The Personal Data Protection Bill, 2018: India’s regulatory journey towards a comprehensive data protection law

2020 ◽  
Vol 28 (1) ◽  
pp. 1-19
Author(s):  
Deva Prasad M ◽  
Suchithra Menon C
Keyword(s):  
Data Protection ◽  
Personal Data ◽  
Legal Framework ◽  
The European Union ◽  
General Data Protection Regulation ◽  
Personal Data Protection ◽  
Supreme Court Of India ◽  
Indian Context ◽  
General Data ◽  
Data Protection Law

Abstract This article analyses the relevance of Personal Data Protection Bill, 2018 for developing a data protection legal framework in India. In this regard, the article attempts to analyse the evolution process of comprehensive personal data protection law in the Indian context. The manner in which the Personal Data Protection Bill, 2018 will revamp and strengthen the existing data protection regulatory framework forms the major edifice of this article. The article also dwells on the significant role played by the fundamental right to privacy judgment (Justice K.S. Puttaswamy v Union of India) of Supreme Court of India, thus preparing the regulatory ground for the evolution of the Personal Data Protection Bill, 2018. The influence of the European Union General Data Protection Regulation in shaping the Indian legal framework is highlighted. The article also discusses pertinent legal concerns that could question the effectiveness of the proposed data protection legal framework in the Indian context.

scholarly journals Data Sharing Under the General Data Protection Regulation

Hypertension ◽  
2021 ◽  
Vol 77 (4) ◽  
pp. 1029-1035
Author(s):  
Antonia Vlahou ◽  
Dara Hallinan ◽  
Rolf Apweiler ◽  
Angel Argiles ◽  
Joachim Beige ◽  
...  
Keyword(s):  
European Union ◽  
Data Protection ◽  
Personal Data ◽  
Research Approach ◽  
The European Union ◽  
General Data Protection Regulation ◽  
Personal Data Protection ◽  
Protection Legislation ◽  
General Data ◽  
Almost All

The General Data Protection Regulation (GDPR) became binding law in the European Union Member States in 2018, as a step toward harmonizing personal data protection legislation in the European Union. The Regulation governs almost all types of personal data processing, hence, also, those pertaining to biomedical research. The purpose of this article is to highlight the main practical issues related to data and biological sample sharing that biomedical researchers face regularly, and to specify how these are addressed in the context of GDPR, after consulting with ethics/legal experts. We identify areas in which clarifications of the GDPR are needed, particularly those related to consent requirements by study participants. Amendments should target the following: (1) restricting exceptions based on national laws and increasing harmonization, (2) confirming the concept of broad consent, and (3) defining a roadmap for secondary use of data. These changes will be achieved by acknowledged learned societies in the field taking the lead in preparing a document giving guidance for the optimal interpretation of the GDPR, which will be finalized following a period of commenting by a broad multistakeholder audience. In parallel, promoting engagement and education of the public in the relevant issues (such as different consent types or residual risk for re-identification), on both local/national and international levels, is considered critical for advancement. We hope that this article will open this broad discussion involving all major stakeholders, toward optimizing the GDPR and allowing a harmonized transnational research approach.

scholarly journals ESTUDO SOBRE A REALIZAÇÃO DO DIREITO DA PROTECÇÃO DE DADOS PESSOAIS ATRAVÉS DA JURISPRUDÊNCIA DO TRIBUNAL DE JUSTIÇA DA UNIÃO EUROPEIA

2020 ◽  
Vol 29 (1) ◽  
Author(s):  
Rita De Sousa Costa
Keyword(s):  
European Union ◽  
Data Protection ◽  
Personal Data ◽  
Case Law ◽  
Legal Framework ◽  
The European Union ◽  
Personal Data Protection ◽  
Court Of Justice ◽  
European Data ◽  
Data Protection Law

[PT]No presente texto, apresentamos as grandes linhas de aplicação do direito europeu da protecção de dados conforme gizadas pela jurisprudência do TJUE, com o objectivo de demonstrar como e em que medida este Tribunal modelou – e continua a modelar – o quadro jurídico em vigor, na certeza de que aquela jurisprudência impõe um conjunto de desafios determinantes para a realização material do direito europeu da protecção de dados pessoais. [ESP]Este texto presenta las líneas generales de la aplicación de la legislación europea de protección de datos tal como se establece en la jurisprudencia del TJUE, con el objetivo de demostrar cómo y en qué medida este Tribunal ha configurado -y sigue configurando- el marco jurídico vigente, con la certeza de que la dicha jurisprudencia plantea una serie de retos cruciales para la aplicación material del derecho europeo de la protección de datos personales. [ENG]This text outlines the implementation of the European data protection law as laid down in the case-law of the Court of Justice of the European Union, with the aim of demonstrating how and to what extent the Court has shaped – and continues to shape – the current legal framework. The case-law analysed points out a plethora of challenges which are key to the implementation of the European personal data protection law.

scholarly journals GDPR implementation as the main reason for the regional fragmentation in the online mediasphere

2021 ◽  
Vol 273 ◽  
pp. 08099
Author(s):  
Mikhail Smolenskiy ◽  
Nikolay Levshin
Keyword(s):  
European Union ◽  
Data Protection ◽  
Personal Data ◽  
Main Role ◽  
The European Union ◽  
Protection Measures ◽  
General Data Protection Regulation ◽  
Personal Data Protection ◽  
The Usa ◽  
General Data

The EU’s General Data Protection Regulation (GDPR) applies not only to the territory of the European Union, but also to all information systems containing data of EU’s citizens around the world. Misusing or carelessly handling personal data bring fines of up to 20 million euros or 4% of the annual turnover of the offending company. This article analyzes the main trends in the global implementation of the GDPR. Authors considered and analyzed results of personal data protection measures in nineteen regions: The USA, Canada, China, France, Germany, India, Kazakhstan, Nigeria, Russia, South Korea and Thailand, as well as the European Union and a handful of other. This allowed identifying a direct pattern between the global tightening of EU’s citizens personal data protection and the fragmentation of the global mediasphere into separate national segments. As a result of the study, the authors conclude that GDPR has finally slowed down the globalization of the online mediasphere, playing a main role in its regional fragmentation.

scholarly journals Credit-Based Insurance Scores: some Observations in the Light of the European General Data Protection Regulation

2020 ◽  
pp. 155-186
Author(s):  
María Dolores Mas Badia
Keyword(s):  
Data Protection ◽  
Personal Data ◽  
Insurance Companies ◽  
The European Union ◽  
History Data ◽  
General Data Protection Regulation ◽  
Personal Data Protection ◽  
Credit History ◽  
Automated Processing ◽  
General Data

Despite the differences between credit risk and insurance risk, in many countries large insurance companies include credit history amongst the information to be taken into account when assigning consumers to risk pools and deciding whether or not to offer them an auto or homeowner insurance policy, or to determine the premium that they should pay. In this study, I will try to establish some conclusions concerning the requirements and limits that the use of credit history data by insurers in the European Union should be subject to. In order to do this, I shall focus my attention primarily on Regulation (EU) 2016/679. This regulation, that came into force on 24 May 2018, not only forms the backbone of personal data protection in the EU, but is also set to become a model for regulation beyond the borders of the Union. This article will concentrate on two main aspects: the lawful basis for the processing of credit history data by insurers, and the rules that should apply to decisions based solely on automated processing, including profiling.Received: 30 December 2019Accepted: 07 February 2020Published online: 02 April 2020

scholarly journals OpenEHR and General Data Protection Regulation: Evaluation of Principles and Requirements (Preprint)

2018 ◽  
Author(s):  
Duarte Gonçalves-Ferreira ◽  
Mariana Sousa ◽  
Gustavo M Bacelar-Silva ◽  
Samuel Frade ◽  
Luís Filipe Antunes ◽  
...  
Keyword(s):  
Data Protection ◽  
Personal Data ◽  
Design Principles ◽  
Security And Privacy ◽  
The European Union ◽  
Health Records ◽  
General Data Protection Regulation ◽  
Personal Data Protection ◽  
General Data ◽  
The Common

BACKGROUND Concerns about privacy and personal data protection resulted in reforms of the existing legislation in the European Union (EU). The General Data Protection Regulation (GDPR) aims to reform the existing directive on the topic of personal data protection of EU citizens with a strong emphasis on more control of the citizens over their data and in the establishment of rules for the processing of personal data. OpenEHR is a standard that embodies many principles of interoperable and secure software for electronic health records (EHRs) and has been advocated as the best approach for the development of hospital information systems. OBJECTIVE This study aimed to understand to what extent the openEHR standard can help in the compliance of EHR systems to the GDPR requirements. METHODS A list of requirements for an EHR to support GDPR compliance and also a list of the openEHR design principles were made. The requirements were categorized and compared with the principles by experts on openEHR and GDPR. RESULTS A total of 50 GDPR requirements and 8 openEHR design principles were identified. The openEHR principles conformed to 30% (15/50) of GDPR requirements. All the openEHR principles were aligned with GDPR requirements. CONCLUSIONS This study showed that the openEHR principles conform well to GDPR, underlining the common wisdom that truly realizing security and privacy requires it to be built in from the start. By using an openEHR-based EHR, the institutions are closer to becoming compliant with GDPR while safeguarding the medical data.

scholarly journals Personal Data Protection in Russia

2020 ◽  
pp. 95-113
Author(s):  
Alexander Gurkov
Keyword(s):  
Data Protection ◽  
Personal Data ◽  
Legal Framework ◽  
Fundamental Rights ◽  
Special Role ◽  
State Control ◽  
General Data Protection Regulation ◽  
Personal Data Protection ◽  
General Data

AbstractThis chapter considers the legal framework of data protection in Russia. The adoption of the Yarovaya laws, data localization requirement, and enactment of sovereign Runet regulations allowing for isolation of the internet in Russia paint a grim representation of state control over data flows in Russia. Upon closer examination, it can be seen that the development of data protection in Russia follows many of the steps taken at the EU level, although some EU measures violated fundamental rights and were invalidated. Specific rules in this sphere in Russia are similar to the European General Data Protection Regulation. This chapter shows the special role of Roskomnadzor in forming data protection regulations by construing vaguely defined rules of legislation.

The Impact of the GDPR on Extra-EU Legal Systems

2020 ◽  
pp. 224-237
Author(s):  
Maria Casoria ◽  
Eman Mahmood AlSarraf
Keyword(s):  
United Arab Emirates ◽  
Data Protection ◽  
Arabian Gulf ◽  
Personal Data ◽  
Legal Framework ◽  
Legal Systems ◽  
General Data Protection Regulation ◽  
Personal Data Protection ◽  
Data Protection Law ◽  
Regional Organisation

The chapter discusses the influence of the General Data Protection Regulation (GDPR) on legal systems extra-EU and particularly the Kingdom of Bahrain, country member to a regional organisation located in the Arabian Gulf denominated Gulf Cooperation Council (GCC), which is exclusive to six states (i.e., Saudi Arabia, United Arab Emirates, Oman, Qatar, and Kuwait in addition to Bahrain). Amongst these countries, Bahrain is the only one that has recently enacted its own separate Personal Data Protection Law (PDPL) mostly resembling the GDPR due to the ever-increasing commercial relationship with business undertakings in Europe. Moreover, the adoption of the data protection law counts as a huge leap forward taken by the kingdom in reforming its legal framework, since it is the state's striving strategy to grow into a midpoint for data centre, just on time for the launch of data centres opening in Bahrain that are endorsed by Amazon Web Services.

SEVERAL QUESTIONS REGARDING THE RULES FOR THE PROTECTION OF PERSONAL DATA IN KINDERGARTEN

2021 ◽  
Vol 12 (1) ◽  
pp. 261-268
Author(s):  
Angel Manchev ◽  
Keyword(s):  
Data Protection ◽  
Technological Progress ◽  
Data Exchange ◽  
Personal Data ◽  
The European Union ◽  
General Data Protection Regulation ◽  
Personal Data Protection ◽  
The Core ◽  
General Data ◽  
The Republic

The protection of personal data is one of the core values of modern European societies. This protection is provided by the law of the European Union and by the national legislations of the Member States, to which the Republic of Bulgaria also belongs. As of May 25, 2018, the protection of personal data is being expanded and updated in response to technological progress and the increasingly accelerated data exchange. The reason for this is the entry into force of Regulation (EU ) 2016/679 (General Data Protection Regulation, GDPR) and the changes in our national law that it imposes. In the sense of what has been said so far, the issues of personal data protection in children’s institutions are especially relevant, because these organizations actively handle personal data at any level of children, parents, teachers and staff. In this article, we will try to give short answers to some of the most important questions regarding personal data and the rules for their protection, according to European and Bulgarian legislation.

scholarly journals DEVELOPMENT OF THE PERSONAL DATA PROTECTION FRAMEWORK – WILL THE PANDEMIC BRING NEW CHANGES?

2021 ◽  
Vol 12 ◽  
pp. 59-66
Author(s):  
Marta Mackeviča ◽  
Keyword(s):  
European Union ◽  
Data Protection ◽  
Personal Data ◽  
Legal Framework ◽  
Point Of View ◽  
The European Union ◽  
Personal Privacy ◽  
General Data Protection Regulation ◽  
Complex Concept ◽  
Personal Data Protection

The General Data Protection Regulation (hereinafter – the Regulation), which entered into force on 25 May 2018 and introduced a new legal framework for the protection of personal data in the European Union, also included a number of new rights, more precise definitions and improvements in the field of personal data protection. The three‐year period has shown that the Regulation has successfully replaced Directive 95/46/EC of the European Parliament and of the Council on the protection of individuals with regard to the processing of personal data and on the free movement ofsuch data, but the Covid‐19 pandemic posed the question: does the Regulation sufficiently define and explain how controllers should deal with the processing of sensitive data, or in situations where employees of companies and institutions work remotely? Data protection is a complex concept that can be analyzed from both a legal and a social point of view. Traditionally, data protection has been referred to as the protection of personal privacy in the context of processes involving the use of personal data. Prior to the implementation of the Regulation, the existing rules on the protection of personal data in the European Union were not sufficiently uniform and were implemented differently in each Member State. It contributed to the development and implementation of the Regulation, in the hope that it would modernize and promote a common data protection regime, while maintaining all the basic principles of data protection that have been followed so far. Prior to the pandemic, the Regulation successfully achieved its original objectives, but hasthe pandemic necessitated a revision of the Regulation? This article will analyze the development of the legal framework for the protection of personal data and analyze the compliance of the Regulation with the requirements arising from the effects of the pandemic.

scholarly journals Research Biobanking, Personal Data Protection and Implementation of the GDPR in France

2021 ◽  
pp. 257-276
Author(s):  
Gauthier Chassang ◽  
Michael Hisbergues ◽  
Emmanuelle Rial-Sebbag
Keyword(s):  
Data Protection ◽  
Personal Data ◽  
Legal Framework ◽  
The European Union ◽  
French Law ◽  
General Data Protection Regulation ◽  
Personal Data Protection ◽  
Research Biobanks ◽  
Active Research ◽  
Set Up

AbstractSince 1978 and the initial French data protection law (Loi n°78-17 du 6 Janvier 1978), consecutive modifications regarding the protection of personal health data, especially in 2004, 2016 and 2018, set up a strict legal regime for processing sensitive personal data, including for research purposes. In recent years, French law has evolved proactively and in parallel with the work of the European Union (EU) on the preparation of what became the General Data Protection Regulation (GDPR), which has been in force since May 2018. This Chapter performs a state-of-art analysis (as of 1 July 2019) of the French legal framework for research biobanks and data protection rules applying to biobanking, in particular those related to data subjects’ rights and Article 89 of the GDPR. Firstly, it provides updated information about the national landscape of active research biobanks in France (Sect. 1). Secondly, it explores how the French law embodies the developments brought by the GDPR and how it envisages individuals’ rights in the context of research biobanking (Sects. 2 and 3). Thirdly, this Chapter analyses existing and potential national exemptions to individuals’ rights, including with regard to Article 89 GDPR, and how France conceives of processing activities of ‘public interest’ (Sect. 4). Finally, the authors address ongoing debates around bioethics law in France and argue for the creation of a specific Act focused on biobanking as a means of integrating, clarifying and developing not only data protection rules but also other activities related to samples, human or not, in a unique, operational and compact act (Sect. 5).

Sign in / Sign up

Export Citation Format

Share Document