In September 2019, the Government constituted the Committee of Experts to study various issues relating to Non-Personal Data (NPD), and make recommendations for its regulation (NPD Committee)[1]. NPD Committee released its report on July 12, 2020 (Report)[2] which is open for public consultation till August 13, 2020. The Report is structured into 7 key chapters delving...

There is global consensus that COVID-19 transmission chain can be interjected with containment measures. Containment efforts require rapid identification and quarantine of potential carriers or “contacts” who may have contacted the virus through a confirmed patient. Manual tracing requires the patient to jog their memory, recollect, and identify all locations, times, duration and contacts. This...

COVID-19 has brought the world to a stand-still. It is rightly being called “infodemic” due to the efflux of related (mis)information on the internet. Since January 2020, 16,000 coronavirus-related domains have been registered, with over 6,000 new domains registered last week1.

COVID-19 has de-globalized the world and yet, ushered a new global citizenship, where the order is simple – solidarity in isolation. In battling the highly contagious pandemic, governments are focused on breaking the transmission chain. They are deploying old and new tracking and surveillance technologies, with minimal checks, and in certain instances, at the cost...

Non-personal data broadly refers to data that standalone or in combination with other data does not directly or indirectly result in identification of a natural person (NPD). These data sets could include aggregated, derived, anonymous, and community data. They have enormous economic value for organizations. NPD often drives innovation, gives organizations a competitive edge, helps...

Regulating flow of data across national borders is increasingly viewed as an essential mechanism for implementing national data protection and privacy laws extraterritorially. Most jurisdictions impose conditions on when and how data can be transferred (commonly called as data export restrictions) and very few resort to physical data localization requirements.1 Data localization is commonly understood as...

Empowering data principal to exercise certain rights vis-à-vis their personal data is a fundamental element for creation of a robust data protection framework. Exercise of data principal rights is aimed at strengthening an individual’s informational privacy, providing them with autonomy and control over the processing cycle and in turn, boosts transparency and accountability. Chapter V...

In Personal Data Protection Bill 2019 versus 2018 – Part 1, we delved into the changes in concept of personal data, purpose limitation, retention period and notice requirements. In this post, we continue to analyse some additional key changes.

The Personal Data Protection Bill, 2019 was introduced in the Parliament on December 11, 2019 and has been referred to a joint select committee for further review. The committee is tasked to come out with its report on the proposed clauses, which shall be presented to the Parliament prior to its upcoming 2020 budget session....