All you need to know about India’s Personal Data Protection Bill

 The Personal Data Protection (PDP) Bill, 2019, introduced in Lok Sabha this week, has been referred to a joint select committee. Here are some terms described in the Bill.
Data: Information that is represented in a form that is more appropriate for processing.
Cross-border transfer: The movement of data across nation borders
Data localisation: Restrictions on the transfer of data outside national borders.
Data processing: The analysis of data to glean patterns, turning raw data into useful information
Personal data:
Data that identifies an individual
Non-personal data: Data that is anonymised, most probably because it is presented in an aggregated or summary form
Data principal: The individual whose data is being collected and processed
Data fiduciary: The entity that collects and/or processes a data principal’s data
Data processor: The entity that a fiduciary might give the data to for processing, a third-party entity
Notice: The fiduciary gives the principal a notice of the collection, including the purpose, the type of data, fiduciary contact details, the principals’ rights, and more
Right to correction and erasure: Principal’s right to correct and erase their data
Right to data portability: The right to receive the data from the fiduciary in a machine-readable format
The right to be forgotten: The right to restrict continuing disclosure of personal data
Privacy by design: Developing the product and business with privacy concerns in mind
Data Protection Authority: A government authority tasked with protecting individuals’ data and executing this Act through codes of practice, inquiries, audits and more (The authority has four groups of tasks. In adjudication, the DPA receives grievances and handles enforcement. In monitoring, it oversees internal assessments and external audits of the fiduciaries, as well as tracks data security breaches. In policy, the DPA defines sensitive personal data, reasonable purposes for processing, forms of consent, and the lawful transfer of data outside of India. Finally, the Authority conducts research and awareness building about data protection.)
Significant data fiduciaries: The Data Protection Authority labels certain as this depending on its data processing, such as volume of data, sensitivity of data, company turnover, risk of harm, and newer technologies.
Data protection impact assessment: The fiduciary’s internal assessment
Data protection officer: A representative of the fiduciary that coordinates with the Authority
Sensitive personal data: Data related to finances, health, official identifiers, sex life, sexual orientation, biometric, genetics, transgender status, intersex status, caste or tribe, religious or political belief or affiliation. This data can only be sent abroad with Authority approval.
Critical personal data: The government decides the definition from time to time and it cannot be taken outside of India at all.
Adjudicating officers: Officers in the DPA with the power to call people forward for inquiry into fiduciaries, assess compliance, and determine penalties on the fiduciary or compensation to the principal. Adjudication decisions can be appealed in the appellate tribunal.

Photo Gallery