Data Privacy Happenings 📰

Hello from MineOS's monthly newsletter, The Privacy Mindset! 👋

The biggest data privacy news of the past month is India passing a comprehensive data protection law, the Digital Personal Data Protection Act. As the world's most populous country and its biggest democracy, this is another watershed moment for data privacy.

While much of the focus in recent years has been on whether the United States will pass a comprehensive national data privacy law, and has more recently shifted to monitoring the vast influx of states that are passing laws to make up for the national regulatory deficiency, Asia has surged. 

Some of the fastest growing economies now only with the APAC region, but the entire world, have passed data privacy laws over the past few years, and 2023 sees that list continuing to grow. 

Similar to India, Vietnam has also passed a data privacy law this year, following Indonesia and Sri Lanka, both of which passed comprehensive laws in 2022. With China passing PIPL in 2021 and other notable Asian economies like Japan amending laws to more closely align with GDPR standards, Asia has near full investment in data privacy going forward.

Much of this new regulation--including India's--requires extraterritorial processing in certain circumstances, as well as consumer notices for major issues like data breaches.

Despite some concern that China's PIPL regulation's data residency and data localization clauses would influence others in the region to adopt similar stances, many of these bills, including India's and Thailand's, have opted not to include those provisions. 

This is a victory for increased data transparency and protected international data flows, and sets the stage for easier entry into these fast-growing markets while still respecting the public's data rights and acknowledging corporate obligations to handle data responsibly. 

As APAC markets continue to grow and increase their appeal to international companies, the region's embrace of data privacy will be a boon and likely will help set the stage for other global markets to follow suit.

Product Spotlight 🔦

Data protection is nothing without adequate data security,  which is why several our the recent updates to MineOS have focused on security measures.

One of those new features is VPN Tunneling so users can create a link between their resources and MineOS. This means data traveling over IPSec isn’t just encrypted, but fortified against potential cyber threats. By adding new features like this to the platform, users can more seamlessly integrate their infrastructure with MineOS without worrying about security concerns.

Regulation Focus 🔬

India's Digital Personal Data Protection Act Chapter II Section 4

"4. (1) A person may process the personal data of a Data Principal only in accordance with the provisions of this Act and for a lawful purpose,—

(a) for which the Data Principal has given her consent; or

(b) for certain legitimate uses.

(2) For the purposes of this section, the expression “lawful purpose” means any purpose which is not expressly forbidden by law."

India passed its comprehensive data protection regulation, the DPDP Act, in early August, culminating a six-year journey for the country to do so. While many of the ideas behind DPDP are extremely similar to the GDPR, the bill is far from a carbon copy of the EU's regulations. 

One of the biggest deviations lies in the Indian regulation's lawful grounds for data processing. The GDPR sets six separate grounds for data processing, all explicitly laid out, but the DPDP only sets two: freely given consent or "certain legitimate uses."

The bill clarifies that "legitimate uses" means "any purpose which is not expressly forbidden by law." That definition is extremely broad, and if not amended for clarity in the future could allow for an unintended amount of data processing that the newly created Data Protection Board of India finds hard to actually regulate.

Considering DPDP also seemingly applies to extraterritorial data processing if goods or services are targeted at the Indian market, laying out such general bases for data processing is not nearly as strict as many within India would have preferred. 

Founder's Corner 🎙️

CTO & co-founder Gal Golan

Q: How can companies facilitate more efficient communication between IT & engineering teams and compliance teams?

A: Messaging and fostering understanding are key. As advanced technology like AI begins to appear in more and more products, principles like privacy by design will only gain importance. 

That's a main focus for compliance teams, but many engineering teams have not been briefed in the nuances of data privacy, and their only experience with compliance is being asked on short notice to carry out difficult compliance tasks like tracking down customer data for DSR handling or helping compile a data map. 

To make work between IT and compliance stronger, companies need to create a more complete and organization-wide message on why data compliance matters and the role every department plays in achieving both compliance and the benefits it brings, such as trust in the brand. 

Webinars & Events 📅

We're starting September with an exciting new entry into our customer webinar series!

Ardoq VP of Operations Nick Peters will join MineOS's Kobi Nissan & Samer Kamal to discuss Ardoq's journey scaling revenue and privacy together, his experience with GDPR from its introduction til today, and actionable advice on how any company can emulate the success of Ardoq's privacy program. 

Register here to be part of the talk on September 7 at 1 PM GMT/9 AM EST 

Talk about

data privacy

with us:

press@saymine.com 

How did you like this month's issue?