Indian Privacy Law, Beam Privacy in India & Notable Data Privacy acts around the world.
We live in a digital age, where data has emerged as both an asset and a threat. The essential need for data privacy has been addressed around almost everywhere in the world, resulting in legislative changes far and wide. Now, 100 countries across 6 continents have enacted privacy laws which seek to protect the information of internet users.
India is home to a massive 1.3 Billion people. With access to cheap data plans and electronic devices to access internet, the number of internet users are only growing daily. With the growing numbers, there arises renewed concern for Privacy.
As a business, operating within the confines of these new and changing laws is challenging, but necessary. Privacy compliance is as essential as running a business successfully, first necessity is understanding you may be up against by understanding the privacy laws and needs.
On 24 August 2017, the Supreme Court of India in a historic judgement declared the right to privacy as a fundamental right protected under the Indian Constitution. In declaring that this right stems from the fundamental right to life and liberty, the Court’s decision has far-reaching consequences.
It was observed as a basic right and appended to the individual’s rights, basically covering all data about that individual and the decisions that he/she makes. It shields a person from the examination of the State in their home, of their developments and over their procreation decisions, choice of partners, food choices, and so forth. Hence, any activity by the State that outcomes in an encroachment of the privilege to protection would be subject to legal and judicial review.
The judgement also made several observations on the complex relationship between personal privacy and big data, particularly in the context of how the judicious use of these technologies can result in the State achieving its legitimate interests with greater efficiencies.
It also recognized the impact that non-State actors can have on personal privacy particularly in the context of informational privacy on the Internet. While fundamental rights are ordinarily only enforced against actions of the State, given the broad language of the judgement and the extent to which informational privacy has been referred to in the judgement, there is concern amongst certain experts that these principles will extend to the private sector as well.
According to Personal Data Protection (PDP) Bill, 2018, in July 2018. Sensitive personal data is now defined as such personal data which may, reveal, be related to, or constitute:
“ Financial data, Health data, Official identifier, Sex life, Sexual orientation, Biometric data, Genetic data, Transgender status, Intersex status, Caste or tribe, Religious or Political belief or affiliation, or any other data categorized as sensitive personal data by the authority and the sectoral regulator concerned. ”
Why Financial Data in particular?
Financial privacy extensively covers the protection of consumers from unlawful access to financial accounts by private and public entities, unlawful disclosure, sharing, or commercial use of any financial data.
Paying taxes, buying property, opening bank accounts, and investing in markets are classified as some of the typical financial transactions consumers may engage in. Banks, tax collectors, mortgage lenders, investment advisers, insurance companies, and real estate brokers are some of the financial institutions that can access or collect financial information by lawfully respecting all the rules and regulations.
Out of the many privacy centric projects out there. Beam Privacy has been a pioneer in advocating privacy through sustainable and organic technical development. The primary mission of Beam Foundation is to create and foster a global community of researchers, developers and activists, a community that will maintain, develop and promote the Beam ecosystem.
India is one of the largest economies of the world and it only makes sense that privacy is of interest to both Beam as well as Privacy aware Indian, with Beam Promoting the values of financial and general privacy and supporting research and awareness in the space.
The Beam Ecosystem will be complimentary to the project as decentralized as possible and for community to control the protocol governance. And I believe India will have a key role to play in both the adoption and governance.
In the coming few months we will have very India Specific Outreach programs to get the community involved and take Beam to all parts of India.
What about the Privacy Laws in the rest of the world?
Now that we understood the Privacy Law in India. Let us see what the rest of the world is doing about it.
Asia:
China: Cyber Security Law
Year Enacted: 2017
China’s Cyber Security Law is quite controversial. Though it contains the components of a standard data protection law, it is feared by many as a tool of the China’s Government surveillance. US officials claim that this law allows Chinese government to spy on users via Chinese Businesses.
Philippines: Data Privacy Act of 2012
Year Enacted: 2012
Though this law is based in the Philippines, it is applicable to all businesses that process the data of Philippine citizens and residents, the Data Privacy Act of 2012 mainly focuses on the ethos that data processing should be transparent, proportional and based on legitimate purposes.
Oceania:
Australia: The Privacy Act 1988
Year Enacted: 1988
Though this is an old law it has undergone frequent amendments. It mainly establishes Information Privacy Principles (IPPs) for Australians with regards to data collection by Government Organizations, companies contracted to work with government organizations, health service providers.
Europe:
European Union: ePrivacy Directive and Regulation
Year Enacted: 2009 (Directive 2009/136/EC)
This law is famous as the Cookie Law, because it is required that the websites obtain user consent to non-essential cookies before launching hose cookies.
The current ePrivacy Directive maybe a legal act of the European Union that needs member states to realize specific results without dictating the means of achieving that result. It has therefore been implemented into national laws and regulations.
If the proposed ePrivacy Regulation became effective, these laws would be superseded and can be repealed to establish further clarity. The ePrivacy Regulation would be self-executing and not require many implementing measures.
European Union: General Data Protection Regulation (GDPR)
Year Enacted: May 2018
GDPR is one of the most popular Privacy laws in the world. The GDPR sets the strictest and highest standards for user data management. It is mainly based on the principles of consent, transparency, protection, and user control and fines are as high as 4% of a company’s annual revenue in case of violation.
Germany: BDSG (Bundesdatenschutzgesetz)
Date Enacted: 1978
It is the earliest data protection law, in fact it is the first data protection law in the world the BDSG sets very rigid standards under which businesses are required to adopt and maintain protective measures for data stored in IT systems.
North America:
Canada (PIPEDA):
Year Enacted: April 2000
The Personal Information Protection and Electronic Documents Act (PIPEDA) is a Canadian law which concerns data privacy. It governs how private sector organizations collect, use and disclose personal information within the course of commercial business. According to this law businesses must disclose the purpose of that data collection to the owners of that data, and obtain consent to proceed.
United States of America:
a. California Consumer Privacy Act (CCPA):
Year Enacted: Jan 2020
The CCPA is essentially a state law intended to enforce privacy rights and consumer protection California, USA residents. It mainly demands that companies inform users of data knowledge processing, take extra measures to guard user information and permit users a say in what data is collected and the way in which it might be shared.
It mainly highlights that, Users have the right to know what personal data is being collected about them. The right to be informed whether their personal data is sold or disclosed and to whom it was shared. Say no to the sale of personal data. Be able to Access their personal data. Request a business to delete any personal information about them that was given by them. Not be discriminated against for exercising their privacy rights.
b. The California Online Privacy Protection Act ( CalOPPA ):
Year Enacted: 2013
The first state law within the USA to need commercial websites and online services to post a privacy policy, the California Online Privacy Protection Act (CalOPPA) went into effect in 2004. It had been amended only in 2013 to need new privacy disclosures regarding tracking of online visits detailing data collection and use.
South America:
Brazil: General Data Protection Law
( LGPD — Lei Geral de Proteção de Dados )
Year Enacted : Feb 2020
The LGPD is a landmark legislation that attempts to unify the over 40 different statutes that currently govern personal data, both online and offline, by replacing certain regulations and supplementing others. It outlines data processing standards, including 10 legal bases on which data can be processed. The LGPD threatens maximum fines of 2% of company’s annual revenue — similar to EU’s GDPR which is it inspired but half the fines that GDPR in the EU imposes.
Argentina: National Directorate of Personal Data Protection
Year Enacted: 2017
This law mainly replaced Argentina’s Personal Data Protection Law from 2000 and intensified data privacy measures. For the first time in Argentina users had the right to request the deletion and transfer of their data.
Africa:
Senegal: Senegal’s Data Protection Act (DPA)
Year Enacted: Jan 2008
This Data Protection Act only applies to businesses whose means of Data Processing are located in Senegal. It is notably less rigid than recent laws like GDPR and only applies to data collection with the intention of being shared with third parties.
South Africa: Protection of Personal Information Act (POPI)
Year Enacted: 2014
This law applies to all South African organizations. It is also referred to as POPIA. It sets a standard of accountability for responsible data processing and establishes the requirement for customer consent to direct marketing outreach.
Do you think your country is doing enough to protect and safeguard your privacy? Let us know your thoughts below or join us on our channels to discuss.
You can visit the website here , also check out the FAQ section here.
Join us on Beam India Telegram here.
Join us on Beam India Twitter here.
You can download the Beam Wallet here.
You can follow Beam Privacy on Twitter here.
You can also join Beam Community here.
