white_paper_on_data_protection_in_india_171127_final_v2
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
could be high compliance costs <strong>on</strong> <strong>data</strong> processors. 270 C<strong>on</strong>cerns relat<strong>in</strong>g to enforceability of<br />
c<strong>on</strong>tracts and enforcement capabilities <strong>in</strong> India must also be taken <strong>in</strong>to account while<br />
attempt<strong>in</strong>g to precisely allocate resp<strong>on</strong>sibility by identify<strong>in</strong>g multiple actors <strong>in</strong> process<strong>in</strong>g of<br />
<strong>data</strong>. On the other hand, there rema<strong>in</strong>s the possibility that the new law could be the catalyst<br />
for mature transacti<strong>on</strong>s <strong>in</strong> <strong>data</strong> process<strong>in</strong>g and the market may adapt to the new norms,<br />
however specific they are.<br />
6.3 Provisi<strong>on</strong>al Views<br />
1. To ensure accountability, the law may use the c<strong>on</strong>cept of ‗<strong>data</strong> c<strong>on</strong>troller‘. The<br />
competence to determ<strong>in</strong>e the purpose and means of process<strong>in</strong>g may be the test for<br />
determ<strong>in</strong><strong>in</strong>g who is a ‗<strong>data</strong> c<strong>on</strong>troller‘.<br />
2. The need to def<strong>in</strong>e <strong>data</strong> processors, third parties or recipients depends <strong>on</strong> the level of<br />
detail with which the law must allocate resp<strong>on</strong>sibility. This has to be determ<strong>in</strong>ed <strong>on</strong> an<br />
assessment of the likely impact of impos<strong>in</strong>g obligati<strong>on</strong>s <strong>on</strong> processors and the<br />
compliance costs <strong>in</strong>volved, am<strong>on</strong>gst other th<strong>in</strong>gs.<br />
6.4 Questi<strong>on</strong>s<br />
1. What are your views <strong>on</strong> the obligati<strong>on</strong>s to be placed <strong>on</strong> various entities with<strong>in</strong> the <strong>data</strong><br />
ecosystem?<br />
2. Should the law <strong>on</strong>ly def<strong>in</strong>e ‗<strong>data</strong> c<strong>on</strong>troller‘ or should it additi<strong>on</strong>ally def<strong>in</strong>e ‗<strong>data</strong><br />
processor‘?<br />
Alternatives:<br />
a. Do not use the c<strong>on</strong>cept of <strong>data</strong> c<strong>on</strong>troller/processor; all entities fall<strong>in</strong>g with<strong>in</strong> the<br />
ambit of the law are equally accountable.<br />
b. Use the c<strong>on</strong>cept of ‗<strong>data</strong> c<strong>on</strong>troller‘ (entity that determ<strong>in</strong>es the purpose of<br />
collecti<strong>on</strong> of <strong>in</strong>formati<strong>on</strong>) and attribute primary resp<strong>on</strong>sibility for privacy to it.<br />
c. Use the two c<strong>on</strong>cepts of ‗<strong>data</strong> c<strong>on</strong>troller‘ and ‗<strong>data</strong> processor‘ (entity that receives<br />
<strong>in</strong>formati<strong>on</strong>) to distribute primary and sec<strong>on</strong>dary resp<strong>on</strong>sibility for privacy.<br />
3. How should resp<strong>on</strong>sibility am<strong>on</strong>g different entities <strong>in</strong>volved <strong>in</strong> the process<strong>in</strong>g of <strong>data</strong> be<br />
distributed?<br />
Alternatives:<br />
a. Mak<strong>in</strong>g <strong>data</strong> c<strong>on</strong>trollers key owners and mak<strong>in</strong>g them accountable.<br />
270 Dr. Detlev Gebel and Tim Hickman, ‗Chapter 11: Obligati<strong>on</strong>s of processors – Unlock<strong>in</strong>g the EU General<br />
Data Protecti<strong>on</strong> Regulati<strong>on</strong>‘, White & Case (22 July 2016), accessible at:<br />
https://www.<str<strong>on</strong>g>white</str<strong>on</strong>g>case.com/publicati<strong>on</strong>s/article/chapter-11-obligati<strong>on</strong>s-processors-unlock<strong>in</strong>g-eu-general-<strong>data</strong>protecti<strong>on</strong>,<br />
(last accessed 29 October 2017).<br />
50