white_paper_on_data_protection_in_india_171127_final_v2
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
with develop<strong>in</strong>g certa<strong>in</strong> basel<strong>in</strong>e accountability pr<strong>in</strong>ciples which would help develop a<br />
comprehensive privacy management program. 711<br />
As is clear from the above, jurisdicti<strong>on</strong>s across the world have implemented the pr<strong>in</strong>ciple of<br />
accountability <strong>in</strong> varied forms. At their core, however, these practices require <strong>data</strong> c<strong>on</strong>trollers<br />
to adopt processes and procedures which are c<strong>on</strong>sistent with <strong>data</strong> protecti<strong>on</strong> pr<strong>in</strong>ciples. In the<br />
Indian c<strong>on</strong>text, as menti<strong>on</strong>ed above, it may be worth explor<strong>in</strong>g whether a statutory<br />
requirement to adopt such measures can be l<strong>in</strong>ked to liability <strong>in</strong> cases of clearly def<strong>in</strong>ed<br />
harms.<br />
2.4 Provisi<strong>on</strong>al Views<br />
Accountability, as a pr<strong>in</strong>ciple of <strong>data</strong> protecti<strong>on</strong>, has existed for some time and has found<br />
menti<strong>on</strong> <strong>in</strong> various privacy laws around the world. It is imperative that the <strong>data</strong> protecti<strong>on</strong> law<br />
reflects the pr<strong>in</strong>ciple of accountability. Accountability should not <strong>on</strong>ly be enforced for breach<br />
of <strong>data</strong> protecti<strong>on</strong> obligati<strong>on</strong>s through the adopti<strong>on</strong> and implementati<strong>on</strong> of standards by <strong>data</strong><br />
c<strong>on</strong>trollers, but also <strong>in</strong> certa<strong>in</strong> well def<strong>in</strong>ed circumstances, it could be extended to hold <strong>data</strong><br />
c<strong>on</strong>trollers liable for the harms that they cause to <strong>in</strong>dividuals without further proof of<br />
violati<strong>on</strong> of any other obligati<strong>on</strong>. The <strong>data</strong> protecti<strong>on</strong> law should appropriately identify such<br />
harms for which the <strong>data</strong> c<strong>on</strong>troller should be held liable <strong>in</strong> this manner.<br />
2.5 Questi<strong>on</strong>s<br />
1. What are your views <strong>on</strong> the use of the pr<strong>in</strong>ciple of accountability as stated above for<br />
<strong>data</strong> protecti<strong>on</strong>?<br />
2. What are the organisati<strong>on</strong>al measures that should be adopted and implemented <strong>in</strong> order<br />
to dem<strong>on</strong>strate accountability? Who will determ<strong>in</strong>e the standards which such measures<br />
have to meet?<br />
3. Should the lack of organisati<strong>on</strong>al measures be l<strong>in</strong>ked to liability for harm result<strong>in</strong>g from<br />
process<strong>in</strong>g of pers<strong>on</strong>al <strong>data</strong>?<br />
4. Should all <strong>data</strong> c<strong>on</strong>trollers who were <strong>in</strong>volved <strong>in</strong> the process<strong>in</strong>g that ultimately caused<br />
harm to the <strong>in</strong>dividual be accountable jo<strong>in</strong>tly and severally or should they be allowed<br />
mechanisms of <strong>in</strong>demnity and c<strong>on</strong>tractual affixati<strong>on</strong> of liability <strong>in</strong>ter se?<br />
5. Should there be strict liability <strong>on</strong> the <strong>data</strong> c<strong>on</strong>troller, either generally, or <strong>in</strong> any specific<br />
categories of process<strong>in</strong>g, when well-def<strong>in</strong>ed harms are caused as a result of <strong>data</strong><br />
process<strong>in</strong>g?<br />
711 Office of the Privacy Commissi<strong>on</strong>er of Canada, ‗Gett<strong>in</strong>g Accountability Right with a Privacy Management<br />
Program‘, available at: https://www.priv.gc.ca/media/2102/gl_acc_201204_e.pdf, (last accessed 20 November<br />
2017).<br />
155