So much has been said about these decisions that I don’t want to add my voice to the chorus—except to say that it brings into sharp focus the lack of a privacy law in the country. The one person in the data processing workflow, who might have visibility into the possible outcomes of data processing is the organization collecting the data—the data controller. It makes more sense to hold the data controller accountable for ensuring that no harm befalls the data subject than use poorly informed consent provided by the data subject as a licence to process. There will be instances where safeguarding the privacy of a data subject runs contrary to the commercial interests of the data controller. And that it does not use other extraneous facts in its possession to unfairly discriminate against the data subject.

Source: Mint March 28, 2017 18:22 UTC