The Ministry of Electronics and Information Technology (“MEITY”) has released a draft of the Digital Personal Data Protection Bill, 2022 (“The Bill”) for public consultations along with an explanatory note for each provision and the underlying principles that guide the drafting[1]. The public consultations are open till December 17, 2022[2]. This is Part II of our analysis on the Bill. Click here to read Part I of this postContinue Reading The Digital Personal Data Protection Bill, 2022 – Part II
Data Protection
The Digital Personal Data Protection Bill, 2022 – Part I
The Ministry of Electronics and Information Technology (“MEITY”) has released a draft of the Digital Personal Data Protection Bill, 2022 (“The Bill”) for public consultations along with an explanatory note for each provision and the underlying principles that guide the drafting[1]. The public consultations are open till December 17, 2022[2].Continue Reading The Digital Personal Data Protection Bill, 2022 – Part I
The RBI’s Digital Lending Recommendations: A Sign of the Road Ahead?
The journey to a new general data protection law in India is more than a decade long and has seen several milestones ranging from the reports of Committees headed by Justice A.P. Shah[1], Justice B.N. Srikrishna[2], and a Joint Parliamentary Committee (“JPC”) to draft legislation in 2018[3], 2019 (“PDP Bill”)[4] and 2021 (“DPB”)[5].
While the recent withdrawal of the PDP Bill[6] is seen as a sign of a long and twisted road ahead, regulators in sectors such as banking, financial services and insurance have not had the luxury of taking the scenic route.Continue Reading The RBI’s Digital Lending Recommendations: A Sign of the Road Ahead?
The Cert-In Cyber Security Directions: More Questions Than Answers?
On April 28, 2022, the Indian Computer Emergency Response Team (“CERT-In”) under the Ministry of Electronics and Information Technology issued extensive directions to service providers, intermediaries, companies, firms, and government organisations (collectively, “Entities”, and each an “Entity”) specifying various ‘cyber security directions’ that they are required to follow (“Directions”)[1].Continue Reading The Cert-In Cyber Security Directions: More Questions Than Answers?
Digital Age Warfare: Ransomware Attacks
A. Introduction
In this digital age, it may not be out of place to say that data has replaced oil as the most valuable resource. The advancement of technology has led to the emergence of a new species of extortion, where ransom is sought in lieu of data, which is illegally assumed control over. This phenomenon is popularly known as a ransomware attack. A ransomware attack includes a malware that is introduced onto the host’s computer or mobile, thereby encrypting its data, with a subsequent demand for a ‘ransom’ for decryption of the same, to secure its release[i].Continue Reading Digital Age Warfare: Ransomware Attacks
Double Trouble in 2020 – Tackling COVID-19 while Protecting the Right to Privacy
Background
Dire times call for ingenious, and often, radical measures. The COVID-19 pandemic, which has led to actions being taken under the Epidemic Diseases Act, 1897, and the Disaster Management Act, 2005, in India, is one such unprecedented and grim event. While governments and health workers all over the world are grappling to curb the spread of the virus, it has been realised that surveillance of affected persons is of paramount importance in order to assess and implement preventive and control measures.
Data tracking and analysis has emerged as an unlikely hero. This analysis has enabled governments to implement measures to stop the pandemic at its source and to prevent deaths, social disruption, unnatural burden on the healthcare system and economic loss. As government authorities are required to control the pandemic not only in their own country, but also understand how the same is evolving in other countries, governments all over the world have taken the stance that free flow of information that is updated in real time will allow for the formation of a steady global picture and help in curbing the spread of the pandemic.
Continue Reading Double Trouble in 2020 – Tackling COVID-19 while Protecting the Right to Privacy
COVID-19 : OFFICIALLY A PANDEMIC
The World Health Organisation (WHO) declared COVID-19 as a “pandemic” on March 11, 2020.
The outbreak and the rapid spread of COVID-19 has sent shock waves across global markets. It has disrupted supply chains, leading to the closure of several manufacturing facilities globally; serious disruption of air and sea traffic and closure of vital air routes, like the one between the US and Europe. This is turn has led to the collapse of stock markets around the world, leading to the loss of billions of dollars, which got wiped out in a matter of days. A combination of all these factors has led to a decline in the overall volume of global economic activity, forcing the world economy towards a possible recession. It is forcing Boards across the globe to confront a host of difficult questions on how business should be conducted during a global public health crisis.
Continue Reading COVID-19 : OFFICIALLY A PANDEMIC
The Personal Data Protection Bill, 2019: An Analysis
A draft of the Personal Data Protection Bill, 2019 (“Bill”) has been introduced before the Lok Sabha on December 11, 2019.
The Bill is based, in large part, on the proposed draft of the Personal Data Protection Bill, 2018 (“Draft Bill”) which was attached to the report submitted to the Government by the Committee of Experts constituted under the Chairmanship of Justice Srikrishna (Retd.) (for details see our analysis[1] of the Draft Bill and its comparison with the European Union’s General Data Protection Regulation[2] (“GDPR”)[3] ).
That being said, the Bill also includes several modifications and changes in scope and intent.
Continue Reading The Personal Data Protection Bill, 2019: An Analysis
Surveillance in the Post-Puttaswamy Era
In 1997, the Supreme Court of India (Supreme Court) pronounced its judgment in the case of People’s Union for Civil Liberties (PUCL) v. Union of India (SC, 1997) (PUCL Case), which laid the groundwork for the right to privacy in the context of telephonic surveillance (i.e. wiretaps) and constitutional freedoms.
This article analyses the Supreme Court’s stance on the right to privacy in the PUCL Case, which was upheld in the 2017 landmark judgment by the nine-judge bench in KS Puttaswamy v. Union of India (SC, 2017) (Puttaswamy Case) that declared privacy a fundamental right. The applicability of the right to privacy has recently received further validation in the context of wiretaps in the October 2019 judgment in Vinit Kumar v. Central Bureau of Investigations and Ors (Bom HC, 2019) (Vinit Kumar Case), wherein the Bombay High Court outlined the ambit of the State’s power to surveil its subjects particularly on matters that do not fall within the category of ‘public emergency’ or ‘in the interest of public safety’.
Continue Reading Surveillance in the Post-Puttaswamy Era
In the throes of Data Protection (and the associated woes) lies the business of trust
We are moving towards a data centric world, and “data is the new oil”[1]. And few would disagree that a key debate today in finance is ‘trust and privacy vs. using data for business growth’. As modern day businesses look to adapt themselves to generate revenue from customer related data, regulators across the world are grappling with the formulation of effective laws to regulate the data-driven economy. Given the relative novelty of the concept, regulators are reflecting on fundamental questions such as the right to privacy, property rights over data and the right to use the collected data.
In India, the Reserve Bank of India (“RBI”) has been fairly forward looking, by passing various regulations and constituting a host of committees to address issues ranging from cyber security to customers data protection norms.[2] In almost all its regulations, RBI has adopted a data privacy framework similar to the one advocated by the Justice BN Srikrishna Committee in its Personal Data Protection Bill, 2018 (“DP Bill”) – an amalgamated framework consisting of consent-and-notice and the vesting of certain rights with the originators of such information.[3] Undoubtedly, the DP Bill will have an impact on the manner in which data is collected, processed and shared by the financial industry. With this as the background, the authors seek to analyse the impact of the DP Bill on businesses engaged in the financial sector.
Continue Reading In the throes of Data Protection (and the associated woes) lies the business of trust