white_paper_on_data_protection_in_india_171127_final_v2
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
The requirement to be provided the logic beh<strong>in</strong>d an automated decisi<strong>on</strong> derives from the early<br />
days of automati<strong>on</strong> when such logic was easily available. Today, black box algorithms are<br />
designed so that they are completely <strong>in</strong>scrutable to humans. It is not possible, as a matter of<br />
design, for the logic beh<strong>in</strong>d these algorithms to be exposed. Under these circumstances<br />
simply requir<strong>in</strong>g the logic for the decisi<strong>on</strong> may not be a suitable resp<strong>on</strong>se to the challenge of<br />
automated decisi<strong>on</strong> mak<strong>in</strong>g. Accord<strong>in</strong>gly <strong>in</strong>dividuals need different forms of protecti<strong>on</strong><br />
aga<strong>in</strong>st the harms that could arise out of automated decisi<strong>on</strong> mak<strong>in</strong>g. India needs to ensure<br />
that a legally tenable and feasible right f<strong>in</strong>d place <strong>in</strong> its <strong>data</strong> protecti<strong>on</strong> law.<br />
(iv) Limited exercise of rights<br />
Individuals are often unable to gauge the impact of the collecti<strong>on</strong> and use of their pers<strong>on</strong>al<br />
<strong>data</strong> <strong>on</strong> their privacy and aut<strong>on</strong>omy, thus lead<strong>in</strong>g to ignorance <strong>on</strong> their part of their rights<br />
under <strong>data</strong> protecti<strong>on</strong> laws. 573 Further, it has been observed that relevant case-laws <strong>in</strong><br />
European member countries <strong>on</strong> <strong>in</strong>dividual participati<strong>on</strong> rights are hard to f<strong>in</strong>d thus further<strong>in</strong>g<br />
the belief that these rights are possibly not comm<strong>on</strong>ly exercised by <strong>in</strong>dividuals <strong>in</strong> some<br />
countries. 574 The low level of engagement with courts could po<strong>in</strong>t to the lack of awareness of<br />
<strong>in</strong>formati<strong>on</strong>al rights am<strong>on</strong>gst <strong>data</strong> subjects, ―particularly regard<strong>in</strong>g potential redress<br />
mechanisms such as courts, coupled with low levels of expertise regard<strong>in</strong>g <strong>data</strong> protecti<strong>on</strong><br />
matters <strong>on</strong> behalf of crim<strong>in</strong>al justice professi<strong>on</strong>als extend<strong>in</strong>g as far as judges‖. 575 Others also<br />
argue that mean<strong>in</strong>gful exercise of these rights require an <strong>in</strong>dividual to know where to look,<br />
know that such a right exists <strong>in</strong> the first place, ascerta<strong>in</strong> whom to ask for, etc. and also for an<br />
organisati<strong>on</strong> to seriously c<strong>on</strong>sider these requests and resp<strong>on</strong>d. 576 This is a challenge India is<br />
very likely to face given the low exposure of its citizens to issues of <strong>data</strong> protecti<strong>on</strong>.<br />
8.3 Internati<strong>on</strong>al Practices<br />
European Uni<strong>on</strong><br />
Under the EU GDPR an <strong>in</strong>dividual has the right to receive <strong>in</strong>formati<strong>on</strong> c<strong>on</strong>cern<strong>in</strong>g the<br />
identity and c<strong>on</strong>tact of the <strong>data</strong> c<strong>on</strong>troller, the purpose of process<strong>in</strong>g as well as the legal basis<br />
of such process<strong>in</strong>g, and <strong>in</strong>formati<strong>on</strong> c<strong>on</strong>cern<strong>in</strong>g the existence of the other rights of the <strong>data</strong><br />
573 Lee A. Bygrave and Dag Wiese Schartum, ‗C<strong>on</strong>sent, Proporti<strong>on</strong>ality and Collective Power, Re<strong>in</strong>vent<strong>in</strong>g Data<br />
Protecti<strong>on</strong>?‘, 4, (Spr<strong>in</strong>ger L<strong>in</strong>k, 2009).<br />
574 Ant<strong>on</strong>ella Galetta et al., ‗Mapp<strong>in</strong>g the Legal and Adm<strong>in</strong>istrative Frameworks of Access Rights <strong>in</strong> Europe – A<br />
Cross-European Comparative Analysis‘ 34 Law Governance and Technology (2017), available at:<br />
http://irissproject.eu/wp-c<strong>on</strong>tent/uploads/2014/06/IRISS-WP5-Summary-Meta-Analyses-for-Press-Release.pdf,<br />
(last accessed 22 October 2017).<br />
575 Ant<strong>on</strong>ella Galetta et al., ‗Mapp<strong>in</strong>g the Legal and Adm<strong>in</strong>istrative Frameworks of Access Rights <strong>in</strong> Europe – A<br />
Cross-European Comparative Analysis‘ 34 Law Governance and Technology (2017), available at:<br />
http://irissproject.eu/wp-c<strong>on</strong>tent/uploads/2014/06/IRISS-WP5-Summary-Meta-Analyses-for-Press-Release.pdf<br />
,(last accessed 22 October 2017).<br />
576 B.J. Koops, ‗The Trouble with European Data Protecti<strong>on</strong> Law‘, 4(4) Internati<strong>on</strong>al Data Privacy Law, (1<br />
November 2014), available at: http://www.isaca.org/Groups/Professi<strong>on</strong>al-English/privacy-<strong>data</strong>-<br />
protecti<strong>on</strong>/GroupDocuments/2014-08-<br />
24%20%20The%20Trouble%20with%20European%20Data%20Protecti<strong>on</strong>%20Law.pdf ,(last accessed 22<br />
October 2017).<br />
125