In Case C‑311/18, the Court of Justice of the European Union has invalidated data transfers from the European Union to the United States of America that rely on the EU-US Privacy Shield. While this decision – popularly referred to as Schrems II – has a significant impact on data exchanges between the two countries, its …
Will Maximillian Schrems haunt Indian Privacy Law? Read More »
Introduction A significant increase in medical research in India gives rise to the question – does transfer of genomic data from India require regulatory consent? India’s data protection framework is silent – and its health laws, while not so silent, do not comprehensively frame the process required for the transfer of genomic data. In summary, …
Cross-border transfers of genomic data: the Indian framework Read More »
INTRODUCTION The Supreme Court of the United Kingdom (“Supreme Court” or “Court”) in WM Morrison Supermarkets plc versus Various Claimants[1] was faced with the question on the vicarious liability of employers for a data breach committed by employees. While this question has not yet arisen under Indian law, given the Puttaswamy judgment[2] – we suspect …
Vicarious Liability for Data Breach: English Law Read More »
On June 26, 2019, the Reserve Bank of India issued clarifications to its fairly controversial data localisation order that required all data relating to payment systems to be stored in India (“Data Localisation Order” or “Order”). While the Data Localisation Order regulated entities that fell within the RBI’s ambit, the clarifications go a step further: …
I. Introduction The Mental Healthcare Act, 2017 (“Mental Healthcare Act”) effectuated in 2018 replaced the then extant – and archaic – 1987 law on the treatment of mental health and illness in India. Aimed to protect the rights of persons with mental illnesses, the Mental Healthcare Act goes a step further than the 1987 legislation …
Privacy In The Context Of Mental Healthcare Act, 2017 Read More »
Introduction The Division Bench of the Kerala High Court on September 4, 2019, in Raju Sebastian and Ors. v. Union of India[1] ruled that demand for bank statements and income tax details would constitute a violation of the fundamental right to privacy if the demand did not satisfy the tests of legality, proportionality, and necessity as …
I. Introduction The Australian Competition and Consumer Commission (“ACCC”) has initiated litigation in the Federal Court of Australia (“Court”) against Google LLC and Google Australia Pty. Ltd. (“Google”) for alleged violations of Australian Consumer Law. The ACCC has alleged that Google has misrepresented facts to the consumers on the collection of location data. The matter …
Google Taken To Court By Australian Regulator For Its Data Practices Read More »
The Personal Data Protection Bill, 2018 (“PDPB”) is a draft law submitted in July 2018 by a committee of experts on data protection constituted by the Indian Government. The PDPB is conceptually similar to the European Union’s General Data Protection Regulation (“GDPR”). The table below provides an easy-to-read and digestible comparison of the key provisions …
