PDPB

#DataProtectionTop10: On the Importance of a Strong, Transparent, and Independent Data Protection Authority

We analyse the provisions in the Personal Data Protection Bill, 2019 which relate to the Data Protection Authority of India (DPA) and its independence, transparency, and constitution. We recommend that it not be bound by the Central Government's orders.

Despite CIC’s observation that MeitY's response to us was “grossly improper," MeitY issues the same response again #SaveOurPrivacy

CIC directed the CPIO to re-visit our original RTI and provide a revised reply and info, if (comments on consultation on PDPB). However, the CPIO simply cited the same exemption under S.8 of the RTI Act that she had provided before the CIC.

#DataProtectionTop10: State Security and Surveillance

In Part 7 of the #DataProtectionTop 10 series, we discuss the provisions in the Bill which enable the State to engage in large scale surveillance. Blanket exemptions without a sound oversight and review mechanism raise concerns. Thus, we recommend that a chapter on surveillance reforms be inserted.

#DataProtectionTop10: Data Localisation

In part 6 of the #DataProtectionTop10 series, we look at the restrictions imposed by the PDPB on the transfer of personal data outside India. We recommend that the Bill explicitly define critical personal data and not impose undue restrictions that affect the open nature of the internet.

#DataProtectionTop10: Voluntary Social Media Verification

In Part 5 of the #DataProtectionTop10 series, we analyse the various issues with the inclusion of social media intermediaries under the Personal Data Protection Bill, 2019, and the provision for voluntary verification of user accounts. We recommend that the relevant clauses be removed.

#DataProtectionTop10: On the need to protect the rights of users

In part 4 of the #DataProtectionTop10 series, we explore the issues with the user rights under the Bill. Certain rights are not absolute and contain significant exemptions. The Bill also fails to include certain rights. To address these concerns, we recommend changes to strengthen user rights.

#DataProtectionTop10: Exceptions to Consent - A Torn Safety Net

In part 3 of the #DataProtectionTop10 series, we look into various issues regarding the consent provisions for the processing of the personal data under the Personal Data Protection Bill, 2019.

#DataProtectionTop10: Lost in Muddled Objectives

This is a new series on the Personal Data Protection Bill, 2019 to deal exclusively with the issues and pathways for reform under the Bill. In this post we look at the objective and the Preamble of the Bill, and guage whether the bill serve ordinary Indians or the government and large corporations.

#StartfromScratch: Constitutional Utopias of Digital Protection

In the final piece in our series on the Data Protection Bill, we first explain the 7 fundamental principles of the Indian Privacy Code. Then we analyse two alternative data protection bills: the Data (Privacy and Protection) Bill, 2017 and the Personal Data and Information Privacy Code Bill, 2019.

Breach please! Why companies like Facebook need to be held accountable by CERT-IN.

Personal data of 60 Lakh Indian Facebook users is available on the internet for free. We provide suggestions on what you can do and we update you on the steps we have taken.