Prescriptive or outcome based?
a comparative analysis of India’s personal data protection bill and European Union’s GDRP
DOI:
https://doi.org/10.60054/PEU.2020.7.173-185Keywords:
GDRP, Personal Data Protection, Privacy, Right to be forgotten, Sensitive personal dataAbstract
The concern regarding privacy started with the increase in the use of advanced technology related to computers and the internet. The data and information created, sent, shared, and stored in these digital files through the advanced technologies and platforms are prone to cyber-attacks leading to breach of privacy and making sensitive personal information and data public. These concerns have led many countries to adopt data protection laws, to protect the right to privacy on one hand, and to regulate the businesses that gather, store and sell such data for commercial gains, on the other hand. The authors in the research paper have discussed privacy as a construct, then its transformation, its connotations and operation in the Information and Communication Technologies World. Further, they have discussed, compared and analysed how the issues pertaining to consent, right to be forgotten and handling of sensitive personal data have been addressed in the European Union’s General Data Privacy Regulation with the Personal
Data Protection Bill, 2019, of India. The authors conclude on the ever-changing concept of privacy also on how the relevant issues have been addressed either through the prescriptive or the outcome-based provisions of both the GDPR and the PDPB, 2019.
References
Beaney, W. M. (1966). The right to privacy and American law. Law & Contemporary Problems, 31, 253.
Beaney, W. M. (1967). The Right to Privacy and American Law. Retrieved from https://scholarship.law.duke.edu/cgi/viewcontent.cgi?article=3107&context=lcp
Dempsey, J., Sim, G., & Cassidy, B. (2018). Designing for GDPR-Investigating Children’s Understanding of Privacy: A Survey Approach. Retrieved from http://clok.uclan.ac.uk/24179/1/BHCI-2018_paper_82.pdf
Irwin, L. (2020). List of data breaches and cyber-attacks in March 2020 - 832 million records breached. IT Governance Ltd. Retrieved from https://www.itgovernance.co.uk/blog/list-of-data-breaches-and-cyber-attacks-in-march-2020-832-million-records-breached
James, M. (2014). A comparative analysis of the right to privacy in the United State, Canada and Europe. Connecticut Journal of International Law, 29(2), 262.
Kulkarni, P. (2020, April 25). Leak of PMC Data Spread Personal Details of Patients Over Social Media. Pune Mirror. Retrieved from https://punemirror.indiatimes.com/pune/cover-story/leak-of-pmc-data-spreads-personal-details-of-patients-over-social-media/articleshow/75396397.cms
Layton, R. (2019). The 10 Problems of the GDPR: The US Can Learn from the EU’s Mistakes and Leapfrog Its Policy (AEI Paper & Studies, 1). Retrieved from https://www.questia.com/library/journal/1G1-582399316/the-10-problems-of-the-gdpr-the-us-can-learn-from
McCreary, L. (2008). What was privacy? Harvard Business Review, 86(10), 123–130.
Mulligan, D. K., Koopman, C., & Doty, N. (2016). Privacy is an essentially contested concept: a multi-dimensional analytic for mapping privacy. Philosophical Transactions of the Royal Society A: Mathematical, Physical and Engineering Sciences, 374(2083), 20160118.
Nissim, K., & Wood, A. (2018). Is Privacy Privacy? Philosophical Transactions of the Royal Society A: Mathematical, Physical and Engineering Sciences, 376(2128), 20170358 3.
Patrick Breyer v Bundesrepublik Deutschland, Case C-582/14, ECLI:EU:C:2016:779 (CJEU 2016). Retrieved from https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX%3A62014CJ0582
Schwart, P. M., & Peifer, K.-N. (2019). Structuring International Data Privacy Law. International Data Privacy Law, 21. Retrieved from https://www.law.berkeley.edu/wp-content/uploads/2019/10/Schwartz-Intl-Data-Privacy-Law-21.pdf
Solove, D. J. (2007). The future of Reputation: Gossip, Rumor, and Privacy on the Internet. Yale University Press.
Universal Declaration of Human Rights, G.A. Res. 217A (III), Art. 12, U.N. GAOR, 3d Sess., 1st plen. mtg., U.N. Doc A/810 (Dec. 10, 1948).
Warren, S. D., & Brandeis, L. D. (1890). The right to privacy. Harvard Law Review, 4(5), 193–220. Retrieved from https://www.cs.cornell.edu/~shmat/courses/cs5436/warren-brandeis.pdf
Legislation and other:
California Online Privacy Protection Act, (2004).
Canada’s Personal Information Protection and Electronic Documents Act, (2000).
Children’s Online Privacy Protection Act, (2000).
European Convention for the Protection of Human Rights and Fundamental Freedoms, Art. 8, Nov. 4, 1950, 213 U.N.T.S. 221.
European Union Agency for Fundamental Rights & Council of Europe. (2018). Handbook on European data protection law (2018 edition). Retrieved from https://fra.europa.eu/en/publication/2018/handbook-european-data-protection-law-2018-edition
European Union’s General Data Protection Regulation, Regulation (EU) 2016/679 (2018).
Federal Law 13,709 General Data Protection Law, (Brazil 2018).
Google Spain SL and Google Inc. v Agencia Española de Protección de Datos (AEPD) and Mario Costeja Gonzàlez, Case C-131/12, ECLI:EU:C:2014:317 (CJEU 2014). Retrieved from https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX%3A62012CJ0131
Human Rights Watch. (2018, June 6). The EU General Data Protection Regulation. Retrieved from https://www.hrw.org/news/2018/06/06/eu-general-data-protection-regulation
Interpol. (2020). ASEAN CYBERTHREAT ASSESSMENT 2020. Retrieved from https://www.interpol.int/content/download/14922/file/ASEAN
Personal Data Protection Act, Act 709 (Malaysia 2010).
Personal Data Protection Bill, 2019 (Bill No. 373 of 2019).
Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation). (2016). Official Journal of the European Union, L 119, 1–88. Retrieved from https://eur-lex.europa.eu/eli/reg/2016/679/oj
Cases:
2011, Case C-70/10, available at https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX%3A62010CJ0070.
9th October 2016, Case C-582/14, available at https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX%3A62014CJ0582.
Clause 11 of the Personal Data Protection Bill, 2019.
Clause 11(5) of the Personal Data Protection Bill, 2019.
December 2017) (C-434/16) available at [https://gdpr-info.eu/art-4-gdpr/(20th](https://gdpr-info.eu/art-4-gdpr/(20th) https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX%3A62016CJ0434
K. S. Puttaswamy v. Union of India (2019) 1 SCC 1.
Kharak Singh v. The State of U.P. AIR 1963 SC 1295.
Minority judgement of Justice Subba Rao in the case of Kharak Singh v. The State of U.P. (1964); R. Rajagopal v. State of Tamil Nadu (1994); PUCL v. Union of India (1997) 1 SCC 301, State of Maharashtra v. Madhukar Narayan Mardikar, (1991) 1 SCC 57.
Peter Nowak v. Data Protection Commissioner (20th December 2017) (C-434/16) (https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX%3A62016CJ0434).
PUCL v. Union of India (1997) 1 SCC 301.
R. Rajagopal v. State of Tamil Nadu. 1994 SCC (6) 632.
Scarlet Extended SA v Soci ́åt ́å belge des auteurs, compositeurs et å ́diteurs SCRL (SABAM) (2011), Case C-70/10, (https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX%3A62010CJ0070).
State of Maharashtra v. Madhukar Narayan Mardikar, (1991) 1 SCC 57
