Brazil and India follow EU’s example on data protection legislation

Brazil and India follow EU’s example on data protection legislation
31 Aug 2018

Both India and Brazil are in the process of introducing new legislation that is considered similar to the European Union’s General Data Protection Regulation (GDPR). 

While a draft law is currently under consideration in India, new rules are just about to come into force in Brazil.

India's Justice Srikrishna Committee has submitted the draft Personal Data Protection Bill 2018 to the Government, along with a report on creating a data security framework. According to the The Logical Indian, the report draws inspiration from the GDPR.

The proposed Bill recommends that internet users have the final say when it comes to the use of their personal data and will have the right to withdraw consent. It also states that any party that is processing personal data must do so in a fair manner.

If data is misused, non-compliant parties will be subject to a jail term of three years, a fine of up to Rs 2 lakh (US$2,827), or both. For some other contraventions, which include flouting the rules on cross-border transfers, consent and grounds of processing, penalties will rise to Rs 15 crore (US$2.1 million) or 4% of the organisation’s global turnover during the previous financial year, whichever is higher.

While amendments have already been proposed to the Right to Information and Information Technology Acts, no amendments have yet been suggested to the Aadhaar Act, which deals with digital identification numbers. 

The draft Bill mandates absolute data localisation, which means that any storage and processing of critical personal data must be carried out in India. It also requires the creation of a Data Protection Authority in the country. 

Meanwhile, Brazilian President Michel Temer has sanctioned Law No. 13.709/2018, which regulates data protection in the public and private sectors. Again largely inspired by the GDPR, it defines the term ‘personal data’ very broadly and lays down the principles that govern its use.

The legislation permits an exchange of data with countries or international organisations that provide an appropriate level of protection for personal information, or offer assurances that it will be safeguarded by means of standard contractual clauses, global corporate standards, seals, certificates or codes authorised by the national data protection authority.

According to the National Law Review, the legislation will be known as the ‘Autoridade Nacional de Proteção de Dados’ (APND).

Emma Woollacott

Emma Woollacott is a freelance business journalist. Her work has appeared in a wide range of publications, including the Guardian, the Times, Forbes and the BBC.

OTHER ARTICLES THAT MAY INTEREST YOU

The General Data Protection Regulation has arrived!

GDPR: Tackling the new data processor regulations

Ensuring GDPR compliance in HR and payroll

 

 

Both India and Brazil are in the process of introducing new legislation that is considered similar to the European Union’s General Data Protection Regulation (GDPR). 

While a draft law is currently under consideration in India, new rules are just about to come into force in Brazil.

India's Justice Srikrishna Committee has submitted the draft Personal Data Protection Bill 2018 to the Government, along with a report on creating a data security framework. According to the The Logical Indian, the report draws inspiration from the GDPR.

The proposed Bill recommends that internet users have the final say when it comes to the use of their personal data and will have the right to withdraw consent. It also states that any party that is processing personal data must do so in a fair manner.

If data is misused, non-compliant parties will be subject to a jail term of three years, a fine of up to Rs 2 lakh (US$2,827), or both. For some other contraventions, which include flouting the rules on cross-border transfers, consent and grounds of processing, penalties will rise to Rs 15 crore (US$2.1 million) or 4% of the organisation’s global turnover during the previous financial year, whichever is higher.

While amendments have already been proposed to the Right to Information and Information Technology Acts, no amendments have yet been suggested to the Aadhaar Act, which deals with digital identification numbers. 

The draft Bill mandates absolute data localisation, which means that any storage and processing of critical personal data must be carried out in India. It also requires the creation of a Data Protection Authority in the country. 

Meanwhile, Brazilian President Michel Temer has sanctioned Law No. 13.709/2018, which regulates data protection in the public and private sectors. Again largely inspired by the GDPR, it defines the term ‘personal data’ very broadly and lays down the principles that govern its use.

The legislation permits an exchange of data with countries or international organisations that provide an appropriate level of protection for personal information, or offer assurances that it will be safeguarded by means of standard contractual clauses, global corporate standards, seals, certificates or codes authorised by the national data protection authority.

According to the National Law Review, the legislation will be known as the ‘Autoridade Nacional de Proteção de Dados’ (APND).

Emma Woollacott

Emma Woollacott is a freelance business journalist. Her work has appeared in a wide range of publications, including the Guardian, the Times, Forbes and the BBC.

OTHER ARTICLES THAT MAY INTEREST YOU

The General Data Protection Regulation has arrived!

GDPR: Tackling the new data processor regulations

Ensuring GDPR compliance in HR and payroll

 

 

Leave a Reply

All blog comments are checked prior to publishing