Deemed Consent – The DP Bill takes into consideration limited circumstances where consent would be deemed to have been given by Data Principals. A chunk of these circumstances make carve outs for consensual processing of Personal Data for state functions where such processing is necessary and the same are largely in line with the tests laid down by the Supreme Court in the Puttaswamy case relating to the scope of limitation of the constitutional right to privacy. The reason why it is ‘largely’ and not ‘entirely’ in line with the tests is because upon bare reading of the provisions of the DP Bill, scenarios like provision of any service or benefit to the Data Principal, or the issuance of any certificate, license, or permit for any action or activity of the Data Principal, by the State or any instrumentality of the State are not dependent on such activities being undertaken under the ‘existence of a law’ or in a manner that is authorised by any law.In addition to the aforesaid, consensual processing of Personal Data may also be done in case of medical emergencies involving threat to life or immediate threat to the health of the Data Principal. In context of such processing, a parallel may be drawn with the India’ draft Health Data Management Policy (“NDHM”) (the latest iteration of which was released in April this year) which also envisages provisions relating to processing of Personal Data in case of medical emergencies. Notably, the NDHM contemplates appointment of a nominee to provide valid consent on behalf of the Data Principal in case such Data Principal becomes seriously ill, or mentally incapacitated, or where the data principal is facing a threat to life or a severe threat to health and is unable to give valid consent. Unlike the DP Bill, the NDHM does not propose ‘deemed’ consent in absence of a nominee but rather shifts the right to give valid consent on behalf of the Data Principal to an adult member of the family of the Data Principal.
Source: Barandbench
