Scribd Logo
Upload

Welcome to Scribd!

  • Cyber Law 1 Assignment

    Uploaded by

    vishnu P
    25 views4 pages
    The document compares key principles of the EU's General Data Protection Regulation (GDPR) and India's Personal Data Protection Bill of 2018. It discusses differences in how each framework defines and handles sensitive personal data, data controllers/fiduciaries, data localization requirements for cross-border data transfers, authorization needs for such transfers, remedies for data breaches, notice requirements, and criminal penalties for breaches. The main points of comparison are that the Indian bill includes financial data as sensitive, covers both private and state actors as fiduciaries, requires local storage and additional authorization for cross-border transfers, enables remedies for data principals, and provides for potential imprisonment in addition to fines for criminal breaches.

    Original Description:

    Original Title

    CYBER LAW 1 ASSIGNMENT.docx

    Copyright

    © © All Rights Reserved

    Available Formats

    DOCX, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    The document compares key principles of the EU's General Data Protection Regulation (GDPR) and India's Personal Data Protection Bill of 2018. It discusses differences in how each framework defines and handles sensitive personal data, data controllers/fiduciaries, data localization requirements for cross-border data transfers, authorization needs for such transfers, remedies for data breaches, notice requirements, and criminal penalties for breaches. The main points of comparison are that the Indian bill includes financial data as sensitive, covers both private and state actors as fiduciaries, requires local storage and additional authorization for cross-border transfers, enables remedies for data principals, and provides for potential imprisonment in addition to fines for criminal breaches.

    Copyright:

    © All Rights Reserved
    Download as DOCX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as docx, pdf, or txt
    25 views4 pages

    Cyber Law 1 Assignment

    Uploaded by

    vishnu P
    The document compares key principles of the EU's General Data Protection Regulation (GDPR) and India's Personal Data Protection Bill of 2018. It discusses differences in how each framework defines and handles sensitive personal data, data controllers/fiduciaries, data localization requirements for cross-border data transfers, authorization needs for such transfers, remedies for data breaches, notice requirements, and criminal penalties for breaches. The main points of comparison are that the Indian bill includes financial data as sensitive, covers both private and state actors as fiduciaries, requires local storage and additional authorization for cross-border transfers, enables remedies for data principals, and provides for potential imprisonment in addition to fines for criminal breaches.

    Copyright:

    © All Rights Reserved
    Download as DOCX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as docx, pdf, or txt
    of 4

    CYBER LAW ASSIGNMENT

    VISHNU.P
    BC0150035

    Compare the important principles of EUGDRP and the Indian


    Personal Data Protection Bill 2018

    1. SENSITIVE PERSONAL DATA

    EU GDRP does not include the financial data or financial password . Under article 9 (1)
    deals with processing of special categories of personal data . These special categories of
    data includes data that are relating to political opinions, data concerning health or data
    concerning a natural person’s sex life or sexual orientation, processing of genetic data ,
    trade union membership.

    In India , under Data Protection Bill, 2018 financial data and financial passwords are
    included under sensitive personal data. The sensitive personal data is defined under
    section 3 (35) of the Data Protection Bill, 2018. Under which the sensitive personal data
    is any personal data that reveals or related to or may be applicable –

    (i) passwords;
    (ii) financial data;
    (iii) health data;
    (iv) official identifier;
    (v) sex life;
    (vi) sexual orientation;
    (vii) biometric data;
    (viii) genetic data;
    (ix) transgender status;
    (x) intersex status;
    (xi) caste or tribe;
    (xii) religiousor political belief or affiliation; or
    (xiii) any other category of data specified by the Authority under section 22.

    2. DATA CONTROLLER/FIDUCIARY

    In Data Protection Bill, 2018 Data Fiduciary includes both state and private person.
    Under section 3(13) which states data fiduciary as any person including the state or a
    company or juristic entity or an individual who in conjunction with others or alone
    determines the purpose and means of processing of personal data.

    In EU GDPR , separate laws for private and state is present. Under Article 4(7) the term
    controller is defined. Controller means the natural or legal person , public agency or
    authority or any other body which determines the purpose and means of the processing of
    personal data.

    3. DATA LOCALIZATION FOR CROSS BORDER TRANSFER OF DATA

    In EU GDPR , cross border transfer of data is permitted and data localization is not
    required.

    In Data Protection Bill, 2018, cross border transfer of data is permitted only after local
    storage of data in India. Under section 40 which deals with restrictions on cross border
    transfer of personal data,
    (1) Every data fiduciary shall ensure the storage, on a server or data centre located in
    India, of at least one serving copy of personal data to which this Act applies.
    (2) The Central Government shall notify categories of personal data as critical
    personal data that shall only be processed in a server or data centre located in
    India.

    4. AUTHORIZATION FOR CROSS BORDER TRANSFER OF DATA


    In Data Protection Bill, 2018 section 41 deals with conditions for cross border transfer of
    personal data. They are,

    (1) Personal data other than those categories of sensitive personal data notified under
    subsection (2) of section 40 may be transferred outside the territory of India where—
    (a) the transfer is made subject to standard contractual clauses or intra-group schemes
    that have been approved by the Authority; or

    (b) the Central Government, after consultation with the Authority, has prescribed that
    transfers to a particular country, or to a sector within a country or to a particular
    international organisation is permissible

    In EU GDPR there is no need for any authorization for cross border transfer of data.
    transfers of personal data to that third country or international organisation may take
    place without the need to obtain any further authorisation.

    5. REMEDY FOR DATA BREACH


    In Data Protection Bill, 2018 remedy can be claimed. Under section 75 , remedy to a data
    principal in case of any of rights under the Bill is violated. If the data principal has
    suffered due to violations under provisions of the Act or rules prescribed by a data
    fiduciary or data processor shall seek remedy from data fiduciary or processor as the case
    may be.
    In EU GDPR, remedy is available to the data subjects in case of any infringement of
    regulations in processing of personal data. Under Article 77 to 80 which provides
    remedies available to the data subjects in case of infringement. The data subject can
    lodge a complaint with supervisory authority on that alleged infringement considering the
    processing of personal data has infringed this regulation.

    6. NOTICE

    In Data Protection Bill, 2018 at the time of collection of all data including financial data
    notice must be given to the data principal as per section 8.
    In EU GDPR, as per Article 12,13 and 14 , there must be fair and transparent processing
    when data is collected and notice is provided .
    7. CRIMINAL BREACH

    In EU GDPR , for criminal breaches fines are imposed as per Article 84 and does not
    contain any provisions for imprisonment.
    Under Data Protection Bill, 2018 section 91 provides an imprisonment for a term not
    more than five years or fine extending upto rupees three lakhs or both.

    You might also like