India’s premier Data Protection service provider, Tsaaro, has announced the important findings of its survey on what people want from the upcoming Personal Data Protection Bill 2019.
The study saw participation from sectors like Healthcare, Education, Banking & Finance, Information Technology and involved more than 200 privacy professionals.
Gathering valuable insights, Tsaaro drafted a thorough report, which showed the people’s stand on the draft of the Personal Data Protection Bill.
More than 51% of the respondents said that the drafted Bill was at par with other global privacy laws such as the CCPA, GDPR, and the PIPL. However, a recommendation was made by the respondents, that the drafted Bill, like the GDPR, should provide for an independent Data Protection Authority.
In its current form, the Bill allows immoderate Government intervention. Because of this, it was unlikely that the DPA will function independently.
70% of the participants were in agreement when asked whether they agree with the proposed provision of instilling Data Localisation with regard to organizations that are operating outside India.
93% agreed that Social Media Platforms will have to comply with Indian Privacy Laws. 71% of the participants felt that the definition of critical data was not up to the standard, as of now, and needs to be worked upon.
To the question on the restrictions on the number of Data Subject Requests an individual is entitled to, 69% of the participants agreed there should be some form of a check that allows access without violating an individual’s rights.
Only 10% of the respondents were of the opinion that the Bill should be enacted as it is. 76% of the participants were in agreement that for the provisions of the PDP Bill, there should be a retrospective application.
There was agreement among the majority of the respondents that consent should not be the sole legal basis on which data may be processed, that the law should allow for another legal basis.
Tsaaro also found out that most of the participants were worried that the drafted Bill does not guarantee the same rights to Data Subjects as other legislations such as the GDPR do.
It was also suggested that public bodies should be held liable for data breaches, as they handle large chunks of Personal Data and Sensitive Personal Data. Hence, public bodies, should not be spared from complying with the provisions in the drafted Bill.
The entity to which data access requests are made by public bodies should inform this publicly unless the request is for crime or fraud prevention.
Follow and connect with us on Facebook, LinkedIn & Twitter