Grounds for Lawful Processing of Personal Data in GDPR and Personal Data Protection Bill 2018, India (PDPB): Section – IV: Vital Interests.

Abstract

In order to protect individuals’ right to informational-privacy or their personal data, The European Parliament adopted a robust, detailed and updated piece of law namely 'General Data Protection Regulation' (‘GDPR’), which applies to all the individuals and organizations in all EU Member states and has extra territorial application as well i.e. beyond the territorial boundaries of EU. It has set a new global gold standard for all the countries in the world regarding data protection as it puts the interests and rights of online consumers/uses in the epicenter and ask/obligates companies and agencies to respect them. Taking GDPR as a global standard, many other countries (such as Australia & Japan) have enacted or are under the process of enacting specific and special data protection laws. Not lagging behind, India is also under the process of formulating an all-inclusive and special Data Privacy law. In August 2017, the Indian Government constituted an expert committee to review data protection norms in India and make recommendations . The Committee submitted its final report (‘the Report’) along with a draft law, ‘The personal data Protection Bill, 2018’ (‘the PDPB’) in July 2018. Although the expert committee, while drafting the PDPB, appears to have more or less followed the lines and the standards which GDPR has streaked. Nevertheless, a lot of material aberrations and significant additions/deletions have been incorporated into the Bill, especially qua different terminologies, grounds of processing, and ‘rights of data subjects’ etc., which needs to be studied and explored in depth. However, the purpose of this paper (divided into sub-sections) is not to make a general overall comparison of GDPR and PDPB, but is specifically limited to compare, identify and analyze the differences in the available ‘grounds for processing of personal data’ in these two pieces of legislations. Both of the regulations under review prescribe that processing can only be said to be lawful, if it is based upon one or more of the legal grounds available in the respective regulations. These grounds are also general in nature and not specific for any particular kind of business sectors. Although some of the grounds (not all), as mentioned in both of the legislations, appears to be somewhat similar, but nevertheless, their scope of applicability or legal connotations and requirements could be entirely different. In the following sections, the focus would be to identify, discuss and analyze the material differences between the prescribed legal grounds for processing in both of the legislations. The First, Second, Third, Fourth and Fifth section of this paper dealt with the first, second, third, fourth and fifth ground of the processing of Personal Data (i.e. Consent, Performance of Contract, Legal Obligation, Vital Interests and Public Interests & Exercise of Official Authority.) and now, the present and Sixth section of the paper would deal with the next ground of processing for personal data (i.e. Legitimate Interests).