Justice Sri B N Srikrishna drafted the Personal Data Protection Act of India is now in consideration for the Parliament to be passed into an Act.
In the meantime, in a big boost to the Indian version of the privacy law, a bill has been proposed in US for a Federal Privacy Law which has taken one of the most defining provisions of the Indian law into its recommendations.
This law is titled COPRA (Consumer Online Privacy Rights Act)
Today I came across an article titled “A New US Federal Privacy Bill-Is it GDPR/CCPA -like?”
I however felt that it should have also added “Is it PDPA (India) like?” because of one of the significant new “Right” that it proposes to provide the data subjects.
For example COPRA suggests recognition of a Right that imposes
“A Duty of loyalty by covered entities and specifically a duty to avoid deceptive practices”
This is exactly same as what Indian PDPA proposes under Section 4 stating
DATA PROTECTION OBLIGATIONS
4. Fair and reasonable processing.—
Any person processing personal data owes a duty to the data principal to process such personal data in a fair and reasonable manner that respects the privacy of the data principal.
PDPA further fortifies its intentions by calling the Data Subject the “Data Principal” and the Data Controller the “Data Fiduciary” making the Data Fiduciary take on trusteeship role which automatically incorporates the “No Deception” requirement proposed in the US law.
In a way this removes a huge perception hurdle for Indian privacy and data protection analysts to accept the new concept that “Data Fiduciary is a Trustee” because it is not only Justice Srikrishna who is saying so and not only Naavi who is evangelizing this interpretation but it is the US who is saying it.!