It has been another eventful month for privacy enthusiasts (when is it not?) since I last wrote: The IAPP Asia Privacy Forum, alongside other data protection events organized by Singapore's Personal Data Protection Commission and other organizations, made it a true Asian Privacy Week in late July. Regulatory developments on privacy and data protection are being reported from countries in all directions. Data breaches (SingHealth, etcetera) and hacks (Instagram, etcetera) showed no signs of slowing down — our Daily Dashboard has been a breathless engine of news lately.
However, I must truly express my excitement as India readies itself for a comprehensive data protection law. The draft bill, prepared by Justice Srikrishna's committee, was made public in the last week of July. While the community is divided on how the draft will fare, the work that went behind the yearlong exercise — preparing a comprehensive consultation paper, holding consultations online and via in-person gatherings, sifting through inputs, preparing a detailed recommendations report and the draft bill — is laudable given members have full-time jobs! The Ministry of Electronics & Information Technology has initiated the consultation on the draft bill, and I urge stakeholders to review the draft and provide their views and inputs; the last day for submitting comments is 10 Sept. It is likely that the draft will be tabled in the winter session of Parliament.
Down Under, the Aussie government has proposed a new law that would require tech companies to hand over encrypted data to law enforcement for investigation. But how does it work in an end-to-end encryption scenario? Well, that is a bone of contention! It will be interesting to see how things unfold, given that other countries are also looking at this space carefully, following the Apple-FBI tussle that ended up in courts.
Outside of Asia, after the U.S. state of California approved a data protection law set for 2020, Brazil, too, has enacted a general data protection law with a similar sunshine period for enforcement. Major regulatory updates, starting with the EU General Data Protection Regulation and still counting, are reshaping how the data economy operates, and it will be an exciting journey that unfolds when their effectiveness will be tested.
If you want to comment on this post, you need to login.