In the rapidly evolving landscape of data protection and cybersecurity, the India Privacy Act stands as a significant legislative milestone. To shed light on its nuances and implications, CESO platform recently hosted a panel discussion featuring leading experts in cyber law: Advocate Dr. Pavan Duggal, Advocate Dr. Prashant Mali, and Advocate Punita Shetty. Moderated by Vikash Parekh, the session provided invaluable insights into the Act's key highlights and its impact on various stakeholders. This blog aims to encapsulate the essence of the discussion, offering a comprehensive overview of the India Privacy Act and what it means for organizations and individuals alike.

Here is the verbatim discussion:

cyber security law guy and when I think about cyber security law I had always been like uh I got to know Punit very recently but Prashant and Pavan I know for pretty long time I can't think of a better panel of experts if I had to go and take advice from so I believe for the audience um as far as at least I know I I can't think of a better audience I'm personally super excited to actually learn from this session so my background had been more on the technical side and um I knew that this thing is brewing finally the Privacy bill has become um how gdpr takes care of it from the perspective of how big the company is in terms of Revenue how how does the Indian Act take care of in Terms of how much will be defined okay so let me first give the Highlight from because other two speakers have spoken about uh from the corporate point of you let me take the data principal point of view you and me so if you and me are losing data the Highlight is we don't have any compensation from the government in fact if you don't follow the rules and because of which you have lost the data you may be charg you may have to pay fine of rupes 10,000 to the data protection board okay so that is the provision so a very uh different provision altoe uh yes you can hear you already sucked into the world pool so any expectation or any representation that look we are not covered under the dpdp ACT must instantaneously evaporate that's the first thing number two broadly speaking this law has come up with three broad Concepts which are alien in the Indian ecosystem but people need to know about it uh we have uh the concept of data principle data fiduciary and the data processor now we need to appreciate that India is coming from a historical standpoint where sharing has been the norm of Life we've all been in joint families we've been sharing information there's the classical joke that by the time you close your Railway Journey you know far more everything about your passenger and stuff like that but in a country like ours uh for the first time the law has now begun to start uh getting into action the law says if you are a data principal then you are the owner of your data your personal data which means that nobody else will be able to use it without your specific consent or under certain specified circumstances the second concept is that of a data fiduciary data fiduciary is a concept where the law says is a legal entity who will determine what kind of processing of the personal data of the data principle will have to take place and of course the third category is data processor where the entity is only processing data personal data our data principle for and on behalf of data fici so everything is very clear we are all covered of course the government wants to give us some uh interum period of preparation and the interum period is necessary because For the First Time in the history of Independent India we now have unprecedently heard fines of 250 CR rupees per contention so as assuming you are an entity you don't comply uh that does not mean that you can subscribe to the Indian jugar School of Management and yet also rest on your laws I think with the Advent of the it act the IPC amended and the dpdp ACT uh the jugar in the Indian ecosystem of electronic uh data.

Highlights:

Introduction of New Roles

• Data Principal: The individual to whom the personal data belongs.
• Data Fiduciary: The entity responsible for determining the purpose and means of processing personal data.
• Data Processor: The entity processing data on behalf of the data fiduciary.

Consent and Rights of Data Principals

• Explicit consent required for data collection and processing.
• Rights to access, correct, and delete personal data.
• Right to be informed about data breaches affecting their data.

Data Protection Board

• Establishment of a Data Protection Board to oversee compliance and handle grievances.
• Powers to investigate, audit, and impose penalties for violations.

Data Localization and Cross-Border Data Transfer

• Mandates for storing certain types of data within India.
• Regulated procedures for transferring data abroad, ensuring protection aligns with Indian standards.

Breach Notification and Compensation

• Mandatory breach notifications to the Data Protection Board and affected individuals.
• No government compensation for data breaches; non-compliance by individuals may result in fines.

Penalties for Non-Compliance

Significant fines up to ₹250 crore per violation for non-compliance.

• Potential criminal liability for severe breaches.

The India Privacy Act represents a pivotal shift in the nation's approach to data protection, demanding significant adjustments from both individuals and organizations. By understanding the Act's key provisions and preparing adequately, stakeholders can navigate the complexities of this new legal landscape effectively. The CESO platform remains committed to supporting its community in staying informed and compliant, fostering a secure and resilient data environment.

Speakers:

Dr. Pavan Duggal is the Founder & Chairman of the International Commission on Cyber Security Law and President of Cyberlaws.Net. He heads the Artificial Intelligence Law Hub and Blockchain Law Epicentre, and is the Founder of Cyberlaw University. Dr. Duggal is the Chief Evangelist of Metaverse Law Nucleus and has directed numerous international conferences on cyber law. He has spoken at over 3000 events and authored 194 books on various legal topics.

https://x.com/pavanduggal
https://in.linkedin.com/in/pavanduggal

Prashant Mali is an acclaimed international cybersecurity and cyber law expert, practicing as a lawyer at the Bombay High Court with 25 years of experience. He holds advanced degrees in computer science and law, and has authored 8 books and 16 research papers on cyber law and data protection. Mali frequently appears on TV and at international conferences, offering expert legal opinions on a wide range of technology-related issues. His landmark legal work includes numerous acquittals and influential policy contributions.

https://x.com/AdvPrashantMali
https://in.linkedin.com/in/prashantmali

Advocate Puneet Bhasin is a Pioneer in Cyber Laws in India and Awarded the Best Cyber Lawyer in India. She is an advisor to the Rajya Sabha Committees on Internet laws and Recipient of 13 National Awards for contribution in Cyber laws one of them being "Best Cyber Lawyer in India".

https://x.com/cyberlawpuneet
https://in.linkedin.com/in/advpuneetbhasincyberlawyer

Bikash Barai is credited for several innovations in the domain of Network Security and Anti-Spam Technologies and has multiple patents in USPTO. Fortune recognized Bikash among India’s Top 40 Business Leaders under the age of 40 (Fortune 40-under-40).Bikash is also an active speaker and has spoken at various forums like TiE, RSA Conference USA, TEDx etc.Earlier he founded iViZ an IDG Ventures-backed company that was later acquired by Cigital and now Synopsys. iViZ was the first company in the world to take Ethical Hacking (or Penetration Testing) to
the cloud.

https://twitter.com/bikashbarai1
https://www.linkedin.com/in/bikashbarai/