The Personal Data Protection (PDP) Bill, 2019, introduced in Lok Sabha this week, has been referred to a joint select committee. Here are some terms described in the Bill

Data: Information that is represented in a form that is more appropriate for processing.

Cross-border transfer: The movement of data across nation borders

Data localisation: Restrictions on the transfer of data outside national borders.

Data processing: The analysis of data to glean patterns, turning raw data into useful information

Personal data: Data that identifies an individual

Non-personal data: Data that is anonymised, most probably because it is presented in an aggregated or summary form

Data principal: The individual whose data is being collected and processed

Data fiduciary: The entity that collects and/or processes a data principal’s data

Data processor: The entity that a fiduciary might give the data to for processing, a third-party entity

Notice: The fiduciary gives the principal a notice of the collection, including the purpose, the type of data, fiduciary contact details, the principals’ rights, and more

Right to correction and erasure: Principal’s right to correct and erase their data

Right to data portability: The right to receive the data from the fiduciary in a machine-readable format

The right to be forgotten: The right to restrict continuing disclosure of personal data

Privacy by design: Developing the product and business with privacy concerns in mind

Data Protection Authority: A government authority tasked with protecting individuals’ data and executing this Act through codes of practice, inquiries, audits and more (The authority has four groups of tasks. In adjudication, the DPA receives grievances and handles enforcement. In monitoring, it oversees internal assessments and external audits of the fiduciaries, as well as tracks data security breaches. In policy, the DPA defines sensitive personal data, reasonable purposes for processing, forms of consent, and the lawful transfer of data outside of India. Finally, the Authority conducts research and awareness building about data protection.)

Significant data fiduciaries: The Data Protection Authority labels certain as this depending on its data processing, such as volume of data, sensitivity of data, company turnover, risk of harm, and newer technologies.

Data protection impact assessment: The fiduciary’s internal assessment

Data protection officer: A representative of the fiduciary that coordinates with the Authority

Sensitive personal data: Data related to finances, health, official identifiers, sex life, sexual orientation, biometric, genetics, transgender status, intersex status, caste or tribe, religious or political belief or affiliation. This data can only be sent abroad with Authority approval.

Critical personal data: The government decides the definition from time to time and it cannot be taken outside of India at all.

Adjudicating officers: Officers in the DPA with the power to call people forward for inquiry into fiduciaries, assess compliance, and determine penalties on the fiduciary or compensation to the principal. Adjudication decisions can be appealed in the appellate tribunal.

Source: The Indian Express

Relevant for GS Prelims & Mains Paper III; Science & Technology