Governments and citizens across the world are increasingly aware of the importance of data privacy. With the rise in awareness, authorities in many countries have drafted regulations and laws to protect their citizens on the internet. Other countries have laws in late stages of development.
Governments and citizens across the world are increasingly aware of the importance of data privacy. With the rise in awareness, authorities in many countries have drafted regulations and laws to protect their citizens on the internet. Other countries have laws in late stages of development. Let’s take a look at some of the forthcoming legislation we know the most about.
PIPEDA is the abbreviation for Personal Information Protection and Electronic Documents Act. It was put forward by the Canadian government as the federal privacy law. Although this act was passed into law in April 2000, the importance of PIPEDA was cemented in the last couple of years when data privacy intrusions such as Facebook-Cambridge Analytica came to light.
According to this act, an individual can question the organization based on its data collection and has the right to access the information—similar to the European Union’s GDPR. PIPEDA is drafted similar to GDPR to synchronize with the EU because of their strong trade relations. It allows smooth information flow from European companies to Canadian firms.
Government-regulated organizations such as the telecommunication companies, airlines, banks, TV and radio stations, etc., must adhere to regulations set by PIPEDA. However, companies which come under provincial data regulations are not subject to this act. Instead, they must comply with the state legislature (such as the PIPA in B.C. and Alberta).
The Brazilian government has introduced the Lei Geral de Proteção de Dados Pessoais or LGPD to control data privacy in the country. This law is responsible for protecting the personal data of the country’s 150 million internet users. It was passed in the Brazilian parliament in 2018, and will come into effect in August 2020.
LGPD oversees the protection of PII data such as:
Just like its other counterparts, Brazil’s LGPD was heavily influenced by the EU’s GDPR. The most unique part about this law is that it protects its citizens even from international data collectors. If an internationally based data collector is not processing data according to one of LGPD’s 10 legal bases, the fine is 2% of the company’s revenue, or 50 million Brazilian reals.
If your organization has GDPR compliance, then you’ll need minor tweaks for LGPD compliance.
The PDP or Personal Data Protection Bill, is India’s measure taken to secure the personal data of its citizens. It was presented in the Indian parliament in 2019 by the Ministry of Electronics and Information Technology.
The PDP covers an individual’s sensitive information such as:
The bill asserts ways to regulate the data of:
If violated, the convicted organization has to pay 4% of total revenue or up to 150 million Indian Rupees. In extreme cases, violating parties can face up to 3 years in prison.
On the other hand, the bill grants permission to the government to access user data for the nation’s sovereignty and security. This has sparked debate among activists that the PDP Bill is too permissive in the way it treats governments.
One of the most interesting controversies around the PDP Bill concerns data localization: in its original form, the law required organizations to store at least one copy of personal data on Indian citizens on a server or data center located in India. This would have meant huge costs for many companies that possess data on the +1 billion people living in India. After strong lobbying from multinational business interests, the localization tenet has been watered down in more recent versions of the bill.
Ethyca hosted its second P.x session with the Fides Slack Community earlier this week. Our Senior Software Engineer Thomas La Piana gave a live walkthrough of the open-source privacy engineering platform, Fides 2.0. He demonstrated how users can easily deploy Fides and go from 0 to full DSR automation in less than 15 minutes. If you weren’t able to attend, here are the three main points addressed during the session.
Introducing consent management in Fides 2.0. With the coming state privacy laws in 2023, your business needs to have granular control over users’ data and their consent preferences. Learn more about how Fides can enable this for your business, for free.
Ethyca launched its privacy engineering meetup, P.x, where Fides Slack Community members met and interacted with the Fides developer team. Two of our Senior Software Engineers, Dawn and Steve, gave presentations and demos on the importance of data minimization, and how Fides can make data minimization easier for teams. Here, we’ll recap the three main points of discussion.
We enjoyed two great days of security and privacy talks at this year’s Symposium on Usable Privacy and Security, aka SOUPS Conference! Presenters from all over the world spoke both in-person and virtually on the latest findings in privacy and security research.
At Ethyca, we believe that software engineers are becoming major privacy stakeholders, but do they feel the same way? To answer this question, we went out and asked 337 software engineers what they think about the state of contemporary privacy… and how they would improve it.
The UK’s new Data Reform Bill is set to ease data privacy compliance burdens on businesses to enable convenience and spark innovation in the country. We explain why convenience should not be the end result of a country’s privacy legislation.
Our team of data privacy devotees would love to show you how Ethyca helps engineers deploy CCPA, GDPR, and LGPD privacy compliance deep into business systems. Let’s chat!
Get a Demo