Data Protection Archives - Page 2 of 4 - Tech Law Forum @ NALSAR

Breaking Encryption and Violating User Privacy: Is there a Way Out?

Posted on May 2, 2021December 27, 2024 by Tech Law Forum NALSAR

[This post has been authored by Shamik Datta and Shikhar Sharma, first year students at NALSAR University of Law and National Law School India University respectively.]

How the IT Rules break End-to-End Encryption

End-to-end encryption ensures that intermediaries or third parties don’t have access to the content of the message and identity of the communicating parties. However, Rule 4 (2) of the new Informational Technology (Guidelines for Intermediaries and Digital Media Ethics Code) Rules 2021 specifies that all ‘significant social media intermediaries’ must enable the traceability of the first originator of a message. The collected information may be used if and when required by a court of competent jurisdiction or competent authority under Section 69A of the Information Technology Act, 2000. The information derived via the breaking of end-to-end encryption may be used to investigate offences abetted or caused by the spread of fake news. This includes open-ended offences like disturbing ‘public order’, which are broad in their scope, and thus, leave a wide scope for their blatant misuse and arbitrary interpretation. The proviso to Rule 4(2) states that intermediaries are not required to reveal the content of the message, or any other related information. However, under Rule 4 of the IT (Procedure and Safeguards for Interception, Monitoring and Decryption) Rules, 2009, the government possesses the power to demand the revelation of the content of electronic messages. The government could, upon identifying the user under the 2021 Rules, ask the intermediary to decrypt the content of other messages of the same user under the 2009 IT Rules citing “public order” (for example, citing the history of the user as a fake news spreader). This would render the proviso to Rule 4(2) of the 2021 Rules meaningless. Therefore, when the information about the first originator is gathered via enabling traceability and powers to disclose the content of the message is exercised, it leads to a break in end-to-end encryption. This destroys the very purpose of the cryptographic keys and encryption protocols developed over the years to encode the messages and safeguard the identity of their sender.

Geospatial Data Deregulation and Personal Data Protection

Posted on April 24, 2021December 27, 2024 by Tech Law Forum NALSAR

[This post has been authored by Varsha Rajesh, a final year law student at School of Law, Christ University, Bangalore.]

In February 2021, the Department of Science and Technology of the Government of India issued the Guidelines for acquiring and producing geospatial data and geospatial data services including Maps which applies to entities collecting geospatial data, mapping and other allied products and services which are offered by the Government and privately-owned bodies.

Mapping the rise of the surveillance state amid the COVID-19 crisis

Posted on April 22, 2021December 27, 2024 by Tech Law Forum NALSAR

[This post has been authored by Noyanika Batta, a Senior Associate at Lakshmikumaran & Sridharan Attorneys. She is a 2018 graduate from Gujarat National Law University.]

There exist dichotomous views on the usefulness of surveillance and its relationship with public health. The disease control strategies adopted by the states often necessitate extensive surveillance practices having an overbearing and intrusive effect on the daily lives of its citizens. The debate thus lies in striking the right balance between public health and the need to strengthen public health infrastructures vis-a-vis privacy protection for individual citizens. With the rapid spread of COVID19 debilitating economies and causing health systems across the globe to crumble, it became imperative for governments and organizations to take immediate actions to protect its people. This in turn saw a fierce boom in surveillance technologies dedicated towards monitoring whole populations, with governments trying to chart the virus’ trajectory from broad swathes of personal data. This article seeks to examine the disproportionate risks to data privacy caused by the use of invasive and pervasive technologies such as contact tracing across the world.

Facial Recognition and Data Protection: A Comparative Analysis of laws in India and the EU (Part I)

Posted on April 3, 2021December 27, 2024 by Tech Law Forum NALSAR

[This two-part post has been authored by Riddhi Bang and Prerna Sengupta, second year students at NALSAR University of Law, Hyderabad. Part II can be found here]

With the wave of machine learning and technological development, a new system that has arrived is the Facial Recognition Technology (FRT). From invention to accessibility, this technology has grown in the past few years. Facial recognition comes under the aegis of biometric data which includes distinctive physical characteristics or personal traits of a person that can be used to verify the individual. FRT primarily works through pattern recognition technology which detects and extracts patterns from data and matches it with patterns stored in a database by creating a biometric ‘template’. This technology is being increasingly deployed, especially by law enforcement agencies and thus raises major privacy concerns. This technology also attracts controversy due to potential data leaks and various inaccuracies. In fact, in 2020, a UK Court of Appeal ruled that facial recognition technology employed by law enforcement agencies, such as the police, was a violation of human rights because there was “too broad a discretion” given to police officers in implementing the technology. It is argued that despite the multifarious purposes that this technology purports to serve, its use must be regulated.

Facial Recognition and Data Protection: A Comparative Analysis of laws in India and the EU (Part II)

Posted on April 2, 2021December 27, 2024 by Tech Law Forum NALSAR

[This two-part post has been authored by Riddhi Bang and Prerna Sengupta, second year students at NALSAR University of Law, Hyderabad. Part I can be found here]

Procuring Data from Private Entities

The Internet and Marginalised Genders: A Comment in view of the Intermediary Guidelines, 2021

Posted on March 28, 2021December 27, 2024 by Tech Law Forum NALSAR

[Varsha Singh is a fifth-year law student and contributing editor at robos of Tech Law and Policy, a platform for marginalized genders in the technology law and policy field. This essay is part of an ongoing collaboration between r – TLP and the NALSAR Tech Law Forum Blog and is the third post in the series. Previous entries can be found here.]

We live an increasingly online everyday life. Today, internet platforms are at the helm of conversations, dominating interactions and impacting relationships between social actors. These platforms’ power and control play a role in furthering fundamental values such as the right to communication and access to knowledge and information. Policies that govern this control, both at self-regulatory and state levels, should ensure the protection of such rights and freedoms while ensuring that users can reap these platforms’ benefits. The Ministry of Electronics and Information Technology recently published Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021 to regulate intermediaries. While these guidelines adversely affect users’ rights and freedoms in general, the adverse effect is amplified manifold when it comes to marginalised genders, especially in light of India’s socio-political and cultural contexts.

Metadata by TLF: Issue 20

Posted on March 14, 2021December 27, 2024 by Tech Law Forum NALSAR

Welcome to our fortnightly newsletter, where our reporters Harsh Jain and Harshita Lilani put together handpicked stories from the world of tech law! You can find other issues here, and you can sign up for future editions of the the newsletter here.

Facebook-Australia standoff ends as both parties agree to truce

Facebook has reached an agreement with the Australian Government and will restore news pages in the country days after restricting them. The decision follows negotiations between the tech giant and the Australian Government, which is set to pass a new media law that will require digital platforms to pay for news. The law, if passed, will make digital platforms pay local media outlets and publishers to link their content in news feeds or search results. Under the amendments, the Australian Government will give digital platforms and news publishers two months to mediate and broker commercial deals before subjecting them to mandatory arbitration under the proposed media law. Both Google and Facebook have fought against the media law since last year. Google previously threatened to remove its search service from Australia in response to the proposed law. But the company has since struck commercial deals with local publishers including the Murdoch family-owned media conglomerate News Corp. Facebook, for its part, followed through with a threat to remove news features from Australia.

Data Exploitation and Discrimination Through “Empowering” Femtech Apps

Posted on March 13, 2021December 27, 2024 by Tech Law Forum NALSAR

[The following post has been authored by Yashaswini Santuka, a third year student of NALSAR University of Law. This essay is part of an ongoing collaboration between r – TLP and the NALSAR Tech Law Forum Blog and is the second post in the series. The first entry can be found here, and the rest of series is available here.]

Female healthcare and technology related to it, like other women-centric issues, are often suppressed and kept away from the spotlight. This is the result of years of direct and indirect suppression of women and their autonomy (bodily or otherwise), which has results in an increase in the popularity of technology aimed at “empowering” women. However, if the goal of tech-empowered, health tracking apps is to enable people to make informed medical choices, femtech companies have built apps that go beyond this goal. They have managed to successfully blur the line between healthcare and technology, going so far as to becoming apps designed primarily for men and violating the privacy of those it was meant to benefit. This article seeks to address the blatantly discriminatory nature of these apps, the privacy issues that come with entering data into the apps and the legal protection that users are entitled to.

Data Protection in EdTech Start-ups: An Analysis

Posted on January 8, 2021January 19, 2024 by Tech Law Forum NALSAR

[This post is authored by Oshi Priya, a third-year student at the National Law University of Study and Research in Law, Ranchi.]

Education technology (EdTech) is the means to facilitate e-learning through the combination of software and computer hardware along with educational theory. Though still in its early stages of development, it’s a $700 million industry today in India and is headed for 8-10 times the growth in the next 5 years. Some of the popular EdTech companies in India include Unacademy, BYJU’S, and Toppr, etc.

Metadata by TLF: Issue 19

Posted on December 21, 2020December 20, 2020 by Tech Law Forum NALSAR

Welcome to our fortnightly newsletter, where our reporters Harsh Jain and Harshita Lilani put together handpicked stories from the world of tech law! You can find other issues here.

Facebook Oversight Board picks the first batch of cases for review, adds additional matter from India

Facebook’s Oversight Board (OSB), an independent body set up to review moderation decisions by the company, chose 6 cases to review in the first week of December, 2020 from over 20,000 cases that were referred to it following the opening of user appeals in October 20, 2018. Five of the cases being considered by the OSB were referred via user appeals while the sixth arose from a reference by Facebook. A couple of days after announcing the first batch of cases, the OSB added an additional case for consideration from India. It involves a photo posted on a Facebook group with Hindi text describing the drawing a sword from its scabbard in response to “infidels” criticizing the prophet. The photo also included a logo with the words “Indian Muslims” in English. The accompanying text, also in English, includes hashtags calling President Emmanuel Macron of France “the devil” and calling for the boycott of French products.