white_paper_on_data_protection_in_india_171127_final_v2
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
they form core, substantive elements of a <strong>data</strong> protecti<strong>on</strong> framework and are not,<br />
appropriately, to be c<strong>on</strong>sidered as part of the enforcement mechanism.<br />
(iii) Co-regulati<strong>on</strong><br />
This typically <strong>in</strong>volves elements of both ‗command and c<strong>on</strong>trol‘ regulati<strong>on</strong> and selfregulati<strong>on</strong>.<br />
Co-regulati<strong>on</strong> may be described as ―<strong>in</strong>itiatives <strong>in</strong> which government and <strong>in</strong>dustry<br />
share resp<strong>on</strong>sibility for draft<strong>in</strong>g and enforc<strong>in</strong>g regulatory standards.‖ 664 This model advocates<br />
the formulati<strong>on</strong> of a general <strong>data</strong> protecti<strong>on</strong> statute with broad provisi<strong>on</strong>s complemented by<br />
―codes of practices or c<strong>on</strong>duct‖ formulated by the <strong>in</strong>dustry and approved by the government<br />
or the relevant <strong>data</strong> protecti<strong>on</strong> authority.<br />
Once these codes are approved, compliance with the detailed requirements of the code is<br />
treated as compliance with or evidence of compliance with the general provisi<strong>on</strong>s of the<br />
statute, thus promot<strong>in</strong>g legal certa<strong>in</strong>ty with<strong>in</strong> an otherwise uncerta<strong>in</strong> regulatory scheme<br />
through the creati<strong>on</strong> of ‗safe harbours‘. 665 The reas<strong>on</strong> for the uncerta<strong>in</strong>ty that would otherwise<br />
prevail is the <strong>in</strong>herent generality of a broad statute that is unable to capture the multitude of<br />
situati<strong>on</strong>s that can arise <strong>in</strong> <strong>data</strong> process<strong>in</strong>g. Such a co-regulatory approach would therefore<br />
appear useful <strong>in</strong> promot<strong>in</strong>g compliance while also mak<strong>in</strong>g room for <strong>in</strong>novati<strong>on</strong> with<strong>in</strong> the<br />
digital ec<strong>on</strong>omy which may otherwise come to be severely restricted, especially for small<br />
bus<strong>in</strong>esses and start-ups.<br />
In the c<strong>on</strong>text of privacy law <strong>in</strong> India, it may be noted that a co-regulatory model was<br />
suggested by the Justice AP Shah Committee. 666 A ‗command and c<strong>on</strong>trol‘ regulatory<br />
mechanism may be too rigid and may lag beh<strong>in</strong>d rapid technological changes which are<br />
prevalent <strong>in</strong> today‘s day and age. On the other hand, a pure self-regulati<strong>on</strong> approach may lack<br />
enforcement and may lead to a situati<strong>on</strong> where the objectives sought to be achieved by a <strong>data</strong><br />
protecti<strong>on</strong> law are, effectively, not met. 667 Co-regulati<strong>on</strong> may seem like an appropriate middle<br />
path that comb<strong>in</strong>es the flexibility of self-regulati<strong>on</strong> with the rigour of government rulemak<strong>in</strong>g.<br />
668<br />
664 Dennis D. Hirsch, ‗The Law and Policy of Onl<strong>in</strong>e Privacy: Regulati<strong>on</strong>, Self-Regulati<strong>on</strong>, or Co-Regulati<strong>on</strong>?‘<br />
34 Seattle University Law Review 439, 441 (2011) (describ<strong>in</strong>g co-regulati<strong>on</strong> as ―<strong>in</strong>itiatives <strong>in</strong> which government<br />
and <strong>in</strong>dustry share resp<strong>on</strong>sibility for draft<strong>in</strong>g and enforc<strong>in</strong>g regulatory standards‖); Hans-Bredow-Institut and<br />
Institute of European Media Law, ‗F<strong>in</strong>al Report: Study <strong>on</strong> Co-Regulati<strong>on</strong> Measures <strong>in</strong> the Media Sector‘, 17<br />
(June 2006).<br />
665 Dennis D. Hirsch, ‗Go<strong>in</strong>g Dutch? Collaborative Dutch Privacy Regulati<strong>on</strong> and the Less<strong>on</strong>s it Holds for U.S.<br />
Privacy Law,‘ 2013 Michigan State Law Review 83, 86-87, 96 (2013); Ira S. Rub<strong>in</strong>ste<strong>in</strong>, ‗Regulat<strong>in</strong>g Privacy by<br />
Design,‘ 26 (3) Berkeley Technology Law Journal 1410, 1451-53 (2011).<br />
666 Report of the Justice AP Shah Committee, 75 (October 16, 2012).<br />
667 S. Pears<strong>on</strong> and A. Charlesworth, ‗Accountability as a Way Forward for Privacy Protecti<strong>on</strong> <strong>in</strong> the Cloud‘, <strong>in</strong><br />
5931 Cloud Comput<strong>in</strong>g, Lecture Notes <strong>in</strong> Computer Science 131, 133 (M.G. Jaatun et al eds., 2009).<br />
668 However, the processes by which rule-mak<strong>in</strong>g and enforc<strong>in</strong>g powers are shared can raise c<strong>on</strong>cerns regard<strong>in</strong>g<br />
undue benefits to <strong>in</strong>dustry with public <strong>in</strong>terest be<strong>in</strong>g sidel<strong>in</strong>ed; Neil Gunn<strong>in</strong>gham and Darren S<strong>in</strong>clair, ‗Leaders<br />
& Laggards: Next Generati<strong>on</strong> Envir<strong>on</strong>mental Regulati<strong>on</strong>‘, 105-06 (Greenleaf, 2002); regard<strong>in</strong>g the scope for<br />
abuse, see Bradyn Fairclough, ‗Privacy Piracy: The Shortcom<strong>in</strong>gs of the United States Data Privacy Regime and<br />
How to Fix It,‘ 42 (2) The Journal of Corporati<strong>on</strong> Law 461, 476-77 (2016).<br />
145