The European Commission is reportedly analysing India’s newly-formed data protection law
EU’s GDPR requires other countries to be fully compliant with its norms and ensure an adequate level of data protection for transferring the personal data of EU citizens to those countries
Following President Droupadi Murmu’s assent to the DPDP Bill, the Indian government is now gearing up to notify the establishment of the Data Protection Board
Inc42 Daily Brief
Stay Ahead With Daily News & Analysis on India’s Tech & Startup Economy
Amid privacy-related concerns around the recently passed Digital Personal Data Protection (DPDP) Act, 2023, the European Commission is reportedly analysing the data protection law.
“We take note of the adoption of the law, and we are analysing it,” a European Commission spokesperson was quoted as saying by Moneycontrol following its query to the Commission on whether the DPDP Act would have an impact on data transfer from the EU to India.
The European Commission is the European Union’s (EU’s) politically independent executive arm responsible for drawing up proposals for new European legislation and implementing the union’s laws.
Inc42’s email to the European Commission to clarify the matter did not elicit a response till the time of publishing the article.
The EU’s General Data Protection Regulation (GDPR) requires other countries to be fully compliant with its norms and ensure an adequate level of data protection for transferring the personal data of EU citizens to those countries.
There have been some concerns around the amount of privacy the DPDP Act provides, particularly because certain clauses of the Act allow exemptions to the central government in the processing of personal data.
As per the report, experts are of the view that such an exemption could affect the EU’s assessment of India’s newly-formed data protection law.
It is pertinent to note that the DPDP Bill was passed in the Lok Sabha on August 7 amid protests from the opposition parties. Soon, it was passed in the Rajya Sabha and on August 11, President Droupadi Murmu finally granted her assent to the Bill to become an Act.
Besides opposition MPs, the bill has received criticism from industry stakeholders, civil society, and rights groups alike. They have raised concerns that the DPDP Act would lead to state-sponsored surveillance of citizens and it violates the right to privacy.
As part of the Act, there are also hefty penalties for non-compliance with its provisions. For instance, a failure to take security measures to prevent data breaches could invite a penalty of up to INR 250 Cr. Non-fulfilment of obligations related to children, violators could attract penalties up to INR 200 Cr.
Now, the government is also gearing up to notify the establishment of the Data Protection Board (DPB). The government is actively formulating the criteria for selecting members and the chairperson for the functioning of the board, Minister of State for Electronics and IT, Rajeev Chandrasekhar said recently.
Meanwhile, Ireland’s Data Protection Commission reportedly welcomed India’s DPDP Act. Being an EU member country, Ireland also comes under the jurisdiction of GDPR.
Note: We at Inc42 take our ethics very seriously. More information about it can be found here.