white_paper_on_data_protection_in_india_171127_final_v2
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
This may <strong>in</strong>clude the power to: (a) issue codes of c<strong>on</strong>duct/practice; (b) lay down standards for<br />
security safeguards; (c) lay down standards for <strong>data</strong> protecti<strong>on</strong> impact assessment; and (d) lay<br />
down standards for registrati<strong>on</strong> for <strong>data</strong> c<strong>on</strong>trollers as may be required and ma<strong>in</strong>ta<strong>in</strong> a<br />
<strong>data</strong>base <strong>in</strong> this regard. Some of these standards relate to <strong>data</strong> protecti<strong>on</strong> issues, e.g.,<br />
standards for <strong>data</strong> protecti<strong>on</strong> impact assessments; others such as standards for security<br />
safeguards are not per se related to <strong>data</strong> protecti<strong>on</strong>. The role of the central government <strong>in</strong><br />
relati<strong>on</strong> to sett<strong>in</strong>g of standards for the latter and such analogous categories and organisati<strong>on</strong>al<br />
measures should be ensured.<br />
2.21 Questi<strong>on</strong>s<br />
1. What are your views <strong>on</strong> the above?<br />
2. Is a separate, <strong>in</strong>dependent <strong>data</strong> protecti<strong>on</strong> authority required to ensure compliance with<br />
<strong>data</strong> protecti<strong>on</strong> laws <strong>in</strong> India?<br />
3. Is there a possibility of c<strong>on</strong>ferr<strong>in</strong>g the functi<strong>on</strong> and power of enforcement of a <strong>data</strong><br />
protecti<strong>on</strong> law <strong>on</strong> an exist<strong>in</strong>g body such as the Central Informati<strong>on</strong> Commissi<strong>on</strong> set up<br />
under the RTI Act?<br />
4. What should be the compositi<strong>on</strong> of a <strong>data</strong> protecti<strong>on</strong> authority, especially given the fact<br />
that a <strong>data</strong> protecti<strong>on</strong> law may also extend to public authorities/government? What<br />
should be the qualificati<strong>on</strong>s of such members?<br />
5. What is the estimated capacity of members and officials of a <strong>data</strong> protecti<strong>on</strong> authority <strong>in</strong><br />
order to fulfil its functi<strong>on</strong>s? What is the methodology of such estimati<strong>on</strong>?<br />
6. How should the members of the authority be appo<strong>in</strong>ted? If a selecti<strong>on</strong> committee is<br />
c<strong>on</strong>stituted, who should its members be?<br />
7. C<strong>on</strong>sider<strong>in</strong>g that a s<strong>in</strong>gle, centralised <strong>data</strong> protecti<strong>on</strong> authority may so<strong>on</strong> be overburdened<br />
by the sheer quantum of requests/ compla<strong>in</strong>ts it may receive, should<br />
additi<strong>on</strong>al state level <strong>data</strong> protecti<strong>on</strong> authorities be set up? What would their jurisdicti<strong>on</strong><br />
be? What should be the c<strong>on</strong>stituti<strong>on</strong> of such state level authorities?<br />
8. How can the <strong>in</strong>dependence of the members of a <strong>data</strong> protecti<strong>on</strong> authority be ensured?<br />
9. Can the <strong>data</strong> protecti<strong>on</strong> authority reta<strong>in</strong> a proporti<strong>on</strong> of the <strong>in</strong>come from penalties/f<strong>in</strong>es?<br />
10. What should be the functi<strong>on</strong>s, duties and powers of a <strong>data</strong> protecti<strong>on</strong> authority?<br />
11. With respect to standard-sett<strong>in</strong>g, who will set such standards? Will it be the <strong>data</strong><br />
protecti<strong>on</strong> authority, <strong>in</strong> c<strong>on</strong>sultati<strong>on</strong> with other entities, or should different sets of<br />
182