white_paper_on_data_protection_in_india_171127_final_v2
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
REGULATION AND ENFORCEMENT<br />
1. Enforcement Models<br />
Once the substantive obligati<strong>on</strong>s of a <strong>data</strong> protecti<strong>on</strong> law are formalised, provisi<strong>on</strong>s regard<strong>in</strong>g<br />
enforcement must be structured so as to ensure compliance with substantive provisi<strong>on</strong>s.<br />
Effective enforcement requires the c<strong>on</strong>siderati<strong>on</strong> of certa<strong>in</strong> aspects of <strong>in</strong>stituti<strong>on</strong>al design and<br />
overall approach before we can develop and align <strong>in</strong>dividual elements of the framework. This<br />
may be <strong>in</strong> terms of the extent of burden placed <strong>on</strong> entities covered under such framework, the<br />
structure and functi<strong>on</strong>s of any enforcement agency, or the tools at its disposal. Enforcement<br />
models c<strong>on</strong>sist of: (i) ‗command and c<strong>on</strong>trol‘; (ii) self-regulati<strong>on</strong>; and (iii) co-regulati<strong>on</strong>.<br />
For a fuller discussi<strong>on</strong>, see page 143 above.<br />
Questi<strong>on</strong>s<br />
1. What are your views <strong>on</strong> the above described models of enforcement?<br />
2. Does co-regulati<strong>on</strong> seem an appropriate approach for a <strong>data</strong> protecti<strong>on</strong> enforcement<br />
mechanism <strong>in</strong> India?<br />
3. What are the specific obligati<strong>on</strong>s/areas which may be envisaged under a <strong>data</strong> protecti<strong>on</strong><br />
law <strong>in</strong> India for a (i) ‗command and c<strong>on</strong>trol‘ approach; (ii) self-regulati<strong>on</strong> approach (if<br />
any); and (iii) co-regulati<strong>on</strong> approach?<br />
4. Are there any alternative views to this?<br />
2. Accountability and Enforcement Tools<br />
Accountability<br />
A <strong>data</strong> protecti<strong>on</strong> law must reflect the pr<strong>in</strong>ciple of accountability. Accountability should not<br />
<strong>on</strong>ly be enforced for breach of <strong>data</strong> protecti<strong>on</strong> obligati<strong>on</strong>s through the adopti<strong>on</strong> and<br />
implementati<strong>on</strong> of standards by <strong>data</strong> c<strong>on</strong>trollers, but also <strong>in</strong> certa<strong>in</strong> well def<strong>in</strong>ed<br />
circumstances, it could be extended to hold <strong>data</strong> c<strong>on</strong>trollers liable for the harms that they<br />
cause to <strong>in</strong>dividuals without further proof of violati<strong>on</strong> of any other obligati<strong>on</strong>. The <strong>data</strong><br />
protecti<strong>on</strong> law should appropriately identify such harms for which the <strong>data</strong> c<strong>on</strong>troller should<br />
be held liable <strong>in</strong> this manner.<br />
For a fuller discussi<strong>on</strong>, see page 147 above.<br />
Questi<strong>on</strong>s<br />
224