white_paper_on_data_protection_in_india_171127_final_v2
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
<strong>in</strong>formed choice regard<strong>in</strong>g the possible future uses of their <strong>in</strong>formati<strong>on</strong>, and the harms that<br />
may arise as a result. All these factors c<strong>on</strong>tribute towards decreas<strong>in</strong>g the value of c<strong>on</strong>sent. 400<br />
This issue is especially relevant with respect to the grow<strong>in</strong>g use of <strong>data</strong> aggregati<strong>on</strong><br />
techniques. Individuals may be able to foresee an immediate harm caused by misuse of their<br />
pers<strong>on</strong>al <strong>in</strong>formati<strong>on</strong>, however, it is highly unlikely that they will be able to predict future<br />
uses of their <strong>in</strong>formati<strong>on</strong>, which takes place after comb<strong>in</strong><strong>in</strong>g it with other <strong>data</strong> sets.<br />
Further, many organisati<strong>on</strong>s use notices as a means to disclaim their liability <strong>in</strong>stead of<br />
actually us<strong>in</strong>g this opportunity to <strong>in</strong>form the <strong>in</strong>dividual about the organisati<strong>on</strong>s‘ <strong>data</strong> use<br />
practices. The presence or absence of a notice may be a first step for regulators to determ<strong>in</strong>e<br />
whether an organisati<strong>on</strong> is compliant with <strong>data</strong> protecti<strong>on</strong> laws <strong>in</strong> that country. Therefore, <strong>in</strong><br />
order to make their privacy notice as comprehensive as possible, and avoid liability,<br />
organisati<strong>on</strong>s treat notices as legal documents and use legalese and technical terms that the<br />
<strong>in</strong>dividual may not understand. 401 This is a comm<strong>on</strong>ly noticed phenomen<strong>on</strong>.<br />
(ii)<br />
Standards of c<strong>on</strong>sent<br />
While recognis<strong>in</strong>g the importance of c<strong>on</strong>sent as a foundati<strong>on</strong>al c<strong>on</strong>cept, there may be a need<br />
for hav<strong>in</strong>g different standards of c<strong>on</strong>sent for different transacti<strong>on</strong>s. A ―<strong>on</strong>e-size fits all‖ model<br />
may not be sufficient. It may not be necessary to obta<strong>in</strong> ‗express‘ c<strong>on</strong>sent for certa<strong>in</strong> rout<strong>in</strong>e<br />
transacti<strong>on</strong>s, if these activities do not <strong>in</strong>volve process<strong>in</strong>g sensitive pers<strong>on</strong>al <strong>in</strong>formati<strong>on</strong>. For<br />
rout<strong>in</strong>e, low-risk transacti<strong>on</strong>s, an <strong>in</strong>dividual‘s implied c<strong>on</strong>sent may be sufficient. If a <strong>data</strong><br />
c<strong>on</strong>troller wishes to collect and use sensitive <strong>in</strong>formati<strong>on</strong>, the misuse of which is likely to<br />
cause great harm to an <strong>in</strong>dividual, then the express c<strong>on</strong>sent of the <strong>in</strong>dividual may be<br />
required. 402 Therefore, there may be a need to explore and accommodate standards of c<strong>on</strong>sent<br />
with<strong>in</strong> the <strong>data</strong> protecti<strong>on</strong> law and align it with different types of <strong>in</strong>formati<strong>on</strong>.<br />
(iii) C<strong>on</strong>sent Fatigue<br />
C<strong>on</strong>sent as it was orig<strong>in</strong>ally <strong>in</strong>tended, is likely to suffice <strong>in</strong> an envir<strong>on</strong>ment where there are<br />
limited reas<strong>on</strong>s for collect<strong>in</strong>g <strong>in</strong>formati<strong>on</strong> and <strong>on</strong>ly a few uses to which it could be put. This<br />
would make it relatively easy for an <strong>in</strong>dividual to keep track of her <strong>in</strong>formati<strong>on</strong> be<strong>in</strong>g<br />
collected, and to what purposes it is be<strong>in</strong>g put to use. 403 At present, <strong>data</strong> process<strong>in</strong>g has<br />
become a largely rout<strong>in</strong>e activity and <strong>in</strong>dividuals are flooded with notices seek<strong>in</strong>g permissi<strong>on</strong><br />
to process <strong>data</strong>. Given the number of requests and the effort required to scrut<strong>in</strong>ise each <strong>on</strong>e,<br />
400 Daniel Solove, ‗Privacy Self-management and the C<strong>on</strong>sent Dilemma‘, 126 Harvard Law Review 1880, 1881,<br />
(2013).<br />
401 Fred H. Cate, ‗Failure of Fair Informati<strong>on</strong> Pr<strong>in</strong>ciples‘, <strong>in</strong> ‗C<strong>on</strong>sumer Protecti<strong>on</strong> <strong>in</strong> the Age of Informati<strong>on</strong><br />
Ec<strong>on</strong>omy‘, (Jane K. W<strong>in</strong>n ed., Routledge, 2006).<br />
402 Article 29 Data Protecti<strong>on</strong> Work<strong>in</strong>g Party, ‗Op<strong>in</strong>i<strong>on</strong> 15/2011 <strong>on</strong> the Def<strong>in</strong>iti<strong>on</strong> of C<strong>on</strong>sent‘, European<br />
Commissi<strong>on</strong> (13 July 2011), available at: http://ec.europa.eu/justice/<strong>data</strong>-protecti<strong>on</strong>/article-<br />
29/documentati<strong>on</strong>/op<strong>in</strong>i<strong>on</strong>-recommendati<strong>on</strong>/files/2011/wp187_en.pdf, (last accessed 24 October 2017).<br />
403 Rahul Matthan, ‗Bey<strong>on</strong>d C<strong>on</strong>sent: A New Paradigm for Data Protecti<strong>on</strong>- Discussi<strong>on</strong> Document 2017-03‘,<br />
Takshashila Instituti<strong>on</strong>, (19 July 2017), available at: http://takshashila.org.<strong>in</strong>/wp-c<strong>on</strong>tent/uploads/2017/07/TDD-<br />
Bey<strong>on</strong>d-C<strong>on</strong>sent-Data-Protecti<strong>on</strong>-RM-2017-03.pdf, (last accessed 24 October 2017).<br />
80