Will Europe’s GDPR Set A Precedent For India’s Data Privacy Rules?

How safe is your data? This has been a question that has taken centrestage ever since the Facebook-Cambridge Analytica data misuse scandal broke a couple of months ago. Now the European Union (EU) is set to roll out a stringent set of data privacy laws called the General Data Protection Regulation on 25 May, 2018.

This deadline has had many digital companies scrambling to review their privacy policies and the way in which they use consumer data.

Facebook has been sending out reminder notices to business managers to make their pages and sites comply with the GDPR. India will soon take a leaf out of these rules as well. So here's how it affects you as a consumer.

What is the GDPR?

The new General Data Protection Regulation places tougher fines on companies that do not comply with guidelines around internet advertising, use of data for targeted ads and e-commerce.

Companies will now need to seek consent from consumers for almost every action they do online. For you, that means a lot more "Click to continue" dialogue boxes popping up, and more elaborate privacy policies to read through and accept.

Smaller companies won't probably have the financial might that Google and Facebook have to survive even one such penalty, and hence all companies are trying to meet the 25 May deadline to comply and avoid being penalised.

Are Companies Prepared for GDPR?

Any company that has an internet-based business is having to redraft its privacy policies and terms & conditions pages. That's just at the front end.

Some companies will have to change the way they have been handling user data, as the law now is more stringent on what constitutes a violation of privacy. And it explicitly seeks consent at every stage.

Many businesses farm out user data to third party companies for operations like targetted advertising. A business may work with multiple partners, who often remain anonymous. However, the new rules state that each of these companies will need to be named - for the consumer to be able to see how his or her data is being used.

What Will Happen in India?

India is playing catch up. Data privacy laws are almost non-existent at the moment, but the government-appointed BN Srikrishna committee will soon be suggesting a framework and law for protecting data. The panel is likely to submit its report by end May 2018.

The panel was set up in August last year, headed by retired Supreme Court judge BN Srikrishna. The government has said it will bring out a law on data privacy the moment the panel submits its report.

This isn't the first time India is attempting to bring in a data privacy law. In 2011, the justice AP Shah committee was tasked with submitting a report on privacy. That panel, submitted its report in 2012, but the Congress-led and BJP-led governments after that haven't been able to enact a law yet.

(The Quint is now on WhatsApp. To receive handpicked stories on topics you care about, subscribe to our WhatsApp services. Just go to TheQuint.com/WhatsApp and hit send.)