Global Data Privacy Digest

Global Data Privacy Digest

Written by Jade Boneff-Walsh

Welcome to the Data Privacy Digest! In this monthly series, Jade Boneff-Walsh, Infocore’s VP of Global Markets, explores the rapidly changing world of data privacy policy. Each month we’ll take you on a deep dive into one particular region as well as provide curated links to data privacy news from across the globe.

Deeper Dive: India Introduces New Data Protection Bill

The lower house of India’s Parliament, Lok Sabha, introduced the Personal Data Protection Bill of 2019 (PDPB) in December, almost a year after the first draft was debated. The bill has been sent to a joint select committee for review and is already generating concerns about how easily the central government would be allowed to bypass data protections.

The PDPB confers upon the Central Government the power to allow government agencies access and use of personal data of individuals in the interest of national security and sovereignty. There are no objective parameters and criterion of when the government can access an individual’s data. The bill gives the government an arbitrary power to bypass data protections.

In 2018 the Supreme Court of India declared privacy a fundamental right under Article 21 of the Indian Constitution. The PDPB is meant to enshrine the Supreme Court’s decision into law, regulating the sharing of personal data, the processing of “sensitive” and “critical” personal data, and establishing a Data Protection Authority of India (DPAI) to enforce the law. The PDPB was modeled after the European GDPR, but with an innovative twist.

The PDPB proposes regulations on social media platforms, tasking them with creating mechanisms to verify accounts created by users in India or accessing a platform in India. The provision seeks to reduce social media trolling and prevent the type of foreign influence allegedly perpetrated during the 2016 presidential election in the United States.

The bill creates two special data categories: “sensitive” and “critical” data. Sensitive data is defined as related to financial, health, sexual orientation, biometrics, transgender status, religious or political beliefs and affiliation. The PDPB proposes that such data can be stored only in India, although it may be processed outside India with explicit consent. Critical data includes military or national security data, or other data defined by the government. All other data is considered “general data”.

The bill also provides rights such as Right to confirmation, Right to correction, Right to Data Portability and the Right to Be Forgotten.

Other Data Privacy News

Panama’s Data Privacy law to come into effect in 2020

The National Assembly passed Bill 665 concerning data protection in 2018. The law is scheduled to come into effect two years after enactment. The country currently does not have a general data protection law.

Read more: https://www.iflr.com/Article/3907791/Home/Colombia-Data-privacy-regime-revamped.html

Data Privacy Landscape in Asia Pacific is Fragmented

Japan is the only country in the region to have received an Adequacy Decision by the European Commission.

Read more: https://www.regulationasia.com/data-privacy-in-asia-pacific-a-fragmented-landscape/

California to Begin Enforcement of First Data Privacy Regulation

The California Consumer Privacy Act (CCPA) passed in June 2018 will be enforced from January 1, 2020.

Read more: https://www.braze.com/perspectives/article/ccpa-faqs

China Expected to Revamp Data Privacy Protections in 2020

Although the country already has stringent data protections, they are not applicable to every industry and enforcement is inconsistent.

Read more: https://technode.com/2019/12/24/china-data-privacy-2020/

EU-US Privacy Shield Faces Scrutiny in the Court of Justice of the European Union(CJEU)

Europe remains concerned about government surveillance in the United States and deficiencies in the mechanism created in the Privacy Shield for U.S. government review of complaints lodged by Europeans against surveillance activities.

Read more: https://www.lawfareblog.com/european-court-justice-opinion-clouds-future-transatlantic-commercial-data-transfers

Canada Expected to Implement Major Changes to Data Protection

The Minister of Innovation, Science and Industry, the Minister of Justice and the Minister of Canadian Heritage were tasked by the Prime Minister to in December to create significant changes to the rules around personal data, literally, “a new set of online rights”.

Read more: https://www.lexology.com/library/detail.aspx?g=d9ecabe6-c291-4e35-ace9-5c73149107fb

Kenya Enacts First Data Privacy Law

Kenyan citizens now have the right to know why and how their information is being recorded, stored and handled, and for what specific purpose it will be used.

Read more: https://advox.globalvoices.org/2019/12/24/kenya-now-has-a-data-protection-law-what-does-this-mean-for-netizens/

For a sample of the high-quality global data we source, download our International Data Catalog and contact us for a free consultation.