Ikigai LawIkigai LawIkigai LawIkigai Law
  • About Us
    • About
    • Our Team
    • FinTales
    • Tech Ticker
  • Practice Areas
  • Blog
  • News & Events
    • Ikigai Law in the news
    • Ikigai Law at events
    • Ikigailaw on the social media
  • Careers

Mapping comments to the Srikrishna Committee on data protection (Part IV): Grounds of processing

    Home Data Governance Mapping comments to the Srikrishna Committee on data protection (Part IV): Grounds of processing
    NextPrevious

    Mapping comments to the Srikrishna Committee on data protection (Part IV): Grounds of processing

    By Ikigai Law | Data Governance | 0 comment | 16 August, 2018 | 4

    This note maps the opinions of some stakeholders to the White Paper of the Committee of Experts on a Data Protection Framework for India, released on 27th November, 2017 (“White Paper”). While all responses to the White Paper are currently unavailable, responses of twenty-seven (27) stakeholders are available on Dvara Research’s blog, here.

     

    Background

    In July 2017, the Ministry of Electronics and Information Technology (“MeitY”) had constituted a Committee of Experts, chaired by Justice B.N. Srikrishna (“the Srikrishna Committee”) to frame recommendations for a data protection framework for India. In January, 2018, the Srikrishna Committee concluded a nation-wide stakeholders’ consultation on key issues of data protection. This consultation was based on two hundred and thirty (230) questions that it had raised in the White Paper. Final recommendations of the Srikrishna Committee are awaited.

    Among many other issues raised, the Srikrishna Committee had flagged the grounds of processing of data as an important issue in Part III of the White Paper. As we have stated earlier, while all stakeholder submissions to the Srikrishna Committee have not been made public, Dvara Research has published a list of twenty-seven (27) publicly available comments. This note maps responses of these stakeholders on the grounds of processing of data.

    The White Paper raises the following questions on grounds of processing in chapters 1, 2, 3 and 4 of Part III:

    1. Should consent be a primary ground for processing personal data?
    2. Should the proposed law have a provision prescribing an age-bar specifically for protecting children’s personal data?
    3. Should the law rely on the notice and choice of mechanism for operationalising consent?
    4. What other grounds should be included under which processing may be done?

    Detailed Mapping of Responses

    A detailed mapping of the responses of all the twenty-seven (27) stakeholders to questions in Chapters 1, 2, 3 and 4 of Part III of the White Paper on Data Protection Law for India is available here.

     

     INSIGHTS

    1. Consent should be a primary ground for processing personal data

    1.1 Consent should be a primary ground for processing (18 responses): Access Now, BSA, iSPIRT, ITI, CIS, IDP, Harvard FXB Center, Mozilla Foundation, ORF, Prof. Graham Greenleaf, SFLC, Legal Academics and Advocates, Bhandari Kak Parsheera Rahman Sane, IFF, Privacy International, Subhasis Banerjee, Suyash Rai.

    1.1.1 CIS is of the opinion that consent should be freely given.

    1.1.2 Harvard FXB Center is of the opinion that clinical care and research will be negatively affected if consent to access health data becomes difficult. It is, therefore, suggested that a set standard for consent needs to be applied across the private and public healthcare delivery organizations.

    1.1.3 IDP, ORF, Omidyar Network and SFLC are of the opinion that consent must be informed, meaningful, explicit, specific and unambiguous, freely given and the data subject should have the right to withdraw consent during any stage of processing.

    1.1.4 ORF is of the view that consent must be simplified and multilingual.

    1.1.5 Privacy International is of the view that consent shouldn’t be used as a means to disclaim liability for processing.

    1.2 Consent should not be the primary ground of processing (2 responses): Takshashila Foundation and Dvara Research.

    1.2.1 Takshashila Foundation is of the view that India should reply on the ‘Accountability model’ as the primary means for securing privacy.

    1.2.2 Dvara Research is of the opinion that the test for legitimate interest should be the primary grounds for processing data.

    1.3 No response (7 responses): CCG, Centre for Trade and Investment Law, Anupam Saraph, DEF, EFF, EPIC, The Hoot.

     

    2 Child’s consent and provision prescribing an age-bar specifically for protecting children’s personal data in the proposed law

    2.1 Child’s consent should be provided for by the provision with an age bar (8 responses): BSA, ITI, CIS, Harvard FXB Center, Prof. Graham Greenleaf, SFLC, Takshashila Foundation, Dvara Research.

    2.1.1 BSA and ITI are of the opinion that India should adopt similar provisions like EU, where the age of consent for children is set at 13.

    2.1.2 iSPIRT is of the opinion that a child’s consent is not valid.

    2.1.3 CIS is of the opinion that the digital age of consent for children can be grouped as, below 13 years (consent to be given only by parent or legal guardian), 13 to 18 years (or possibly 16 years – with parental consent) and above 18 (consent of the user is sufficient).

    2.1.4 SFLC is of the opinion that Section 11 of the Indian Contract Act, 1872 and Section 3 of the Indian Majority Act, 1875 should be followed which sets the age of majority at 18 years.

    2.1.5 Takshashila Foundation is of the view that there must be an absolute prohibition on the processing of Sensitive Personal Data of all children below 14 years of age and explicit parental consent will be required in case of Sensitive Personal Data and Identified Personal Data.

    2.2. No response (18 responses): Access Now, CCG, Centre for Trade and Investment Law, IDP, Mozilla Foundation, ORF, Legal Academics and Advocates, Anupam Saraph, Bhandari Kak Parsheera Rahman Sane, DEF, EFF, EPIC, IFF, Omidyar Network, Privacy International, Subhasis Banerjee, Suyash Rai, The Hoot.

     

    3 The law should rely on the notice and choice of mechanism for operationalising consent

    3.1 Notice and choice are essential for operationalising consent (14 responses): BSA, iSPIRT, Access Now, CIS, Harvard FXB Center, IDP, Prof. Graham Greenleaf, SFLC, Legal Academics and Advocates, Takshashila Foundation, Bhandari Kak Parsheera Rahman Sane, Dvara Research, Omidyar Network, Privacy International.

    3.1.1 CIS has recommended the information that should be made available through a notice,

    3.1.2 Harvard FXB Center is of the opinion that notice in form of audio visual should be provided to those with poor literacy.

    3.2 No response (13 responses): ITI, CCG, Centre for Trade and Investment Law, Mozilla Foundation, ORF, Anupam Saraph, DEF, EFF, EPIC, IFF, Subhasis Banerjee, Suyash Rai, The Hoot.

     

    4 Any other grounds of processing data

    4.1 There should be other grounds of processing (12 responses): BSA, iSPIRT, ITI, Dvara Research, Takshashila Foundation, Mozilla Foundation, Access Now, CIS, SFLC, Harvard FXB Center, Prof. Graham Greenleaf, Subhasis Banerjee.

    4.1.1 BSA is of the opinion that legitimate interest, contractual performances and compliance with law should be other grounds of processing.

    4.1.2 iSPIRT is of the opinion that contractual performances, compliance with law and vital interest of data subjects should be other grounds of processing.

    4.1.3 ITI, Dvara Research, Takshashila Foundation, Mozilla Foundation and Access Now have suggested legitimate interest as the other ground of processing.

    4.1.4 CIS, SFLC, Harvard FXB Center and Prof. Graham Greenleaf are of the opinion that vital interest of data subjects and performance of contract should be other grounds of processing.

    4.1.5 Subhasis Banerjee is of the opinion that combination of legitimate interest and purpose limitation should be adopted for privacy protection.

    4.2 No responses (13 responses): CCG, Centre for Trade and Investment Law, IDP, ORF, Legal Academics and Advocates, Anupam Saraph, Bhandari Kak Parsheera Rahman Sane, EFF, EPIC, IFF, Omidyar Foundation, Suyash Rai, The Hoot.

     

    [This post is authored by Adyasha Mohanty, a fourth-year student of Symbiosis Law School, Noida during her internship with TRA, with inputs from Pushan Dwivedi, Associate, TRA.]

     

     

    Age bar, Child’s Consent, Choice, Consent, Data Protection, Data Transfer, Ikigai Law, Informed Consent, Innovation, Legitimate Interest, Meaningful Consent, Notice, Processing, Protection, Security, Srikrishna Committee, Stakeholders, TRALaw, Vital Interest, White Paper

    Ikigai Law

    More posts by Ikigai Law

    Related Post

    • Stakeholders’ responses to the TRAI privacy consultation paper

      By Ikigai Law | 0 comment

      In a 12 part series, we have mapped stakeholders’ comments to the Consultation Paper on Privacy, Security and Ownership of the Data in the Telecom Sector by Telecom Regulatory Authority of India (TRAI). In order toRead more

    • Stakeholders’ responses to the White Paper on a data protection framework in India

      By Ikigai Law | 0 comment

      In a 4 part series, we have mapped the publicly accessible opinions of 27 stakeholders on the White Paper of the Committee of Experts on a Data Protection Framework for India, released on 27th November, 2017Read more

    • TRAI recommendations on privacy, security and ownership of data in the telecom sector: Mapping of stakeholders’ opinions

      By Ikigai Law | 0 comment

      This note maps the position of all the stakeholders in relation to the Recommendations on Privacy, Security, and Ownership of the Data in the Telecom Sector (“Recommendations”) published by the Telecom Regulatory Authority of IndiaRead more

    • Mapping comments to the Srikrishna Committee on data protection (Part II): Data localisation

      By Ikigai Law | 0 comment

      This note maps the opinions of some stakeholders to the White Paper of the Committee of Experts on a Data Protection Framework for India, released on 27 November, 2017 (“White Paper”). While all responses toRead more

    • Mapping comments to the Srikrishna Committee on data protection (Part I): Cross-border data flows

      By Ikigai Law | 0 comment

      This note maps the opinions of some stakeholders to the White Paper of the Committee of Experts on a Data Protection Framework for India, released on 27 November, 2017 (“White Paper”). While all responses toRead more

    Leave a Comment

    Cancel reply

    Your email address will not be published. Required fields are marked *

    NextPrevious

    Tags

    #DataProtection #Fintales bitcoin Blockchain Budget Consent Consultation Consultation Paper cryptocurrency data Data Controllers data governance Data localisation Data Protection Data Subjects digital economy Digital India Drones E-Commerce Facebook Fintech Government Government of India healthtech Ikigai Law India Indian government Innovation MeITY Notice Payments Personal Data policy Privacy RBI Recommendation Regulation Srikrishna Committee Stakeholders Startups Surveillance Technology Tech Policy TechTicker TRAI

    Connect with Ikigai Law

    Copyright 2018 Ikigai Law | All Rights Reserved             

    Information

    • Practice Areas
    • Blog
    • Careers
    • Contact Us
    • Privacy Policy

    Contact us

    Office
    T-7/402, Commonwealth Games Village Apartment,
    New Delhi, Delhi 110092 India.

    Email Address

    contact@ikigailaw.com

    • About Us
      • About
      • Our Team
      • FinTales
      • Tech Ticker
    • Practice Areas
    • Blog
    • News & Events
      • Ikigai Law in the news
      • Ikigai Law at events
      • Ikigailaw on the social media
    • Careers
    Ikigai Law