white_paper_on_data_protection_in_india_171127_final_v2
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
D. DATA PROTECTION AUTHORITY<br />
2.18 Issues<br />
With rapid technological growth, there has been a surge <strong>in</strong> the process<strong>in</strong>g of <strong>in</strong>dividuals‘<br />
pers<strong>on</strong>al <strong>data</strong> for multiple purposes. The potential for harms to <strong>in</strong>dividuals has risen. While a<br />
<strong>data</strong> protecti<strong>on</strong> law may be enacted to protect <strong>in</strong>dividuals, the implementati<strong>on</strong> and efficacy of<br />
such a law may be c<strong>on</strong>t<strong>in</strong>gent <strong>on</strong> the establishment of a robust, <strong>in</strong>dependent and technically<br />
sound supervisory authority. This is all the more so s<strong>in</strong>ce issues perta<strong>in</strong><strong>in</strong>g to <strong>data</strong> protecti<strong>on</strong><br />
may be highly specialised and may require expertise <strong>in</strong> several areas such as <strong>data</strong> analytics,<br />
<strong>data</strong> science, law and associated issues.<br />
Currently, <strong>in</strong> India, there is no separate authority to ensure compliance with <strong>data</strong> protecti<strong>on</strong><br />
obligati<strong>on</strong>s required to be followed by <strong>data</strong> c<strong>on</strong>trollers. The IT Act is limited <strong>in</strong> its scope and<br />
provides for the appo<strong>in</strong>tment of adjudicat<strong>in</strong>g officers 763 and an appellate mechanism, 764<br />
whose primary mandate is restricted to adjudicati<strong>on</strong> of disputes aris<strong>in</strong>g under the IT Act.<br />
Therefore, a str<strong>on</strong>ger mechanism <strong>in</strong> the form of a central, oversight authority may be required<br />
<strong>in</strong> India <strong>in</strong> order to effectuate the effective protecti<strong>on</strong> of pers<strong>on</strong>al <strong>data</strong>.<br />
While there is divergence regard<strong>in</strong>g the structure of enforcement and oversight mechanisms<br />
<strong>in</strong> relati<strong>on</strong> to <strong>data</strong> protecti<strong>on</strong> <strong>in</strong> various jurisdicti<strong>on</strong>s, there appears to be str<strong>on</strong>g support for<br />
establish<strong>in</strong>g a s<strong>in</strong>gle centralised regulatory authority when possible. 765 Several countries have<br />
moved from a complex multi-agency regulatory structure to a simpler nati<strong>on</strong>al agency<br />
structure. 766 The benefits of a s<strong>in</strong>gle, centralised regulatory authority, especially <strong>in</strong> the c<strong>on</strong>text<br />
of <strong>in</strong>ternati<strong>on</strong>al trade opportunities, appear to be c<strong>on</strong>siderable s<strong>in</strong>ce mult<strong>in</strong>ati<strong>on</strong>al companies<br />
may have a s<strong>in</strong>gle po<strong>in</strong>t of c<strong>on</strong>tact and such an authority can ensure c<strong>on</strong>sistency by issu<strong>in</strong>g a<br />
s<strong>in</strong>gle set of rules, guidel<strong>in</strong>es or standards. Moreover, it is easier for <strong>in</strong>dividuals to seek<br />
guidance and direct queries and compla<strong>in</strong>ts <strong>in</strong> relati<strong>on</strong> to a <strong>data</strong> protecti<strong>on</strong> violati<strong>on</strong> from a<br />
s<strong>in</strong>gle, centralised regulatory authority.<br />
2.19 Internati<strong>on</strong>al Practices<br />
(i)<br />
Compositi<strong>on</strong> and terms of service<br />
European Uni<strong>on</strong><br />
763 Secti<strong>on</strong> 46, IT Act.<br />
764 Secti<strong>on</strong> 48, IT Act.<br />
765 See United Nati<strong>on</strong>s C<strong>on</strong>ference <strong>on</strong> Trade & Development (UNCTAD), ‗Data Protecti<strong>on</strong> Regulati<strong>on</strong>s and<br />
Internati<strong>on</strong>al Data Flows: Implicati<strong>on</strong>s for Trade and Development‘ (2016) available at:<br />
http://unctad.org/en/Publicati<strong>on</strong>sLibrary/dtlstict2016d1_en.pdf, (last accessed 25 October 2017).<br />
766 For example, Japan has moved from 30 regulators to just <strong>on</strong>e. See United Nati<strong>on</strong>s C<strong>on</strong>ference <strong>on</strong> Trade &<br />
Development (UNCTAD), ‗Data Protecti<strong>on</strong> Regulati<strong>on</strong>s and Internati<strong>on</strong>al Data Flows: Implicati<strong>on</strong>s for Trade<br />
and Development‘ (2016) available at: http://unctad.org/en/Publicati<strong>on</strong>sLibrary/dtlstict2016d1_en.pdf, (last<br />
accessed 25 October 2017).<br />
175