white_paper_on_data_protection_in_india_171127_final_v2
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
2.8 Internati<strong>on</strong>al Practices<br />
European Uni<strong>on</strong><br />
Under the EU GDPR, codes of c<strong>on</strong>duct are recognised as compliance-signall<strong>in</strong>g or<br />
dem<strong>on</strong>strat<strong>in</strong>g tools <strong>in</strong> a number of provisi<strong>on</strong>s. 714 Further provisi<strong>on</strong>s deal with the codes<br />
themselves stipulat<strong>in</strong>g that they can be formulated for subject matters like: 715<br />
a. fair and transparent process<strong>in</strong>g;<br />
b. the legitimate <strong>in</strong>terests pursued by c<strong>on</strong>trollers <strong>in</strong> specific c<strong>on</strong>texts;<br />
c. the collecti<strong>on</strong> of pers<strong>on</strong>al <strong>data</strong>;<br />
d. the exercise of the rights of <strong>data</strong> subjects;<br />
e. technical and organizati<strong>on</strong>al measures, measures <strong>in</strong>troduc<strong>in</strong>g <strong>data</strong> protecti<strong>on</strong> by design<br />
and by default, and safeguards for the security of process<strong>in</strong>g;<br />
f. the notificati<strong>on</strong> of pers<strong>on</strong>al <strong>data</strong> breaches to supervisory authorities and the<br />
communicati<strong>on</strong> of such pers<strong>on</strong>al <strong>data</strong> breaches to <strong>data</strong> subjects; or<br />
g. the transfer of pers<strong>on</strong>al <strong>data</strong> to third countries or <strong>in</strong>ternati<strong>on</strong>al organisati<strong>on</strong>s.<br />
After drafts of these codes of c<strong>on</strong>duct are prepared by representative bodies and submitted to<br />
it, the supervisory authority must provide an op<strong>in</strong>i<strong>on</strong> <strong>on</strong> the same and where it f<strong>in</strong>ds the code<br />
<strong>in</strong> compliance with the EU GDPR, it must approve, register and publish the same. 716<br />
United K<strong>in</strong>gdom<br />
Secti<strong>on</strong> 51(3) of UK DPA states that at the directi<strong>on</strong> of the Secretary of State or the discreti<strong>on</strong><br />
of the Informati<strong>on</strong> Commissi<strong>on</strong>er, the Informati<strong>on</strong> Commissi<strong>on</strong>er may himself prepare and<br />
dissem<strong>in</strong>ate codes of practice ―for guidance as to good practice‖ after carry<strong>in</strong>g out<br />
c<strong>on</strong>sultati<strong>on</strong>s. As per Secti<strong>on</strong> 51(4) of the UK DPA, the Informati<strong>on</strong> Commissi<strong>on</strong>er is also<br />
required to encourage the preparati<strong>on</strong> of such codes by trade associati<strong>on</strong>s. When such a draft<br />
code is submitted, the Informati<strong>on</strong> Commissi<strong>on</strong>er must c<strong>on</strong>sider the draft and carry out<br />
c<strong>on</strong>sultati<strong>on</strong>s after which he may ―notify the trade associati<strong>on</strong> whether <strong>in</strong> his op<strong>in</strong>i<strong>on</strong> the code<br />
promotes the follow<strong>in</strong>g of good practice.‖ 717<br />
Canada<br />
Secti<strong>on</strong> 24(c) of PIPEDA requires the Privacy Commissi<strong>on</strong>er to encourage organizati<strong>on</strong>s to<br />
develop detailed policies and practices, <strong>in</strong>clud<strong>in</strong>g organizati<strong>on</strong>al codes of practice, towards<br />
compliance with process<strong>in</strong>g obligati<strong>on</strong>s. 718<br />
714 Articles 24(3), 28(5), 32(3), and 35(8), EU GDPR.<br />
715 Article 40, EU GDPR.<br />
716 Article 40, GDPR.<br />
717 Secti<strong>on</strong> 52(3), UK DPA further requires the Informati<strong>on</strong> Commissi<strong>on</strong>er to lay before each House of<br />
Parliament any code of practice prepared <strong>on</strong> the directi<strong>on</strong> of the Secretary of State but does not place this<br />
requirement for codes prepared by trade associati<strong>on</strong>s under Secti<strong>on</strong> 51(4).<br />
718 Codes may be developed for compliance with Secti<strong>on</strong>s 5 to 10, PIPEDA which deal with general obligati<strong>on</strong>s<br />
<strong>on</strong> the protecti<strong>on</strong> of pers<strong>on</strong>al <strong>in</strong>formati<strong>on</strong>.<br />
158