Tech Law Forum @ NALSAR

Right to Privacy at the Mercy of the Executive: Part II

Posted on June 11, 2021June 11, 2021 by Tech Law Forum NALSAR

[This two-part essay has been authored by Aarya Pachisia, a 4th-year law student at Jindal Global Law School. Part One can be found here.]

Continuing the argument of how the executive seeks to control different actors under the Bill, this article focuses on executive control over the citizens. I advance the argument in two parts. First, I argue that under section 35 of the Personal Data Protection Bill, 2019 (‘the Bill’), a notification by the executive can exempt any stage agency from obtaining consent to process data of the citizens. There is no oversight mechanism envisaged by the Legislature under the Bill, as recommended by the Committee to validate or invalidate such notifications. Second, I argue that the Bill also considerably dilutes the consent framework under the Bill and drifts away from the concept of allowing the data subject to exercise control over personal data at every stage.

Right to Privacy at the Mercy of the Executive: Part I

Posted on June 11, 2021June 11, 2021 by Tech Law Forum NALSAR

[This two-part essay has been authored by Aarya Pachisia, a 4th-year law student at Jindal Global Law School. Part Two can be found here.]

Technology is advancing at lightning speed, making privacy violations inevitable. Today, machine learning software is sophisticated enough to predict one’s sexual orientation, political and religious affiliation merely by processing their likes on Facebook. The Whatsapp Snooping scandal is another instance, where WhatsApp has filed a case in the court of California against the NSO group for hacking targets’ phones through the app. The case brought to light that unchecked power and absence of proper legal mechanism can lead to gross violations of right to privacy.

Inclusive FinTech: Bridging the Gap

Posted on May 24, 2021May 24, 2021 by Tech Law Forum NALSAR

[The following post has been authored by Harshita Lilani, a third year student of NALSAR University of Law. This essay is part of an ongoing collaboration between r – TLP and the NALSAR Tech Law Forum Blog and is the fourth post in the series. The first entry can be found here, and the rest of series is available here.]

Financial inclusion and inclusive growth have emerged as one of the main agendas in the past decade as several nations have become aware that sustainable and inclusive growth of all the sections of the society is important for a nation to prosper. By working parallelly with traditional financial institutions like banks, credit unions and insurance companies, Financial Technology or ‘FinTech’, claims to enhance financial inclusion by offering novel products that are better tailored to consumers’ needs at a lower cost. However, a wide ‘FinTech gender gap’ shows that women are significantly less likely to use fintech products or services offered by the fintech entrants than men. This article discusses this gender gap in the FinTech industry and analyses the existing government policies and initiatives that claim to regulate fintech with an aim to bridge this gap. Finally, it highlights the key regulatory and policy changes that are required to create an enabling environment for financial inclusion in India.

Fighting “Unlawful” Content: Moderation and the New Intermediary Guidelines

Posted on May 6, 2021May 3, 2021 by Tech Law Forum NALSAR

[This post has been authored by Sanjana L.B., a 4^th year student at Symbiosis Law School, Hyderabad.]

Introduction

In January 2021, India had the highest number of Facebook users at 320 million. This was followed by the United States of America (“USA”), with 190 million users. As of February 2021, about 53.1% of the population of Myanmar were active social media users. These numbers are not only indicative of internet penetration, but also of the audience for user-generated content on platforms like Facebook. This article focuses, firstly, on the need for content moderation on social media by looking at harmful precedents of inefficient moderation, and secondly, on the Indian Government’s approach to content moderation through the Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021 (“Intermediary Guidelines”) and recent developments surrounding the regulation of social media content in India.

Google LLC v. Oracle America, Inc.: The Dissent That Matters (Part 2)

Posted on May 4, 2021August 11, 2022 by Tech Law Forum NALSAR

[This post has ben authored by Ajeeth Srinivas, a 4^th year student at School of Law, Christ University, Bangalore.]

The first Part of this Article analysed the judgement in the case of Google v Oracle, in suppoet of the minority opinion. The first part analysed the implications of the judgement on the idea-expression dichotomy and Google’s contentions regarding the merger doctrine, by understanding the structure of Oracle’s JAVA software, and noting the relationship between the declaring code and the implementing codes. This part analyses the second aspect of the majority judgement, and supports the views of the dissenting judges on the issue of Fair Use.

Google LLC v. Oracle America, Inc.: The Dissent That Matters (Part 1)

Posted on May 4, 2021May 3, 2021 by Tech Law Forum NALSAR

[This post has been authored by Ajeeth Srinivas, a 4th year student at School of Law, Christ University, Bangalore.]

“If the majority is going to speculate about what Oracle might do, it should at least consider what Google has done.”

Breaking Encryption and Violating User Privacy: Is there a Way Out?

Posted on May 2, 2021May 1, 2021 by Tech Law Forum NALSAR

[This post has been authored by Shamik Datta and Shikhar Sharma, first year students at NALSAR University of Law and National Law School India University respectively.]

How the IT Rules break End-to-End Encryption

End-to-end encryption ensures that intermediaries or third parties don’t have access to the content of the message and identity of the communicating parties. However, Rule 4 (2) of the new Informational Technology (Guidelines for Intermediaries and Digital Media Ethics Code) Rules 2021 specifies that all ‘significant social media intermediaries’ must enable the traceability of the first originator of a message. The collected information may be used if and when required by a court of competent jurisdiction or competent authority under Section 69A of the Information Technology Act, 2000. The information derived via the breaking of end-to-end encryption may be used to investigate offences abetted or caused by the spread of fake news. This includes open-ended offences like disturbing ‘public order’, which are broad in their scope, and thus, leave a wide scope for their blatant misuse and arbitrary interpretation. The proviso to Rule 4(2) states that intermediaries are not required to reveal the content of the message, or any other related information. However, under Rule 4 of the IT (Procedure and Safeguards for Interception, Monitoring and Decryption) Rules, 2009, the government possesses the power to demand the revelation of the content of electronic messages. The government could, upon identifying the user under the 2021 Rules, ask the intermediary to decrypt the content of other messages of the same user under the 2009 IT Rules citing “public order” (for example, citing the history of the user as a fake news spreader). This would render the proviso to Rule 4(2) of the 2021 Rules meaningless. Therefore, when the information about the first originator is gathered via enabling traceability and powers to disclose the content of the message is exercised, it leads to a break in end-to-end encryption. This destroys the very purpose of the cryptographic keys and encryption protocols developed over the years to encode the messages and safeguard the identity of their sender.

Geospatial Data Deregulation and Personal Data Protection

Posted on April 24, 2021April 22, 2021 by Tech Law Forum NALSAR

[This post has been authored by Varsha Rajesh, a final year law student at School of Law, Christ University, Bangalore.]

In February 2021, the Department of Science and Technology of the Government of India issued the Guidelines for acquiring and producing geospatial data and geospatial data services including Maps which applies to entities collecting geospatial data, mapping and other allied products and services which are offered by the Government and privately-owned bodies.

Mapping the rise of the surveillance state amid the COVID-19 crisis

Posted on April 22, 2021April 20, 2021 by Tech Law Forum NALSAR

[This post has been authored by Noyanika Batta, a Senior Associate at Lakshmikumaran & Sridharan Attorneys. She is a 2018 graduate from Gujarat National Law University.]

There exist dichotomous views on the usefulness of surveillance and its relationship with public health. The disease control strategies adopted by the states often necessitate extensive surveillance practices having an overbearing and intrusive effect on the daily lives of its citizens. The debate thus lies in striking the right balance between public health and the need to strengthen public health infrastructures vis-a-vis privacy protection for individual citizens. With the rapid spread of COVID19 debilitating economies and causing health systems across the globe to crumble, it became imperative for governments and organizations to take immediate actions to protect its people. This in turn saw a fierce boom in surveillance technologies dedicated towards monitoring whole populations, with governments trying to chart the virus’ trajectory from broad swathes of personal data. This article seeks to examine the disproportionate risks to data privacy caused by the use of invasive and pervasive technologies such as contact tracing across the world.

Facial Recognition and Data Protection: A Comparative Analysis of laws in India and the EU (Part I)

Posted on April 3, 2021April 3, 2021 by Tech Law Forum NALSAR

[This two-part post has been authored by Riddhi Bang and Prerna Sengupta, second year students at NALSAR University of Law, Hyderabad. Part II can be found here]

With the wave of machine learning and technological development, a new system that has arrived is the Facial Recognition Technology (FRT). From invention to accessibility, this technology has grown in the past few years. Facial recognition comes under the aegis of biometric data which includes distinctive physical characteristics or personal traits of a person that can be used to verify the individual. FRT primarily works through pattern recognition technology which detects and extracts patterns from data and matches it with patterns stored in a database by creating a biometric ‘template’. This technology is being increasingly deployed, especially by law enforcement agencies and thus raises major privacy concerns. This technology also attracts controversy due to potential data leaks and various inaccuracies. In fact, in 2020, a UK Court of Appeal ruled that facial recognition technology employed by law enforcement agencies, such as the police, was a violation of human rights because there was “too broad a discretion” given to police officers in implementing the technology. It is argued that despite the multifarious purposes that this technology purports to serve, its use must be regulated.