Hearty greetings, privacy pros!

Over the last two years, the world as we know it went through some drastic changes as the COVID-19 pandemic forced us to come to terms with a “new normal.” As fresh concerns around the omicron variant of the virus threaten to stagger our return to the “old normal,” privacy remains a part of the global agenda, with technology solutions occupying central role in keeping societies and economies afloat.

In India, the much-awaited Personal Data Protection Bill has been in a state of limbo since a Committee of Experts headed by Justice B.N. Srikrishna published its report alongside the draft Bill in 2019. However, this may soon change as a Joint Parliamentary Committee reviewing the draft Bill in consultation with stakeholders will reportedly present its proposed changes in the winter session of Parliament.

The slow march toward India’s first comprehensive data protection law has been quite an interesting one, starting with the Justice A.P. Shah Committee Report outlining some key privacy principles in 2012, followed by the Supreme Court’s landmark decision in K.S. Puttaswamy v. Union of India recognizing privacy as a fundamental right enshrined under Article 21 of the Indian Constitution. Two public drafts of the Personal Data Protection Bill were also circulated in the wake of the Puttaswamy decision.

Some of the major points of interest in the latest draft of the Bill include Section 35, which exempts government agencies from the applicability of the Bill on national security and public interest grounds, Chapter VII on data localization, and the various enforcement and compliance mechanisms envisaged under the Bill. We have already seen the central banking regulator take strict action against banks failing to comply with its sectoral data localization requirements. Needless to say, this promises to be a great time for new privacy professionals to enter the industry.

Various trade negotiations between India and the U.K. are also in progress, providing India with great opportunities to consider aligning its privacy and data protection strategies post-Brexit.

Surveillance and Pegasus are still in the news. Apple recently approached the court to seek a permanent injunction against the NSO Group, preventing them from targeting Apple software, services and devices to prevent further harm to its users. In South Korea, the Personal Information Protection Commission is working on a collective dispute mediation over leaked information of 181 users to over 10,000 third-party application developers without consent.

I want to emphasize before closing that data breaches are becoming increasingly common, the GoDaddy incident where hackers gained access to 1.2 million users’ email addresses and customer numbers is the latest in a long line of examples. It is more important than ever to have robust data privacy and security frameworks in place across the world, and stakeholders must work together to make cyberspace safe and trusted.

Until we meet next time, take care & stay safe!
Ciao!