Tuesday, 28 November 2017

Can Individuals Sue Government, Companies for Personal Data Misuse: Panel

Can Individuals Sue Government, Companies for Personal Data Misuse: Panel

Can Individuals Sue Government, Companies for Personal Data Misuse: Panel

NEW DELHI: Can individuals sue companies and governments for misusing their personal data, and thereafter seek hefty compensation, a high-level government committee tasked with framing data protection laws for India has asked.
Also, should there be a definition of ‘sensitive data’ that spells out information — medical, financial or any other — which should not be used for any data-processing activity in view of the privacy of an individual? The committee of experts, headed by Justice B N Srikrishna, also wants to know whether there should be a prohibition to compute data related to minors.
“The objective is to ensure growth of the digital economy while keeping personal data of citizens secure and protected,” the white paper released by the committee of experts asks, seeking views from all stakeholders by December 31.
It also wants to know whether a data protection authority and data controllers are required to handle the gamut of issues related to the use of information collected by corporates —homegrown and international — and government and its agencies.
“A stronger mechanism in the form of a central oversight authority may be required in India in order to effectuate the effective protection of personal data,” the white paper said. On the issue of penalties, the paper says that the quantum of penalty prescribed under the provisions of the IT Act “appear to be inadequate and may not act as a deterrence” to emerging e-commerce and other technologybased players in India.
It seeks to know whether the penalty can be prescribed on a “per-day basis” for violation of data protection law. “An upper limit may be a fixed amount or may be linked to a variable parameter, such as, a percentage of the annual turnover of the defaulting data controller.”
Compensation, the paper notes, constitutes an important remedy where an individual has incurred a loss or damage as a result of a data controller’s failure to comply with the data protection principles. The compensation could be based on the amount of gain of an unfair advantage, wherever quantifiable, made as a result of the default.
Also, it could be based on the amount of loss caused to any person as aresult of the default. The white paper also seeks to tackle important issues such as a ‘right to be forgotten’ which basically refers to the right of an individual to have his/her data erased from the systems of data controllers.
“It is quite common for internet users to reveal personal information they later regret, or to have information posted about them that they wished had remained secret. Information posted on the internet is never truly forgotten,” the paper says, asking whether there should be a way a person can delete personal information from the internet “to remove the ‘shackles of unadvisable past things’ on the internet and correct past actions.”
On the issue of defining what is personal data, the white paper says that there may be a need to categorise the types of information which could form an integral part of an individual’s identity. “For instance, in some circumstances, disclosure of such information, is more likely to lead to discrimination, ridicule and reputational harm, especially where one’s beliefs and choices form part of the minority view in society.”
Source” gadgetsnow

0 comments:

Post a Comment