Metadata by TLF: Issue 8

Posted on by Tech Law Forum @ NALSAR

Welcome to our fortnightly newsletter, where our reporters Kruttika Lokesh and Dhananjay Dhonchak put together handpicked stories from the world of tech law! You can find other issues here.

Supreme Court quashes RBI circular and permits cryptocurrency trading

A three-judge bench of the Supreme Court on 4th March, 2020, allowed dealing in cryptocurrency, quashing an earlier ban imposed by the Reserve Bank of India (RBI) on trading in virtual currencies such as Bitcoin. The development came as a major relief for the sector, as the RBI ban restricted lenders from facilitating banking transactions for cryptocurrency exchanges and traders. The top court’s order followed a plea by the Internet and Mobile Association of India (IMAI) objecting to the RBI ban. The industry body – whose members carried out cryptocurrency transactions among each other – had claimed the move effectively banned legitimate business activity via virtual currencies. The petitioners had argued among other things, that the April 2018 RBI circular was violative of Article 19(1)(g) of the Constitution which guarantees citizens the freedom to carry on a profession of their choice. The Supreme Court ruled that the RBI circular that prohibited any entity from providing banking services to anyone dealing with virtual or cryptocurrencies was not proportionate. The court said that the RBI has not presented any empirical evidence that virtual or cryptocurrencies have negatively impacted the banking sector or other entities regulated by the RBI.

Further Reading:

  1. Aniruddh Nigam, The Supreme Court Lifts the Ban on Cryptocurrencies – Or Does It?, The Wire (March 5,2020).
  2. Suhrith Parthasarathy, The Supreme Court’s Cryptocurrency Judgment, Indian Constitutional Law and Philosophy (March 10,2020).
  3. Editorial, Double-edged sword: On Supreme Court’s cryptocurrency ruling, The Hindu (March 7,2020).

Senate Judiciary Committee introduces EARN IT Act

Senate Judiciary Committee Chairman Lindsey Graham, US Senators Richard Blumenthal, Josh Hawley and Ranking Member Dianne Feinstein on 5th March, 2020 jointly introduced the Eliminating Abusive and Rampant Neglect of Interactive Technologies Act (EARN IT Act) that purports to “encourage the tech industry to take online child sexual exploitation seriously.” Until now, online service providers were not responsible—under what are known as the Section 230 provisions of the Communications Decency Act of 1996—for anything users publish on websites, social media accounts or cloud servers. The concept behind the law is that tech companies have to “earn” their protected immunity from prosecution for any illegal content published by users on their platforms by scanning and decrypting every message, image or post. The EARN IT commission will establish “best practices” that must be followed by the technology companies or they will face criminal prosecution if content on their services is found to be illegal. The law mandates that tech providers either agree to monitor the content and violate the privacy and free speech rights of their users by screening everything they publish, post or store on the service or they agree to be prosecuted by the state for any illegal content that appears on their site.

Further Reading:

  1. Issie Lapowsky, With the EARN IT Act, big tech is boxed into a corner again, Protocol (March 11, 2020).
  2. Riana Pfefferkorn, The EARN IT ACT: How To Ban End-To-End Encryption Without Actually Banning It, Center For Internet and Society Stanford Law School (January 30, 2020).
  3. Casey Newton, Everything You Need To Know About Section 230, The Verge (March 3,2020)

Facebook sued in Australia over Cambridge Analytica data breach

Australia’s information commissioner is suing Facebook over allegedly breaching the privacy of over 300,000 Australians caught up in the Cambridge Analytica scandal. In a case lodged in the federal court on 9th March 2020, the Australian information commissioner Angelene Falk has alleged Facebook committed serious and repeated interferences with privacy in contravention of Australian privacy law because data collected by Facebook was passed onto the This is Your Digital Life app by Cambridge Analytica for political profiling, which was not what it was collected for. The Office of the Australian Information Commissioner also alleges that Facebook “failed to take reasonable steps to protect those individuals’ personal information from unauthorised disclosure.”Both are violations of Australia’s Privacy Act 1988. The suit alleged the majority of the affected Australians didn’t actually install the app themselves. Instead, their data was collected after their Facebook friends downloaded the app, giving them no reasonable opportunity to opt out. The OAIC claims only 53 people in Australia downloaded the ‘This is Your Digital Life’ app. Each alleged violation carries a maximum penalty of $1.7 million, which is a significant mountain of cash by itself. But when multiplied by the 311,127 cases alleged by the OAIC, it grows to the almost comical sum of $529 billion.

Further Reading:

  1. Alvin Chang, The Facebook and Cambridge Analytica scandal, explained with a simple diagram, Vox (May 2, 2018).
  2. Issie Lapowsky, How Cambridge Analytica Sparked the Great Privacy Awakening, Wired (March 17,2019).
  3. Alexandra Samuel, The shady data-gathering tactics used by Cambridge Analytica were an open secret to online marketers. I know, because I was one, The Verge (March 15, 2018).

New app provides “safe paths” during the time of social distancing

The manner in which our societies are currently ordered is being given a serious thought owing to this 2020 Covid-19 pandemic. Amidst the large-scale pandemonium that has entailed due to the coronavirus, while various scientists work on finding a cure for the virus, the info-tech industry is doing its own bit to help governments and health service providers. The people at MIT, Harvard and other software engineers have been working on developing an application called Private Kit: Safe Paths that aims to track all the places that an infected person has visited. The location data of people is shared through encryption, so that people are notified of having contacted an infected person without knowing who the identity of that person. 

Further reading:

  1. Will Douglas Heaven, https://www.technologyreview.com/s/615372/coronavirus-infection-tests-app-pandemic-location-privacy/, MIT Technology Review (17 March, 2020).
  2. Stacy Liberatore, https://www.dailymail.co.uk/sciencetech/article-8131363/Apps-alert-users-children-cross-paths-people-infected-coronavirus.html, Daily Mail (19 March 2020).