Possible Last Window for the Start-Up Community’s Say on Proposed Privacy Law

Wednesday, February 19, 2020

SESSION: 16:30PM to 19:00PM (IST)

Introduction

India has recently seen a flurry of interesting developments in the data privacy space, potentially having wide ramifications on India’s thriving technology and start-up ecosystem.

The Personal Data Protection Bill, 2019 (“Bill”) was introduced in the lower house of Parliament in India on December 11, 2019.

On December 12, 2019, the Bill was referred to a Joint Parliamentary Committee for further debate and examination (“Parliamentary Committee”). The Parliamentary Committee has invited comments from stakeholders on the Bill over a three week period until February 25, 2020, based on which further changes may be made in the Bill, along with the inputs of the Parliamentary Committee.

This Bill is a landmark development in the Indian legal landscape as it is the first-of-its-kind data protection law. The Bill finally addresses questions to which answers have been long awaited, such as protection of wider categories of data, cross-border data flows, data localization, and enhanced obligations on data controllers.

The Indian technology and start-up ecosystem has been expanding exponentially over the last few years, aided by various Government initiatives such as the start-up policy, tax incentives, Digital India, Make in India and the like. However, this Bill proposed may not be on the same lines of aiding start-ups and facilitating innovation.

We focus on the impact that this Bill may have on the start-up space and whether this draft law proposed may be a bust or a boost for start-ups in India. We will be focusing on seeking collective inputs from the start-up community which may be submitted to the Parliamentary Committee for their consideration in the review of the Bill.

Focus Area

  • Extra-territorial applicability (covering non-Indian entities)
  • Wider categories of data protected
  • Government’s power to request data controllers for Non-Personal Data /Anonymized Data
  • Enhanced data controller obligations and rights conferred on data subjects (flavors of GDPR)
  • Cross-border data transfer restrictions and data localization requirements
  • Special provisions on children’s data
  • Right to be forgotten and data portability
  • ‘Social media intermediaries’ and voluntary verification of social media user accounts
  • Enhanced penalties linked to global turnover in some cases

Program

16:30 – 17:00 :

REGISTRATION AND HIGH TEA

17:00 – 18:30 :

PANEL DISCUSSION

18:30 – 19:00 :

Q&A

Speakers

LEADERS OF THE firm's TECHNOLOGY LAW AND DATA PRIVACY  PRACTICE

Partners