white_paper_on_data_protection_in_india_171127_final_v2
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
12. In cases where compensati<strong>on</strong> claimed by an <strong>in</strong>dividual exceeds the prescribed cap,<br />
should compensati<strong>on</strong> claim lie directly with the Nati<strong>on</strong>al C<strong>on</strong>sumer Disputes Redressal<br />
Commissi<strong>on</strong>?<br />
13. Should class acti<strong>on</strong> suits be permitted?<br />
14. How can judicial capacity be assessed? Would c<strong>on</strong>duct<strong>in</strong>g judicial impact assessments<br />
be useful <strong>in</strong> this regard?<br />
15. Are there any alternative views other than the <strong>on</strong>es menti<strong>on</strong>ed above?<br />
4. Remedies<br />
A. Penalties<br />
In the c<strong>on</strong>text of a <strong>data</strong> protecti<strong>on</strong> law, civil penalties may be calculated <strong>in</strong> a manner so as to<br />
ensure that the quantum of civil penalty imposed not <strong>on</strong>ly acts as a sancti<strong>on</strong> but also acts as a<br />
deterrence to <strong>data</strong> c<strong>on</strong>trollers, which have violated their obligati<strong>on</strong>s under a <strong>data</strong> protecti<strong>on</strong><br />
law. Further, there may be three models (or a comb<strong>in</strong>ati<strong>on</strong> thereof) possible for the<br />
calculati<strong>on</strong> of civil penalties, which are as follows:<br />
(i) Per day basis;<br />
(ii) Discreti<strong>on</strong> of the adjudicat<strong>in</strong>g body subject to a fixed upper limit;<br />
(iii) Discreti<strong>on</strong> of adjudicat<strong>in</strong>g body subject to an upper limit l<strong>in</strong>ked to a variable parameter<br />
(such as a percentage of the total worldwide turnover of the preced<strong>in</strong>g f<strong>in</strong>ancial year of<br />
the default<strong>in</strong>g <strong>data</strong> c<strong>on</strong>troller).<br />
For a fuller discussi<strong>on</strong>, see page 191 above.<br />
Questi<strong>on</strong>s<br />
1. What are your views <strong>on</strong> the above?<br />
2. What are the different types of <strong>data</strong> protecti<strong>on</strong> violati<strong>on</strong>s for which a civil penalty may<br />
be prescribed?<br />
3. Should the standard adopted by an adjudicat<strong>in</strong>g authority while determ<strong>in</strong><strong>in</strong>g liability of<br />
a <strong>data</strong> c<strong>on</strong>troller for a <strong>data</strong> protecti<strong>on</strong> breach be strict liability? Should strict liability of<br />
a <strong>data</strong> c<strong>on</strong>troller <strong>in</strong>stead be stipulated <strong>on</strong>ly where <strong>data</strong> protecti<strong>on</strong> breach occurs while<br />
process<strong>in</strong>g sensitive pers<strong>on</strong>al <strong>data</strong>?<br />
4. In view of the above models, how should civil penalties be determ<strong>in</strong>ed or calculated for<br />
a <strong>data</strong> protecti<strong>on</strong> framework?<br />
231