This post has been authored by Raghav Saha, a 3rd year student at Gujarat National Law University.
Introduction
Category: Personal Data Protection Bill
Subdermal Chipping – A Plain Sailing Task?
This post, analysing the legal viability of human implants in the Indian context, is authored by Tanusha Tyagi and Anabhra Chatterjee, fourth-year students from Vivekananda Institute of Professional Studies, GGSIPU, New Delhi
Microchipping: The Shackles of Technology?
Duty of a Data Fiduciary to Report a Breach: Part II
[This post has been authored by Ms. Vasundhara, Managing Partner, Verum Legal and Mr. Mudit Kaushik, Counsel, Zeus IP. Part One can be found here]
International Precedents and Comparison
While every nation in the world strives to ensure the digital security of its citizens, there are very few legislative developments to back up the claim. The General Data Protection Regulations of the European Parliament that became effective from May 2018, is a unique legal framework that enforces a unilateral form of data security laws that all EU members comply with, to ensure the protection of the European market as a whole.
Duty of a Data Fiduciary to Report a Breach: Part I
[This post has been authored by Ms. Vasundhara, Managing Partner, Verum Legal and Mr. Mudit Kaushik, Counsel, Zeus IP. Part Two can be found here]
Data breaches have become an issue for companies in the digital era, with no entity being spared for direct or even indirect involvement in a breach. Recently, Dominos Indiawas subject to a data breach by an unidentified hacker who allegedly took over 20 crore order details from Domino’s India server. What must have been worrisome for Dominos India would have been the fact that they collect information such as their customer’s name, email address, contact details, location and their address.
Right to Privacy at the Mercy of the Executive: Part II
[This two-part essay has been authored by Aarya Pachisia, a 4th-year law student at Jindal Global Law School. Part One can be found here.]
Continuing the argument of how the executive seeks to control different actors under the Bill, this article focuses on executive control over the citizens. I advance the argument in two parts. First, I argue that under section 35 of the Personal Data Protection Bill, 2019 (‘the Bill’), a notification by the executive can exempt any stage agency from obtaining consent to process data of the citizens. There is no oversight mechanism envisaged by the Legislature under the Bill, as recommended by the Committee to validate or invalidate such notifications. Second, I argue that the Bill also considerably dilutes the consent framework under the Bill and drifts away from the concept of allowing the data subject to exercise control over personal data at every stage.
Right to Privacy at the Mercy of the Executive: Part I
[This two-part essay has been authored by Aarya Pachisia, a 4th-year law student at Jindal Global Law School. Part Two can be found here.]
Technology is advancing at lightning speed, making privacy violations inevitable. Today, machine learning software is sophisticated enough to predict one’s sexual orientation, political and religious affiliation merely by processing their likes on Facebook. The Whatsapp Snooping scandal is another instance, where WhatsApp has filed a case in the court of California against the NSO group for hacking targets’ phones through the app. The case brought to light that unchecked power and absence of proper legal mechanism can lead to gross violations of right to privacy.
Geospatial Data Deregulation and Personal Data Protection
[This post has been authored by Varsha Rajesh, a final year law student at School of Law, Christ University, Bangalore.]
In February 2021, the Department of Science and Technology of the Government of India issued the Guidelines for acquiring and producing geospatial data and geospatial data services including Maps which applies to entities collecting geospatial data, mapping and other allied products and services which are offered by the Government and privately-owned bodies.
Facial Recognition and Data Protection: A Comparative Analysis of laws in India and the EU (Part I)
[This two-part post has been authored by Riddhi Bang and Prerna Sengupta, second year students at NALSAR University of Law, Hyderabad. Part II can be found here]
With the wave of machine learning and technological development, a new system that has arrived is the Facial Recognition Technology (FRT). From invention to accessibility, this technology has grown in the past few years. Facial recognition comes under the aegis of biometric data which includes distinctive physical characteristics or personal traits of a person that can be used to verify the individual. FRT primarily works through pattern recognition technology which detects and extracts patterns from data and matches it with patterns stored in a database by creating a biometric ‘template’. This technology is being increasingly deployed, especially by law enforcement agencies and thus raises major privacy concerns. This technology also attracts controversy due to potential data leaks and various inaccuracies. In fact, in 2020, a UK Court of Appeal ruled that facial recognition technology employed by law enforcement agencies, such as the police, was a violation of human rights because there was “too broad a discretion” given to police officers in implementing the technology. It is argued that despite the multifarious purposes that this technology purports to serve, its use must be regulated.
Facial Recognition and Data Protection: A Comparative Analysis of laws in India and the EU (Part II)
Data Protection in EdTech Start-ups: An Analysis
[This post is authored by Oshi Priya, a third-year student at the National Law University of Study and Research in Law, Ranchi.]
Education technology (EdTech) is the means to facilitate e-learning through the combination of software and computer hardware along with educational theory. Though still in its early stages of development, it’s a $700 million industry today in India and is headed for 8-10 times the growth in the next 5 years. Some of the popular EdTech companies in India include Unacademy, BYJU’S, and Toppr, etc.