back to article India mulls ban on probes into anonymized data use – with GDPR-style privacy laws

India is following Europe down the data protection path, with draft legislation criticized as a mixed bag of good and bad laws being proposed on Friday. Under the proposals, there will be a data protection authority with the ability to impose fines; individuals get some new rights over how their data is handled, but not as …

  1. bobajob12

    Follow the money

    IIRC, India (and Singapore, and few others) is one of the countries that the EU considers to *not* have adequate data safeguards in place for any company subject to GDPR to use as a data processor. You can imagine, that this puts a dampener on all that yummy outsourcing.

    See: https://www.pwc.in/consulting/cyber-security/blogs/how-can-indian-organisations-prepare-for-the-gdpr-regime.html for a brief explanation.

    El Reg readers should be aware that if they are working for an EU company (data controller) that uses an external data processor (such as an Indian outsourcer), they need to tread extremely carefully. The GDPR has real teeth. You do not want to mess it up.

    1. Anonymous Coward
      Anonymous Coward

      Re: Follow the money

      Sources for Singapore on same level as India please? Meantime:

      https://www.bbc.co.uk/news/world-asia-44900507

      1. bobajob12

        Re: Follow the money

        An AC asked for a source on Singapore. I use that as one example. The key tenet is that the EU needs to have made an "adequacy decision" for a country, and Singapore isn't on that list, ergo, is not considered adequate by the EU.

        Here's the official word from the EU: https://ec.europa.eu/info/law/law-topic/data-protection/data-transfers-outside-eu/adequacy-protection-personal-data-non-eu-countries_en

        And here's a link from a local Singapore law site: https://lawgazette.com.sg/feature/the-new-european-general-data-protection-regulation/

        hth!

  2. Mark 85 Silver badge

    India? Good for them... I hope.

    Now if they'd just take action about all those people calling me from Microsoft telling me I have a virus.

    1. Teiwaz Silver badge

      Re: India? Good for them... I hope.

      Now if they'd just take action about all those people calling me from Microsoft telling me I have a virus.

      I always find those rather amusing. But then, I'm both fairly computer literate and a 'Linux user.

      1. graeme leggett

        Re: India? Good for them... I hope.

        The world has moved on, these days it's "BT" calling you to say there's "a problem with your router".

        I haven't hung on the line long enough to find out what form a miscreancy they are up to. But I'll hazard a guess it's going to be some form of remote viewer and then mucking up your system. Perhaps someone can enlighten us.

    2. Voyna i Mor Silver badge

      Re: India? Good for them... I hope.

      The callers may be from India but I think a lot of the organisers are in the West.

      They are obviously extremely well informed too, since after I led one up the garden path recently he began to tell me things about my mother of which I had no idea. BT take action against them? Oh come now. You can't expect a telecoms provider to do anything about abusive phone calls.

      1. DropBear Silver badge
        Childcatcher

        Re: India? Good for them... I hope.

        But those are the Fake News of BT! This is unacceptable! BT must be forced by law to hire thousands of prank call moderators who should weed those out in real time, as they happen! How long can we allow BT to get away claiming no responsibility like this?!? Think of the children!

      2. Anonymous Coward
        Anonymous Coward

        Re: India? Good for them... I hope.

        "The callers may be from India"

        Oh no, if only I had known. So that's why they hang up so fast when I inquire about the weather conditions in Pakistan. I just tried to be polite. Really!

  3. Doctor Syntax Silver badge

    "exemptions granted to government in the bill."

    Sounds familiar. Not so much like the GDPR, more like the UK's new DPA.

  4. Anonymous Coward
    Anonymous Coward

    Indian coding vs data protection. This won’t end well.

  5. eldakka Silver badge
    WTF?

    re-identifying anonymized data

    If it can be re-identified, then it hasn't been properly anonymized in the first place.

    The fine should be on the organisation that claims to have anonymized the data for failing to do so, not on the person who did the de-anonymization.

    1. Alister Silver badge

      Re: re-identifying anonymized data

      If it can be re-identified, then it hasn't been properly anonymized in the first place.

      That is not necessarily the case. Let's say that company A provide anonymized purchase data to a company Z who carry out data analysis.

      And then company B provide anonymized health data to company Z,

      And then company C provide anonymized travel data to company Z.

      Company Z may, through intersections between data from A B and C, be able to identify individuals, where that would be impossible from any single one of the data sets.

      That doesn't mean that the individual data sets are not sufficiently anonymized, just that accumulation of many data points from different sources can allow correlations which lead to the identity of the subject.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2019