerHale
 
Privacy & Data Protection in the Digital World
Privacy & Data Protection in the Digital WorldPrivacy & Data Protection in the Digital World
Privacy & Data Protection in the Digital WorldArab Federation for Digital Economy
 
Privacy and Data Protection Act 2014 (VIC)
Privacy and Data Protection Act 2014 (VIC)Privacy and Data Protection Act 2014 (VIC)
Privacy and Data Protection Act 2014 (VIC)Russell_Kennedy
 
Privacy & Data Protection
Privacy & Data ProtectionPrivacy & Data Protection
Privacy & Data Protectionsp_krishna
 
General Data Protection Regulation (GDPR)
General Data Protection Regulation (GDPR)General Data Protection Regulation (GDPR)
General Data Protection Regulation (GDPR)Extentia Information Technology
 
Data protection ppt
Data protection pptData protection ppt
Data protection pptgrahamwell
 
Data Protection and Privacy
Data Protection and PrivacyData Protection and Privacy
Data Protection and PrivacyVertex Holdings
 
Consumer Privacy
Consumer PrivacyConsumer Privacy
Consumer PrivacyAshish Jain
 
Presentation on GDPR
Presentation on GDPRPresentation on GDPR
Presentation on GDPRDipanjanDey12
 
GDPR Overview
GDPR OverviewGDPR Overview
GDPR OverviewTrish McGinity, CCSK
 
Data Privacy in India and data theft
Data Privacy in India and data theftData Privacy in India and data theft
Data Privacy in India and data theftAmber Gupta
 
Data Protection Act
Data Protection ActData Protection Act
Data Protection Actmrmwood
 
Data Privacy & Compliance Considerations on Using Cloud Services
Data Privacy & Compliance Considerations on Using Cloud ServicesData Privacy & Compliance Considerations on Using Cloud Services
Data Privacy & Compliance Considerations on Using Cloud ServicesAmazon Web Services
 
Data protection regulation
Data protection regulationData protection regulation
Data protection regulationGreg Ezeilo
 
Simple GDPR Overview
Simple GDPR OverviewSimple GDPR Overview
Simple GDPR OverviewGydeline Ltd
 
Cybersecurity and Data Privacy
Cybersecurity and Data PrivacyCybersecurity and Data Privacy
Cybersecurity and Data PrivacyWilmerHale
 
Data Privacy & Security
Data Privacy & SecurityData Privacy & Security
Data Privacy & SecurityEryk Budi Pratama
 
Cybersecurity & Data Privacy 2020 - Introduction to US Privacy and Data Secur...
Cybersecurity & Data Privacy 2020 - Introduction to US Privacy and Data Secur...Cybersecurity & Data Privacy 2020 - Introduction to US Privacy and Data Secur...
Cybersecurity & Data Privacy 2020 - Introduction to US Privacy and Data Secur...Financial Poise
 
Privacy in simple
Privacy in simplePrivacy in simple
Privacy in simpleAurora Computer Studies
 
The GDPR for Techies
The GDPR for TechiesThe GDPR for Techies
The GDPR for TechiesLilian Edwards
 
GDPR for dummies
GDPR for dummies GDPR for dummies
GDPR for dummies Benoît De Nayer
 
Privacy issues in data analytics
Privacy issues in data analyticsPrivacy issues in data analytics
Privacy issues in data analyticsshekharkanodia
 
Smart_cities_and_sustainability_Korpisaari.pdf
Smart_cities_and_sustainability_Korpisaari.pdfSmart_cities_and_sustainability_Korpisaari.pdf
Smart_cities_and_sustainability_Korpisaari.pdfPäivi Korpisaari
 
13687562.ppt
13687562.ppt13687562.ppt
13687562.ppthandywicaksono2
 

More Related Content

What's hot

Privacy and Data Protection Act 2014 (VIC)
Privacy and Data Protection Act 2014 (VIC)Privacy and Data Protection Act 2014 (VIC)
Privacy and Data Protection Act 2014 (VIC)Russell_Kennedy
 
Privacy & Data Protection
Privacy & Data ProtectionPrivacy & Data Protection
Privacy & Data Protectionsp_krishna
 
Data protection ppt
Data protection pptData protection ppt
Data protection pptgrahamwell
 
Data Protection and Privacy
Data Protection and PrivacyData Protection and Privacy
Data Protection and PrivacyVertex Holdings
 
Consumer Privacy
Consumer PrivacyConsumer Privacy
Consumer PrivacyAshish Jain
 
Presentation on GDPR
Presentation on GDPRPresentation on GDPR
Presentation on GDPRDipanjanDey12
 
Data Privacy in India and data theft
Data Privacy in India and data theftData Privacy in India and data theft
Data Privacy in India and data theftAmber Gupta
 
Data Protection Act
Data Protection ActData Protection Act
Data Protection Actmrmwood
 
Data Privacy & Compliance Considerations on Using Cloud Services
Data Privacy & Compliance Considerations on Using Cloud ServicesData Privacy & Compliance Considerations on Using Cloud Services
Data Privacy & Compliance Considerations on Using Cloud ServicesAmazon Web Services
 
Data protection regulation
Data protection regulationData protection regulation
Data protection regulationGreg Ezeilo
 
Simple GDPR Overview
Simple GDPR OverviewSimple GDPR Overview
Simple GDPR OverviewGydeline Ltd
 
Cybersecurity and Data Privacy
Cybersecurity and Data PrivacyCybersecurity and Data Privacy
Cybersecurity and Data PrivacyWilmerHale
 
Cybersecurity & Data Privacy 2020 - Introduction to US Privacy and Data Secur...
Cybersecurity & Data Privacy 2020 - Introduction to US Privacy and Data Secur...Cybersecurity & Data Privacy 2020 - Introduction to US Privacy and Data Secur...
Cybersecurity & Data Privacy 2020 - Introduction to US Privacy and Data Secur...Financial Poise
 

What's hot (19)

Privacy and Data Protection Act 2014 (VIC)
Privacy and Data Protection Act 2014 (VIC)Privacy and Data Protection Act 2014 (VIC)
Privacy and Data Protection Act 2014 (VIC)
 
Privacy & Data Protection
Privacy & Data ProtectionPrivacy & Data Protection
Privacy & Data Protection
 
General Data Protection Regulation (GDPR)
General Data Protection Regulation (GDPR)General Data Protection Regulation (GDPR)
General Data Protection Regulation (GDPR)
 
Data protection ppt
Data protection pptData protection ppt
Data protection ppt
 
Data Protection and Privacy
Data Protection and PrivacyData Protection and Privacy
Data Protection and Privacy
 
Consumer Privacy
Consumer PrivacyConsumer Privacy
Consumer Privacy
 
Presentation on GDPR
Presentation on GDPRPresentation on GDPR
Presentation on GDPR
 
GDPR Overview
GDPR OverviewGDPR Overview
GDPR Overview
 
Data Privacy in India and data theft
Data Privacy in India and data theftData Privacy in India and data theft
Data Privacy in India and data theft
 
Data Protection Act
Data Protection ActData Protection Act
Data Protection Act
 
Data Privacy & Compliance Considerations on Using Cloud Services
Data Privacy & Compliance Considerations on Using Cloud ServicesData Privacy & Compliance Considerations on Using Cloud Services
Data Privacy & Compliance Considerations on Using Cloud Services
 
Data protection regulation
Data protection regulationData protection regulation
Data protection regulation
 
Simple GDPR Overview
Simple GDPR OverviewSimple GDPR Overview
Simple GDPR Overview
 
Cybersecurity and Data Privacy
Cybersecurity and Data PrivacyCybersecurity and Data Privacy
Cybersecurity and Data Privacy
 
Data Privacy & Security
Data Privacy & SecurityData Privacy & Security
Data Privacy & Security
 
Cybersecurity & Data Privacy 2020 - Introduction to US Privacy and Data Secur...
Cybersecurity & Data Privacy 2020 - Introduction to US Privacy and Data Secur...Cybersecurity & Data Privacy 2020 - Introduction to US Privacy and Data Secur...
Cybersecurity & Data Privacy 2020 - Introduction to US Privacy and Data Secur...
 
Privacy in simple
Privacy in simplePrivacy in simple
Privacy in simple
 
The GDPR for Techies
The GDPR for TechiesThe GDPR for Techies
The GDPR for Techies
 
GDPR for dummies
GDPR for dummies GDPR for dummies
GDPR for dummies
 

Similar to India'a Proposed Privacy & Personal Data Protection Law

Privacy issues in data analytics
Privacy issues in data analyticsPrivacy issues in data analytics
Privacy issues in data analyticsshekharkanodia
 
Smart_cities_and_sustainability_Korpisaari.pdf
Smart_cities_and_sustainability_Korpisaari.pdfSmart_cities_and_sustainability_Korpisaari.pdf
Smart_cities_and_sustainability_Korpisaari.pdfPäivi Korpisaari
 
When Big Data is Personal Data - Data Analytics in The Age of Privacy Laws
When Big Data is Personal Data - Data Analytics in The Age of Privacy LawsWhen Big Data is Personal Data - Data Analytics in The Age of Privacy Laws
When Big Data is Personal Data - Data Analytics in The Age of Privacy LawsTara Aaron
 
GDPR and IoT: What do you need to know?
GDPR and IoT: What do you need to know?GDPR and IoT: What do you need to know?
GDPR and IoT: What do you need to know?MicheleNati
 
What You Should Know About Data Privacy- Knobbe Martens Webinar Series for St...
What You Should Know About Data Privacy- Knobbe Martens Webinar Series for St...What You Should Know About Data Privacy- Knobbe Martens Webinar Series for St...
What You Should Know About Data Privacy- Knobbe Martens Webinar Series for St...Knobbe Martens - Intellectual Property Law
 
Embedding GDPR Within Your Information and Library Service
Embedding GDPR Within Your Information and Library ServiceEmbedding GDPR Within Your Information and Library Service
Embedding GDPR Within Your Information and Library ServiceCILIPScotland
 
Building Consumers Trust: The role of transparency and control
Building Consumers Trust: The role of transparency and controlBuilding Consumers Trust: The role of transparency and control
Building Consumers Trust: The role of transparency and controlMicheleNati
 
IT risk discusion qustion.pdf
IT risk discusion qustion.pdfIT risk discusion qustion.pdf
IT risk discusion qustion.pdfstirlingvwriters
 
GDPR Enforcement is here. Are you ready?
GDPR Enforcement is here. Are you ready? GDPR Enforcement is here. Are you ready?
GDPR Enforcement is here. Are you ready? SecurityScorecard
 
Real world data engineering practices for GDPR
Real world data engineering practices for GDPRReal world data engineering practices for GDPR
Real world data engineering practices for GDPRChing-Yu Wu
 
GDPR in the Healthcare Industry
GDPR in the Healthcare IndustryGDPR in the Healthcare Industry
GDPR in the Healthcare IndustryEMMAIntl
 
National Data Sharing and Accessibility Policy [ NDSAP 2012 ]
National Data Sharing and Accessibility Policy [ NDSAP 2012 ]National Data Sharing and Accessibility Policy [ NDSAP 2012 ]
National Data Sharing and Accessibility Policy [ NDSAP 2012 ]Data Portal India
 
(SACON) Shivangi Nadkarni & Sandeep Rao - An introduction to Data Privacy
(SACON) Shivangi Nadkarni & Sandeep Rao - An introduction to Data Privacy(SACON) Shivangi Nadkarni & Sandeep Rao - An introduction to Data Privacy
(SACON) Shivangi Nadkarni & Sandeep Rao - An introduction to Data PrivacyPriyanka Aash
 
GDPR clinic - CloudWATCH at Cloud Security Expo 2017
GDPR clinic - CloudWATCH at Cloud Security Expo 2017GDPR clinic - CloudWATCH at Cloud Security Expo 2017
GDPR clinic - CloudWATCH at Cloud Security Expo 2017CloudWATCH Consortium
 
Smart Cities in India: Privacy & Security Concerns and Strategies
Smart Cities in India: Privacy & Security Concerns and StrategiesSmart Cities in India: Privacy & Security Concerns and Strategies
Smart Cities in India: Privacy & Security Concerns and StrategiesKavitha Gupta, CIPP-Asia
 
GCCS-privacy-PP-final presentation-3-1.pptx
GCCS-privacy-PP-final presentation-3-1.pptxGCCS-privacy-PP-final presentation-3-1.pptx
GCCS-privacy-PP-final presentation-3-1.pptxMuhammadAbdullah311866
 
Present european sdg summit template sdg roundtables_sitra_fibs
Present european sdg summit template sdg roundtables_sitra_fibsPresent european sdg summit template sdg roundtables_sitra_fibs
Present european sdg summit template sdg roundtables_sitra_fibsSitra / Hyvinvointi
 

Similar to India'a Proposed Privacy & Personal Data Protection Law (20)

Privacy issues in data analytics
Privacy issues in data analyticsPrivacy issues in data analytics
Privacy issues in data analytics
 
Smart_cities_and_sustainability_Korpisaari.pdf
Smart_cities_and_sustainability_Korpisaari.pdfSmart_cities_and_sustainability_Korpisaari.pdf
Smart_cities_and_sustainability_Korpisaari.pdf
 
13687562.ppt
13687562.ppt13687562.ppt
13687562.ppt
 
When Big Data is Personal Data - Data Analytics in The Age of Privacy Laws
When Big Data is Personal Data - Data Analytics in The Age of Privacy LawsWhen Big Data is Personal Data - Data Analytics in The Age of Privacy Laws
When Big Data is Personal Data - Data Analytics in The Age of Privacy Laws
 
GDPR and IoT: What do you need to know?
GDPR and IoT: What do you need to know?GDPR and IoT: What do you need to know?
GDPR and IoT: What do you need to know?
 
What You Should Know About Data Privacy- Knobbe Martens Webinar Series for St...
What You Should Know About Data Privacy- Knobbe Martens Webinar Series for St...What You Should Know About Data Privacy- Knobbe Martens Webinar Series for St...
What You Should Know About Data Privacy- Knobbe Martens Webinar Series for St...
 
Embedding GDPR Within Your Information and Library Service
Embedding GDPR Within Your Information and Library ServiceEmbedding GDPR Within Your Information and Library Service
Embedding GDPR Within Your Information and Library Service
 
Building Consumers Trust: The role of transparency and control
Building Consumers Trust: The role of transparency and controlBuilding Consumers Trust: The role of transparency and control
Building Consumers Trust: The role of transparency and control
 
IT risk discusion qustion.pdf
IT risk discusion qustion.pdfIT risk discusion qustion.pdf
IT risk discusion qustion.pdf
 
GDPR Enforcement is here. Are you ready?
GDPR Enforcement is here. Are you ready? GDPR Enforcement is here. Are you ready?
GDPR Enforcement is here. Are you ready?
 
Real world data engineering practices for GDPR
Real world data engineering practices for GDPRReal world data engineering practices for GDPR
Real world data engineering practices for GDPR
 
GDPR in the Healthcare Industry
GDPR in the Healthcare IndustryGDPR in the Healthcare Industry
GDPR in the Healthcare Industry
 
National Data Sharing and Accessibility Policy [ NDSAP 2012 ]
National Data Sharing and Accessibility Policy [ NDSAP 2012 ]National Data Sharing and Accessibility Policy [ NDSAP 2012 ]
National Data Sharing and Accessibility Policy [ NDSAP 2012 ]
 
(SACON) Shivangi Nadkarni & Sandeep Rao - An introduction to Data Privacy
(SACON) Shivangi Nadkarni & Sandeep Rao - An introduction to Data Privacy(SACON) Shivangi Nadkarni & Sandeep Rao - An introduction to Data Privacy
(SACON) Shivangi Nadkarni & Sandeep Rao - An introduction to Data Privacy
 
GDPR clinic - CloudWATCH at Cloud Security Expo 2017
GDPR clinic - CloudWATCH at Cloud Security Expo 2017GDPR clinic - CloudWATCH at Cloud Security Expo 2017
GDPR clinic - CloudWATCH at Cloud Security Expo 2017
 
GDPR for your Payroll Bureau
GDPR for your Payroll BureauGDPR for your Payroll Bureau
GDPR for your Payroll Bureau
 
Smart Cities in India: Privacy & Security Concerns and Strategies
Smart Cities in India: Privacy & Security Concerns and StrategiesSmart Cities in India: Privacy & Security Concerns and Strategies
Smart Cities in India: Privacy & Security Concerns and Strategies
 
GCCS-privacy-PP-final presentation-3-1.pptx
GCCS-privacy-PP-final presentation-3-1.pptxGCCS-privacy-PP-final presentation-3-1.pptx
GCCS-privacy-PP-final presentation-3-1.pptx
 
Gdpr action plan
Gdpr action plan Gdpr action plan
Gdpr action plan
 
Present european sdg summit template sdg roundtables_sitra_fibs
Present european sdg summit template sdg roundtables_sitra_fibsPresent european sdg summit template sdg roundtables_sitra_fibs
Present european sdg summit template sdg roundtables_sitra_fibs
 

More from Priyanka Aash

Digital Personal Data Protection (DPDP) Practical Approach For CISOs
Digital Personal Data Protection (DPDP) Practical Approach For CISOsDigital Personal Data Protection (DPDP) Practical Approach For CISOs
Digital Personal Data Protection (DPDP) Practical Approach For CISOsPriyanka Aash
 
Verizon Breach Investigation Report (VBIR).pdf
Verizon Breach Investigation Report (VBIR).pdfVerizon Breach Investigation Report (VBIR).pdf
Verizon Breach Investigation Report (VBIR).pdfPriyanka Aash
 
Top 10 Security Risks .pptx.pdf
Top 10 Security Risks .pptx.pdfTop 10 Security Risks .pptx.pdf
Top 10 Security Risks .pptx.pdfPriyanka Aash
 
Simplifying data privacy and protection.pdf
Simplifying data privacy and protection.pdfSimplifying data privacy and protection.pdf
Simplifying data privacy and protection.pdfPriyanka Aash
 
Generative AI and Security (1).pptx.pdf
Generative AI and Security (1).pptx.pdfGenerative AI and Security (1).pptx.pdf
Generative AI and Security (1).pptx.pdfPriyanka Aash
 
EVERY ATTACK INVOLVES EXPLOITATION OF A WEAKNESS.pdf
EVERY ATTACK INVOLVES EXPLOITATION OF A WEAKNESS.pdfEVERY ATTACK INVOLVES EXPLOITATION OF A WEAKNESS.pdf
EVERY ATTACK INVOLVES EXPLOITATION OF A WEAKNESS.pdfPriyanka Aash
 
Cyber Truths_Are you Prepared version 1.1.pptx.pdf
Cyber Truths_Are you Prepared version 1.1.pptx.pdfCyber Truths_Are you Prepared version 1.1.pptx.pdf
Cyber Truths_Are you Prepared version 1.1.pptx.pdfPriyanka Aash
 
Cyber Crisis Management.pdf
Cyber Crisis Management.pdfCyber Crisis Management.pdf
Cyber Crisis Management.pdfPriyanka Aash
 
CISOPlatform journey.pptx.pdf
CISOPlatform journey.pptx.pdfCISOPlatform journey.pptx.pdf
CISOPlatform journey.pptx.pdfPriyanka Aash
 
Chennai Chapter.pptx.pdf
Chennai Chapter.pptx.pdfChennai Chapter.pptx.pdf
Chennai Chapter.pptx.pdfPriyanka Aash
 
Cloud attack vectors_Moshe.pdf
Cloud attack vectors_Moshe.pdfCloud attack vectors_Moshe.pdf
Cloud attack vectors_Moshe.pdfPriyanka Aash
 
Stories From The Web 3 Battlefield
Stories From The Web 3 BattlefieldStories From The Web 3 Battlefield
Stories From The Web 3 BattlefieldPriyanka Aash
 
Lessons Learned From Ransomware Attacks
Lessons Learned From Ransomware AttacksLessons Learned From Ransomware Attacks
Lessons Learned From Ransomware AttacksPriyanka Aash
 
Emerging New Threats And Top CISO Priorities In 2022 (Chennai)
Emerging New Threats And Top CISO Priorities In 2022 (Chennai)Emerging New Threats And Top CISO Priorities In 2022 (Chennai)
Emerging New Threats And Top CISO Priorities In 2022 (Chennai)Priyanka Aash
 
Emerging New Threats And Top CISO Priorities In 2022 (Mumbai)
Emerging New Threats And Top CISO Priorities In 2022 (Mumbai)Emerging New Threats And Top CISO Priorities In 2022 (Mumbai)
Emerging New Threats And Top CISO Priorities In 2022 (Mumbai)Priyanka Aash
 
Emerging New Threats And Top CISO Priorities in 2022 (Bangalore)
Emerging New Threats And Top CISO Priorities in 2022 (Bangalore)Emerging New Threats And Top CISO Priorities in 2022 (Bangalore)
Emerging New Threats And Top CISO Priorities in 2022 (Bangalore)Priyanka Aash
 
Cloud Security: Limitations of Cloud Security Groups and Flow Logs
Cloud Security: Limitations of Cloud Security Groups and Flow LogsCloud Security: Limitations of Cloud Security Groups and Flow Logs
Cloud Security: Limitations of Cloud Security Groups and Flow LogsPriyanka Aash
 
Cyber Security Governance
Cyber Security GovernanceCyber Security Governance
Cyber Security GovernancePriyanka Aash
 

More from Priyanka Aash (20)

Digital Personal Data Protection (DPDP) Practical Approach For CISOs
Digital Personal Data Protection (DPDP) Practical Approach For CISOsDigital Personal Data Protection (DPDP) Practical Approach For CISOs
Digital Personal Data Protection (DPDP) Practical Approach For CISOs
 
Verizon Breach Investigation Report (VBIR).pdf
Verizon Breach Investigation Report (VBIR).pdfVerizon Breach Investigation Report (VBIR).pdf
Verizon Breach Investigation Report (VBIR).pdf
 
Top 10 Security Risks .pptx.pdf
Top 10 Security Risks .pptx.pdfTop 10 Security Risks .pptx.pdf
Top 10 Security Risks .pptx.pdf
 
Simplifying data privacy and protection.pdf
Simplifying data privacy and protection.pdfSimplifying data privacy and protection.pdf
Simplifying data privacy and protection.pdf
 
Generative AI and Security (1).pptx.pdf
Generative AI and Security (1).pptx.pdfGenerative AI and Security (1).pptx.pdf
Generative AI and Security (1).pptx.pdf
 
EVERY ATTACK INVOLVES EXPLOITATION OF A WEAKNESS.pdf
EVERY ATTACK INVOLVES EXPLOITATION OF A WEAKNESS.pdfEVERY ATTACK INVOLVES EXPLOITATION OF A WEAKNESS.pdf
EVERY ATTACK INVOLVES EXPLOITATION OF A WEAKNESS.pdf
 
DPDP Act 2023.pdf
DPDP Act 2023.pdfDPDP Act 2023.pdf
DPDP Act 2023.pdf
 
Cyber Truths_Are you Prepared version 1.1.pptx.pdf
Cyber Truths_Are you Prepared version 1.1.pptx.pdfCyber Truths_Are you Prepared version 1.1.pptx.pdf
Cyber Truths_Are you Prepared version 1.1.pptx.pdf
 
Cyber Crisis Management.pdf
Cyber Crisis Management.pdfCyber Crisis Management.pdf
Cyber Crisis Management.pdf
 
CISOPlatform journey.pptx.pdf
CISOPlatform journey.pptx.pdfCISOPlatform journey.pptx.pdf
CISOPlatform journey.pptx.pdf
 
Chennai Chapter.pptx.pdf
Chennai Chapter.pptx.pdfChennai Chapter.pptx.pdf
Chennai Chapter.pptx.pdf
 
Cloud attack vectors_Moshe.pdf
Cloud attack vectors_Moshe.pdfCloud attack vectors_Moshe.pdf
Cloud attack vectors_Moshe.pdf
 
Stories From The Web 3 Battlefield
Stories From The Web 3 BattlefieldStories From The Web 3 Battlefield
Stories From The Web 3 Battlefield
 
Lessons Learned From Ransomware Attacks
Lessons Learned From Ransomware AttacksLessons Learned From Ransomware Attacks
Lessons Learned From Ransomware Attacks
 
Emerging New Threats And Top CISO Priorities In 2022 (Chennai)
Emerging New Threats And Top CISO Priorities In 2022 (Chennai)Emerging New Threats And Top CISO Priorities In 2022 (Chennai)
Emerging New Threats And Top CISO Priorities In 2022 (Chennai)
 
Emerging New Threats And Top CISO Priorities In 2022 (Mumbai)
Emerging New Threats And Top CISO Priorities In 2022 (Mumbai)Emerging New Threats And Top CISO Priorities In 2022 (Mumbai)
Emerging New Threats And Top CISO Priorities In 2022 (Mumbai)
 
Emerging New Threats And Top CISO Priorities in 2022 (Bangalore)
Emerging New Threats And Top CISO Priorities in 2022 (Bangalore)Emerging New Threats And Top CISO Priorities in 2022 (Bangalore)
Emerging New Threats And Top CISO Priorities in 2022 (Bangalore)
 
Cloud Security: Limitations of Cloud Security Groups and Flow Logs
Cloud Security: Limitations of Cloud Security Groups and Flow LogsCloud Security: Limitations of Cloud Security Groups and Flow Logs
Cloud Security: Limitations of Cloud Security Groups and Flow Logs
 
Cyber Security Governance
Cyber Security GovernanceCyber Security Governance
Cyber Security Governance
 
Ethical Hacking
Ethical HackingEthical Hacking
Ethical Hacking
 

Recently uploaded

Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Commit University
 
Key Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxKey Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxLBM Solutions
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...shyamraj55
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfAlex Barbosa Coqueiro
 
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024BookNet Canada
 
costume and set research powerpoint presentation
costume and set research powerpoint presentationcostume and set research powerpoint presentation
costume and set research powerpoint presentationphoebematthew05
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machinePadma Pradeep
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesSinan KOZAK
 
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)Wonjun Hwang
 
Pigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsMark Billinghurst
 
APIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDGAPIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDGMarianaLemus7
 
Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Enterprise Knowledge
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Mattias Andersson
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Mark Simos
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsRizwan Syed
 
Build your next Gen AI Breakthrough - April 2024
Build your next Gen AI Breakthrough - April 2024Build your next Gen AI Breakthrough - April 2024
Build your next Gen AI Breakthrough - April 2024Neo4j
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsMemoori
 
Artificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning eraArtificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning eraDeakin University
 
Bluetooth Controlled Car with Arduino.pdf
Bluetooth Controlled Car with Arduino.pdfBluetooth Controlled Car with Arduino.pdf
Bluetooth Controlled Car with Arduino.pdfngoud9212
 

Recently uploaded (20)

Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!
 
Key Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxKey Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptx
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdf
 
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
 
costume and set research powerpoint presentation
costume and set research powerpoint presentationcostume and set research powerpoint presentation
costume and set research powerpoint presentation
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machine
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen Frames
 
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
 
Pigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food Manufacturing
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR Systems
 
APIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDGAPIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDG
 
Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL Certs
 
Build your next Gen AI Breakthrough - April 2024
Build your next Gen AI Breakthrough - April 2024Build your next Gen AI Breakthrough - April 2024
Build your next Gen AI Breakthrough - April 2024
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial Buildings
 
Artificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning eraArtificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning era
 
Bluetooth Controlled Car with Arduino.pdf
Bluetooth Controlled Car with Arduino.pdfBluetooth Controlled Car with Arduino.pdf
Bluetooth Controlled Car with Arduino.pdf
 

India'a Proposed Privacy & Personal Data Protection Law

  • 1. Mumbai | Silicon Valley | Bangalore | Singapore | Mumbai-BKC | New Delhi | Munich | New York © Nishith Desai Associates SACON 2020 India’s Proposed Privacy and Personal Data Protection Law - Aaron Kamath Leader - Technology & Privacy Law Practice February 22, 2020 Draft for discussion purposes only
  • 2. Regulation as a Facilitator  Privacy • Control over data • Transfer to jurisdictions with less protection  Cybersecurity • In 2015, 70% of all internet traffic was passing through cloud data centers – how secure is that cloud?  Law enforcement • Government access • Data localization • Solutions – MLATs and data sharing agreements  Competition • Protect domestic companies from online competition  Equating digital and non-digital players • TSPs v. OTTs 2
  • 3. Changing Landscape of Privacy and Data Protection in India  India, the largest consumer of mobile data in the world, is acknowledging the importance of data, its uses and security.  The Apex court declared the right to privacy as a fundamental right guaranteed under the Constitution.  In December 2019, the Indian Government introduced in the lower house of parliament the Personal Data Protection Bill, 2019.  The Bill on December 12, 2019 was referred to a Joint Parliamentary Committee (“JPC”) for further debate and examination.  Presently stakeholder recommendations are invited by the JPC until 25th February 2020.  JPC to submit its report to Parliament by mid-end March. 3
  • 4. Existing Framework  The Information Technology Act, 2000  The Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011 • Protects ‘Sensitive Personal Data’ • Purpose, collection and storage limitation • Privacy Policy and disclosures • Consent requirements • Transfers • Reasonable security practices and procedures • Grievance officer  State of compliance  Sectoral requirements • Data localization– banking and payments, insurance, telecom 4
  • 5. Overview of the Personal Data Protection Bill,2019  Applicability • Extra-territorial • Exemption for manual processing and outsourcing activities in certain cases  Wider categories of data protected • Personal data • Sensitive personal data – biometric, financial, religious, caste data included  Peculiarities in other categories of data • Critical personal data (no guidance) • Anonymized / non-personal data (Government requests)  Enhanced data controller obligations • Notice and consent requirements – for personal and sensitive data • Purpose, collection and storage limitations • Privacy by design • Transparency and security safeguards (CoPs) • Data breach notifications (to DPA)  Significant data fiduciary • Impact assessments • Maintenance of records and audits • Data protection officer • Social media intermediaries 5
  • 6. Overview of the Personal Data Protection Bill,2019 (contd.)  Rights conferred on data subjects (flavors of GDPR) • Confirmation and access • Correction and erasure • Data portability (extends to data generated by fiduciary and profile data) • Right to be forgotten (limited right)  Special provisions on children’s data • Age-verification and parental consent • Guardian data fiduciary • Restrictions in profiling, tracking, monitoring, targeted advertising directed at children or other potentially harmful activities  Independent Data Protection Authority • Codes of Practice  Regulatory sandbox  Enhanced penalties linked to % of worldwide turnover in some grave cases 6
  • 7. 7 Data Fiduciary Data Processor Data transfer (unless categorized as Critical Personal Data) Overseas INDIA Data Localization andCross-Border DataTransfers - Sensitive Personal Data Server / Data Centre Data Principal Explicit consent -- Data ProtectionAuthority approved contract or intra-group schemes, or - Transfer to Government notified countries or class of entities or international organizations; or - DPA approved transfer for a specific purpose Data copy stored (unless specifically exempted by the Central Government)
  • 8. Thank You! nda@nishithdesai.com Mumbai | Silicon Valley | Bangalore | Singapore | Mumbai-BKC | New Delhi | Munich | New York © Nishith Desai Associates Aaron Kamath – aaron.kamath@nishithdesai.com