afaqs!’s Post

DPDP final draft to be ready for public review in two weeks The government has finalised the draft of the rules proposed to be enacted under the Digital Personal Data Protection (DPDP) Act 2023 and hopes to release them for public consultation in the second or third week of August, sources told ET. The rules are expected to be notified after the current session of the Parliament concludes, sources added. Read more at: https://lnkd.in/dpJYXS5t By Aashish Aryan and Surabhi Agarwal

On 28 March 2024, the Personal Data Protection Commission issued the Advisory Guidelines on the PDPA for Children’s Personal Data in the Digital Environment. The Guidelines clarify how the data protection provisions in the PDPA apply to children’s personal data in the digital environment. A few key points to note include: -         The Guidelines make clear that they apply to organisations whose online products or services are likely to be accessed by children. In particular, the Guidelines provided examples of such products and services, which including social media services (as defined under the Broadcasting Act), EdTech, Online Games and Smart toys and devices. -         The Guidelines require organisations to use language that is readily understandable by children when communicating with children, so that children may understand the consequences of providing and withdrawing consent. -         The Guidelines reaffirmed the [Advisory Guidelines on the PDPA for Selected Topics] and clarifies that the PDPC considers that a child between 13 and 17 may give valid consent. Where an organisation considers a higher age of consent may be more appropriate in its business context, it should obtain consent from a parent or guardian. -         The Guidelines provided examples of what would be considered reasonable purposes for organisations to collect, use or disclose a child’s personal data, including (but not limited to) (a) for age assurance to ensure that only age-appropriate content is accessible, (b) to protect the child from harmful and inappropriate content, and (c) using the behavioural data of a child, such as the use of high-risk search terms including terms relating to self-harm or suicide, to direct the child to relevant safety information. -         The Guidelines clarify that in the case of a data breach resulting in significant harm to individuals who are children, the organisation remains obliged to inform the affected data subject, even though the data subject is a child. At the same time, the Guidelines recognised that if an organisation proactively informs the child’s parent or guardian of the data breach (if the organisation has the contact details of the parent / guardian), the child’s parent or guardian would be able to take steps to mitigate the harm of the data breach. The Guidelines can be found at https://lnkd.in/gf5mERri. #tmt #technology #media #telecoms #dataprotection #law #legal #lawyer #Singapore #southeastasia #asia #asiapacific #RajahTannAsia #RTA #LawyersWhoKnowAsia

On 29 May 2024, the Data Protection Commission Ireland (“DPC”) released its 2023 Annual Report revealing another busy year for the authority. Following several cross-border and national inquiries, the DPC issued a number of record fines and corrective orders and by the end of 2023, it had imposed fines totalling €1.55 billion. We have summarised the key points which you can read here: https://lnkd.in/g93aU9g8 #DataProtection #DPC

A Joint Statement by Ofcom and the Information Commissioner’s Office on Collaboration on the Regulation of Online Services: We have published a joint statement with Ofcom about collaboration on the regulation of online services where online safety and data protection intersect. #dataprotection #dataprivacy #privacy

Here's a great summary by Arthur Cox LLP of the recently released annual report from Data Protection Commission Ireland.

Data Protection and Digital Identity Bill The DP&DI Bill (No 2) goes into Lords Committee today. There is no Keeling Schedule for the current version with the latest Government amendments in it. The Bill is already hugely problematic: the definition of PD is amended to produce a circular definition which is both over and under inclusive; a raft of exemptions from the full legitimate interest grounds for processing are introduced and a raft of exemptions from purpose limitation and compatibility. Does anyone have a version with the latest amendments incorporated that they would be willing to share please?

On March 4, 2024, the Senate approved House Bill 707, which seeks to amend the Virginia Consumer Data Protection Act (CDPA) concerning safeguards for children. The bill had previously been endorsed by the Senate Committee on General Laws and Technology on February 28, 2024. It had already been passed by the Virginia House of Delegates on February 6, 2024. This legislation imposes new obligations on handling children's data under certain conditions, regulates the utilization of geolocation data, and mandates the undertaking of data protection assessments. #virginia #dataprivacy #children #dataprotection #dataprivacylaw #zedroit

Consent isn't just a checkbox; it's a fundamental aspect of the DPDP Act. It signifies an individual's permission for their personal data to be processed by an organisation. But it's not a simple "yes" or "no" scenario for organisations. The Digital Personal Data Protection Act lays out specific criterias for consent to be valid. Watch the video below for understand it better! If you need expert guidance to navigate through DPDPA for your organisation, feel free to reach out to us. Details in the comments!

The final draft of the Digital Personal Data Protection Act 2023 is nearing public consultation, set for August. Key points include a focus on balancing privacy protection with complaint validity and addressing age verification concerns.

The forthcoming rules are expected to provide clarity on several key aspects: 🛑 Appointments and Working of the #DataProtectionBoard (DPB): Detailed guidelines on the structure and functions of the DPB. 🛑User Complaints: Procedures for users to raise #complaints with the DPB. 🛑Appealing DPB Decisions: Processes for #appealing decisions made by the DPB. 🛑 Access Requests: Methods for users to #requestdata collected by Data Fiduciaries. 🛑 Deletion Requests: Procedures for users to request the #deletion of their data by Data Fiduciaries. 🛑 Data Erasure Timelines: Timeframes for #DataFiduciaries to erase personal data if consent is withdrawn. 🛑 Redressal Timelines: Timelines for addressing user #grievances. 🛑 Consent for Minors: Guidelines for obtaining #parentalconsent in the case of minors. 🛑 Notifications: Requirements for #DataFiduciaries to inform users in the event of a data breach. 🛑 Managers: Technical, operational, and financial conditions for #ConsentManagers.