Comparison- Personal Data Protection Bill and General Data Protection Regulation

Why are the mentioned bills alike?

  • The exceptions given to the Indian PDP Bill (prsindia.org) and the EU Regulation look similar. Both allow data processing for prevention, investigation, detection, or prosecution of criminal offences.
  • Consent: The PDP Bill and the GDPR are founded upon the concept of consent. In other words, data processing should be allowed when the individual allows it.
  • Individual’s rights: Both have similar rights given to the individual, including the right to correction, the right to data portability (transferring your data to another entity), and the right to be forgotten (the right to erase the disclosure of your data).
  • Other similarities: Both place responsibility on the fiduciaries, such as building products that include privacy by their design and transparency about their data-related matters.
  • The European Data Protection Board in the GDPR and the Data Protection Authority in the PDP Bill have some similar duties, such as dispute resolution and codes of conduct.

PDP Bill and GDPR

Where do they differ?

  • Data Transfer Abroad: One significant difference between the GDPR and the PDP Bill is the framework built around deciding whether or not data can leave the country. Both give a government authority the power to decide if data transfers can occur, but the GDPR more clearly lays out the parameters of this decision.
    • Their “Adequacy Decision” is made based on the country’s rule of law, authorities, and other international commitments. The transfer can be made without this decision if there are legally binding rules or other codes of conduct that allow for it.
    • The PDP simply states that the Authority has to have the approval of the transfer of any sensitive personal data abroad, without specifying as many details about the other country’s “adequacy” in receiving the data.
  • Automated Decisions: The GDPR much more directly addresses personal harm from automated decision-making.
    • The PDP Bill requires an assessment in cases of large-scale profiling but does not give the citizen the right to object to profiling, except in the cases of children.

Learn more about PDP bill here- Introduction to Personal Data Protection Bill, 2019 – legalupdates.in.