India could soon join a growing list of governments — the European Union, China, Brazil, and several U.S. states — that are passing data privacy laws. Introduced in the Indian parliament two years ago, India’s data privacy law, if passed, could prove to be hugely influential, as India is a popular center for offshore outsourcing and home to one of the largest internet markets in the world, the legal site JD Supra reported.
U.S. and European Agree on Trans-Atlantic Data Privacy Framework
In March 2022, leaders in the U.S. and Europe came to an “agreement in principle” that guarantees transferring personal data between the two regions is legal. Known as the Trans-Atlantic Data Privacy Framework, it has yet to be finalized.
Under this deal, Europeans who feel their privacy has been violated would be able to object through a “multi-layer redress mechanism,” which would include an independent Data Protection Review Court composed of experts from outside the U.S. government, according to a fact sheet released by the White House.
In a joint statement, the U.S. and European Commission announced the framework will “provide a durable basis for trans-Atlantic data flows, which are critical to protecting citizens’ rights and enabling trans-Atlantic commerce in all sectors of the economy, including for small and medium enterprises. By advancing cross-border data flows, the new framework will promote an inclusive digital economy in which all people can participate and in which companies of all sizes from all of our countries can thrive.”
Three Ways to Prepare for Increasing Data Privacy Regulations
As more governments propose data privacy laws, it’s clear that organizations need to start taking data privacy seriously. However, many organizations believe compliance is difficult, because they lack a fundamental understanding of the data they collect, according to Jonathan Joseph, Head of Solutions and Marketing at Ketch, a platform for programmatic privacy, governance, and security. Below is a summary of Joseph’s recommendations for how organizations can prepare, originally published in CPO Magazine:
- Since these laws usually require organizations document risk assessments, privacy impact assessments, records of processing activities, and other requirements, organizations must develop a dynamic, “always-on” understanding of the data they gather, store, and process.
- As different privacy laws come with their own set of rights for citizens, such as data erasure, rectification, access, etc., including different “lawful basis” for how the data should be processed, and varying definitions of protected data, maintaining efficiency around regulations is challenging. According to Joseph, the key “to driving efficiency in regulation-by-regulation responses is to unlock these privacy primitives, like ingredients to a recipe they can be reassembled to meet current and future obligations.”
- Organizations tend to contain numerous data systems that store and process user data. Organizations can ensure privacy protocols are being met across these complex environments by deploying automation tools with application programming interfaces (software that allows applications to communicate with each other).
Preparing for the growing number of data privacy laws is a complex undertaking. However, organizations that get ahead of the wave will have a much easier time navigating these laws than those who put it off.
Professional Data Privacy Engineering Training
The IEEE | IAPP Data Privacy Engineering Collection is a unique training program designed to further educate an organization’s technical professionals. The program provides access to tools that allow the technical workforce to implement policies and processes for designing products that take ethical personal data use into consideration right from the start.
Plus, download this infographic from IEEE to discover ways how your organization can tackle data privacy regulations!
Joseph, Jonathan. (23 March 2022). The Road Ahead for Data Privacy. CPO Magazine.
Epiq. (20 March 2022). Ten Compelling Features of India’s Proposed Data Privacy Law. JDSupra.