Refer - Indian Express
Enrich the answer from other sources, if the question demands.
Chinna 5 years
Kindly review...thank you...
IAS Parliament 5 years
Good attempt. Keep Writing.
IAS Parliament 5 years
KEY POINTS
Personal Data Protection (PDP) Bill, 2019,
Where they differ
Data transfer abroad:
· One significant difference between the GDPR and the PDP Bill is the framework built around deciding whether or not data can leave the country.
· Both give a government authority the power to decide if data transfers can occur, but the GDPR more clearly lays out the parameters of this decision.
· The PDP simply states that the Authority has to have approval of the transfer of any sensitive personal data abroad, without specifying as many details about the other country’s “adequacy” in receiving the data.
Automated decisions:
· The GDPR much more directly addresses personal harm from automated decision-making. The PDP Bill requires an assessment in cases of large-scale profiling, but does not give the citizen the right to object to profiling, except in the cases of children.
Personal data types:
· To give special attention to particularly important types of data, India’s PDP Bill categorises personal data much more explicitly.
· In the Indian Bill, a sub-category of personal data called sensitive personal data has a pre-determined list including health, financial, caste, and biometric data. It resembles the list of “special categories” in the GDPR, but the GDPR does not have separate localisation rules for this type of data.
Supervision & data handling:
· The GDPR Bill also gives wide-ranging discretion to “ supervisory authorities” created in each of the ‘US’s member states to oversee this topic. Aspects of the Bill, such as penalties, are left up to these authorities.
Where they are alike
Consent:
· The PDP Bill and the GDPR are founded upon the concept of consent. They also both given special protection to children’s lack of ability to give consent.
Individual’s rights:
· Both have similar rights given to the individual, including the right to correction, the right to data portability (transferring your data to another entity), and the right to be forgotten (the right to erase the disclosure of your data).
Other similarities: Both place responsibility on the fiduciaries, such as building products that include privacy by their design and transparency about their data-related matters.
