SlideShare a Scribd company logo

India'a Proposed Privacy & Personal Data Protection Law

Priyanka Aash
Priyanka Aash

India'a Proposed Privacy & Personal Data Protection Law by Aaron Kamath

Technology
1 of 8
Mumbai | Silicon Valley | Bangalore | Singapore | Mumbai-BKC | New Delhi | Munich | New York © Nishith Desai Associates SACON 2020 India’s Proposed Privacy and Personal Data Protection Law - Aaron Kamath Leader - Technology & Privacy Law Practice February 22, 2020 Draft for discussion purposes only
Regulation as a Facilitator  Privacy • Control over data • Transfer to jurisdictions with less protection  Cybersecurity • In 2015, 70% of all internet traffic was passing through cloud data centers – how secure is that cloud?  Law enforcement • Government access • Data localization • Solutions – MLATs and data sharing agreements  Competition • Protect domestic companies from online competition  Equating digital and non-digital players • TSPs v. OTTs 2
Changing Landscape of Privacy and Data Protection in India  India, the largest consumer of mobile data in the world, is acknowledging the importance of data, its uses and security.  The Apex court declared the right to privacy as a fundamental right guaranteed under the Constitution.  In December 2019, the Indian Government introduced in the lower house of parliament the Personal Data Protection Bill, 2019.  The Bill on December 12, 2019 was referred to a Joint Parliamentary Committee (“JPC”) for further debate and examination.  Presently stakeholder recommendations are invited by the JPC until 25th February 2020.  JPC to submit its report to Parliament by mid-end March. 3
Existing Framework  The Information Technology Act, 2000  The Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011 • Protects ‘Sensitive Personal Data’ • Purpose, collection and storage limitation • Privacy Policy and disclosures • Consent requirements • Transfers • Reasonable security practices and procedures • Grievance officer  State of compliance  Sectoral requirements • Data localization– banking and payments, insurance, telecom 4
Overview of the Personal Data Protection Bill,2019  Applicability • Extra-territorial • Exemption for manual processing and outsourcing activities in certain cases  Wider categories of data protected • Personal data • Sensitive personal data – biometric, financial, religious, caste data included  Peculiarities in other categories of data • Critical personal data (no guidance) • Anonymized / non-personal data (Government requests)  Enhanced data controller obligations • Notice and consent requirements – for personal and sensitive data • Purpose, collection and storage limitations • Privacy by design • Transparency and security safeguards (CoPs) • Data breach notifications (to DPA)  Significant data fiduciary • Impact assessments • Maintenance of records and audits • Data protection officer • Social media intermediaries 5
Overview of the Personal Data Protection Bill,2019 (contd.)  Rights conferred on data subjects (flavors of GDPR) • Confirmation and access • Correction and erasure • Data portability (extends to data generated by fiduciary and profile data) • Right to be forgotten (limited right)  Special provisions on children’s data • Age-verification and parental consent • Guardian data fiduciary • Restrictions in profiling, tracking, monitoring, targeted advertising directed at children or other potentially harmful activities  Independent Data Protection Authority • Codes of Practice  Regulatory sandbox  Enhanced penalties linked to % of worldwide turnover in some grave cases 6
7 Data Fiduciary Data Processor Data transfer (unless categorized as Critical Personal Data) Overseas INDIA Data Localization andCross-Border DataTransfers - Sensitive Personal Data Server / Data Centre Data Principal Explicit consent -- Data ProtectionAuthority approved contract or intra-group schemes, or - Transfer to Government notified countries or class of entities or international organizations; or - DPA approved transfer for a specific purpose Data copy stored (unless specifically exempted by the Central Government)
Thank You! nda@nishithdesai.com Mumbai | Silicon Valley | Bangalore | Singapore | Mumbai-BKC | New Delhi | Munich | New York © Nishith Desai Associates Aaron Kamath – aaron.kamath@nishithdesai.com

Recommended

Overview Data Privacy Bill India
Overview Data Privacy Bill IndiaOverview Data Privacy Bill India
Overview Data Privacy Bill IndiaITS Technology Solution Private Limited
 
Data Protection in India
Data Protection in IndiaData Protection in India
Data Protection in IndiaHome
 
Data Privacy
Data PrivacyData Privacy
Data PrivacyHome
 
Data Privacy
Data PrivacyData Privacy
Data Privacycliff_rudolph
 
Data Privacy Introduction
Data Privacy IntroductionData Privacy Introduction
Data Privacy IntroductionG Prachi
 
Data and software privacy
Data and software privacyData and software privacy
Data and software privacyIntegral university, India
 
Privacy and Data Security
Privacy and Data SecurityPrivacy and Data Security
Privacy and Data SecurityWilmerHale
 
Privacy & Data Protection in the Digital World
Privacy & Data Protection in the Digital WorldPrivacy & Data Protection in the Digital World
Privacy & Data Protection in the Digital WorldArab Federation for Digital Economy
 

Recommended

Overview Data Privacy Bill India
Overview Data Privacy Bill IndiaOverview Data Privacy Bill India
Overview Data Privacy Bill IndiaITS Technology Solution Private Limited
 
Data Protection in India
Data Protection in IndiaData Protection in India
Data Protection in IndiaHome
 
Data Privacy
Data PrivacyData Privacy
Data PrivacyHome
 
Data Privacy
Data PrivacyData Privacy
Data Privacycliff_rudolph
 
Data Privacy Introduction
Data Privacy IntroductionData Privacy Introduction
Data Privacy IntroductionG Prachi
 
Data and software privacy
Data and software privacyData and software privacy
Data and software privacyIntegral university, India
 
Privacy and Data Security
Privacy and Data SecurityPrivacy and Data Security
Privacy and Data SecurityWilmerHale
 
Privacy & Data Protection in the Digital World
Privacy & Data Protection in the Digital WorldPrivacy & Data Protection in the Digital World
Privacy & Data Protection in the Digital WorldArab Federation for Digital Economy
 
Privacy and Data Protection Act 2014 (VIC)
Privacy and Data Protection Act 2014 (VIC)Privacy and Data Protection Act 2014 (VIC)
Privacy and Data Protection Act 2014 (VIC)Russell_Kennedy
 
Privacy & Data Protection
Privacy & Data ProtectionPrivacy & Data Protection
Privacy & Data Protectionsp_krishna
 
General Data Protection Regulation (GDPR)
General Data Protection Regulation (GDPR)General Data Protection Regulation (GDPR)
General Data Protection Regulation (GDPR)Extentia Information Technology
 
Data protection ppt
Data protection pptData protection ppt
Data protection pptgrahamwell
 
Data Protection and Privacy
Data Protection and PrivacyData Protection and Privacy
Data Protection and PrivacyVertex Holdings
 
Consumer Privacy
Consumer PrivacyConsumer Privacy
Consumer PrivacyAshish Jain
 
Presentation on GDPR
Presentation on GDPRPresentation on GDPR
Presentation on GDPRDipanjanDey12
 
GDPR Overview
GDPR OverviewGDPR Overview
GDPR OverviewTrish McGinity, CCSK
 
Data Privacy in India and data theft
Data Privacy in India and data theftData Privacy in India and data theft
Data Privacy in India and data theftAmber Gupta
 
Data Protection Act
Data Protection ActData Protection Act
Data Protection Actmrmwood
 
Data Privacy & Compliance Considerations on Using Cloud Services
Data Privacy & Compliance Considerations on Using Cloud ServicesData Privacy & Compliance Considerations on Using Cloud Services
Data Privacy & Compliance Considerations on Using Cloud ServicesAmazon Web Services
 
Data protection regulation
Data protection regulationData protection regulation
Data protection regulationGreg Ezeilo
 
Simple GDPR Overview
Simple GDPR OverviewSimple GDPR Overview
Simple GDPR OverviewGydeline Ltd
 
Cybersecurity and Data Privacy
Cybersecurity and Data PrivacyCybersecurity and Data Privacy
Cybersecurity and Data PrivacyWilmerHale
 
Data Privacy & Security
Data Privacy & SecurityData Privacy & Security
Data Privacy & SecurityEryk Budi Pratama
 
Cybersecurity & Data Privacy 2020 - Introduction to US Privacy and Data Secur...
Cybersecurity & Data Privacy 2020 - Introduction to US Privacy and Data Secur...Cybersecurity & Data Privacy 2020 - Introduction to US Privacy and Data Secur...
Cybersecurity & Data Privacy 2020 - Introduction to US Privacy and Data Secur...Financial Poise
 
Privacy in simple
Privacy in simplePrivacy in simple
Privacy in simpleAurora Computer Studies
 
The GDPR for Techies
The GDPR for TechiesThe GDPR for Techies
The GDPR for TechiesLilian Edwards
 
GDPR for dummies
GDPR for dummies GDPR for dummies
GDPR for dummies Benoît De Nayer
 
Privacy issues in data analytics
Privacy issues in data analyticsPrivacy issues in data analytics
Privacy issues in data analyticsshekharkanodia
 
Smart_cities_and_sustainability_Korpisaari.pdf
Smart_cities_and_sustainability_Korpisaari.pdfSmart_cities_and_sustainability_Korpisaari.pdf
Smart_cities_and_sustainability_Korpisaari.pdfPäivi Korpisaari
 
13687562.ppt
13687562.ppt13687562.ppt
13687562.ppthandywicaksono2
 

More Related Content

What's hot

Privacy and Data Protection Act 2014 (VIC)
Privacy and Data Protection Act 2014 (VIC)Privacy and Data Protection Act 2014 (VIC)
Privacy and Data Protection Act 2014 (VIC)Russell_Kennedy
 
Privacy & Data Protection
Privacy & Data ProtectionPrivacy & Data Protection
Privacy & Data Protectionsp_krishna
 
Data protection ppt
Data protection pptData protection ppt
Data protection pptgrahamwell
 
Data Protection and Privacy
Data Protection and PrivacyData Protection and Privacy
Data Protection and PrivacyVertex Holdings
 
Consumer Privacy
Consumer PrivacyConsumer Privacy
Consumer PrivacyAshish Jain
 
Presentation on GDPR
Presentation on GDPRPresentation on GDPR
Presentation on GDPRDipanjanDey12
 
Data Privacy in India and data theft
Data Privacy in India and data theftData Privacy in India and data theft
Data Privacy in India and data theftAmber Gupta
 
Data Protection Act
Data Protection ActData Protection Act
Data Protection Actmrmwood
 
Data Privacy & Compliance Considerations on Using Cloud Services
Data Privacy & Compliance Considerations on Using Cloud ServicesData Privacy & Compliance Considerations on Using Cloud Services
Data Privacy & Compliance Considerations on Using Cloud ServicesAmazon Web Services
 
Data protection regulation
Data protection regulationData protection regulation
Data protection regulationGreg Ezeilo
 
Simple GDPR Overview
Simple GDPR OverviewSimple GDPR Overview
Simple GDPR OverviewGydeline Ltd
 
Cybersecurity and Data Privacy
Cybersecurity and Data PrivacyCybersecurity and Data Privacy
Cybersecurity and Data PrivacyWilmerHale
 
Cybersecurity & Data Privacy 2020 - Introduction to US Privacy and Data Secur...
Cybersecurity & Data Privacy 2020 - Introduction to US Privacy and Data Secur...Cybersecurity & Data Privacy 2020 - Introduction to US Privacy and Data Secur...
Cybersecurity & Data Privacy 2020 - Introduction to US Privacy and Data Secur...Financial Poise
 

What's hot (19)

Privacy and Data Protection Act 2014 (VIC)
Privacy and Data Protection Act 2014 (VIC)Privacy and Data Protection Act 2014 (VIC)
Privacy and Data Protection Act 2014 (VIC)
 
Privacy & Data Protection
Privacy & Data ProtectionPrivacy & Data Protection
Privacy & Data Protection
 
General Data Protection Regulation (GDPR)
General Data Protection Regulation (GDPR)General Data Protection Regulation (GDPR)
General Data Protection Regulation (GDPR)
 
Data protection ppt
Data protection pptData protection ppt
Data protection ppt
 
Data Protection and Privacy
Data Protection and PrivacyData Protection and Privacy
Data Protection and Privacy
 
Consumer Privacy
Consumer PrivacyConsumer Privacy
Consumer Privacy
 
Presentation on GDPR
Presentation on GDPRPresentation on GDPR
Presentation on GDPR
 
GDPR Overview
GDPR OverviewGDPR Overview
GDPR Overview
 
Data Privacy in India and data theft
Data Privacy in India and data theftData Privacy in India and data theft
Data Privacy in India and data theft
 
Data Protection Act
Data Protection ActData Protection Act
Data Protection Act
 
Data Privacy & Compliance Considerations on Using Cloud Services
Data Privacy & Compliance Considerations on Using Cloud ServicesData Privacy & Compliance Considerations on Using Cloud Services
Data Privacy & Compliance Considerations on Using Cloud Services
 
Data protection regulation
Data protection regulationData protection regulation
Data protection regulation
 
Simple GDPR Overview
Simple GDPR OverviewSimple GDPR Overview
Simple GDPR Overview
 
Cybersecurity and Data Privacy
Cybersecurity and Data PrivacyCybersecurity and Data Privacy
Cybersecurity and Data Privacy
 
Data Privacy & Security
Data Privacy & SecurityData Privacy & Security
Data Privacy & Security
 
Cybersecurity & Data Privacy 2020 - Introduction to US Privacy and Data Secur...
Cybersecurity & Data Privacy 2020 - Introduction to US Privacy and Data Secur...Cybersecurity & Data Privacy 2020 - Introduction to US Privacy and Data Secur...
Cybersecurity & Data Privacy 2020 - Introduction to US Privacy and Data Secur...
 
Privacy in simple
Privacy in simplePrivacy in simple
Privacy in simple
 
The GDPR for Techies
The GDPR for TechiesThe GDPR for Techies
The GDPR for Techies
 
GDPR for dummies
GDPR for dummies GDPR for dummies
GDPR for dummies
 

Similar to India'a Proposed Privacy & Personal Data Protection Law

Privacy issues in data analytics
Privacy issues in data analyticsPrivacy issues in data analytics
Privacy issues in data analyticsshekharkanodia
 
Smart_cities_and_sustainability_Korpisaari.pdf
Smart_cities_and_sustainability_Korpisaari.pdfSmart_cities_and_sustainability_Korpisaari.pdf
Smart_cities_and_sustainability_Korpisaari.pdfPäivi Korpisaari
 
When Big Data is Personal Data - Data Analytics in The Age of Privacy Laws
When Big Data is Personal Data - Data Analytics in The Age of Privacy LawsWhen Big Data is Personal Data - Data Analytics in The Age of Privacy Laws
When Big Data is Personal Data - Data Analytics in The Age of Privacy LawsTara Aaron
 
GDPR and IoT: What do you need to know?
GDPR and IoT: What do you need to know?GDPR and IoT: What do you need to know?
GDPR and IoT: What do you need to know?MicheleNati
 
What You Should Know About Data Privacy- Knobbe Martens Webinar Series for St...
What You Should Know About Data Privacy- Knobbe Martens Webinar Series for St...What You Should Know About Data Privacy- Knobbe Martens Webinar Series for St...
What You Should Know About Data Privacy- Knobbe Martens Webinar Series for St...Knobbe Martens - Intellectual Property Law
 
Embedding GDPR Within Your Information and Library Service
Embedding GDPR Within Your Information and Library ServiceEmbedding GDPR Within Your Information and Library Service
Embedding GDPR Within Your Information and Library ServiceCILIPScotland
 
Building Consumers Trust: The role of transparency and control
Building Consumers Trust: The role of transparency and controlBuilding Consumers Trust: The role of transparency and control
Building Consumers Trust: The role of transparency and controlMicheleNati
 
IT risk discusion qustion.pdf
IT risk discusion qustion.pdfIT risk discusion qustion.pdf
IT risk discusion qustion.pdfstirlingvwriters
 
GDPR Enforcement is here. Are you ready?
GDPR Enforcement is here. Are you ready? GDPR Enforcement is here. Are you ready?
GDPR Enforcement is here. Are you ready? SecurityScorecard
 
Real world data engineering practices for GDPR
Real world data engineering practices for GDPRReal world data engineering practices for GDPR
Real world data engineering practices for GDPRChing-Yu Wu
 
GDPR in the Healthcare Industry
GDPR in the Healthcare IndustryGDPR in the Healthcare Industry
GDPR in the Healthcare IndustryEMMAIntl
 
National Data Sharing and Accessibility Policy [ NDSAP 2012 ]
National Data Sharing and Accessibility Policy [ NDSAP 2012 ]National Data Sharing and Accessibility Policy [ NDSAP 2012 ]
National Data Sharing and Accessibility Policy [ NDSAP 2012 ]Data Portal India
 
(SACON) Shivangi Nadkarni & Sandeep Rao - An introduction to Data Privacy
(SACON) Shivangi Nadkarni & Sandeep Rao - An introduction to Data Privacy(SACON) Shivangi Nadkarni & Sandeep Rao - An introduction to Data Privacy
(SACON) Shivangi Nadkarni & Sandeep Rao - An introduction to Data PrivacyPriyanka Aash
 
GDPR clinic - CloudWATCH at Cloud Security Expo 2017
GDPR clinic - CloudWATCH at Cloud Security Expo 2017GDPR clinic - CloudWATCH at Cloud Security Expo 2017
GDPR clinic - CloudWATCH at Cloud Security Expo 2017CloudWATCH Consortium
 
Smart Cities in India: Privacy & Security Concerns and Strategies
Smart Cities in India: Privacy & Security Concerns and StrategiesSmart Cities in India: Privacy & Security Concerns and Strategies
Smart Cities in India: Privacy & Security Concerns and StrategiesKavitha Gupta, CIPP-Asia
 
GCCS-privacy-PP-final presentation-3-1.pptx
GCCS-privacy-PP-final presentation-3-1.pptxGCCS-privacy-PP-final presentation-3-1.pptx
GCCS-privacy-PP-final presentation-3-1.pptxMuhammadAbdullah311866
 
Present european sdg summit template sdg roundtables_sitra_fibs
Present european sdg summit template sdg roundtables_sitra_fibsPresent european sdg summit template sdg roundtables_sitra_fibs
Present european sdg summit template sdg roundtables_sitra_fibsSitra / Hyvinvointi
 

Similar to India'a Proposed Privacy & Personal Data Protection Law (20)

Privacy issues in data analytics
Privacy issues in data analyticsPrivacy issues in data analytics
Privacy issues in data analytics
 
Smart_cities_and_sustainability_Korpisaari.pdf
Smart_cities_and_sustainability_Korpisaari.pdfSmart_cities_and_sustainability_Korpisaari.pdf
Smart_cities_and_sustainability_Korpisaari.pdf
 
13687562.ppt
13687562.ppt13687562.ppt
13687562.ppt
 
When Big Data is Personal Data - Data Analytics in The Age of Privacy Laws
When Big Data is Personal Data - Data Analytics in The Age of Privacy LawsWhen Big Data is Personal Data - Data Analytics in The Age of Privacy Laws
When Big Data is Personal Data - Data Analytics in The Age of Privacy Laws
 
GDPR and IoT: What do you need to know?
GDPR and IoT: What do you need to know?GDPR and IoT: What do you need to know?
GDPR and IoT: What do you need to know?
 
What You Should Know About Data Privacy- Knobbe Martens Webinar Series for St...
What You Should Know About Data Privacy- Knobbe Martens Webinar Series for St...What You Should Know About Data Privacy- Knobbe Martens Webinar Series for St...
What You Should Know About Data Privacy- Knobbe Martens Webinar Series for St...
 
Embedding GDPR Within Your Information and Library Service
Embedding GDPR Within Your Information and Library ServiceEmbedding GDPR Within Your Information and Library Service
Embedding GDPR Within Your Information and Library Service
 
Building Consumers Trust: The role of transparency and control
Building Consumers Trust: The role of transparency and controlBuilding Consumers Trust: The role of transparency and control
Building Consumers Trust: The role of transparency and control
 
IT risk discusion qustion.pdf
IT risk discusion qustion.pdfIT risk discusion qustion.pdf
IT risk discusion qustion.pdf
 
GDPR Enforcement is here. Are you ready?
GDPR Enforcement is here. Are you ready? GDPR Enforcement is here. Are you ready?
GDPR Enforcement is here. Are you ready?
 
Real world data engineering practices for GDPR
Real world data engineering practices for GDPRReal world data engineering practices for GDPR
Real world data engineering practices for GDPR
 
GDPR in the Healthcare Industry
GDPR in the Healthcare IndustryGDPR in the Healthcare Industry
GDPR in the Healthcare Industry
 
National Data Sharing and Accessibility Policy [ NDSAP 2012 ]
National Data Sharing and Accessibility Policy [ NDSAP 2012 ]National Data Sharing and Accessibility Policy [ NDSAP 2012 ]
National Data Sharing and Accessibility Policy [ NDSAP 2012 ]
 
(SACON) Shivangi Nadkarni & Sandeep Rao - An introduction to Data Privacy
(SACON) Shivangi Nadkarni & Sandeep Rao - An introduction to Data Privacy(SACON) Shivangi Nadkarni & Sandeep Rao - An introduction to Data Privacy
(SACON) Shivangi Nadkarni & Sandeep Rao - An introduction to Data Privacy
 
GDPR clinic - CloudWATCH at Cloud Security Expo 2017
GDPR clinic - CloudWATCH at Cloud Security Expo 2017GDPR clinic - CloudWATCH at Cloud Security Expo 2017
GDPR clinic - CloudWATCH at Cloud Security Expo 2017
 
GDPR for your Payroll Bureau
GDPR for your Payroll BureauGDPR for your Payroll Bureau
GDPR for your Payroll Bureau
 
Smart Cities in India: Privacy & Security Concerns and Strategies
Smart Cities in India: Privacy & Security Concerns and StrategiesSmart Cities in India: Privacy & Security Concerns and Strategies
Smart Cities in India: Privacy & Security Concerns and Strategies
 
GCCS-privacy-PP-final presentation-3-1.pptx
GCCS-privacy-PP-final presentation-3-1.pptxGCCS-privacy-PP-final presentation-3-1.pptx
GCCS-privacy-PP-final presentation-3-1.pptx
 
Gdpr action plan
Gdpr action plan Gdpr action plan
Gdpr action plan
 
Present european sdg summit template sdg roundtables_sitra_fibs
Present european sdg summit template sdg roundtables_sitra_fibsPresent european sdg summit template sdg roundtables_sitra_fibs
Present european sdg summit template sdg roundtables_sitra_fibs
 

More from Priyanka Aash

Digital Personal Data Protection (DPDP) Practical Approach For CISOs
Digital Personal Data Protection (DPDP) Practical Approach For CISOsDigital Personal Data Protection (DPDP) Practical Approach For CISOs
Digital Personal Data Protection (DPDP) Practical Approach For CISOsPriyanka Aash
 
Verizon Breach Investigation Report (VBIR).pdf
Verizon Breach Investigation Report (VBIR).pdfVerizon Breach Investigation Report (VBIR).pdf
Verizon Breach Investigation Report (VBIR).pdfPriyanka Aash
 
Top 10 Security Risks .pptx.pdf
Top 10 Security Risks .pptx.pdfTop 10 Security Risks .pptx.pdf
Top 10 Security Risks .pptx.pdfPriyanka Aash
 
Simplifying data privacy and protection.pdf
Simplifying data privacy and protection.pdfSimplifying data privacy and protection.pdf
Simplifying data privacy and protection.pdfPriyanka Aash
 
Generative AI and Security (1).pptx.pdf
Generative AI and Security (1).pptx.pdfGenerative AI and Security (1).pptx.pdf
Generative AI and Security (1).pptx.pdfPriyanka Aash
 
EVERY ATTACK INVOLVES EXPLOITATION OF A WEAKNESS.pdf
EVERY ATTACK INVOLVES EXPLOITATION OF A WEAKNESS.pdfEVERY ATTACK INVOLVES EXPLOITATION OF A WEAKNESS.pdf
EVERY ATTACK INVOLVES EXPLOITATION OF A WEAKNESS.pdfPriyanka Aash
 
Cyber Truths_Are you Prepared version 1.1.pptx.pdf
Cyber Truths_Are you Prepared version 1.1.pptx.pdfCyber Truths_Are you Prepared version 1.1.pptx.pdf
Cyber Truths_Are you Prepared version 1.1.pptx.pdfPriyanka Aash
 
Cyber Crisis Management.pdf
Cyber Crisis Management.pdfCyber Crisis Management.pdf
Cyber Crisis Management.pdfPriyanka Aash
 
CISOPlatform journey.pptx.pdf
CISOPlatform journey.pptx.pdfCISOPlatform journey.pptx.pdf
CISOPlatform journey.pptx.pdfPriyanka Aash
 
Chennai Chapter.pptx.pdf
Chennai Chapter.pptx.pdfChennai Chapter.pptx.pdf
Chennai Chapter.pptx.pdfPriyanka Aash
 
Cloud attack vectors_Moshe.pdf
Cloud attack vectors_Moshe.pdfCloud attack vectors_Moshe.pdf
Cloud attack vectors_Moshe.pdfPriyanka Aash
 
Stories From The Web 3 Battlefield
Stories From The Web 3 BattlefieldStories From The Web 3 Battlefield
Stories From The Web 3 BattlefieldPriyanka Aash
 
Lessons Learned From Ransomware Attacks
Lessons Learned From Ransomware AttacksLessons Learned From Ransomware Attacks
Lessons Learned From Ransomware AttacksPriyanka Aash
 
Emerging New Threats And Top CISO Priorities In 2022 (Chennai)
Emerging New Threats And Top CISO Priorities In 2022 (Chennai)Emerging New Threats And Top CISO Priorities In 2022 (Chennai)
Emerging New Threats And Top CISO Priorities In 2022 (Chennai)Priyanka Aash
 
Emerging New Threats And Top CISO Priorities In 2022 (Mumbai)
Emerging New Threats And Top CISO Priorities In 2022 (Mumbai)Emerging New Threats And Top CISO Priorities In 2022 (Mumbai)
Emerging New Threats And Top CISO Priorities In 2022 (Mumbai)Priyanka Aash
 
Emerging New Threats And Top CISO Priorities in 2022 (Bangalore)
Emerging New Threats And Top CISO Priorities in 2022 (Bangalore)Emerging New Threats And Top CISO Priorities in 2022 (Bangalore)
Emerging New Threats And Top CISO Priorities in 2022 (Bangalore)Priyanka Aash
 
Cloud Security: Limitations of Cloud Security Groups and Flow Logs
Cloud Security: Limitations of Cloud Security Groups and Flow LogsCloud Security: Limitations of Cloud Security Groups and Flow Logs
Cloud Security: Limitations of Cloud Security Groups and Flow LogsPriyanka Aash
 
Cyber Security Governance
Cyber Security GovernanceCyber Security Governance
Cyber Security GovernancePriyanka Aash
 

More from Priyanka Aash (20)

Digital Personal Data Protection (DPDP) Practical Approach For CISOs
Digital Personal Data Protection (DPDP) Practical Approach For CISOsDigital Personal Data Protection (DPDP) Practical Approach For CISOs
Digital Personal Data Protection (DPDP) Practical Approach For CISOs
 
Verizon Breach Investigation Report (VBIR).pdf
Verizon Breach Investigation Report (VBIR).pdfVerizon Breach Investigation Report (VBIR).pdf
Verizon Breach Investigation Report (VBIR).pdf
 
Top 10 Security Risks .pptx.pdf
Top 10 Security Risks .pptx.pdfTop 10 Security Risks .pptx.pdf
Top 10 Security Risks .pptx.pdf
 
Simplifying data privacy and protection.pdf
Simplifying data privacy and protection.pdfSimplifying data privacy and protection.pdf
Simplifying data privacy and protection.pdf
 
Generative AI and Security (1).pptx.pdf
Generative AI and Security (1).pptx.pdfGenerative AI and Security (1).pptx.pdf
Generative AI and Security (1).pptx.pdf
 
EVERY ATTACK INVOLVES EXPLOITATION OF A WEAKNESS.pdf
EVERY ATTACK INVOLVES EXPLOITATION OF A WEAKNESS.pdfEVERY ATTACK INVOLVES EXPLOITATION OF A WEAKNESS.pdf
EVERY ATTACK INVOLVES EXPLOITATION OF A WEAKNESS.pdf
 
DPDP Act 2023.pdf
DPDP Act 2023.pdfDPDP Act 2023.pdf
DPDP Act 2023.pdf
 
Cyber Truths_Are you Prepared version 1.1.pptx.pdf
Cyber Truths_Are you Prepared version 1.1.pptx.pdfCyber Truths_Are you Prepared version 1.1.pptx.pdf
Cyber Truths_Are you Prepared version 1.1.pptx.pdf
 
Cyber Crisis Management.pdf
Cyber Crisis Management.pdfCyber Crisis Management.pdf
Cyber Crisis Management.pdf
 
CISOPlatform journey.pptx.pdf
CISOPlatform journey.pptx.pdfCISOPlatform journey.pptx.pdf
CISOPlatform journey.pptx.pdf
 
Chennai Chapter.pptx.pdf
Chennai Chapter.pptx.pdfChennai Chapter.pptx.pdf
Chennai Chapter.pptx.pdf
 
Cloud attack vectors_Moshe.pdf
Cloud attack vectors_Moshe.pdfCloud attack vectors_Moshe.pdf
Cloud attack vectors_Moshe.pdf
 
Stories From The Web 3 Battlefield
Stories From The Web 3 BattlefieldStories From The Web 3 Battlefield
Stories From The Web 3 Battlefield
 
Lessons Learned From Ransomware Attacks
Lessons Learned From Ransomware AttacksLessons Learned From Ransomware Attacks
Lessons Learned From Ransomware Attacks
 
Emerging New Threats And Top CISO Priorities In 2022 (Chennai)
Emerging New Threats And Top CISO Priorities In 2022 (Chennai)Emerging New Threats And Top CISO Priorities In 2022 (Chennai)
Emerging New Threats And Top CISO Priorities In 2022 (Chennai)
 
Emerging New Threats And Top CISO Priorities In 2022 (Mumbai)
Emerging New Threats And Top CISO Priorities In 2022 (Mumbai)Emerging New Threats And Top CISO Priorities In 2022 (Mumbai)
Emerging New Threats And Top CISO Priorities In 2022 (Mumbai)
 
Emerging New Threats And Top CISO Priorities in 2022 (Bangalore)
Emerging New Threats And Top CISO Priorities in 2022 (Bangalore)Emerging New Threats And Top CISO Priorities in 2022 (Bangalore)
Emerging New Threats And Top CISO Priorities in 2022 (Bangalore)
 
Cloud Security: Limitations of Cloud Security Groups and Flow Logs
Cloud Security: Limitations of Cloud Security Groups and Flow LogsCloud Security: Limitations of Cloud Security Groups and Flow Logs
Cloud Security: Limitations of Cloud Security Groups and Flow Logs
 
Cyber Security Governance
Cyber Security GovernanceCyber Security Governance
Cyber Security Governance
 
Ethical Hacking
Ethical HackingEthical Hacking
Ethical Hacking
 

Recently uploaded

Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024The Digital Insurer
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Igalia
 
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...gurkirankumar98700
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEarley Information Science
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationMichael W. Hawkins
 
Developing An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of BrazilDeveloping An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of BrazilV3cube
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Drew Madelung
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityPrincipled Technologies
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationRadu Cotescu
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreternaman860154
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonetsnaman860154
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxKatpro Technologies
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonAnna Loughnan Colquhoun
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 
Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Paola De la Torre
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxMalak Abu Hammad
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure servicePooja Nehwal
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesSinan KOZAK
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024Rafal Los
 

Recently uploaded (20)

Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
 
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
Developing An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of BrazilDeveloping An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of Brazil
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024
 
Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptx
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen Frames
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 

India'a Proposed Privacy & Personal Data Protection Law

  • 1. Mumbai | Silicon Valley | Bangalore | Singapore | Mumbai-BKC | New Delhi | Munich | New York © Nishith Desai Associates SACON 2020 India’s Proposed Privacy and Personal Data Protection Law - Aaron Kamath Leader - Technology & Privacy Law Practice February 22, 2020 Draft for discussion purposes only
  • 2. Regulation as a Facilitator  Privacy • Control over data • Transfer to jurisdictions with less protection  Cybersecurity • In 2015, 70% of all internet traffic was passing through cloud data centers – how secure is that cloud?  Law enforcement • Government access • Data localization • Solutions – MLATs and data sharing agreements  Competition • Protect domestic companies from online competition  Equating digital and non-digital players • TSPs v. OTTs 2
  • 3. Changing Landscape of Privacy and Data Protection in India  India, the largest consumer of mobile data in the world, is acknowledging the importance of data, its uses and security.  The Apex court declared the right to privacy as a fundamental right guaranteed under the Constitution.  In December 2019, the Indian Government introduced in the lower house of parliament the Personal Data Protection Bill, 2019.  The Bill on December 12, 2019 was referred to a Joint Parliamentary Committee (“JPC”) for further debate and examination.  Presently stakeholder recommendations are invited by the JPC until 25th February 2020.  JPC to submit its report to Parliament by mid-end March. 3
  • 4. Existing Framework  The Information Technology Act, 2000  The Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011 • Protects ‘Sensitive Personal Data’ • Purpose, collection and storage limitation • Privacy Policy and disclosures • Consent requirements • Transfers • Reasonable security practices and procedures • Grievance officer  State of compliance  Sectoral requirements • Data localization– banking and payments, insurance, telecom 4
  • 5. Overview of the Personal Data Protection Bill,2019  Applicability • Extra-territorial • Exemption for manual processing and outsourcing activities in certain cases  Wider categories of data protected • Personal data • Sensitive personal data – biometric, financial, religious, caste data included  Peculiarities in other categories of data • Critical personal data (no guidance) • Anonymized / non-personal data (Government requests)  Enhanced data controller obligations • Notice and consent requirements – for personal and sensitive data • Purpose, collection and storage limitations • Privacy by design • Transparency and security safeguards (CoPs) • Data breach notifications (to DPA)  Significant data fiduciary • Impact assessments • Maintenance of records and audits • Data protection officer • Social media intermediaries 5
  • 6. Overview of the Personal Data Protection Bill,2019 (contd.)  Rights conferred on data subjects (flavors of GDPR) • Confirmation and access • Correction and erasure • Data portability (extends to data generated by fiduciary and profile data) • Right to be forgotten (limited right)  Special provisions on children’s data • Age-verification and parental consent • Guardian data fiduciary • Restrictions in profiling, tracking, monitoring, targeted advertising directed at children or other potentially harmful activities  Independent Data Protection Authority • Codes of Practice  Regulatory sandbox  Enhanced penalties linked to % of worldwide turnover in some grave cases 6
  • 7. 7 Data Fiduciary Data Processor Data transfer (unless categorized as Critical Personal Data) Overseas INDIA Data Localization andCross-Border DataTransfers - Sensitive Personal Data Server / Data Centre Data Principal Explicit consent -- Data ProtectionAuthority approved contract or intra-group schemes, or - Transfer to Government notified countries or class of entities or international organizations; or - DPA approved transfer for a specific purpose Data copy stored (unless specifically exempted by the Central Government)
  • 8. Thank You! nda@nishithdesai.com Mumbai | Silicon Valley | Bangalore | Singapore | Mumbai-BKC | New Delhi | Munich | New York © Nishith Desai Associates Aaron Kamath – aaron.kamath@nishithdesai.com