white_paper_on_data_protection_in_india_171127_final_v2
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
a. The SPDI Rules use the term sensitive pers<strong>on</strong>al <strong>in</strong>formati<strong>on</strong> or <strong>data</strong>.<br />
b. Adopt <strong>on</strong>e term, pers<strong>on</strong>al <strong>data</strong> as <strong>in</strong> the EU GDPR or pers<strong>on</strong>al <strong>in</strong>formati<strong>on</strong> as <strong>in</strong><br />
Australia, Canada or South Africa.<br />
3. What k<strong>in</strong>d of <strong>data</strong> or <strong>in</strong>formati<strong>on</strong> qualifies as pers<strong>on</strong>al <strong>data</strong>? Should it <strong>in</strong>clude any k<strong>in</strong>d<br />
of <strong>in</strong>formati<strong>on</strong> <strong>in</strong>clud<strong>in</strong>g facts, op<strong>in</strong>i<strong>on</strong>s or assessments irrespective of their accuracy?<br />
4. Should the def<strong>in</strong>iti<strong>on</strong> of pers<strong>on</strong>al <strong>data</strong> focus <strong>on</strong> identifiability of an <strong>in</strong>dividual? If yes,<br />
should it be limited to an ‗identified‘, ‗identifiable‘ or ‗reas<strong>on</strong>ably identifiable‘<br />
<strong>in</strong>dividual?<br />
5. Should an<strong>on</strong>ymised or pseud<strong>on</strong>ymised <strong>data</strong> be outside the purview of pers<strong>on</strong>al <strong>data</strong>?<br />
Should the law recommend either an<strong>on</strong>ymisati<strong>on</strong> or psued<strong>on</strong>ymisati<strong>on</strong>, for <strong>in</strong>stance as<br />
the EU GDPR does?<br />
[An<strong>on</strong>ymisati<strong>on</strong> seeks to remove the identity of the <strong>in</strong>dividual from the <strong>data</strong>, while<br />
pseud<strong>on</strong>ymisati<strong>on</strong> seeks to disguise the identity of the <strong>in</strong>dividual from <strong>data</strong>.<br />
An<strong>on</strong>ymised <strong>data</strong> falls outside the scope of pers<strong>on</strong>al <strong>data</strong> <strong>in</strong> most <strong>data</strong> protecti<strong>on</strong> laws<br />
while psued<strong>on</strong>ymised <strong>data</strong> c<strong>on</strong>t<strong>in</strong>ues to be pers<strong>on</strong>al <strong>data</strong>. The EU GDPR actively<br />
recommends psued<strong>on</strong>ymisati<strong>on</strong> of <strong>data</strong>.]<br />
6. Should there be a differentiated level of protecti<strong>on</strong> for <strong>data</strong> where an <strong>in</strong>dividual is<br />
identified when compared to <strong>data</strong> where an <strong>in</strong>dividual may be identifiable or reas<strong>on</strong>ably<br />
identifiable? What would be the standards of determ<strong>in</strong>g whether a pers<strong>on</strong> may or may<br />
not be identified <strong>on</strong> the basis of certa<strong>in</strong> <strong>data</strong>?<br />
7. Are there any other views <strong>on</strong> the scope of the terms ‗pers<strong>on</strong>al <strong>data</strong>‘ and ‗pers<strong>on</strong>al<br />
<strong>in</strong>formati<strong>on</strong>‘, which have not been c<strong>on</strong>sidered?<br />
40