0.2042
7667766266
x

13/12/2019 - Government Policies

iasparliament Logo
December 13, 2019

The Personal Data Protection (PDP) Bill, 2019, has significant parallels and differences to the European Union’s General Data Protection Regulation (GDPR). Discuss (200 Words)

ReferIndian Express

Enrich the answer from other sources, if the question demands.

2 comments
Login or Register to Post Comments

Chinna 5 years

Kindly review...thank you...

IAS Parliament 5 years

Good attempt. Keep Writing.

IAS Parliament 5 years

KEY POINTS

 Personal Data Protection (PDP) Bill, 2019,

Where they differ

Data transfer abroad: 

·        One significant difference between the GDPR and the PDP Bill is the framework built around deciding whether or not data can leave the country.

·        Both give a government authority the power to decide if data transfers can occur, but the GDPR more clearly lays out the parameters of this decision.

·        The PDP simply states that the Authority has to have approval of the transfer of any sensitive personal data abroad, without specifying as many details about the other country’s “adequacy” in receiving the data.

Automated decisions: 

·        The GDPR much more directly addresses personal harm from automated decision-making. The PDP Bill requires an assessment in cases of large-scale profiling, but does not give the citizen the right to object to profiling, except in the cases of children.

Personal data types: 

·        To give special attention to particularly important types of data, India’s PDP Bill categorises personal data much more explicitly.

·        In the Indian Bill, a sub-category of personal data called sensitive personal data has a pre-determined list including health, financial, caste, and biometric data. It resembles the list of “special categories” in the GDPR, but the GDPR does not have separate localisation rules for this type of data.

Supervision & data handling: 

·        The GDPR Bill also gives wide-ranging discretion to “ supervisory authorities” created in each of the ‘US’s member states to oversee this topic. Aspects of the Bill, such as penalties, are left up to these authorities.

Where they are alike

Consent: 

·        The PDP Bill and the GDPR are founded upon the concept of consent. They also both given special protection to children’s lack of ability to give consent.

Individual’s rights: 

·        Both have similar rights given to the individual, including the right to correction, the right to data portability (transferring your data to another entity), and the right to be forgotten (the right to erase the disclosure of your data).

Other similarities: Both place responsibility on the fiduciaries, such as building products that include privacy by their design and transparency about their data-related matters.