[September 2-9] CCG’s Week in Review: Curated News in Information Law and Policy

This week, Delhi International Airport deployed facial recognition on a ‘trial basis’ for 3 months, landline communications were restored in Kashmir as the Government mulls over certification for online video streaming platforms like Netflix and PrimeVideo – presenting this week’s most important developments in law, tech and national security.

Aadhaar

  • [Sep 3] PAN will be issued automatically using Aadhaar for filing returns: CBDT, DD News report.
  • [Sep 3] BJD set to collect Aadhaar numbers of its members in Odisha, Opposition parties slam move, News 18 report; The New Indian Express report; Financial Express report.
  • [Sep 5] Aadhaar is secure, says ex-UIDAI chief, Times of India report.
  • [Sep 5] Passport-like Aadhaar centre opened in Chennai: Online appointment booking starts, Livemint report.
  • [Sep 8] Plans to link Janani Suraksha and Matra Vandan schemes with Aadhaar: CM Yogi Adityanath, Times of India report.

Digital India

  • [Sep 5] Digital media bodies welcome 26% FDI cap, Times of India report.
  • [Sep 6] Automation ‘not  threat’ to India’s IT industry, ET Tech report.
  • [Sep 6] Tech Mahindra to modernise AT&T network systems, Tech Circle report.

Data Protection and Governance

  • [Sep 2] Health data comes under the purview of Data Protection Bill: IAMAI, Inc42 report.
  • [Sep 2] Credit history should not be viewed as sensitive data, say online lenders, Livemint report.
  • [Sep 3] MeitY may come up with policy on regulation of non-personal data, Medianama report.
  • [Sep 3] MeitY to work on a white paper to gain clarity on public data regulations, Inc42 report.
  • [Sep 6] Treating data as commons is more beneficial, says UN report, Medianama report.
  • [Sep 9] Indian Government may allow companies to sell non-personal data of its users, Inc42 report, The Economic Times report.
  • [Sep 9] Tech firms may be compelled to share public data of its users, ET Tech report.

Data Privacy and Breaches

  • [Sep 2] Chinese face-swap app Zao faces backlash over user data protection, KrAsia report; Medianama report.
  • [Sep 2] Study finds Big Data eliminates confidentiality in court judgments, Swiss Info report.
  • [Sep 4] YouTube will pay $170 million to settle claims it violated child privacy laws, CNBC report; FTC Press Release.
  • [Sep 4] Facebook will now let people opt-out of its face recognition feature, Medianama report.
  • [Sep 4] Mental health websites in Europe found sharing user data for ads, Tech Crunch report.
  • [Sep 5] A huge database of Facebook users’ phone numbers found online, Tech Crunch report.
  • [Sep 5] Twitter has temporarily disabled tweet to SMS feature, Medianama report.
  • [Sep 6] Fake apps a trap to track your device and crucial data, ET Tech report.
  • [Sep 6] 419 million Facebook users phone numbers leaked online, ET Tech report; Medianama report
  • [Sep 9] Community social media platform, LocalCircles, highlights data misuse worries, The Economic Times report.

Free Speech

  • [Sep 7] Freedom of expression is not absolute: PCI Chairman, The Hindu report.
  • [Sep 7] Chennai: Another IAS officer resign over ‘freedom of expression’, Deccan Chronicle report.
  • [Sep 8] Justice Deepak Gupta: Law on sedition needs to be toned down if not abolished, The Wire report.

Online Content Regulation

  • [Sep 3] Government plans certification for Netflix, Amazon Prime, Other OTT Platforms, Inc42 report.
  • [Sep 4] Why Justice for Rights went to court, asking for online content to be regulated, Medianama report.
  • [Sep 4] Youtube claims new hate speech policy working, removals up 5x, Medianama report.
  • [Sep 6] MeitY may relax norms on content monitoring for social media firms, ET Tech report; Inc42 report; Entrackr report.

E-Commerce

  • [Sep 4] Offline retailers accuse Amazon and Flipkart of deep discounting, predatory pricing and undercutting, Medianama report; Entrackr report.
  • [Sep 6] Companies rely on digital certification startups to foolproof customer identity, ET Tech report.

Digital Payments and FinTech

  • [Sep 3] A sweeping reset is in the works to bring India in line with fintech’s rise, The Economic Times report.
  • [Sep 3] Insurance and lending companies in agro sector should use drones to reduce credit an insurance risks: DEA’s report on fintech, Medianama report.
  • [Sep 3] Panel recommends regulating fintech startups, RBI extends KYC deadline for e-wallet companies, TechCircle report.
  • [Sep 4] NABARD can use AI and ML to create credit scoring registry: Finance Ministry report on FinTech, Medianama report.
  • [Sep 5] RBI denies action against Paytm Payments bank over PIL allegation, Entrackr report.
  • [Sep 5] UPI entities may face market share cap, ET Tech report.
  • [Sep 6] NBFC license makes fintech startups opt for lending, ET Tech report.
  • [Sep 9] Ease access to credit history: Fintech firms, ET Markets report.

Cryptocurrencies

  • [Sep 1] Facebook hires lobbyists to boost crypto-friendly regulations in Washington, Yahoo Finance report.
  • [Sep 2] US Congress urged to regulate crypto under Bank Secrecy Act, Coin Telegraph report.
  • [Sep 2] Indian exchanges innovate as calls for positive crypto regulation escalate, Bitcoin.com report.
  • [Sep 4] Marshall Islands official explains national crypto with fixed supply, Coin Telegraph report.
  • [Sep 5] Apple thinks cryptocurrency has “long-term potential”, Quartz report.
  • [Sep 5] NSA reportedly developing quantum-resistant ‘crypto’, Coin Desk report.
  • [Sep 6] Crypto stablecoins may face bottleneck, ET Markets report.

Cybersecurity

  • [Sep 3] Google’s Android suffers sustained attacks by anti-Ugihur hackers, Forbes report.
  • [Sep 4] Firefox will not block third-party tracking and cryptomining by default for all users, Medianama report.
  • [Sep 4] Insurance companies are fueling ransomware attacks, Defense One report.
  • [Sep 5] Firms facing shortage of skilled workforce in cybersecurity: Infosys Research, The Economic Times report.
  • [Sep 5] Cybersecurity a boardroom imperative in almost 50% of global firms: Survey, Outlook report; ANI report.
  • [Sep 5] DoD unveils new cybersecurity certification model for contractors, Federal News Network report.
  • [Sep 5] Jigsaw Academy launches cybersecurity certification programme in India, DQ India report.
  • [Sep 6] Indians lead the world as Facebook Big Bug Hunters, ET Tech report.
  • [Sep 6] Australia is getting a new cybersecurity strategy, ZD Net report.
  • [Sep 9] China’s 5G, industrial internet roll-outs to fuel more demand for cybersecurity, South China Morning Post report.

Tech and National Security

  • [Sep 3] Apache copters to be inducted today, The Pioneer report.
  • [Sep 3] How AI will predict Chinese and Russian moves in the Pacific, Defense One report.
  • [Sep 3] US testing autonomous border-patrol drones, Defense One report.
  • [Sep 3] Meet the coalition pushing for ‘Cyber Peace’ rules. Defense One report.
  • [Sep 4] US wargames to try out concepts for fighting China, Russia, defense One report.
  • [Sep 4] Southern Command hosts seminar on security challenges, Times of India report; The Indian Express report
  • [Sep 4] Russia, already India’s biggest arms supplier, in line for more, Business Standard report.
  • [Sep 4] Pentagon, NSA prepare to train AI-powered cyber defenses, Defense One report.
  •  [Sep 5] Cabinet clears procurement of Akash missile system at Rs. 5500 crore, Times Now report.
  • [Sep 5] India to go ahead with $3.1 billion US del for maritime patrol aircraft, The Economic Times report.
  • [Sep 5] DGCA certifies ‘small’ category drone for complying with ‘No-Permission, No-Takeoff’ protocol, Medianama report.
  • [Sep 5] India has never been aggressor but will not hesitate in using its strength to defend itseld: Rajnath Singh, The Economic Times report.
  • [Sep 5] Panel reviewing procurement policy framework to come out with new versions of DPP, DPM by March 2020, The Economic Times report; Business Standard report; Deccan Herald report.
  • [Sep 5] Russia proposes joint development of submarines with India, The Hindu report.
  • [Sep 7] Proud of you: India tells ISRO after contact lost with CHandrayaan-2 lander, India Today report.

Tech and Elections

  • [Sep 4] ECI asks social media firms to follow voluntary code of ethics ahead of state polls: report, Medianama report.
  • [Sep 6] Congress party to reorganise its data analytics department, Medianama report.
  • [Sep 5] Why the 2020 campaigns are still soft targets for hackers, Defense One report.
  • [Sep 5] Facebook meets with FBI to discuss election security, Bloomberg report.
  • [Sep 5] Facebook is making its own AI deepfakes to head off a disinformation disaster, MIT Tech Review report.

Internal Security: J&K

  • [Sep 4] Long convoy, intel failure: Multiple lapses led to Pulwama terror attack, finds CRPF inquiry, India Today report; Kashmir Media Service report; The Wire report.
  • [Sep 4] Extension of President’s Rule in Kashmir was not delayed, MHA says in report to SC lawyer’s article, Scroll.in report.
  • [Sep 6] Landline communication restored in Kashmir Valley: Report, Medianama report.
  • [Sep 7] Kashmir’s Shia areas face curbs, all Muharram processions banned, The Quint report.
  • [Sep 7] No question of army atrocities in Kashmir as it’s only fighting terrorists: NSA Ajit Doval, India Today report.
  • [Sep 8] More than 200 militants trying to cross into Kashmir from Pakistan: Ajit Doval, Money Control report.
  • [Sep 8] ‘Such unilateral actions are futile’, says India after Pakistan blocks airspace for President Kovind, Scroll.in report; NDTV report.

Internal Security: NRC

  • [Sep 2] Contradictory voices in Assam Congress son NRC: Tarun Gogoi slams it as waste paper, party MP says historic document, India Today report.
  • [Sep 3] Why Amit Shah is silent on NRC, India Today report.
  • [Sep 7] AFSPA extended for 6 months in Assam, Deccan Herald report.
  • [Sep 7] At RSS mega meet, concerns over Hindus being left out of NRC: Sources, Financial Express report.

National Security Institutions and Legislation

  • [Sep 5] Azhar, Saeed, Dawood declared terrorists under UAPA law, Deccan Herald report; The Economic Times report.
  • [Sep 8] Home Minister says India’s national security apparatus more robust than ever, Livemint report.
  • [Sep 8] Financial safety not national security reason for women to join BSF: Study, India Today report.

Telecom/5G

  • [Sep 6] Security is an issue in 5G: NCSC Pant on Huawei, Times of India report.

More on Huawei

  • [Sep 1] Huawei believes banning it from 5G will make countries insecure, ZD Net report.
  • [Sep 2] Huawei upbeat on AI strategy for India, no word on 5G roll-out plans yet, Business Standard report.
  • [Sep 3] Huawei denies US allegations of technology theft, NDTV Gadgets 260 report; Business Insider report; The Economic Times report.
  • [Sep 3] Shocking Huawei ‘Extortion and Cyberattack’ allegations in new US legal fight, Forbes report; Livemint report, BBC News report; The Verge report
  • [Sep 3] Committed to providing the most advanced products: Huawei, ET Telecom report.
  • [Sep 4] Huawei says 5G rollout in India will be delayed by 3 years if it’s banned, Livemint report
  • [Sep 4] Trump not interested in talking Huawei with China, Tech Circle report.
  • [Sep 5] Nepal’s only billionaire enlists Huawei to transform country’s elections, Financial Times report.
  • [Sep 8] Trump gets shocking new Huawei warning – from Microsoft, Forbes report.

Emerging Tech

  • [Aug 30] Facebook is building an AI Assistant Inside Minecraft, Forbes report.
  • [Sep 3] AWS partners with IIT KGP for much needed push to India’s AI skilling, Inc42 report.
  • [Sep 3] Behind the Rise of China’s facial recognition giants, Wired report.
  • [Sep 4] Facebook won’t use facial recognition on you unless you tell it to, Quartz report.
  • [Sep 4] An AI app that turns you into a movie star has risked the privacy of millions, MIT Technology Review report.
  • [Sep 6] Police use f facial recognition is accepted by British Court, The New York Times report.
  • [Sep 6] Facebook, Microsoft announce challenge to detect deepfakes, Medianama report.
  • [Sep 6] Facial recognition tech to debut at Delhi airport’s T3 terminal; on ‘trial basis’ for next three months, Medianama report.

Internet Shutdowns

  • [Sep 3] After more than 10 weeks, internet services in towns of Rakhine and Chin restored, Medianama report.
  • [Sep 4] Bangladesh bans mobile phone services in Rohingya camps, Medianama report.

Opinions and Analyses

  • [Sep 2] Michael J Casey, Coin Desk, A crypto fix for a broken international monetary system.
  • [Sep 2] Yengkhom Jilangamba, News18 Opinion, Not a solution to immigration problem, NRC final list has only brought to surface fault lines within society.
  • [Sep 2] Samuel Bendett, Defense One, What Russian Chatbots Think About Us.
  • [Sep 2] Shivani Singh, Hindustan Times, India’s no first use policy is a legacy that must be preserved.
  • [Sep 3] Abir Roy, Financial Express, Why a comprehensive law is needed for data protection. 
  • [Sep 3] Dhirendra Kumar, The Economic Times, Aadhaar is back for mutual fund investments.
  • [Sep 3] Ashley Feng, Defense One, Welcome to the new phase of US-China tech competition.
  • [Sep 3] Nesrine Malik, The Guardian, The myth of the free speech crisis.
  • [Sep 3] Tom Wheeler and David Simpson, Brookings Institution, Why 5G requires new approaches to cybersecurity.
  • [Sep 3] Karen Roby, Tech Republic, Why cybersecurity is a big problem for small businesses.
  • [Sep 4] Wendy McElroy, Bitcoin.com, Crypto needs less regulation, not more.
  • [Sep 4] Natascha Gerlack and Elisabeth Macher, Modaq.com, US CLOUD Act’s potential impact on the GDPR. 
  • [Sep 4] Peter Kafka, Vox, The US Government isn’t ready to regulate the internet. Today’s Google fine shows why.
  • [Sep 5] Murtaza Bhatia, Firstpost, Effective cybersecurity can help in accelerating business transformation. 
  • [Sep 5] MG Devasahayam, The Tribune, Looking into human rights violations by Army.
  • [Sep 5] James Hadley, Forbes, Cybersecurity Frameworks: Not just for bits and bytes, but flesh and blood too.
  • [Sep 5] MR Subramani, Swarajya Magazine, Question at heart of TN’s ‘WhatsApp traceability case’: Are you endangering national security if you don’t link your social media account with Aadhaar? 
  • [ Sep 5] Justin Sherman, Wired, Cold War Analogies are Warping Tech Policy.
  • [Sep 6] Nishtha Gautam, The Quint, Peer pressure, militant threats enforcing civil curfew in Kashmir?
  • [Sep 6] Harsh V Pant and Kartik Bommakanti, Foreign Policy, Modi reimagines the Indian military.
  • [Sep 6] Shuman Rana, Business Standard, Free speech in the crosshairs.
  • [Sep 6] David Gokhshtein, Forbes, Thoughts on American Crypto Regulation: Considering the Pros and Cons.
  • [Sep 6] Krishan Pratap Singh, NDTV Opinion, How to read Modi Government’s stand on Kashmir.
  • [Sep 7] MK Bhadrakumar, Mainstream Weekly, The Big Five on Kashmir.
  • [Sep 7] Greg Ness, Security Boulevard, The Digital Cyber Security Paradox.
  • [Sep 8] Lt. Gen. DS Hoods, Times of India, Here’s how to take forward the national security strategy.
  • [Sep 8] Smita Aggarwal, Livemint, India’s unique public digital platforms to further inclusion, empowerment. 

Advertisements

CCG’s Week in Review: Curated News in Information Law and Policy [August 26-September 2]

MeitY sought views on ‘non-personal data’; India and France announce joint research consortium on AI and digital partnership after NSA-level talks; Section 144 CrPC imposed in areas of Assam anticipating unrest after the publication of the NRC list as the MHA holds a high-level security meet on Kashmir; and the tussle between MeitY and the Niti Aayog for control over the Rs. 7000 cr AI project continues – presenting this week’s most important developments at the intersection of law and tech.

Aadhaar

  • [Aug 27] Aadhaar integration can weed out fake voters: UIDAI’s Ajay Bhushan Pandey, Business Standard report.
  • [Aug 27] Government to intensify Aadhaar enrolment in J&K after Oct 31: Report, Medianama report; Times Now report; The Quint report
  • [Aug 27] Interview: Why I filed a case to link Aadhaar and Social Media Accounts, The Quint report.
  • [Aug 27] Aadhaar database cannot be hacked even after a billion attempts: Ravi shankar Prasad, Money Control report.
  • [Aug 27] Most dangerous situation: Justice Srikrishna on EC-Aadhaar linking, The Quint report.
  • [Aug 28] Aadhaar ads to women’s problems in India. Here’s why. The Wire report.
  • [Aug 28] What Centre will tell Supreme Court on Aadhaar and social media account linkage, The Hindustan Time report.
  • [Aug 28] All residents of an MP village have the same date of birth on their Aadhaar, Business Standard report.
  • [Aug 29] Blood banks advised to ask for donors’ Aadhaar cards, Times of India report.
  • [Aug 29] Aadhaar continues to evolve and grow as India issues biometric seafarers’ ID, Biometric Update report.
  • [Aug 31] Aadhaar mandatory for farmers to avail crop loan in Odisha, Odisha Sun Times report.
  • [Sep 1] NRIs to get Aadhaar sans 180-day wait in 3 months, The Hindu report.
  • [Sep 1] Aadhaar-liquor link to check bottle littering? Deccan Herald report.
  • [Sep 1] Linking Aadhaar with social media can lead to insidious profiling of people, says Apar Gupta, Times of India report.

Digital India

  • [Aug 27] NASSCOM-DSCI on National Health Stack: separate regulatory body for health, siloed registries, usage of single ID, Medianama report.
  • [Aug 27] Govt looks to develop electronics component manufacturing base in India: MeitY Secretary, YourStory report; Money Control report.
  • [Aug 30] India is encouraging foreign firms to shift biz from China: report, Medianama report; Reuters report.
  • [Aug 30] Wipro, Google to speed up digital shift of enterprises, ET Telecom report.
  • [Aug 30] Government committed to reach public via technology, Times of India report.
  • [Aug 31] MeitY and Google tie up to Build for Digital India, Livemint report; India TV report; ANI report; The Statesman report; Inc42 report.
  • [Sep 1] Govt is setting up high-tech R&D facilities for India Inc to encourage big-bang projects, ET Tech report.
  • [Sep 1] Digitalisation is now forcing NASSCOM to reinvent itself, ET Tech report.

Free Speech

  • [Aug 26] IAS Officer who quit over ‘losing freedom of expression’ was facing disciplinary action for misconduct, Swarajya Magazine report.
  • [Aug 27] Withdraw media curbs in Kashmir, The Hindu report.
  • [Aug 27] EU data caught in Facebook audio transcribing, Politico report.
  • [Aug 30] BJP issues gag order on Pragya Thakur after ‘black magic’ remark post Arun Jaitley’s death. News 18 report.
  • [Aug 31] Chargesheet filed against ex-Union Minister Salman Khurshid over remark in UP CM Yogi Adityanath, India Today report.
  • [Aug 31] Rafale deal: Rahul Gandhi summoned by Mumbai court for calling Narendra Modi ‘commander-in-thief’, Scroll.in report.
  • [Aug 31] Media freedom being curbed, says Mamata, The Hindu report.
  • [Sep 1] Madurai man booked for Facebook post against Centre, Army, Times of India report.

Internet Shutdowns

  • [Aug 26] Internet suspended in Indonesia’s Papua region for ‘ security and order’ amid protests, Medianama report.
  • [Aug 29] Months after pledge to open internet, Ethiopia disrupts connectivity amidst communal violence, Global Voices report.

Data Protection and Privacy

  • [Aug 27] Government’s approach to data is dangerous, says Justice Srikrishna, Medianama report.
  • [Aug 27] Microsoft’s lead EU data watchdog is looking into fresh Windows 10 privacy concerns, Tech Crunch report.
  • [Aug 30] This Week in Tech: Facebook’s privacy pivot (business model not included), The New York Times report.
  • [Aug 31] MeitY seeks views on non-personal data, ET Tech report.
  • [Aug 31] Google to pay out $150-200m over YouTube privacy claims: reports, The Hindu report.
  • [Sep 2] Let data protection Bill deal with personal health data, says IAMAI, Business Standard report.

Intermediary Liability

  • [Aug 27] Government notices and issue in TikTok’s ShareChat notices: To ask TikTok how its intermediary status is consistent with claims on owning content, ET Telecom report; Inc42 report.

E-Commerce

  • [Aug 27] Thailand to tax e-commerce companies from next year, Medianama report.
  • [Aug 27] NRAI sends notices to Swiggy, Zomato, others on deep discounting, lack of transparency, Tech Circle report.
  • [Aug 29] MeitY may not include E-commerce data in privacy bill, The Economic Times report; Medianama report; Inc42 report.
  • [Aug 29] 30% local sourcing FDI rule on single brand retailers relaxed, physical stores before online sales not necessary, Medianama report.
  • [Aug 29] Amazon moves Supreme Court against direct selling companies: Report, Medianama report; The Economic Times report.
  • [Aug 30] India big enough for both e-commerce and small retailers: Rajiv umar, ET Tech report.
  • [Aug 30] Zomato, Swiggy and NRAI discuss issues, to meet again in September, Medianama report.
  • [Aug 30] DPIIT asks e-commerce firms to upload FDI compliance certifications, Medianama report.
  • [Aug 31] Why restaurants and aggregators are locking horns over discounts, ET Tech report.
  • [Aug 31] CAIT slams Amazon in public discussion over deep discounting, Entrackr report.
  • [Aug 31] E-marketplaces giving preferential treatment to come: Sellers, ET Tech report.
  • [Sep 2] Swiggy likely to cap restaurant commissions at 25%, ET Tech report.

Digital Payments and FinTech

  • [Aug 30] Another extension for e-wallets: RBI gives 6 months to complete KYC, Entrackr report.
  • [Sep 2] Banks may take 3 years for tech merger, ET Tech report.

Cryptocurrencies

  • [Aug 25] IRS sends new round of letter to Bitcoin and Crypto holders, Coin Telegraph report.
  • [Aug 26] 25]year old Bitcoin seller faces life sentence for unlicensed exchange, Coin Desk report.
  • [Aug 26] Telegram’s 300 million users could soon be trading Bitcoin and Crypto- Despite serious security warning, Forbes report.
  • [Aug 28] Crypto-jacking virus infects 850,000 serves, hackers run off with millions, Coin Desk report.
  • [Aug 30] UN Official: Crypto makes policing child trafficking ‘exceptionally difficult’, Coin Desk report.
  • [Aug 30] How do we get crypto currency to circulate as money? This experiment might hold the answer, The Print report.
  • [Aug 30] Privacy in Crypto: The Impact of Rising Terrorism Concerns, Forbes report.
  • [Aug 28] Telegram to release its cryptocurrency by October 31, Medianama report; ET Markets report.

Tech and Law Enforcement

  • [Aug 26] End-to-end encryption not essential to WhatsApp as a platform: Tamil Nadu Advocate General, Medianama report.
  • [Aug 27] WhatsApp traceability vulnerable to falsification, claims IFF expert submission, Firstpost report; Medianama report.
  • [Aug 31] A new kind of cybercrimes uses AI and your voice against you, Quartz report.

Tech and National Security

  • [Aug 26] Russia to supply critical components of Gaganyaan, Free Press Journal report.
  • [Aug 26] CAG report on offset deal in Rafale contract to be tabled in Winter Session: Report, News Nation report.
  • [Aug 27] Gaganyaan Mission: Russia to train four Indian astronauts from November, DNA India report.
  • [Aug 27] Centre inks Rs 380 cr deal with private firm for nine precision approach radars, DNA India report.
  • [Aug 27] Navy needs “assured” budget support to build capacity: CHief, The Economic Times report; The Indian Express report; Outlook India report.
  • [Aug 27] ITI Nagpur students to learn to assemble Rafale jets, The Economic Times report.
  • [Aug 27] Incentivise pvt sector for defence production: Brookings, Outlook India report.
  • [Aug 28] Amazon and Microsoft unchallenged in $10bn ‘Jedi’ contract review, Financial Times report.
  • [Aug 28] India’s HAL deepens private sector engagement through Make-II initiative, Jane’s 360 report.
  • [Aug 29] NSA-level meet today, France keen to sell second batch of 36 Rafales, The Indian Express report; Financial Express report; ANI News report.
  • [Aug 30] Russia set to offer submarines during Modi-Putin summit, Defence Aviation Post report.
  • [Aug 30] India must be prepared to face any threat: Vice President Venkaiah Naidu, The New Indian Express report.
  • [Aug 31] US to use fake social media to check on people entering the country, India Today report.

Cybersecurity

  • [Aug 26] Ransomware threat raises National Guard’s role in state cybersecurity in the United States, Statescoop report.
  • [Aug 26] The Pentagon wants to bolster Defense Innovation Unit’s Cyber defenses, Nextgov report.
  • [Aug 27] The importance of training: Cybersecurity awareness as a firewall, Forbes report.
  • [Aug 28] Why cybersecurity is a central ingredient in evolving digital business models, Financial Express report.
  • [Aug 28] Cyber security and the finance sector: the need for stronger data protection capabilities, Security Boulevard report.
  • [Aug 28] India to unveil cybersecurity strategy policy early next year, Financial Express report; Inc42 report.
  • [Aug 28] Face it – Biometrics to be big in cybersecurity, Forbes report.
  • [Aug 28] MHA has taken various measures to counter cyber threat: MoS Kishan Reddy, United News of India report.
  • [Aug 30] Google says hackers have put ‘monitoring implants’ in iPhones for years, The Guardian report; DW report.
  • [Aug 30] Employee errors responsible for half of cybersecurity incidents: report, The Hindustan Times report.
  • [Aug 30] Despite changes by Microsoft, Windows 10 might still be remotely spying on you, Digital Trends report.
  • [Aug 30] Only 5-10% pharma firms have cybersecurity: Expert, Times of India report.

Internal Security: J&K

  • [Aug 27] Kashmir updates: UN Chief urges all parties to avoid escalation, India Today report.
  • [Aug 27] Kashmir: MHA to hold high level security meet; SC will hear Faesal and Shehla Rashid, The Week report.
  • [Aug 29] There is only fear and no ‘freedom’ in the Northeast and J&K, The Wire report.
  • [Aug 29] ‘Feel unsafe at home’: J&K residents accuse security forces of raiding houses, arresting ‘innocent’ Kashmiri youth under Public Safety Act, Firstpost report.
  • [Aug 30] Jammu and Kashmir: Rumours fly thick but slow in absence of communication, The Economic Times report.
  • [Aug 30] Army Chief to review security in J&K today, his first visit after Art 370 repeal, The Hindustan Times report.
  • [Aug 31] Mobile services restored partially in Kashmir’s Kupwara district, ET Telecom report.

Internal Security: North East and the NRC

  • [Aug 29] Security measures tightened in Assam, Sec 144 CrPC in Guwahati ahead of final NRC, India Today report.
  • [Aug 30] Assam police declare 14 districts as sensitive areas, Times of India report.
  • [Aug 30] How the National Citizenship Registration in Assam is shaping a new national identity in India, The Conversation report.
  • [Aug 30] NRC not to solve foreigner problem: Himanta Biswa Sarma, Deccan herald report.
  • [Aug 31] No Aadhaar from elsewhere for those excluded from NRC, ET Tech report.
  • [Aug 31] Assam on edge a day before publication of NRC, India Today report.
  • [Sep 1] Assam BJP, Opposition unhappy with updated NRC, India Today report.
  • [Sep 1] Assam NRC final list: Centre in no hurry for follow-up, The Hindu report.
  • [Sep 1] Happy to know how many are doubtful citizens, says AIUDF, The Telegraph report.
  • [Sep 1] Indian citizens register excludes 1.9m Assam residents, Financial Times report.

Telecom/5G

  • [Aug 26] India will not compromise on security of telecom networks: Dhotre, ET Telecom report.
  • [Aug 27] 5G spectrum sale may be deferred to early 2020, ET Telecom report.
  • [Aug 27] Govt invites bids to select agency for conducting spectrum auction, ET Telecom report.
  • [Aug 28] Reliance Jio records highest telecom revenue market share in Q1FY20, Medianama report.
  • [Aug 31] Govt focusing on improved telecom connectivity in NE, ET Telecom report.
  • [Aug 28] 3G network to shut by December, 5G adoption not expected, Phonepe, Paytm and more, Medianama report.

More on Huawei

  • [Aug 26] 5G trials: China aggression will work against Huawei, say India officials, India Express report.
  • [Aug 27] New Huawei OS Shock: ‘Confirmation’ of Russian Software for mobile devices, Forbes report; Reuters report.
  • [Aug 27] Huawei: UK to make 5G decision ‘by the autumn’, BBC News report.
  • [Aug 29] Huawei’s next flagship phone blocked from using Google apps, The Guardian report.
  • [Aug 30] Huawei under probe by US prosecutors over new allegations, ET Telecom report; Business Standard report.
  • [Sep 1] Huawei just launched 5G in Russia with Putin’s Support: ‘Hello Splinternet’, Forbes report.

Emerging Tech and AI

  • [Aug 27] Niti Aayog, MeitY spar over Rs. 7,000 crore AI mission, ET Telecom report; Inc42 report; Entrackr report.
  • [Aug 27] India, France announce joint research consortium on AI and a digital partnership, Medianama report.
  • [Aug 28] Elon Musk and Jack Ma debate AI at China Summit, Bloomberg report.
  • [Aug 28] Is this Aadhaar of the future? Facial biometric technology-based chip-enabled cards issues, The Economic Times report.
  • [Aug 28] National security imperative to become $5trillion economy: Amit Shah, Livemint report; The Asian Age report.
  • [Aug 29] Swedish school fined over use of facial recognition, Lexology report.

Big Tech

  • [Aug 26] India is important, that’s why bringing hardware devices here: Google, ET Telecom report.
  • [Aug 26] Facebook wins appeal against German Data-Collection ban, The Wall Street Journal report.
  • [Aug 26] Instagram’s latest assault on Snapchat is a messaging app called Threads, The Verge report.
  • [Aug 28] Google is moving Pixel production from China to an old Nokia factory in Vietnam, The Verge report.
  • [Aug 30] Google expands scope of its bug bounty programme, unveils data protection reward programme for developers, NDTV Gadgets 360 report.

Opinions and Analyses

  • [Aug 25] Jon Evans, Tech Crunch, Crypto means Cryptotheology.
  • [Aug 26] Guest Author, Medianama, Should Indian Copyright law prevent text and data mining?
  • [Aug 26] Vishal Chawla, Analytics India Magazine, Why IoT security standards are crucial in preventing hackers from stealing your data.
  • [Aug 26] The Hindu Editorial, ON the wrong side: On PCI backing Kashmir restrictions.
  • [Aug 26] Robert S Taylor, Lawfare, How to measure Cybersecurity.
  • [Aug 26] Mike Giglio, Defense One, China’s Spies Are on the Offensive. Can the US Fend Them Off?
  • [Aug 27] Gurshabad Grover, The Hindu, A judicial overreach into matters of regulation.
  • [Aug 27] Maj Gen Harsha Kakkar, Bharat Shakti, Foreign Policy and National Security.
  • [Aug 27] A Vinod Kumar, Institute for Defence Studies and Analyses, ‘No First Use’ is Not Sacrosanct: Need a Theatre-Specific Posture for Flexible Options.
  • [Aug 27] Jack Cable, Harvard Business Review, Every computer science degree should require a course in cybersecurity.
  • [Aug 27] Rahul Singh, The Hindustan Times, Key decisions underline govt’s focus on building stronger military.
  • [Aug 27] The Economic Times Opinion, Aadhaar linkage with social media is troublesome.
  • [Aug 28] Vikram Koppikar, Money Control, Aadhaar and Social Media: It’s a delicate balance between security and privacy. 
  • [Aug 28] Abhijit Singh. The Hindu, The CHief of Defence Staff needs an enabling institutional infrastructure.
  • [Aug 28] Samantha Ravish, Defense One, The US must prepare for a Cyber ‘Day After’.
  • [Aug 28] Mike Masnick, Tech Dirt, Protocols, not platformsL A technological approach to free speech.
  • [Aug 29] Dhruva Jaishankar, The Hindustan Times, The saga of India’s indigenous defence production.
  • [Aug 29] The Print, Does War & Peace taunt show how poorly equipped India judges are to handle security cases?
  • [Aug 30] Rohan Seth, The Asian Age, Wider debate needed on major changes in data protection law.
  • [Aug 30] Amit Cowshish, Institute for Defence Studies and Analyses, CDS: A pragmatic blueprint required for implementation.
  • [Aug 30] Crystal Lee and Jonathan Zong, Slate, Consent is not an ethical rubber stamp.
  • [Aug 30] Gopal Krishna, Business Today, Why the promised right to privacy and data protection law hasn’t been enacted yet. 
  • [Aug 31] Bidanda Chengappa, Deccan Herald, Peacetime spying is legitimate.
  • [Aug 31] Sandipan Deb, Livemint, When social media monopolies prey on freedom of expression.

[July 15-22] CCG’s Week in Review: Curated News in Information Law and Policy

The National Investigation Agency Act was amended by Parliament this week, expanding its investigation powers to include cyber-terrorism; FaceApp’s user data privacy issues; and the leaked bill to ban cryptocurrencies— presenting this week’s most important developments in law and tech.

Aadhaar

  • [July 15] Govt plans Aadhaar based identification of patients to maintain health records, Live Mint report; The Indian Express report.
  • [July 15] Petition in Delhi HC seeking linking of Aadhaar with property documents, Live Mint report.
  • [July 15] Government stops verification process using Aadhaar for driving license, The Economic Times report.
  • [July 15] Government stops verification process using Aadhaar for driving license: Nitin Gadkari, ET Auto report.
  • [July 18] Will Aadhaar interchangeability for ITR make PAN redundant? Live Mint report.
  • [July 18] Govt floats idea for Aadhaar-like database for mapping citizen health, Business Standard report; Money Control report; Inc42 report.
  • [July 19] Linking Aadhaar with Voter ID— Election Commission to decide within weeks, The Print report; India Legal analysis.
  • [July 21] Mumbai man fights against linking Aadhaar to salary account, The Quint report.
  • [July 21] Violating SC rules, matrimonial site sells love, marriage using Aadhaar data, National Herald report.
  • [July 22] Large cash deposits may soon need Aadhaar authentication, Times of India report; Money Control report.

Right to Information

  • [July 19] Bill to amend RTI law introduced in Lok Sabha amid opposition, India Today report.

Free Speech

  • [July 18] Ajaz Khan of Big Boss fame arrested by Mumbai Police for TikTok video, The Asian Age report; DNA India report.
  • [July 19] Guwahati HC grants anticipatory bail to poets accused of writing communally charged poetry on Assam citizenship crisis, Live Law report.

Internet Governance

  • [July 16] MeitY to finalise Intermediary Liability rules amendment by month end, Medianama report; Inc42 report.

Data Protection and Data Privacy

  • [July 17] Canada probing data theft at military research center: reports, Business recorder report.
  • [July 17] BJP raises issue of privacy breach by tech devices in Rajya Sabha, BJD demads more funds, News 18 report.
  • [July 17] TMC MPs protest outside Parliament in Delhi, demand to bring Data Protection Law, DNA India report.
  • [July 17] Democrats issue warnings against viral Russia-based face-morphing app ‘FaceApp’, NPR report.
  • [July 18] Government notice to Tiktok, Helo; asks to answer 21 questions or face ban, Gadgets Now report; Medianama report; Business insider report.
  • [July 18] Singapore data protection enforcement guide released, Asia Business law Journal report.
  • [July 18] Irish Data Protection Commission issues advice over FaceApp privacy concerns, RTE report.
  • [July 18] Govt admits to data leak of unemployment figures ahead of May announcement in Rajya Sabha, terms the issue ‘serious’, Firstpost report.
  • [July 19] From bad to worse: PM Modi’s office has asked IT Ministry to keep a close eye on TikTok, India Times report.
  • [July 20] Equifax near $700 million settlement of data breach probes: WSJ, AL Jazeera report.
  • [July 21] Jio backs data protection; highlights future growth areas like agriculture, healthcare and education, The Economic Times report.

Data Localisation

  • [July 19] Firms exploring Telangana to set up data centres, The Hindu report.
  • [July 22] Bytedance starts building local data centre in India after lawmakers complain of data privacy, Entrackr report.
  • [July 22] China’s ByteDance to store Indian data locally after MPs raise concerns on privacy, national security, ET Tech report; Outlook report.
  • [July 22] Jio backs data localization to stave off cyberattacks, ET Tech report; Medianama report.

Digital India

  • [July 15] India lags peers in tech skills: Coursera study, ET Telecom report.
  • [July 16] WiFi on the go: Government pushes to keep Bharat connected, ET Telecom report.
  • [July 17] BMTC wants to reboot its IT plan, ET tech report.
  • [July 19] How improved infrastructure and tech firms are changing game development in India, ET Tech report.

Digital Payments and E-Commerce

  • [July 14] How women are sidelined in India’s e-commerce growth, ET Tech report.  
  • [July 17] Digital payment firms write to Government, asking compensation for losses incurred due to ‘zero’ merchant fee, Latestly report.
  • [July 22] How an in-house e-commerce platform Leaf Era has revolutionsed government procurement, ET Tech report.
  • [July 22] Aditya Birla Payments Bank to shut down due to “unanticipated developments in business landscape”, Medianama report.

Cryptocurrency

  • [July 15] Hacked crypto exchange Bitpoint discovers more millions are missing, Coin Desk report.
  • [July 15] India: Leaked draft bill would ban all crypto except ‘Digital Rupee’, Coin Telegraph report.
  • news to those Swiss authorities, Business Insider report.
  • [July 16] US says cryptocurrency is a national security issue, The New Indian Express report.
  • [July 16] Bitcoin and crypto suddenly branded a national security issue, Forbes report.
  • [July 16] Crypto a security threat, instrument for illicit activities: Trump admin, Business Standard report.
  • [July 17] Facebook said its Libra cryptocurrency will be regulated by Swiss authorities – but that was
  • [July 17] Making sense of chaos? Algos scour social media for clues to crypto moves, ET Markets report
  • [July 20] Cryptokart: Another Indian crypto exchange shuts doen operations, Coin Telegraph report.
  • [July 22] Crypto-attacks are rising in Asia—and cybersecurity AI may be the best way to fight the threat: Darktrace, Business Insider report.

Emerging Tech

  • [July 13] Facial recognition tech is growing stronger, thanks to your face, New York Times report.
  • [July 19] Is there a tug of war between Niti Aayog, IT Ministry on artificial intelligence project? India Today report.

Big Tech

  • [July 15] Tech giants to face US hearings on anti-trust, cryptocurrency, ET Telecom report.
  • [July 15] Amazon Web Services still on pole for $10bn defence cloud deal after Oracle case crashes, DataEconomy.com report.
  • [July 16] Google accused of ripping off digital ad technology in US lawsuit, ET Telecom report.
  • [July 19] EU opens investigation into anti-competitive conduct of Amazon: Will it face heat in India too? Entrackr report.

Telecom/5G

  • [July 17] Govt working on revival of BSNL: Minister tells Lok Sabha, The Hindu Business Line report.
  • [July 19] Make in India: Only half of country’s 268 cellphone makers stay afloat, Financial Express report.

More on Huawei

  • [July 16] The US Congress wants to block the Trump administration from weakening Huawei restrictions, The Verge report.
  • [July 17] US-China talks stuck in rut over Huawei, The Wall Street Journal report.
  • [July 19] Two-thirds of Canadians reject closer ties to China and want Huawei banned from 5G networks, poll says, South China Morning Post report.
  • [July 20] White House to host meeting with tech executives on Huawei ban: report, Business Standard report.  

Cybersecurity

  • [July 15] Use Indian IPRs to ensure telecom network security: Trade group. ET Telecom report.
  • [July 15] Indian IT managers facing budget crunch for cybersecurity, Live Mint report
  • [July 16] Your WhatsApp, Telegram files can be hacked: Symantec, ET Telecom report.
  • [July 16] IT companies tightening salary budgets, leveraging variable pay for niche skills, ET Tech report.
  • [July 17] Druva acquires hybrid data protection form CloudLanes, The Economic Times report.
  • [July 17] Indian Army launches massive crackdown on personnel violating its cybersecurity norms, The Print report.
  • [July 19] NSO spyware targets phones to get data from Google, Facebook, iCloud: Report, Medianama report.
  • [July 20] New bills on cybersecurity, crime against women soon: Union Minister, India Today report; The Indian Express report.
  • [July 21] An entire nation just got hacked, CNN report.
  • [July 22] Fix Rogue audits; guard Indian data; bulletproof 5G: India’s new cybersecurity chief’s Vision 2020, ET Prime report.
  • [July 22] Fake FaceApp software may infect your device, says global cybersecurity company Kaspersky Lab, New Nation report.

Tech and Elections

  • [July 14] New election systems use vulnerable software, AP News report.

Tech and Law Enforcement

  • [July 12] Revealed: This is Palantir’s Top-Secret User Manual for Cops, Vice Motherboard report.
  • [July 22] WhatsApp traceability case: Details of data requests made by Tamil Nadu Govt to social media companies, Medianama report.

Tech and Military

  • [July 14] French jetpack man flyboards up Champs-Elysees for Paris Parade, RFI report.
  • [July 15] Dassault offset money to help in skill training: FM Nirmala Sitharaman, Money Control report. Economic Times report.
  • [July 16] Modi Govt to buy Pilatus trainer aircraft following corruption charges, to ban Swiss defence firm for one year, OpIndia report.
  • [July 16] If India chooses F-21, it will plug into ‘world’s largest fighter plane ecosystem’: Lockheed Martin, The Economic Times report.
  • [July 17] AI has a bias problem and that can be a big challenge in cybersecurity, CNBC report
  • [July 17] IAF on spares buying spree, The Quint report.
  • [July 19] Lockheed Martin identifies 200 potential Indian partners, Hindustan Times report.
  • [July 18] Navy to buy Rs. 1,589 crore satellite from ISRO, The Economic Times report.
  • [July 18] Indian MoD issues RFP for heavyweight torpedoes for Kalvari-class submarines, Jane’s 360 report.
  • [July 18] Rafale will provide IAF strategic deterrence: Defence Ministry, Money Control report
  • [July 19] US F-35, poster child for ineptitude, inefficiency, The Middle East Monitor report.
  • [July 19] South African Council to collaborate with Indian defence industry, Outlook India report.
  • [July 20] DRDO carries out a dozen successful summer trials of NAG anti-tank missile, ANI report.
  • [July 21] IAF Pilots could soon fly Tom Cruise;s fighter jet from Top Gun Maverick, News 18 report.
  • [July 21] India to forge ahead with Russia accord despite US threat of sanctions, DNA India report.

National Security Legislation

  • [July 15] Lok Sabha passes bill that gives more powers to NIA, Live Mint report, ANI report.
  • [July 15] Lok Sabha passes NIA Amendment Bill to give more power to anti-terror agency; here’s all you need to know, Business Insider report.
  • [July 17] What is the National Investigation Agency Bill and why is it in contention?, Money Control report.
  • [July 17] Rajya Sabha passes National Investigation Agency Amendment Bill 2019, Live Mint report; Outlook India report.
  • [July 18] Cabinet asks finance panel to consider securing non-lapsable funds for defence, The Indian Express report; Financial Express report.
  • [July 20] New bills on cybersecurity, crime against women soon: Union Minister, India Today report; The Indian Express report.

Opinions and Analyses

  • [July 11] Ryan Gallagher, The Intercept, How US Tech giants are helping build China’s Surveillance state.
  • [July 15] Jemima Kelly, Financial Express, Trump v Crypto: rage against the obscene.
  • [July 15] Ravi Shanker Kappor, News 18 Opinion, Cost of not carrying out economic reforms: Acute shortage of funds for military modernisation.
  • [July 16] Jayshree Pandya, Forbes, Nuances of Aadhaar: India’s digital identity, identification system and ID.
  • [July 16] Binoy Kampark, International Policy Digest, The UN’s free speech problem.
  • [July 16] K Satish Kumar, DNA India, Need more clarity on data bill.
  • [July 16] Abhishek Banerjee, Swarajya, Richa Bharti: The Free Speech Hero India Needs.
  • [July 17] Ananth Krishnan, The Print, Three reasons why it’s not Huawei or the highway for India’s 5G future.
  • [July 17] Rajesh Vellakat, Financial Express, Personal Data Protection Bill: Will it disrupt our data ecosystem?
  • [July 17] Nouriel Roubini, Live Mint Opinion, Seychelles-based BitMEX and the great crypto heist.
  • [July 17] Tim O’Reilly, Quartz, Antitrust regulators are using the wrong tools to break up Big Tech.
  • [July 18] Tiana Zhang, Jodi Wu, Yue Qiu and Richard Sharpe, Mondaq, Newly released draft measures on data security management strengthen China’s data protection framework.
  • [July 18] Gwyn D’Mello, India Times, If you worry about FaceApp and not your Facebook and Aadhaar, you have bigger problems.
  • [July 18] Sue Halpern, The New Yorker, How Cyber Weaqpons are changing the landscape of modern warfare.
  • [July 19] TV Mohandas Pai and Umakant Soni, Financial Express, An AI innovation engine for New India.
  • [July 20] Amit Cowshish, The Tribune, Indo-US defence trade not free from encumbrances.
  • [July 20] Umberto Sulpasso, Eurasia Review, Domestic Knowledge Product: Enhancing Wealth, Welfare and National Security—Analysis.
  • [July 20] Tiffancy C Li, The Atlantic, FaceApp makes today’s privacy laws look antiquated.
  • [July 20] Tom Robinson, Venture Beat, Crypto can prevent money laundering better than traditional finance.
  • [July 21] Vimal Kumar Kashyap, The Pioneer, 5G to usher in fourth industrial revolution.
  • [July 21] Michael Ashley, Forbes, It’s time to fight back for data sovereignty.
  • [July 22] Vidushi Marda, The Hindu, Facial recognition is an invasive and inefficient tool.

[July 8-15] CCG’s Week in Review: Curated News in Information Law and Policy

The Parliament passed the Aadhaar Amendment Bill, expected to have a far-reaching impact on data sharing with private companies and State Governments; France rolled out a new “digital tax” for Big Tech, Facebook slapped with a massive $5bn fine by the US FTC, while uncertainty over Huawei’s inclusion in India’s 5G trials deepens  — presenting this week’s most important developments in law and tech.

In focus this week: opinions and analyses of the Defence Budget for 2019-20.

Aadhaar

  • [July 8] Parliament passes Aadhaar amendment bill, The Hindu Business Line report.
  • [July 8] RS clears bill on voluntary use of Aadhaar as ID proof, Live Mint report.
  • [July 8] Techie moves Madras High Court assailing compulsory linking of Aadhaar with Universal Account Number (UAN) to avail EPFO pension, The Economic Times report.
  • [July 9] You are not bound to share Aadhaar data with schools, banks and telcos, DNA India report.
  • [July 9] ‘Ordinance on Aadhaar use doesn’t survive as House has cleared the Bill’: Centre tells SC, The Hindu report.
  • [July 10] Aadhaar Bill passage in Parliament: New clause helps secure non-NDA votes, The Economic Times report.
  • [July 11] PAN not linked to Aadhaar will become invalid from September, Business Standard report.
  • [July 11] Aadhaar amendments: New clause to allow use of Aadhaar data for state schemes, Live Mint report.
  • [July 11] Amendment: no Aadhaar for mobile wallet firms, The Economic Times report.
  • [July 11] All your Aadhaar fears are coming true in Assam, HuffPost India report.
  • [July 13] Rajya Sabha passes Aadhaar amendment Bill, allows to file complaint in case of security breach, India Today report.
  • [July 14] You may soon have to pay Rs. 10,000 as fine for entering wrong Aadhaar number for transactions, New 18 report.

Free Speech

  • [July 9] Twitter backs off broad limits on ‘Dehumanizing Speech’, The New York Times report.
  • [July 10] TikTok influencers charged for hate speech and attempting to incite communal violence, Business Insider report.
  • [July 13] White House Social Media recap, National Public Radio report, CNN report, The New York Times report, Engadget report. The Verge report.
  • [July 13] FIRs against 10 for poems that try to ‘hinder NRC’ in Assam, Times of India report.
  • [July 15] RSS wing calls for TikTok, Helo ban, The Economic Times report.

Data Protection

  • [July 8] Indian parliament members call for Data Protection Bill and TikTok ban, Inc42 report.
  • [July 8] British Airways fined record 183 million for data breach involving 500,000 customers: report, Medianama report, BBC report.
  • [July 9] Digital data protection to be a fundamental right in Brazil as amendment to constitution is approved, Medianama report.
  • [July 12] Not ‘Okay Google’: Firms admits that workers listen to audio from Assistant, Home, Medianama report, Fox News report, VRT News report.
  • [July 12] Google data breach faces review by Irish privacy watchdog, Bloomberg report.
  • [July 13] Facebook fined $ 5 billion by US regulators over privacy and data protection lapses, News 18 report, The Hindu Business Line report.
  • [July 13] Indian Govt is selling vehicle owner data to companies and citizens don’t have a clue, Inc42 report, Entrackr report.
  • [July 15] Data protection law must be the same for both private and government players, The New Indian Express report.

Digital India

  • [July 15] PMO panel seeks multinational companies’ inputs on making India electronics hub, ET Telecom report.

Data Localisation and E-Commerce

  • [July 11] Gautam Adani woos Amazon and Google with Indian data hubs, ET Telecom report.
  • [July 9] A tug of war hots the draft e-commerce policy. US tech giants want leeway in data localisation, ET Prime report. [paywall]
  • [July 15] Delhi and Bengaluru customs stop clearing ‘gifts’, Economic Times report, Medianama report.

Telecom/5G

  • [July 15] Inter-ministerial panel clears draft RFP to select auctioneer for 2019 spectrum sale, ET Telecom report.

More on Huawei

  • [July 10] Huawei makes Monaco world’s fully 5G country, Live Mint report.
  • [July 10] Huawei ban eased but tech can’t relax, Financial Times report.
  • [July 11] NSAB members, Chinese diplomat cross swords over Huawei, Indian Express report.
  • [July 12] Doubts over Huawei’s participation in India’s 5G rollout deepen, Live Mint report, NDTV Gadgets 360 report.
  • [July 14] Huawei plans extensive layoffs at its US operations, Live Mint report, The Economic Times report.
  • [July 13] US tells Britain: Fall in line over China and Huawei, or no trade deal, The Telegraph report
  • [July 14] US seeks to discredit UK spies in war against Huawei, The Times UK report.

Big Tech: Regulation

  • [July 11] France passes law taxing digital giants in defiance of US anger, Agence France Presse report.
  • [July 10] US Announces Inquiry of French Digital Tax that may end in tariffs, The New York Times report.

Cryptocurrencies

  • [July 9] Indian govt to educate top cops on cryptocurrencies, aiming to investigate crypto matters, CrytpoNewZ report.
  • [July 9] Facebook to Senators: Libra crypto will respect privacy, Coin Desk report.
  • [July 11] Winklevoss-backed crypto self-regulatory group prepares to woo congress, Coin Desk report.
  • [July 12] Japanese crypto exchange hacked, loses $ 32 million, The Hindu Business Line report, Coin Telegraph report.
  • [July 13] Study exposes how Russia, Iran and China are weaponizing crypto, CNN report.
  • [July 13] China’s illegal crypto mining crackdown could ignite a bitcoin price rally, CNN report.
  • [July 15] IRS confirms it trained staff to find crypto wallets, Coin Desk report.

Emerging Tech

  • [July 9] AI in cybersecurity expected to surpass $38 billion, Security Boulevard report.
  • [July 14] How aritifical intelligence is solving different business problems, Financial Express report.
  • [July 14] Why AI is the future of cybersecurity, Forbes report.

Cybersecurity

  • [July 8] Chinese hackers demonstrate their global cyber espionage reach with breach at 10 of the world’s biggest telecoms, CPO Magazine report.
  • [July 12] Businesses in India tapping AI to improve cybersecurity, The Economic Times report, Fortune India report.
  • [July 15] Indian IT managers facing budget crunch for cybersecurity, The Economic Times report.

Tech and Law Enforcement: Surveillance and Cyber Crime

  • [July 8] NCRB invites bids to implement Automated Facial Recognition System, Medianama report.
  • [July 9]  The chase gets a lot easier for tech-wielding cops now, The Economic Times report.
  • [July 9] Delhi government begins installing CCTV cameras inside classrooms to prevent crime: report, Medianama report. Times now News report.
  • [July 10] Instagram announces two new anti-bullying features, Instagram’s announcement, Thw Wall Street Journal report, Medianama report.
  • [July 11] WhatsApp messages can be traced without diluting encryption, Zee News report.
  • [July 12] New POCSO bill to expand child porn definition to include anime, adults posing depicting children, Medianma report, Hindustan Times report.
  • [July 12] SC refuses to stay installation of CCTV cameras in Delhi Government schools, Medianama report, Bar & Bench report.

Tech and Military

  • [July 8] Japan-India security cooperation: Asian giants to expand their relations to Space, Financial Express report.
  • [July 8] Bill to tag individuals as ‘terrorist’ introduced in LS, Opposition protests: The Unlawful Activities (Prevention) Act Amendment Bill, 2019, Business Standard report
  • [July 8] Government introduces Bill in Lok Sabha to amend National Investigation Agency Act, The Economic Times report.
  • [July 8] Govt to procure 1.86 lakh bullet proof jackets by April next, The Hindu Business Line report.
  • [July 8] India, Russia agree on new payment mode for S-400 deal to get around US sanctions, The Print report.
  • [July 9] National e-Governance Division to revamp management app for the army, The Week report.
  • [July 9] Amazon, Microsoft wage war over the Pentagon’s ‘war cloud’,  NDTV Gadgets 360 report
  • [July 10] Last chance to get tech: Navy says negotiating next 6 subs to take years, Business Standard report.
  • [July 10] Tactical communications market size in the US region is projected to experience substantial proceeds by 2024, Tech Mag report.
  • [July 11] Govt says looking at tech to seal northern and eastern borders, Live Mint report.
  • [July 11] Army man arrested for leaking info on national security, The Tribune report.
  • [July 12] Wait for sniper rifles gets longer, MoD retracts the RFP issued last year, Financial Express report.
  • [July 12] India, Russia discuss space cooperation, The Hindu report
  • [July 12] Israel arms company signs $100 million missile deal with Indian army, Middle East Monitor report.

Defense Budget: Reports and Analyses

  • [July 8] Budget 2019: India redirects foreign aid to Indian ocean countries, NSCS expenditure hiked, Business Standard report.
  • [July 8] Laxman K Behera, Institute for Defense Studies and Analysis, India’s Defence budget 2019-20.
  • [July 8] PK Vasudeva, Deccan Herald, An alarming fall: Defence Budget 2019-20.
  • [July 8] Mihir S Sharma, Business Standard, Budget 2019: India won’t become a superpower with these allocations.
  • [July 9] PRS Legislative Research’s analysis: Ministry of Defence Demands for Grants 2019-20.
  • [July 9] Why Sitharaman’s budgetary allocation is unlikely to satisfy defence establishment, The Economic Times report.
  • [July 10] Brahma Chellaney, Hindustan Times, India’s defence planning has no clear strategic direction.
  • [July 10] Harsh V Pant, Live Mint Opinion, We need not whine about India’s small defence budget.
  • [July 12] Commodore Anil Jai Singh, Financial Express, Budget 2019: Optimising the Defence Budget and the need for organizational reform.
  • [July 13] Shekhar Gupta, The Print, Modi isn’t about to change India into national security state like Pakistan and bankrupt it.
  • [July 13] Budget 2019: Cybersecurity – a holy grail for government’s Digital India dream, Financial Express analysis.
  • [July 15] Ravi Shanker Kapoor, News 18 Opinion, Cost of not carrying out economic reforms: acute shortage of funds for military modernization.

Opinions and Anlayses

  • [July 8] Adam Bemma, Al Jazeera, Is Sri Lanka using the Easter attacks to limit digital freedom?
  • [July 9] Dr M Suresh Babu and Dr K Bhavana Raj, The Hans India, Data Protection Bill – boon or bane for digital economy?
  • [July 8] Walter Olson, The CATO Institute blog, One year later, the harms of Europe’s data-privacy law.
  • [July 8]  Jack Parrock, Euro News, The Brief: Data privacy v. surveillance transatlantic clash.
  • [July 9] Abhijit Mukhopadhyaya and Nishant Jha, ORF, Amidst US-China standoff Huawei battles for survival.
  • [July 10] Kuldip Kunmar, The Economic Times, Budget 2019 shows govt’s will to use Aadhaar to track financial transactions.
  • [July 11] Darryn Pollock, Forbes, Is Facebook forming a crypto mafia as Libra foundation members boost each other’s businesses?
  • [July 12] Amitendu Palit, Financial Express, India ditches data dialogue again.
  • [July 12] Shantanu Roy-Chaudhary, The Diplomat, India-China-Sri Lanka Triangle: The Defense Dimension.
  • [July 12] Richard A Clarke and Robert K Knake, The Wall Street Journal, US companies learn to defend themselves in cyberspace.
  • [July 12] Simon Chandler, Coin Telegraph, US Sanctions on Iran Crypto Mining— Inevitable or Impossible?
  • [July 12] Shekhar Chnadra, Scientific American, What to expect from India’s second Moon mission.
  • [July 14] Agnidipto Tarafder and Siddharth Sonkar, The Wire, Will the Aadhaar Amendment Bill Pass Judicial Scrutiny?
  • [July 14] Scott Williams, Live Wire, Your crypto overlords are coming…
  • [July 15] Why Google cloud hasn’t picked up yet in India, ET Telecom report

The Proposed Regulation of DNA Profiling Raises Critical Privacy Concerns

The Union Cabinet recently approved the DNA Technology (Use and Application) Regulation Bill, 2018 (“DNA Profiling Bill”), which is scheduled to be introduced in Parliament today (31st July). The Bill is largely based on the 2017 Law Commission Report on “Human DNA Profiling – A draft Bill for the Use and Regulation of DNA-Based Technology”, which seeks to expand “the application of DNA-based forensic technologies to support and strengthen the justice delivery system of the country.

Apart from identifying suspects and maintaining a registry of offenders, the Bill seeks to enable cross-matching between missing persons and unidentified dead bodies, and establishing victim identity in mass disasters.

Features of the Bill

The Bill envisages the setting up of a DNA profiling board which shall function as the regulatory authority and lay down guidelines, standards and procedures for the functioning of DNA laboratories and grant them accreditation. The board will also assist the government in setting up new data banks and advise the government on “all issues relating to DNA laboratories”. In addition, it will make recommendations on legislation and practices relating to privacy issues around storage and access to DNA samples.  

DNA data banks will also be established, consisting of a national data bank as well as the required number of regional data banks. Regional data banks must mandatorily share all their information with the national data bank. Every data bank shall maintain databases of five categories of data – crime scenes, suspects or undertrials, offenders, missing persons, and unknown deceased persons.

The 2017 draft has made significant changes to address concerns raised about the previous 2015 draft. These include removing the index of voluntarily submitted DNA profiles, deleting the provision allowing the DNA profiling board to create any other index as necessary, detailing serious offences for DNA collection, divesting the database manager of discretionary powers, and introducing redressal mechanisms by allowing any aggrieved person to approach the courts. Additionally, it has added legislative provisions authorising licensed laboratories, police stations and courts to collect and analyse DNA from certain categories of people, store it in data banks and use it to identify missing/ unidentified persons and as evidence during trial.

The new Bill has attempted to address previous concerns by limiting the purpose of DNA profiling, stating that it shall be undertaken exclusively for identification of a person and not to extract any other information. Safeguards have been put in place against misuse in the form of punishments for disclosure to unauthorised persons.

The Bill mandates consent of an accused before collection of bodily substances for offences other than specified. However, any refusal, if considered to be without good cause, can be disregarded by a Magistrate if there is reasonable cause to believe that such substances can prove or disprove guilt. Any person present during commission of a crime, questioned regarding a crime, or seeking a missing family member, may volunteer in writing to provide bodily substances. The collection of substances from minors and disabled persons requires the written consent of their parents or guardians. Collection from victims or relatives of missing persons requires the written consent of the victim or relative. Details of persons who are not offenders or suspects in a crime cannot be compared to the offenders’ or suspects’ index, and any communication of details can only be to authorised persons.

Areas of Concern

Although the Bill claims that DNA testing is 99.9% foolproof, doubts have recently been raised about the possibility of a higher error rate than previously claimed. This highlights the need for the proposed legislation to provide safeguards in the event of error or abuse.

The issue of security of all the data concentrated in data banks is of paramount importance in light of its value to both government and private entities. The Bill fails to clearly spell out restrictions or to specify who has access to these data banks.

Previous iterations of the Bill have prompted civil society to express their reservations about the circumstances under which DNA can be collected, issues of consent to collection, access to and retention of data, and whether such information can be exploited for purposes beyond those envisaged in the legislation. As in the case of Aadhaar, important questions arise regarding how such valuable genetic information will be safeguarded against theft or contamination, and to what extent this information can be accessed by different agencies. The present Bill has reduced the number of CODIS loci that can be processed from 17 to 13, thus restricting identification only to the necessary extent. However, this provision has not been explicitly stated in the provisions of the legislation itself, casting doubt over the manner in which it will be implemented.

Written consent is mandatory before obtaining a DNA sample, however withholding of consent can be overruled by a Magistrate if deemed necessary. An individual’s DNA profile can only be compared against crime scene, missing person or unknown deceased person indices. A court order is required to expunge the profile of an undertrial or a suspect, whose profile can also be removed after filing of a police report. Any person who is not a suspect or a convicted offender can only have their profile removed on a written petition to the director of the data bank. The consent clause is also waived if a person has been accused of a crime punishable either by death or more than seven years in prison. However, the Bill is silent on how such a person’s profile is to be removed on acquittal.

Moreover, the Bill states that “the information contained in the crime scene index shall be retained”. The crime scene index captures a much wider data set as compared to the offenders’ index, since it includes all DNA evidence found around the crime scene, on the victim, or on any person who may be associated with the crime. The indefinite retention of most of these categories of data is unnecessary, as well as contrary to earlier provisions that provide for such data to be expunged. However, the government has claimed that such information will be removed “subject to judicial orders”. Importantly, the Bill does not contain a sunset provision that would ensure that records are automatically expunged after a prescribed period.

While the Bill provides strict penalties for deliberate tampering or contamination of biological evidence, the actual mechanisms for carrying out quality control and analysis have been left out of the parent legislation and left to the purview of the rules.

Crucially, the Bill has not explicitly defined privacy and security protections such as implementation of safeguards, use and dissemination of genetic information, security and confidentiality and other privacy concerns within the legislation itself – leaving such considerations to the purview of regulation (and out of parliamentary oversight). The recently released Personal Data Protection Bill, 2018 does little to allay these concerns. As per this Bill, DNA Banks will be classified as significant data fiduciaries, and thus subject to audits, data protection impact assessments, and appointment of a special data protection officer. However, although genetic information is classified as sensitive personal data, the Data Protection Bill does not provide sufficient safeguards against the processing of such data by the State. In light of the proposed data protection framework, and the Supreme Court confirming that the right to privacy (including the right to bodily integrity) is a fundamental right, the DNA Profiling Bill as it stands in its present form cannot be implemented without violating the fundamental right to privacy.

The Personal Data Protection Bill, 2018

After months of speculation, the Committee of Experts on data protection (“Committee”), led by Justice B N Sri Krishna, has submitted its recommendations and a draft data protection bill to the Ministry of Electronics and Information Technology (“MEITY”) today. As we sit down for some not-so-light weekend reading to understand what our digital futures could look like if the committee’s recommendations are adopted, this series puts together a quick summary of the Personal Data Protection Bill, 2018 (“Bill”).

Scope and definitions

The Committee appears to have moved forward with the idea of a comprehensive, cross-sectoral data protection legislation that was advocated in its white paper published late last year. The Bill is meant to apply to (i) the processing of any personal data, which has been collected, disclosed, shared or otherwise processed in India; and (ii) the processing of personal data by the Indian government, any Indian company, citizen, or person / body of persons incorporated or created under Indian law. It also applies to any persons outside of India that engage in processing personal data of individuals in India. It does not apply to the processing of anonymised data.

The Bill continues to use the 2-level approach in defining the type of information that the law applies to. However, the definitions of personal data and sensitive personal data have been expanded upon significantly when compared to the definitions in our current data protection law.

Personal data includes “data about or relating to a natural person who is directly or indirectly identifiable, having regard to any characteristic, trait, attribute or any other feature of the identity of such natural person, or any combination of such features, or any combination of such features with any other information”. The move towards relying on ‘identifiability’, when read together with definitions of terms such as ‘anonymisation’, which focuses on irreversibility of anonymisation, is welcome, given that section 2 clearly states that the law will not apply in relation to anonymised data. However, the ability of data processors / the authority to identify whether an anonymisation process is irreversible in practice will need to be examined, before the authority sets out the criteria for such ‘anonymisation’.

Sensitive personal data on the other hand continues to be defined in the form of a list of different categories, albeit a much more expansive list, that now includes information such as / about official identifiers, sex life, genetic data, transgender status, intersex status, caste or tribe, and religious and political affiliations / beliefs.

Interestingly, the Committee has moved away from the use of other traditional data protection language such as data subject and data controller – instead arguing that the relationship between an individual and a person / organisation processing their data is better characterised as a fiduciary relationship. Justice Sri Krishna emphasised this issue during the press conference organised at the time of submission of the report, noting that personal data is not to be considered property.

Collection and Processing

The Bill elaborates on the notice and consent mechanisms to be adopted by ‘data fiduciaries’, and accounts for both data that is directly collected from the data principal, and data that is obtained via a third party. Notice must be given at the time of collection of personal data, and where data is not collected directly, as soon as possible. Consent must be obtained before processing.

The Committee’s earlier white paper, and the report accompanying the Bill have both discussed the pitfalls in a data protection framework that relies so heavily on consent – noting that consent is often not informed or meaningful. The report however also notes that it may not be feasible to do away with consent altogether, and tries to address this issue by way of adopting higher standards for consent, and purpose limitation. The Bill also provides that consent is to be only one of the grounds for processing of personal data. However, this seems to result in some catch-all provisions allowing processing for ‘reasonable purposes’. While it appears that these reasonable purposes may need to be pre-determined by the data protection authority, the impact of this section will need to be examined in greater detail. The other such wide provision in this context seems to allow the State to process data – another provision that will need more examination.

Sensitive personal data

Higher standards have been proposed for the processing of sensitive personal data, as well as personal / sensitive personal data of children. The emphasis on the effect of processing of certain types of data, keeping in mind factors such as the harm caused to a ‘discernible class of persons’, or even the provision of counselling or child protection services in these sections is welcome. However, there remains a wide provision allowing for the State to process sensitive personal data (of adults), which could be cause for concern.

Rights of data principals

The Bill also proposes 4 sets of rights for data principals: the right to confirmation and access, the right to correction, the right to data portability, and the right to be forgotten. There appears to be no right to erasure of data, apart from a general obligation on the data fiduciary to delete data once the purpose for collection / processing of data has been met. The Bill proposes certain procedural requirements to be met by the data principal exercising these rights – an issue which some have already pointed out may be cause for concern.

Transparency and accountability

The Bill requires all data fiduciaries to adopt privacy by design, transparency and security measures.

Each data fiduciary is required to appoint a data protection officer, conduct data protection impact assessments before the adoption of certain types of processing, maintain records of data processing, and conduct regular data protection audits. These obligations are applicable to those notified as ‘significant data fiduciaries’, depending on criteria such as the volume and sensitivity of personal data processed, the risk of harm, the use of new technology, and the turnover of the data fiduciary.

The requirements for data protection impact assessments is interesting – an impact assessment must be conducted before a fiduciary undertakes any processing involving new technologies, or large scale profiling or use of sensitive personal data such as genetic or biometric data (or any other data processing which carries a risk of significant harm to data principals). If the data protection authority thinks that such processing may cause harm (based on the assessment), they may direct the fiduciary to cease such processing, or impose conditions on the processing. The language here implies that these requirements could be applicable to processing by the State / private actors, where new technology is used in relation to Aadhaar, among other things. However, as mentioned above, this will be subject to the data fiduciary in question being notified as a ‘significant data fiduciary’.

In a welcome move, the Bill also provides a process for notification in the case of a breach of personal data by data fiduciaries. However, this requirement is limited to notifying the data protection authority, which then decides whether there is a need to notify the data principal involved. It is unfortunate that the Committee has chosen to limit the rights of data principals in this regard, making them rely instead on the authority to even be notified of a breach that could potentially harm them.

Cross border transfer of data

In what has already become a controversial move, the Bill proposes that at least one copy of all personal data under the law, should be stored on a server or data centre located in India. In addition, the central government (not the data protection authority) may notify additional categories of data that are ‘critical’ and should be stored only in India.

Barring exceptions in the case of health / emergency services, and transfers to specific international organisations, all transfer of personal data outside India will be subject to the approval of the data protection authority, and in most cases, consent of the data principal.

This approval may be in the form of approval of standard contractual clauses applicable to the transfer, or a blanket approval of transfers to a particular country / sector within a country.

This provision is ostensibly in the interest of the data principals, and works towards ensuring a minimum standard of data protection. The protection of the data principal under this provision, like many other provisions, including those relating to data breach notifications to the data principal, will be subject to the proper functioning of the data protection authority. In the past, we have seen that simple steps such as notification of security standards under the Information Technology (Reasonable security practices and procedures and sensitive personal data or information) Rules, 2011, have not been undertaken for years.

In the next post in this series, we will discuss the functions of the authority, and other provisions in the Bill, including the exemptions granted, and penalties and remedies provided for.

The General Data Protection Regulation and You

A cursory look at your email inbox this past month presents an intriguing trend. Multiple online services seem to have taken it upon themselves to notify changes to their Privacy Policies at the same time. The reason, simply, is that the European Union’s General Data Protection Regulation (GDPR) comes into force on May 25, 2018.

The GDPR marks a substantial overhaul of the existing data protection regime in the EU, as it replaces the earlier ‘Directive 95/46/EC on the protection of individuals with regard to the processing of personal data and on the free movement of such data.’ The Regulation was adopted by the European Parliament in 2016, with a period of almost two years to allow entities sufficient time to comply with their increased obligations.

The GDPR is an attempt to harmonize and strengthen data protection across Member States of the European Union. CCG has previously written about the Regulation and what it entails here. For one, the instrument is a ‘Regulation’, as opposed to a ‘Directive’. A Regulation is directly binding across all Member States in its entirety. A Directive simply sets out a goal that all EU countries must achieve, but allows them discretion as to how. Member States must enact national measures to transpose a Directive, and this can sometimes lead to a lack of uniformity across Member States.

The GDPR introduces, among other things, additional rights and protections for data subjects. This includes, for instance, the introduction of the right to data portability, and the codification of the controversial right to be forgotten. Our writing on these concepts can be found here, and here. Another noteworthy change is the substantial sanctions that can be imposed for violations. Entities that fall foul of the Regulation may have to pay fines up to 20 million Euros, or 4% of global annual turnover, whichever is higher.

The Regulation also has consequences for entities and users outside the EU. First, the Regulation has expansive territorial scope, and applies to non-EU entities if they offer goods and services to the EU, or monitor the behavior of EU citizens. The EU is also a significant digital market, which allows it to nudge other jurisdictions towards the standards it adopts. The Regulation (like the earlier Directive) restricts the transfer of personal data to entities outside the EU to cases where an adequate level of data protection can be ensured. This has resulted in many countries adopting regulation in compliance with EU standards. In addition, with the implementation of the GDPR, companies that operate in multiple jurisdictions might prefer to maintain parity between their data protection policies. For instance, Microsoft has announced that it will extend core GDPR protections to its users worldwide. As a consequence, many of the protections offered by the GDPR may in effect become available to users in other jurisdictions as well.

The implementation of the GDPR is also of particular significance to India, which is currently in the process of formulating its own data protection framework. The Regulation represents a recent attempt by a jurisdiction (that typically places a high premium on privacy) to address the harms caused by practices surrounding personal data. The lead-up to its adoption and implementation has generated much discourse on data protection and privacy. This can offer useful lessons as we debate the scope and ambit of our own data protection regulation.