- The European Union General Data Protection Regulation (GDPR) is the most notable change in the data protection regime in the last two decades.
- The law has been designed to protect the personal data of E.U. residents.
- Personal data is data that relates to an identifiable living individual and includes names, email IDs, ID card numbers, physical and IP addresses.
- Under the GDPR, a data controller will have to provide consent terms that are clearly distinguishable.
- Individuals will also have the right to have personal data deleted under certain conditions.
- The GDPR also makes reporting obligations and enforcement stronger: data breaches will normally have to be reported within 72 hours and failure to comply with the new laws could result in a fine up to 4% of global turnover or €20 million.
How did it come about?
- It sought to replace the existing data privacy directive, which enables and guides laws in each of the 28 EU member states, with a regulation (GDPR), a stronger instrument which harmonises data protection laws across the 28 countries.
Why does it matter?
- Apart from its profound significance for Europe, the GDPR has global implications as it also applies to those outside the E.U. who either monitor the behaviour of EU residents or sell goods and services to them.
What lies ahead?
- The alleged data breach around Facebook and Cambridge Analytica has alerted people to the challenges of protecting data in a hyper-digitised environment.
- The issue has once again raised questions about what constitutes legitimate uses of data and how businesses, governments and political parties can and cannot use data.
- A government-appointed committee, headed by retired judge B.N. Srikrishna, which is formulating a national data protection law for India, has suggested a hybrid approach to privacy.
- This combines the EU rights-based approach, the U.S. approach of using data with consent to encourage innovation, and an Indian approach, which takes note of the Supreme Court’s ruling that privacy is a fundamental right subject to reasonable restrictions.