Right to be forgotten made a huge impact in Google case. And then GDPR came. It is not absolute right, must be balanced with other factors. - Srinivas Poosarla (Infosys) #PrivacyNama2021
Conversation
Starting point in complying with new data rules: The first step is the CEO themselves and the executive team. You explain to them the full range of activities that will occur. They will do what is necessary to give you resources. Justin Weiss (Naspers-Prosus) #PrivacyNama2021
1
Then you have to have a playbook. Good news is other companies have already done this and there is enough commonality that you can have a Ikea toolkit. - Justin Weiss (Naspers-Prosus) #PrivacyNama2021
1
What occupies the most time for orgs? It is training. Training isn't just once per year. You are in the weed w each dept figuring out what they can do for privacy. So that there can be privacy by design. - Justin Weiss (Naspers-Prosus) #PrivacyNama2021
1
In my team I have privacy counsels and privacy managers that take projects and go through the finish line. This takes time and resources. - Idriss Kechida (Match Group) #PrivacyNama2021
1
What budget should be set aside for data protection teams within companies? - I consider it in categories: at least one person (salary is mid-level lawyer), cost of automation (annual licenses), and costs involved for training. - Justin (Naspers-Prosus) #PrivacyNama2021
1
No straightforward answer in how many people are required or what budget. Consumer facing orgs will need more. If you're constantly adding new features, then risk assessments for privacy is a major cost. Srinivas Poosarla (Infosys) #PrivacyNama2021
1
If we have 100 jurisdictions with 100 different privacy laws? How will companies and products that are global comply? - #PrivacyNama2021
1
1
There are lots of overlap between legislations. My company we go for global standards that map principles of multiple jurisdictions. Only time there are issues is if there is conflicting legislation, which is not often. - Srinivas Poosarla (Infosys) #PrivacyNama2021
1
Ninety percent of what people around the world expect as privacy overlaps. But even if you build something that is global that very same feature might be experienced differently by diff regions. - Justin Weiss (Naspers-Prosus) #PrivacyNama2021
1
To close this session: What are your expectations and thoughts on India's upcoming privacy law (PDP Bill)? - #PrivacyNama2021
Replying to
Setting standard for foreign countries (adequacy requirements) in the bill is not very helpful. In Europe this posed problems. Avoid the rigidity of language in the law that restricts data flows. - Justin Weiss (Naspers-Prosus) #PrivacyNama2021
1
Safety and competition. Hope the new law takes this into account. - Idriss Kechida (Match Group) #PrivacyNama2021
1
Our bill has embodied best practices from the world and adapted it for out cultures. Some areas where I see possibility of improvement is consent and localization aspects. Localization should be kept separate from this law. - Srinivas Poosarla (Infosys) #PrivacyNama2021
1
We went into a rabbit hole just as we expected. Probably one of the most substantial conversations that has gone into the gritty-nitty of what's next. - @PrivacyNama2021
1
And that’s a wrap! Thank you for joining us for our inaugural PrivacyNama conference. #PrivacyNama2021
1
We’d like to thank Facebook, Flipkart, Internet Society, Mozilla, Mobile Premier League, Omidyar Network, Paytm, Star India and Xiaomi for their support for this discussion. #PrivacyNama2021
1
We are also thankful to our community partners, the CyberBRICS Project, Centre for Internet and Society and Centre for Communication Governance (NLU Delhi), for their help in putting together this programme. #PrivacyNama2021
1
1
1
We hope to see you again next year! Hopefully, in-person and after the PDP bill has passed. In case you wish to revisit day 2 sessions, it’s available at youtu.be/YiQ1utjiBSo #PrivacyNama2021