Data Protection Newsletter (July, Issue II)

July 31, 2024

Nachiketa Singh

Founders Office

Summary

  • DPDP Rules Ready for Public Review in 2 Weeks
  • Data Privacy and Online Frauds Key Hurdles in E-Commerce Growth, highlights Economic Survey 2023-24
  • Industry Experts Call for Stringent Data Localisation Norms
  • MeitY Leaning Towards Not Prescribing Tech Measures for Parental Consent under Data Protection Rules
  • Angel One Denies Data leak Concerns
  • How to comply with the DPDP Act?
  • Difference between GDPR & DPDP Act
  • Future of Cross-Border Data Transfers under The DPDP Act
  • Provide explicit consent check-boxes against the relevant purposes during data collection
  • Importance of instituting robust access controls and employee authentication mechanisms to limit access to personal data

Headlines of the Week

Final Draft of DPDP Rules Ready for Public Review in 2 Weeks

The Digital Personal Data Protection Rules will be released for public review in 2 weeks. The government has finalized the draft of the rules and aims to notify the rules in the current session of the parliament. The rules are going to go through an extensive consultation process.

Source: Economic Times

Online Frauds and Data Privacy Concerns Key Hurdles in E-Commerce Growth, Economic Survey 2023-24

Economic Survey 2023-24 tabled in Parliament on Monday, 22nd of July noted Data Privacy and Online Frauds as key hurdles in E-Commerce growth. The survey highlighted that the E-Commerce industry is expected to cross USD 350 Bn and called for the need of educating users on safe use of e-commerce platforms. The survey called for implementing strong security measures, compliance with privacy regulations, and innovations.

Source: Economic Times

Industry Experts Call for Stringent Data Localization Norms

Ola’s founder Bhavish Aggarwal, has noted the need for stringent data localization norms amid Microsoft’s Global Outage. India’s Data Protection law (yet to be enforced) allows cross-border data transfer other than to countries blacklisted by the Centre. Bhavish called for stricter data localization norms considering 80% of India’s data currently is stored outside India.

Source: Economic Times

MeitY Leaning Towards Not Prescribing Tech Measures for Parental Consent under Data Protection Rules

The IT ministry may not prescribe tech measures for companies to gather verifiable parental consent and may leave it up to the tech companies. In a meeting with tech-giants, including Meta and Google, the ministry is understood to have said that it does not want to prescribe technologies and cause disruptions to the industry. Inability to arrive at a conclusion on how to proceed with verifiable parental consent is the biggest reason behind the delay in releasing the data protection rules.

Source: Indian Express

Angel One Denies Data Leak Concerns

Angel One denied concerns about a new data leak and claims that  they had a data breach incident back in April, 2023. The company assured its customers that enhanced protection measures are in place to protect customer data. The firm also pointed out that the April, 2023 data leak incidents were reported to relevant authorities. The clarification comes after a news agency reported that Angel One observed a massive data breach incident affecting 7.9 mn customers.

Source: Live Mint

Insight of the Week

How to Comply with the DPDP Act?

Read our blog to understand about the compliance with the DPDP Act in 7 simple steps. The DPDP Act imposes strict data protection norms for Indian businesses. Implementing consent in your data collection processes is a key step in DPDP compliance journey. DPDP compliance process should include data mapping, updating UIs, appointing DPO and implementing robust security measures. Staying updated about the recent developments is also necessary to ensure compliance with evolving regulations.

Read the Full Article

Difference between GDPR & DPDP Act

GDPR & DPDP Act though similar in nature, have notable differences. The DPDP Act covers only digital data whereas GDPR covers certain offline data as well. DPDP Act relies primarily on consent as grounds for data processing, whereas GDPR has a broader range of lawful bases. Breach notification is stricter under the DPDP Act. DPDP Act differs from GDPR on compliance responsibility, placing the responsibility primarily on Data Fiduciaries. Read further about the key differences between GDPR & DPDP Act on our Consent Blog.

Read the Full Article

The Future of Cross-Border Data Transfers Under The DPDP Act

The DPDP Act, 2023 provides for a framework for data protection in India Under the law, the government may impose restrictions on cross-border data transfer to specific countries. Furthermore, sector-specific laws impose stricter data localization rules, overriding DPDP Act provisions if they offer more protection. Read our blog for further details on the nature of data that could be restricted under the provisions of the act.

Read the Full Article

Compliance Tip of the Week

Provide Explicit Consent Check-Boxes against the relevant purposes during Data Collection

DPDP Act introduces consent at the forefront of Data Collection and Processing activities. It is necessary for Indian businesses to take user consent for every purpose for which personal information is collected.

Institute Robust Access Controls and Employee Authentication Mechanisms to Limit Access to Personal Data

DPDP Act imposes heavy penalties for any instances of data breaches and systemic failures in compliance with the DPDP Act. A brief overview of breach in customer data in Indian businesses highlight the role of staff members in providing access to the user data to unauthorized parties. As a standard practice, Indian businesses should determine the employee’s accessibility to classes of data. Accessibility should be provided on need-only basis and technological security measures should be implemented such that unauthorized access is restricted. Further, the organizations should also introduce a system of disaster management to provide for post-breach scenarios.

Explore Leegality Consent Manager

Discover how our Leegality Consent Manager can streamline your data protection processes and ensure compliance with the DPDP Act. Our Consent Manager offers:

  • Compliant consent notices across all customer touchpoints
  • Storage of verifiable and auditable records of each consent
  • Dashboard for customers to change consent preferences and exercise data rights
  • Oversight over the data practices of your third parties

Explore Leegality Consent Manager for your Business

Sign up for a demo and early trial access

Customized Demo for every use case
Deep dive into your unique needs and compliance challenges
Free access to testing account
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.