white_paper_on_data_protection_in_india_171127_final_v2
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
6. Similarly, hav<strong>in</strong>g a ‗c<strong>on</strong>sent dashboard‘ could help <strong>in</strong>dividuals easily view which<br />
organisati<strong>on</strong>s have been provided with c<strong>on</strong>sent to process pers<strong>on</strong>al <strong>in</strong>formati<strong>on</strong> and how<br />
that <strong>in</strong>formati<strong>on</strong> has been used.<br />
3.5 Questi<strong>on</strong>s<br />
1. Should the law rely <strong>on</strong> the notice and choice mechanism for operati<strong>on</strong>alis<strong>in</strong>g c<strong>on</strong>sent?<br />
2. How can notices be made more comprehensible to <strong>in</strong>dividuals? Should government<br />
<strong>data</strong> c<strong>on</strong>trollers be obliged to post notices as to the manner <strong>in</strong> which they process<br />
pers<strong>on</strong>al <strong>data</strong>?<br />
3. Should the effectiveness of notice be evaluated by <strong>in</strong>corporat<strong>in</strong>g mechanisms such as<br />
privacy impact assessments <strong>in</strong>to the law?<br />
4. Should the <strong>data</strong> protecti<strong>on</strong> law c<strong>on</strong>ta<strong>in</strong> prescriptive provisi<strong>on</strong>s as to what <strong>in</strong>formati<strong>on</strong> a<br />
privacy notice must c<strong>on</strong>ta<strong>in</strong> and what it should look like?<br />
Alternatives:<br />
a. No form based requirement perta<strong>in</strong><strong>in</strong>g to a privacy notice should be prescribed by<br />
law.<br />
b. Form based requirements may be prescribed by sectoral regulators or by the <strong>data</strong><br />
protecti<strong>on</strong> authority <strong>in</strong> c<strong>on</strong>sultati<strong>on</strong> with sectoral regulators.<br />
5. How can <strong>data</strong> c<strong>on</strong>trollers be <strong>in</strong>centivized to develop effective notices?<br />
Alternatives:<br />
a. Assign<strong>in</strong>g a ‗<strong>data</strong> trust score‘.<br />
b. Provid<strong>in</strong>g limited safe harbor from enforcement if certa<strong>in</strong> c<strong>on</strong>diti<strong>on</strong>s are met.<br />
If a ‗<strong>data</strong> trust score‘ is assigned, then who should be the body resp<strong>on</strong>sible for provid<strong>in</strong>g<br />
the score?<br />
6. Would a c<strong>on</strong>sent dashboard be a feasible soluti<strong>on</strong> <strong>in</strong> order to allow <strong>in</strong>dividuals to easily<br />
gauge which <strong>data</strong> c<strong>on</strong>trollers have obta<strong>in</strong>ed their c<strong>on</strong>sent and where their pers<strong>on</strong>al <strong>data</strong><br />
resides? Who would regulate the c<strong>on</strong>sent dashboard? Would it be ma<strong>in</strong>ta<strong>in</strong>ed by a third<br />
party, or by a government entity?<br />
7. Are there any other alternatives for mak<strong>in</strong>g notice more effective, other than the <strong>on</strong>es<br />
c<strong>on</strong>sidered above?<br />
98