The Personal Data Protection Bill, 2019, was introduced in Parliament in December 2019, and was referred to a 30-member Joint Parliamentary Committee for review. The Bill is the first legislation that focusses on privacy of citizens, and could potentially result in significant overhaul of digital businesses and companies. The Committee is expected to submit its report to the Parliament before the Budget Session concludes on April 3, 2020. Earlier this month, MediaNama held discussions in Delhi and Bangalore on the main aspects and impact of the Bill with a wide set of stakeholders. The discussions were held with support from Facebook, Google, and STAR India in Delhi, and with support from Facebook and Google in Bangalore. The discussions were held under Chatham House Rule, so quotes have not been attributed. Quotes are not verbatim and have been edited for clarity and brevity. Read our full coverage of the discussions here: #NAMA India’s Data Protection Law – January 2020. The following is Part II of our notes from the session on cross border data flows, read Part I here. Classification of data is complex What can potentially be sensitive personal data: A lot of Indian names can actually reveal the caste of a person, so wouldn’t names also be considered sensitive personal information, a speaker asked, and added that there is currently a lot of confusion on what exactly is personal data, and what is sensitive personal data. Another speaker highlighted the problem by giving the example of photographs collected for non-biometric purposes, for instance, for…
