EU’s General Data Protection Regulation

Shabbir Chunawalla

The General Data Protection Regulation is a regulation in EU law on data protection and privacy in the European Union and the European Economic Area. It also addresses the transfer of personal data outside the EU and EEA areas. It was drafted in 2016 and is implemented since 2018.

The seven key principles of the GDPR are i. lawfulness, fairness and transparency, ii. purpose limitation, iii. data minimisation, iv. accuracy, v. storage limitation, vi. integrity and confidentiality (security), vii accountability.

It regulates and protects personal data of EU citizens. It applies to processing carried out by organisations operating within EU. It also applies to organisations outside the EU.It also applies to organisations outside the EU that offer goods and services to individuals, in the EU.The GDPR gives individuals in the EU.The GDPR gives individual power over the use of personal data and holds organisations accountable for their data collection and usage practices.

In organisations, there is Data Protection Officer who works with C-level executives and other senior leadership to identify properly and map out data inventory and processes, perform risk assessments, and conduct gap analyses.

TikTok owned by ByteDance from China, was reportedly downloaded by over 175 million times in the US. It was shut down by a presidential order. TikTok Global subsidiary based in the US was created with stakes for Oracle and Walmart. The source code for TikTok was to be under American oversight. However, China is inclined to restrict the export of the source code. The moral of the story — TikTok’s restructuring was necessary on account of concerns for data security.

Tech companies grew into giant international companies as they aggregate data. It fosters global inequality and could spread misinformation.

US law obliges global tech companies to make available personal data of foreign citizens to national enforcement agencies. India too has to follow a data localisation strategy to foster data security, to create domestic value and to encourage its own national champions.

Foreign firms would like to leverage India’s market size. They have to fall in line with India’s data protection law. India must protect a right to privacy of the citizens. Their personal data cannot be the sovereign property of Indian State or Indian companies.

India could use a template like EU’s GDPR laws.

print

Leave a Reply

Your email address will not be published. Required fields are marked *