Pathways to Higher Education
https://cis-india.org
These are the search results for the query, showing results 51 to 65.
Global Accessibility Awareness Day 2017
https://cis-india.org/accessibility/events/global-accessibility-awareness-day-2017
<b>The Centre for Internet & Society along with Prakat Solutions and Mitra Jyothi is co-hosting the Global Accessibility Awareness Day in Bengaluru on May 18, 2017. </b>
<p style="text-align: justify;"><strong>Global Accessibility Awareness Day </strong>is celebrated across the world on the 3rd Thursday in May every year to create an awareness in making technology accessible and usable by persons with disabilities. While people may be interested in the topic of making technology accessible and inclusive, the reality is that they often do not know how or where to start, Awareness comes first.</p>
<p style="text-align: justify;">The purpose of GAAD is to get everyone talking, thinking and learning about digital (web, software, mobile, etc.) access/inclusion and people with different disabilities.</p>
<p style="text-align: justify;">To mark this day, Prakat Solutions will be hosting an event filled with lightning talks, workshops and a lot of other activities. You can also view a series of short videos about why accessibility is important with contributions from some of the greatest minds in accessibility today.For us as a company, Global Accessibility Awareness Day is quite special. Other awareness days that we participate in focus on a specific group of people. Today, is not about a specific group of people, today is about each and every one of us.</p>
<h3 style="text-align: justify;">Watch the Video on What is GAAD</h3>
<p><iframe src="https://www.youtube.com/embed/M9Ac5PAIKWo" frameborder="0" height="315" width="560"></iframe></p>
<p>
For more details visit <a href='https://cis-india.org/accessibility/events/global-accessibility-awareness-day-2017'>https://cis-india.org/accessibility/events/global-accessibility-awareness-day-2017</a>
</p>
No publisherpraskrishnaFeaturedHomepageAccessibilityEvent2017-05-16T05:51:45ZEvent(Updated) Information Security Practices of Aadhaar (or lack thereof): A documentation of public availability of Aadhaar Numbers with sensitive personal financial information
https://cis-india.org/internet-governance/information-security-practices-of-aadhaar-or-lack-thereof-a-documentation-of-public-availability-of-aadhaar-numbers-with-sensitive-personal-financial-information-1
<b>Since its inception in 2009, the Aadhaar project has been shrouded in controversy due to various questions raised about privacy, technological issues, welfare exclusion, and security concerns. In this study, we document numerous instances of publicly available Aadhaar Numbers along with other personally identifiable information (PII) of individuals on government websites. This report highlights four government projects run by various government departments that have made sensitive personal financial information and Aadhaar numbers public on the project websites.
</b>
<p> </p>
<h4>Read the updated report: <a class="external-link" href="https://cis-india.org/internet-governance/information-security-practices-of-aadhaar-or-lack-thereof/" target="_blank">Download</a> (pdf)</h4>
<h4>Read the first statement of clarification (May 16, 2017): <a class="external-link" href="https://cis-india.org/internet-governance/clarification-on-information-security-practices-of-the-aadhaar-report/" target="_blank">Download</a> (pdf)</h4>
<h4>Read the second statement of clarification (November 05, 2018): <a class="external-link" href="https://cis-india.org/internet-governance/blog/clarification-on-the-information-security-practices-of-aadhaar-report" target="_blank">Link to page</a> (html)</h4>
<hr />
<p><em>We are grateful to Yesha Paul and VG Shreeram for research support.</em></p>
<hr />
<p>In the last month, there have been various reports pointing out instances of the public disclosure of Aadhaar number through various databases, accessible easily on Twitter under the hashtag #AadhaarLeaks. Most of these public disclosures reported contain personally identifiable information of beneficiaries or subjects of the non UIDAI databases containing Aadhaar numbers of individuals along with other personal identifiers. All of these public disclosures are symptomatic of a significant and potentially irreversible privacy harm, however we wanted to point out another large fallout of such events, those that create a ripe opportunity for financial fraud. For this purpose, we identified benefits disbursement schemes which would require its databases to store financial information about its subjects. During our research, we encountered numerous instances of publicly available Aadhaar Numbers along with other PII of individuals on government websites. In this paper, we highlight four government projects run by various government departments with publicly available financial data and Aadhaar numbers. Our research is focussed largely on the data published by or pertaining to where Aadhaar data is linked with banking information. We chose major government programmes using Aadhaar for payments and banking transactions. We found sensitive and personal data and information very easily accessible on these portals.</p>
<p> </p>
<p>
For more details visit <a href='https://cis-india.org/internet-governance/information-security-practices-of-aadhaar-or-lack-thereof-a-documentation-of-public-availability-of-aadhaar-numbers-with-sensitive-personal-financial-information-1'>https://cis-india.org/internet-governance/information-security-practices-of-aadhaar-or-lack-thereof-a-documentation-of-public-availability-of-aadhaar-numbers-with-sensitive-personal-financial-information-1</a>
</p>
No publisherAmber Sinha and Srinivas KodaliDigital IDPrivacyNDSAPData ProtectionAccountabilityFeaturedData GovernanceAadhaarDigitisationHomepageInternet GovernanceData Management2019-03-13T00:29:01ZBlog EntryEconomic, Social and Cultural Rights in India: Opportunities for Advocacy in Intellectual Property
https://cis-india.org/openness/apc-april-23-2017-sunil-abraham-and-vidushi-marda-economic-social-and-cultural-rights-in-india
<b>Centre for Internet & Society worked on a three part case study. The first case study on digital protection of traditional knowledge was published by GIS Watch in December 2016. The other two case studies along with the synthesis overview has also been published.</b>
<p style="text-align: justify; ">The rights established in the International Covenant on Economic, Social and Cultural Rights (ICESCR) are socioeconomic rights and are easily mapped onto rights to education, work, science and culture. These rights, however, are not as easily mapped onto intellectual property rights. This three-part case study contemplates the ICESCR through aspects of intellectual property in India, namely, mobile patents, free and open source software (FOSS), and India’s Traditional Knowledge Digital Library. Through these, it demonstrates the potential of these technologies in realising ESCRs.</p>
<p style="text-align: justify; ">A distinguishing factor of the ICESCR is the emphasis on the progressive realisation of rights within the Covenant, which indicates the necessity of parties to take steps for the realisation of ESCRs to the best of their ability given the resources available, with a view to fully realising these rights in the long term. This is particularly relevant in India, where the large population and scarcity of resources require gradual realisation and sustained planning. This case study advocates for the progressive realisation of the rights outlined below, and sheds light on the current state of progress in India, as well as providing an overview of the framework within which these rights will be realised.</p>
<p style="text-align: justify; ">Although these three case studies focus on distinct areas – mobile patents, FOSS and open standards, and traditional knowledge – they can also be understood as tied together through the central theme of a mobile phone. The first case study on mobile patents deals with the hardware of the phone, the second deals with the software in discussing open software and standards, and the third case study on traditional knowledge focuses on the person holding the phone who consumes information-embedded products such as traditional foods and medicines.</p>
<hr />
<ul>
<li><a class="external-link" href="http://cis-india.org/openness/files/economic-social-and-cultural-rights-in-india">Synthesis Overview</a></li>
<li><a class="external-link" href="http://cis-india.org/openness/files/economic-social-and-cultural-rights-in-india-opportunities-for-advocacy-in-intellectual-property-rights-access-to-mobile-technology">Access to Mobile Technology</a></li>
<li><a class="external-link" href="http://cis-india.org/openness/files/economic-social-and-cultural-rights-in-india-opportunities-for-advocacy-in-intellectual-property-rights-the-traditional-knowledge-digital-library">Traditional Knowledge Digital Library</a><a class="external-link" href="http://cis-india.org/openness/files/economic-social-and-cultural-rights-in-india-foss/"><span class="external-link"></span></a></li>
<li><a class="external-link" href="http://cis-india.org/openness/files/economic-social-and-cultural-rights-in-india-foss/">FOSS and Open Standards</a></li>
</ul>
<p style="text-align: justify; "><i><br />The report on digital protection of traditional knowledge was <a class="external-link" href="https://www.giswatch.org/sites/default/files/Giswatch2016_web.pdf">published by GIS Watch</a> earlier and the rest of the reports have been published by the <a class="external-link" href="https://www.apc.org/en/pubs/economic-social-and-cultural-rights-india-opportun">Association for Progressive Communications</a></i>.</p>
<p>
For more details visit <a href='https://cis-india.org/openness/apc-april-23-2017-sunil-abraham-and-vidushi-marda-economic-social-and-cultural-rights-in-india'>https://cis-india.org/openness/apc-april-23-2017-sunil-abraham-and-vidushi-marda-economic-social-and-cultural-rights-in-india</a>
</p>
No publisherSunil Abraham and Vidushi MardaOpennessFeaturedFOSSHomepage2017-04-23T05:22:01ZBlog EntryExploring Big Data for Development: An Electricity Sector Case Study from India
https://cis-india.org/raw/exploring-big-data-for-development-an-electricity-sector-case-study-from-india
<b>This working paper by Ritam Sengupta, Dr. Richard Heeks, Sumandro Chattapadhyay, and Dr. Christopher Foster draws from the field study undertaken by Ritam Sengupta, and is published by the Global Development Institute, University of Manchester. The field study was commissioned by the CIS, with support from the University of Manchester and the University of Sheffield.</b>
<p> </p>
<h4>Download the working paper: <a href="http://hummedia.manchester.ac.uk/institutes/gdi/publications/workingpapers/di/di_wp66.pdf" target="_blank">PDF</a></h4>
<hr />
<h3><strong>Abstract</strong></h3>
<p>This paper presents exploratory research into “data-intensive development” that seeks to inductively identify issues and conceptual frameworks of relevance to big data in developing countries. It presents a case study of big data innovations in “Stelcorp”; a state electricity corporation in India. In an attempt to address losses in electricity distribution, Stelcorp has introduced new digital meters throughout the distribution network to capture big data, and organisation-wide information systems that store and process and disseminate big data.</p>
<p>Emergent issues are identified across three domains: implementation, value and outcome. Implementation of big data has worked relatively well but technical and human challenges remain. The advent of big data has enabled some – albeit constrained – value addition in all areas of organisational operation: customer billing, fault and loss detection, performance measurement, and planning. Yet US$ tens of millions of investment in big data has brought no aggregate improvement in distribution losses or revenue collection. This can be explained by the wider outcome, with big data faltering in the face of external politics; in this case the electoral politics of electrification. Alongside this reproduction of power, the paper also reflects on the way in which big data has enabled shifts in the locus of power: from public to private sector; from labour to management; and from lower to higher levels of management.</p>
<p>A number of conceptual frameworks emerge as having analytical power in studying big data and global development. The information value chain model helps track both implementation and value-creation of big data projects. The design-reality gap model can be used to analyse the nature and extent of barriers facing big data projects in developing countries. And models of power – resource dependency, epistemic models, and wider frameworks – are all shown as helping understand the politics of big data.</p>
<hr />
<em>Cross-posted from <a href="http://www.gdi.manchester.ac.uk/research/publications/other-working-papers/di/di-wp66/">University of Manchester</a>.</em>
<p> </p>
<p>
For more details visit <a href='https://cis-india.org/raw/exploring-big-data-for-development-an-electricity-sector-case-study-from-india'>https://cis-india.org/raw/exploring-big-data-for-development-an-electricity-sector-case-study-from-india</a>
</p>
No publishersumandroBig DataData SystemsResearchers at WorkResearchFeaturedPublicationsBig Data for Development2019-03-16T04:33:15ZBlog EntryNet Neutrality Resources
https://cis-india.org/internet-governance/resources/net-neutrality-resources
<b>Submissions by the Centre for Internet and Society to TRAI and DoT, 2015-2017.</b>
<p> </p>
<ul>
<li><a href="https://cis-india.org/internet-governance/resources/net-neutrality/2015-06-29_PositionPaperonNetNeutralityinIndia" class="external-link">Submission for TRAI Consultation on Regulatory Framework for Over-the-Top Services</a> (June 29, 2015)</li>
<li><a href="https://cis-india.org/internet-governance/resources/net-neutrality/2016-01-07_cis_trai-submission_differential-pricing" class="external-link">Submission to TRAI Consultation on Differential Pricing</a> (January 7, 2016)</li>
<li><a href="https://cis-india.org/internet-governance/resources/net-neutrality/2016-01-14_cis_trai-counter-comments_differential-pricing" class="external-link">Counter Comments to TRAI on Differential Pricing</a> (January 14, 2016)</li>
<li><a href="https://cis-india.org/internet-governance/resources/net-neutrality/trai-consultation-on-differential-pricing-for-data-services-post-open-house-discussion-submission" class="external-link">TRAI Consultation on Differential Pricing for Data Services: Post-Open House Discussion Submission</a> (January 25, 2016)</li>
<li><a class="external-link" href="http://cis-india.org/internet-governance/blog/cis-submission-trai-consultation-free-data">Submission to TRAI Consultation on Free Data</a> (June 30, 2016)</li>
<li><a class="external-link" href="http://cis-india.org/telecom/blog/cis-submission-to-trai-consultation-on-proliferation-of-broadband-through-public-wifi-networks">Submission to TRAI Consultation on Proliferation of Broadband through Public WiFi Networks</a> (August 28, 2016)</li>
<li><a class="external-link" href="http://cis-india.org/telecom/blog/cis-submission-trai-note-on-interoperable-scalable-public-wifi">Submission to TRAI Consultation Note on Model for Nation-wide Interoperable and Scalable Public Wi-Fi Networks</a> (December 12, 2016)</li>
<li><a class="external-link" href="http://cis-india.org/internet-governance/files/cis-trai-submission-on-net-neutrality">Submission to TRAI Consultation on Net Neutrality</a> (April 18, 2017)</li></ul>
<p>
For more details visit <a href='https://cis-india.org/internet-governance/resources/net-neutrality-resources'>https://cis-india.org/internet-governance/resources/net-neutrality-resources</a>
</p>
No publisherpraskrishnaFeaturedHomepageNet NeutralityInternet Governance2017-04-22T09:11:21ZPageSurvey on Data Protection Regime
https://cis-india.org/internet-governance/blog/survey-on-data-protection-regime
<b>We request you to take part in this survey aimed at understanding how various organisations view the changes in the Data Protection Regime in the European Union. Recently the General Data Protection Regulation (EU) 2016/679 was passed, which shall replace the present Data Protection Directive DPD 95/46/EC. This step is likely to impact the way of working for many organisations. We are grateful for your voluntary contribution to our research, and all information shared by you will be used for the purpose of research only. Questions that personally identify you are not mandatory and will be kept strictly confidential. </b>
<p> </p>
<h4>The survey form below can also be accessed <a href="https://goo.gl/forms/61d4W0kPQ8SqNaMO2" target="_blank">here</a>.</h4>
<hr />
<iframe src="https://docs.google.com/forms/d/e/1FAIpQLSepvhTUkkc7s3jFDfJZ90wFJAIuVexrbVSO5icV4kW0-1uyNA/viewform?embedded=true" frameborder="0" marginwidth="0" marginheight="0" height="800" width="600">Loading...</iframe>
<p> </p>
<p>
For more details visit <a href='https://cis-india.org/internet-governance/blog/survey-on-data-protection-regime'>https://cis-india.org/internet-governance/blog/survey-on-data-protection-regime</a>
</p>
No publisherAditi Chaturvedi and Elonnai HickokGeneral Data Protection RegulationInternet GovernanceFeaturedData ProtectionHomepage2017-02-10T10:47:00ZBlog EntryInternet Researchers' Conference 2017 (IRC17)
https://cis-india.org/raw/irc17
<b>With great pleasure we announce the second edition of the Internet Researchers' Conference (IRC), an annual conference series initiated by the Researchers at Work (RAW) programme at CIS to gather researchers, academic or otherwise, studying internet in/from India to congregate, share insights and tensions, and chart the ways forward. The Internet Researchers' Conference 2017 (IRC17) will be held at the International Institute of Information Technology Bangalore (IIIT-B) campus on March 03-05, 2017. It is being organised by the Centre for Information Technology and Public Policy (CITAPP) at IIIT-B and the CIS.</b>
<p> </p>
<h4>Registration is closed now.</h4>
<h4>Propose open sessions <a href="https://public.etherpad-mozilla.org/p/IRC17-OpenSessionProposals">here</a>.</h4>
<h4>Agenda (final): <a href="https://github.com/cis-india/irc/raw/master/irc17/IRC17_Agenda.pdf">Download</a> (PDF)</h4>
<h4>Programme: <a href="https://github.com/cis-india/irc/raw/master/irc17/IRC17_Programme.pdf">Download</a> (PDF)</h4>
<h4>Poster (high resolution): <a href="https://github.com/cis-india/irc/raw/master/irc17/IRC17_Poster-HighRes.jpg">Download</a> (JPG)</h4>
<hr />
<img src="http://cis-india.org/raw/irc17/leadImage" alt="IRC17 Poster" height="400" />
<h3><strong>IRC17: Key Provocations</strong></h3>
<p>Two critical questions that emerged from the conversations at the previous edition of the Conference (IRC16) were about the digital objects of research, and the digital/internet experiences in Indic languages. As we discussed various aspects and challenges of 'studying internet in India', it was noted that we have not sufficiently explored how ongoing research methods, assumptions, and analytical frames are being challenged (if at all) by the becoming-digital of the objects of research across disciplines: from various artifacts and traces of human and machinic interactions, to archival entries and sites of ethnography, to practices and necessities of collaboration.</p>
<p>We found that the analyses of such digital objects of research often tend to assume either an aesthetic and functional uniqueness or sameness vis-à-vis the pre-/proto-digital objects of research, while neither of these positions are discussed in detail. Further, we tend to universalise the English-speaking user's/researcher's experience of working with such digital objects, without sufficiently considering their lives and functions in other (especially, Indic) languages.</p>
<p>These we take as the key provocations of the 2017 edition of IRC:</p>
<ul><li>
<p>How does the becoming-digital of the research objects challenge our current research practices, concerns, and assumptions?</p>
</li>
<li>
<p>How do we appreciate, study, and theorise the functioning of and meaning-making by digital objects in Indic languages?</p>
</li>
<li>
<p>What research tools and infrastructures are needed to study, document, annotate, analyse, archive, cite, and work with (in general) digital objects, especially those in Indic languages?</p>
</li></ul>
<p>This conference series is specifically driven by the following interests: 1) creating discussion spaces for researchers studying internet in India and in other comparable regions, 2) foregrounding the multiplicity, hierarchies, tensions, and urgencies of the digital sites and users in India, 3) accounting for the various layers, conceptual and material, of experiences and usages of internet and networked digital media in India, and 4) exploring and practicing new modes of research and documentation necessitated by new (digital) forms of objects of power/knowledge.</p>
<h3><strong>Dates and Venue</strong></h3>
<p>The conference is being hosted by the International Institute of Information Technology Bangalore (IIIT-B) during March 03-05, 2017.</p>
<p><strong>Address:</strong> 26/C, Electronics City, Hosur Road, Bangalore, 560100, <a href="https://goo.gl/maps/chHchxAMkrK2">location on Google Map</a>.</p>
<h3><strong>Session Details and Notes</strong></h3>
<p>Day 01, Friday, March 03</p>
<p><strong>#DigitalIdentities:</strong> <a href="https://cis-india.github.io/irc/irc17/sessions/digitalidentities.html">Details</a> and <a href="https://public.etherpad-mozilla.org/p/IRC17-DigitalIdentities">Etherpad</a></p>
<p><strong>#IndicLanguagesAndInternetCohabitation:</strong> <a href="https://cis-india.github.io/irc/irc17/sessions/indiclanguagesandinternetcohabitation.html">Details</a> and <a href="https://public.etherpad-mozilla.org/p/IRC17-IndicLanguagesAndInternetCohabitation">Etherpad</a></p>
<p><strong>#SelfiesFromTheField:</strong> <a href="https://cis-india.github.io/irc/irc17/sessions/selfiesfromthefield-revised.html">Details</a> and <a href="https://public.etherpad-mozilla.org/p/IRC17-SelfiesFromTheField">Etherpad</a></p>
<p><strong>#HookingUp:</strong> <a href="https://cis-india.github.io/irc/irc17/sessions/hookingup-revised.html">Details</a> and <a href="https://public.etherpad-mozilla.org/p/IRC17-HookingUp">Etherpad</a></p>
<p>Day 02, Saturday, March 04</p>
<p><strong>#DotBharatAdoption:</strong> <a href="https://cis-india.github.io/irc/irc17/sessions/dotbharatadoption.html">Details</a> and <a href="https://public.etherpad-mozilla.org/p/IRC17-DotBharatAdoption">Etherpad</a></p>
<p><strong>#DigitalPedagogies:</strong> <a href="https://cis-india.github.io/irc/irc17/sessions/digitalpedagogies.html">Details</a> and <a href="https://public.etherpad-mozilla.org/p/IRC17-DigitalPedagogies">Etherpad</a></p>
<p><strong>#MaterializingWriting:</strong> <a href="https://cis-india.github.io/irc/irc17/sessions/materializingwriting.html">Details</a> and <a href="https://public.etherpad-mozilla.org/p/IRC17-MaterializingWriting">Etherpad</a></p>
<p><strong>#RenarrationWeb:</strong> <a href="https://cis-india.github.io/irc/irc17/sessions/renarrationweb.html">Details</a> and <a href="https://public.etherpad-mozilla.org/p/IRC17-RenarrationWeb">Etherpad</a></p>
<p>Day 03, Sunday, March 05</p>
<p><strong>#ArchivesForStorytelling:</strong> <a href="https://cis-india.github.io/irc/irc17/sessions/archivesforstorytelling.html">Details</a> and <a href="https://public.etherpad-mozilla.org/p/IRC17-ArchivesForStorytelling">Etherpad</a></p>
<p><strong>#ObjectsOfDigitalGovernance:</strong> <a href="https://cis-india.github.io/irc/irc17/sessions/objectsofdigitalgovernance.html">Details</a> and <a href="https://public.etherpad-mozilla.org/p/IRC17-ObjectsOfDigitalGovernance">Etherpad</a></p>
<p><strong>#OpenAccessScholarlyPublishing:</strong> <a href="https://cis-india.github.io/irc/irc17/sessions/openaccessscholarlypublishing.html">Details</a> and <a href="https://public.etherpad-mozilla.org/p/IRC17-OpenAccessScholarlyPublishing">Etherpad</a></p>
<h3><strong>Session Selection Process</strong></h3>
<p>Call for sessions: <a href="http://cis-india.org/raw/irc17-call">http://cis-india.org/raw/irc17-call</a>.</p>
<p>Selected sessions: <a href="http://cis-india.org/raw/irc17-selected-sessions">http://cis-india.org/raw/irc17-selected-sessions</a>.</p>
<p>Please join the <a href="https://lists.ghserv.net/mailman/listinfo/researchers">researchers@cis-india</a> mailing list to take part in pre- and post-conference conversations.</p>
<h3><strong>About the IRC Series</strong></h3>
<p>The Researchers at Work (RAW) programme at the Centre for Internet and Society (CIS) initiated the Internet Researchers' Conference (IRC) series to address these concerns, and to create an annual temporary space in India, for internet researchers to gather and share experiences.</p>
<p>The IRC series is driven by the following interests:</p>
<ul>
<li>
<p>creating discussion spaces for researchers and practitioners studying internet in India and in other comparable regions,</p>
</li>
<li>
<p>foregrounding the multiplicity, hierarchies, tensions, and urgencies of the digital sites and users in India,
accounting for the various layers, conceptual and material, of experiences and usages of internet and networked digital media in India, and</p>
</li>
<li>
<p>exploring and practicing new modes of research and documentation necessitated by new (digital) objects of power/knowledge.</p>
</li></ul>
<p>The first edition of the Internet Researchers' Conference series was held in <a href="https://cis-india.org/raw/cis-india.org/raw/irc16">February 2016</a>. It was hosted by the <a href="http://www.jnu.ac.in/SSS/CPS/">Centre for Political Studies</a> at Jawaharlal Nehru University, and was supported by the <a href="http://cis-india.org/raw/cscs-digital-innovation-fund">CSCS Digital Innovation Fund</a>. The Conference was constituted by eleven discussion sessions (majority of which were organised around presentation of several papers), four workshop sessions (which involved group discussions, activities, and learnings), a book sprint over three sessions to develop an outline of a (re)sourcebook for internet researchers in India, and a concluding round table. The audio recordings and notes from IRC16 are now being compiled into an online Reader. A detailed <a href="http://cis-india.org/raw/iirc-reflections-on-irc16">reflection note on IRC16</a> has been published.</p>
<p> </p>
<p>
For more details visit <a href='https://cis-india.org/raw/irc17'>https://cis-india.org/raw/irc17</a>
</p>
No publishersumandroInternet Researcher's ConferenceFeaturedIRC17Researchers at WorkEvent2018-07-02T18:29:55ZEventComments on the Report of the Committee on Digital Payments (December 2016)
https://cis-india.org/internet-governance/blog/comments-on-the-report-of-the-committee-on-digital-payments-dec-2016
<b>The Committee on Digital Payments constituted by the Ministry of Finance and chaired by Ratan P. Watal, Principal Advisor, NITI Aayog, submitted its report on the "Medium Term Recommendations to Strengthen Digital Payments Ecosystem" on December 09, 2016. The report was made public on December 27, and comments were sought from the general public. Here are the comments submitted by the Centre for Internet and Society.</b>
<p> </p>
<h3><strong>1. Preliminary</strong></h3>
<p><strong>1.1.</strong> This submission presents comments by the Centre for Internet and Society (“CIS”) <strong>[1]</strong> in response to the report of the Committee on Digital Payments, chaired by Mr. Ratan P. Watal, Principal Advisor, NITI Aayog, and constituted by the Ministry of Finance, Government of India (“the report”) <strong>[2]</strong>.</p>
<h3><strong>2. The Centre for Internet and Society</strong></h3>
<p><strong>2.1.</strong> The Centre for Internet and Society, CIS, is a non-profit organisation that undertakes interdisciplinary research on internet and digital technologies from policy and academic perspectives. The areas of focus include digital accessibility for persons with diverse abilities, access to knowledge, intellectual property rights, openness (including open data, free and open source software, open standards, and open access), internet governance, telecommunication reform, digital privacy, and cyber-security.</p>
<p><strong>2.2.</strong> CIS is not an expert organisation in the domain of banking in general and payments in particular. Our expertise is in matters of internet and communication governance, data privacy and security, and technology regulation. We deeply appreciate and are most inspired by the Ministry of Finance’s decision to invite entities from both the sectors of finance and information technology. This submission is consistent with CIS’ commitment to safeguarding general public interest, and the interests and rights of various stakeholders involved, especially the citizens and the users. CIS is thankful to the Ministry of Finance for this opportunity to provide a general response on the report.</p>
<h3><strong>3. Comments</strong></h3>
<p><strong>3.1.</strong> CIS observes that the decision by the Government of India to withdraw the legal tender character of the old high denomination banknotes (that is, Rs. 500 Rs. 1,000 notes), declared on November 08, 2016 <strong>[3]</strong>, have generated <strong>unprecedented data about the user base and transaction patterns of digital payments systems in India, when pushed to its extreme use due to the circumstances</strong>. The majority of this data is available with the National Payments Corporation of India and the Reserve Bank of India. CIS requests the authorities concerned to consider <strong>opening up this data for analysis and discussion by public at large and experts in particular, before any specific policy and regulatory decisions are taken</strong> towards advancing digital payments proliferation in India. This is a crucial opportunity for the Ministry of Finance to embrace (open) data-driven regulation and policy-making.</p>
<p><strong>3.2.</strong> While the report makes a reference to the European General Data Protection Directive, it does not make a reference to any substantive provisions in the Directive which may be relevant to digital payments. Aside from the recommendation that privacy protections around the purpose limitation principle be relaxed to ensure that payment service providers be allowed to process data to improve fraud monitoring and anti-money laundering services, the report is silent on significant privacy and data protection concerns posed by digital payments services. <strong>CIS strongly warns that the existing data protection and security regulations under Information Technology (Reasonable security practices and procedures and sensitive personal data or information), Rules are woefully inadequate in their scope and application to effectively deal with potential privacy concerns posed by digital payments applications and services.</strong> Some key privacy issues that must be addressed either under a comprehensive data protection legislation or a sector specific financial regulation are listed below. The process of obtaining consent must be specific, informed and unambiguous and through a clear affirmative action by the data subject based upon a genuine choice provided along with an option to opt out at any stage. The data subjects should have clear and easily enforceable right to access and correct their data. Further, data subjects should have the right to restrict the usage of their data in circumstances such as inaccuracy of data, unlawful purpose and data no longer required in order to fulfill the original purpose.</p>
<p><strong>3.3.</strong> The initial recommendation of the report is to “[m]ake regulation of payments independent from the function of central banking” (page 22). This involves a fundamental transformation of the payment and settlement system in India and its regulation. <strong>We submit that a decision regarding transformation of such scale and implications is taken after a more comprehensive policy discussion, especially involving a wider range of stakeholders</strong>. The report itself notes that “[d]igital payments also have the potential of becoming a gateway to other financial services such as credit facilities for small businesses and low-income households” (page 32). Thus, a clear functional, and hence regulatory, separation between the (digital) payments industry and the lending/borrowing industry may be either effective or desirable. Global experience tells us that digital transactions data, along with other alternative data, are fast becoming the basis of provision of financial and other services, by both banking and non-banking (payments) companies. We appeal to the Ministry of Finance to adopt a comprehensive and concerted approach to regulating, enabling competition, and upholding consumers’ rights in the banking sector at large.</p>
<p><strong>3.4.</strong> The report recognises “banking as an activity is separate from payments, which is more of a technology business” (page 154). Contemporary banking and payment businesses are both are primarily technology businesses where information technology particularly is deployed intimately to extract, process, and drive asset management decisions using financial transaction data. Further, with payment businesses (such as, pre-paid instruments) offering return on deposited money via other means (such as, cashbacks), and potentially competing and/or collaborating with established banks to use financial transaction data to drive lending decisions, including but not limited to micro-loans, it appears unproductive to create a separation between banking as an activity and payments as an activity merely in terms of the respective technology intensity of these sectors. <strong>CIS firmly recommends that regulation of these financial services and activities be undertaken in a technology-agnostic manner, and similar regulatory regimes be deployed on those entities offering similar services irrespective of their technology intensity or choice</strong>.</p>
<p><strong>3.5.</strong> The report highlights two major shortcomings of the current regulatory regime for payments. Firstly “the law does not impose any obligation on the regulator to promote competition and innovation in the payments market” (page 153). It appears to us that the regulator’s role should not be to promote market expansion and innovation but to ensure and oversee competition. <strong>We believe that the current regulator should focus on regulating the existing market, and the work of the expansion of the digital payments market in particular and the digital financial services market in general be carried out by another government agency, as it creates conflict of interest for the regulator otherwise.</strong> Secondly, the report mentions that Payment and Settlement Systems Act does not “focus the regulatory attention on the need for consumer protection in digital payments” and then it notes that a “provision was inserted to protect funds collected from customers” in 2015 (page 153). <strong>This indicates that the regulator already has the responsibility to ensure consumer protection in digital payments. The purview and modalities of how this function of course needs discussion and changes with the growth in digital payments</strong>.</p>
<p><strong>3.6.</strong> The report identifies the high cost of cash as a key reason for the government’s policy push towards digital payments. Further, it mentions that a “sample survey conducted in 2014 across urban and rural neighbourhoods in Delhi and Meerut, shows that despite being keenly aware of the costs associated with transacting in cash, most consumers see three main benefits of cash, viz. freedom of negotiations, faster settlements, and ensuring exact payments” (page 30). It further notes that “[d]igital payments have significant dependencies upon power and telecommunications infrastructure. Therefore, the roll out of robust and user friendly digital payments solutions to unelectrified areas/areas without telecommunications network coverage, remains a challenge.” <strong>CIS much appreciates the discussion of the barriers to universal adoption and rollout of digital payments in the report, and appeals to the Ministry of Finance to undertake a more comprehensive study of the key investments required by the Government of India to ensure that digital payments become ubiquitously viable as well as satisfy the demands of a vast range of consumers that India has</strong>. The estimates about investment required to create a robust digital payment infrastructure, cited in the report, provide a great basis for undertaking studies such as these.</p>
<p><strong>3.7.</strong> CIS is very encouraged to see the report highlighting that “[w]ith the rising number of users of digital payment services, it is absolutely necessary to develop consumer confidence on digital payments. Therefore, it is essential to have legislative safeguards to protect such consumers in-built into the primary law.” <strong>We second this recommendation and would like to add further that financial transaction data is governed under a common data protection and privacy regime, without making any differences between data collected by banking and non-banking entities</strong>.</p>
<p><strong>3.8.</strong> We are, however, very discouraged to see the overtly incorrect use of the word “Open Access” in this report in the context of a payment system disallowing service when the client wants to transact money with a specific entity <strong>[4]</strong>. This is not an uncommon anti-competitive measure adopted by various platform players and services providers so as to disallow users from using competing products (such as, not allowing competing apps in the app store controlled by one software company). <strong>The term “Open Access” is not only the appropriate word to describe the negation of such anti-competitive behaviour, its usage in this context undermines its accepted meaning and creates confusion regarding the recommendation being proposed by the report.</strong> The closest analogy to the recommendation of the report would perhaps be with the principle of “network neutrality” that stands for the network provider not discriminating between data packets being processed by them, either in terms of price or speed.</p>
<p><strong>3.9.</strong> A major recommendation by the report involves creation of “a fund from savings generated from cash-less transactions … by the Central Government,” which will use “the trinity of JAM (Jan Dhan, Adhaar, Mobile) [to] link financial inclusion with social protection, contributing to improved Social and Financial Security and Inclusion of vulnerable groups/ communities” (page 160-161). <strong>This amounts to making Aadhaar a mandatory ID for financial inclusion of citizens, especially the marginal and vulnerable ones, and is in direct contradiction to the government’s statements regarding the optional nature of the Aadhaar ID, as well as the orders by the Supreme Court on this topic</strong>.</p>
<p><strong>3.10.</strong> The report recommends that “Aadhaar should be made the primary identification for KYC with the option of using other IDs for people who have not yet obtained Aadhaar” (page 163) and further that “Aadhaar eKYC and eSign should be a replacement for paper based, costly, and shared central KYC registries” (page 162). <strong>Not only these measures would imply making Aadhaar a mandatory ID for undertaking any legal activity in the country, they assume that the UIDAI has verified and audited the personal documents submitted by Aadhaar number holders during enrollment.</strong> A mandate for <em>replacement</em> of the paper-based central KYC agencies will only remove a much needed redundancy in the the identity verification infrastructure of the government.</p>
<p><strong>3.11.</strong> The report suggests that “[t]ransactions which are permitted in cash without KYC should also be permitted on prepaid wallets without KYC” (page 164-165). This seems to negate the reality that physical verification of a person remains one of the most authoritative identity verification process for a natural person, apart from DNA testing perhaps. <strong>Thus, establishing full equivalency of procedure between a presence-less transaction and one involving a physically present person making the payment will only amount to removal of relatively greater security precautions for the former, and will lead to possibilities of fraud</strong>.</p>
<p><strong>3.12.</strong> In continuation with the previous point, the report recommends promotion of “Aadhaar based KYC where PAN has not been obtained” and making of “quoting Aadhaar compulsory in income tax return for natural persons” (page 163). Both these measures imply a replacement of the PAN by Aadhaar in the long term, and a sharp reduction in growth of new PAN holders in the short term. <strong>We appeal for this recommendation to be reconsidered as integration of all functionally separate national critical information infrastructures (such as PAN and Aadhaar) into a single unified and centralised system (such as Aadhaar) engenders massive national and personal security threats</strong>.</p>
<p><strong>3.13.</strong> The report suggest the establishment of “a ranking and reward framework” to recognise and encourage for the best performing state/district/agency in the proliferation of digital payments. <strong>It appears to us that creation of such a framework will only lead to making of an environment of competition among these entities concerned, which apart from its benefits may also have its costs. For example, the incentivisation of quick rollout of digital payment avenues by state government and various government agencies may lead to implementation without sufficient planning, coordination with stakeholders, and precautions regarding data security and privacy</strong>. The provision of central support for digital payments should be carried out in an environment of cooperation and not competition.</p>
<p><strong>3.14.</strong> CIS welcomes the recommendation by the report to generate greater awareness about cost of cash, including by ensuring that “large merchants including government agencies should account and disclose the cost of cash collection and cash payments incurred by them periodically” (page 164). It, however, is not clear to whom such periodic disclosures should be made. <strong>We would like to add here that the awareness building must simultaneously focus on making public how different entities shoulder these costs. Further, for reasons of comparison and evidence-driven policy making, it is necessary that data for equivalent variables are also made open for digital payments - the total and disaggregate cost, and what proportion of these costs are shouldered by which entities</strong>.</p>
<p><strong>3.15.</strong> The report acknowledges that “[t]oday, most merchants do not accept digital payments” and it goes on to recommend “that the Government should seize the initiative and require all government agencies and merchants where contracts are awarded by the government to provide at-least one suitable digital payment option to its consumers and vendors” (page 165). This requirement for offering digital payment option will only introduce an additional economic barrier for merchants bidding for government contracts. <strong>We appeal to the Ministry of Finance to reconsider this approach of raising the costs of non-digital payments to incentivise proliferation of digital payments, and instead lower the existing economic and other barriers to digital payments that keep the merchants away</strong>. The adoption of digital payments must not lead to increasing costs for merchants and end-users, but must decrease the same instead.</p>
<p><strong>3.16.</strong> As the report was submitted on December 09, 2016, and was made public only on December 27, 2016, <strong>it would have been much appreciated if at least a month-long window was provided to study and comment on the report, instead of fifteen days</strong>. This is especially crucial as the recently implemented demonetisation and the subsequent banking and fiscal policy decisions taken by the government have rapidly transformed the state and dynamics of the payments system landscape in India in general, and digital payments in particular.</p>
<h3><strong>Endnotes</strong></h3>
<p><strong>[1]</strong> See: <a href="http://cis-india.org/">http://cis-india.org/</a>.</p>
<p><strong>[2]</strong> See: <a href="http://finmin.nic.in/reports/Note-watal-report.pdf">http://finmin.nic.in/reports/Note-watal-report.pdf</a> and <a href="http://finmin.nic.in/reports/watal_report271216.pdf">http://finmin.nic.in/reports/watal_report271216.pdf</a>.</p>
<p><strong>[3]</strong> See: <a href="http://finmin.nic.in/cancellation_high_denomination_notes.pdf">http://finmin.nic.in/cancellation_high_denomination_notes.pdf</a>.</p>
<p><strong>[4]</strong> Open Access refers to “free and unrestricted online availability” of scientific and non-scientific literature. See: <a href="http://www.budapestopenaccessinitiative.org/read">http://www.budapestopenaccessinitiative.org/read</a>.</p>
<p> </p>
<p>
For more details visit <a href='https://cis-india.org/internet-governance/blog/comments-on-the-report-of-the-committee-on-digital-payments-dec-2016'>https://cis-india.org/internet-governance/blog/comments-on-the-report-of-the-committee-on-digital-payments-dec-2016</a>
</p>
No publisherSumandro Chattapadhyay and Amber SinhaUIDDigital IDBig DataDigital EconomyDigital AccessPrivacyDigital SecurityData RevolutionDigital PaymentInternet GovernanceDigital IndiaData ProtectionDemonetisationHomepageFeaturedAadhaar2017-01-12T12:32:22ZBlog EntryCIS Submission to TRAI Consultation Note on Model for Nation-wide Interoperable and Scalable Public Wi-Fi Networks
https://cis-india.org/telecom/blog/cis-submission-trai-note-on-interoperable-scalable-public-wifi
<b>This submission presents responses by the CIS on the Consultation Note on Model for Nation-wide Interoperable and Scalable Public Wi-Fi Networks published by the TRAI on November 15, 2016. Our analysis of the solution proposed in the Note, in brief, is that there is no need of a solution for non-existing interoperability problem for authentication and payment services for accessing public Wi-Fi networks. The proposed solution in this Note only adds to over-regulation in this sector, and does not incentivise new investment in the sector, but only establishes UIDAI and NPCI as the monopoly service providers for authentication and payment services.</b>
<p> </p>
<p>The comments were authored by Japreet Grewal, Pranesh Prakash, Sharath Chandra, Sumandro Chattapadhyay, Sunil Abraham, and Udbhav Tiwari, with expert comments from Amelia Andersdotter.</p>
<hr />
<h2>1. Preliminary</h2>
<p><strong>1.1.</strong> This submission presents responses by the Centre for Internet and Society (“CIS”) <strong>[1]</strong> on the <em>Consultation Note on Model for Nation-wide Interoperable and Scalable Public Wi-Fi Networks</em> (“the Note”) published by the Telecom Regulatory Authority of India (“TRAI”) on November 15, 2016 <strong>[2]</strong>.</p>
<p><strong>1.2.</strong> The CIS welcomes the effort undertaken by TRAI to map regulatory and other barriers to deployment of public Wi-Fi in India. We especially appreciate that TRAI has recognised <strong>[3]</strong> two key barriers to provision of public Wi-Fi networks identified and highlighted in our earlier response to the <em>Consultation Paper on Proliferation of Broadband through Public WiFi</em> <strong>[4]</strong>: 1) over regulation (including, licensing requirements, data retention, and Know Your Customer policy), and 2) paucity of spectrum <strong>[5]</strong>.</p>
<h2>2. General Responses</h2>
<p><strong>2.1.</strong> Before responding to the specific questions posed by the Note, we would like to make the following observations.</p>
<p><strong>2.2.</strong> There is no need of a solution for non-existing interoperability problem for authentication and payment services for accessing public Wi-Fi networks. The proposed solution in this Note only adds to over-regulation in this sector. The proposed solution does not incentivise new investment in the sector, but only establishes UIDAI and NPCI as the monopoly service providers for authentication and payment services.</p>
<p><strong>2.3.</strong> As the TRAI has consulted widely with industry and other stakeholders before it settled on the list of priority issues contained in Section C.6 of the Note, we are surprised to find that this Note aims to address only the problem of lack of “seamless interoperable payment system for Wi-Fi networks” (Section C.6.d. Of the Note), and does not discuss and propose solutions for any other key barriers identified by the Note.</p>
<p><strong>2.4.</strong> The Note fails to clarify the “interoperability” problem in the payment system for usage of public Wi-Fi networks that it is attempting to solve. The Note identifies that lack of “single standard” for “authentication and payment mechanisms” for accessing public Wi-Fi networks as a key impediment to provide scalable and interoperable public Wi-Fi networks across the country <strong>[6]</strong>. By conceptualising the problem in this manner, TRAI has bundled together two completely different concerns - authentication and payment - into one and this is at the root of the problems emanating from the proposed solution in this Note.</p>
<p><strong>2.5.</strong> Lack of standard process for authentication is created by over-regulation via Know Your Customer (“KYC”) policies, and selection of eKYC service provided by UIDAI as the only acceptable authentication mechanism for all users of public Wi-Fi networks across India, creating further economic and legal challenges for smaller would-be providers of public Wi-Fi networks as they assess their liabilities and start-up costs. Additionally, since this would amount to making UID/Aadhaar enrolment mandatory for any user of public wi-fi networks, it seems to create a contradiction with previously communicated policy from the UIDAI and the Government that no such obligation should arise. Supreme Court has also mandated over successive Orders that enrolment for UID/Aadhaar number should remain optional for the citizens and residents.</p>
<p><strong>2.6.</strong> As was observed by the respondents to the TRAI Consultation concluded earlier this year, there is no interoperability problem that needs to be solved regarding payments for accessing public Wi-Fi networks. Payment services continue to be evolved and payment aggregator services provided by existing companies may be expected to resolve many of the outstanding issues of service proliferation in the upcoming years, at least in the absence of additional mandatory technical measures imposed by the government. Bundling of payment with authentication will only undermine the already existing independent market for payment aggregators, and further enforce mandatoriness of UID/Aadhaar number.</p>
<p><strong>2.7.</strong> Further, the payment mechanism proposed would seem to worsen difficulties for tourists and foreigners in accessing public Wi-Fi in India, as well adds an additional layer of authentication in a system already identified (even in the Note itself) to be overburdened by regulations regarding KYC and data retention. Section C.6.b of the Note highlights the problems faced by foreigners and tourists when the authentication mechanism is premised upon use of One Time Password (OTP) that requires a functioning local mobile phone number. It contradicts itself later by proposing an authentication method that requires the user to not only download an application onto their mobile/desktop device, but also to enrol for UID/Aadhaar number and/or to use their existing UID/Aadhaar number. Instead of reducing the existing barriers to provision of and access to public Wi-Fi, which the Note is supposed to achieve, it creates significant new barriers.</p>
<p><strong>2.8.</strong> The technological architecture advanced by the Note upholds support of governance and surveillance projects that, in addition to being costly in their implementation and thereby slowing down the objective of getting India connected, are also of questionable value to the security of the Indian polity. UID, UPI, and related projects risk undermining cyber-security through their reliance on centralised architectures and interfere with healthy competitive market dynamics between commercial and non-commercial actors.</p>
<p><strong>2.9.</strong> The Note continues to only consider and enable commercial models for the provision of public Wi-Fi networks. We have identified this as a problematic assumption in our last submission <strong>[7]</strong>. It is most crucial that TRAI does not ignore and fail to promote and facilitate the possibility of not-for-profit models that involve grassroot communities, academia, and civil society.</p>
<p><strong>2.10.</strong> Last but not the least, the term “Wi-Fi” refers to a particular technology for establishing wireless local area networks. Further, the term is a trademark of the Wi-Fi Alliance <strong>[8]</strong>. It is this not a neutral term, and it must not be used as a general and universal synonym for wireless local area networks. We recommend that TRAI may consider using a technology-neutral term, say “public wireless services” or “public networking services”, to describe the sector. Following the terminology used in the Note, we have decided to continue using the term “Wi-Fi” in this response. This does not reflect our agreement about the appropriateness of this term. Important: The recommendation for technology-neutral regulation also comes with the qualification that safeguards like regulations on Listen Before Talk and Cycle Time are required to prevent technologies like LTE-U from squatting on spectrum and interfering with connections based on other standards.</p>
<h2>3. Specific Responses</h2>
<h4>Q1. Is the architecture suggested in the consultation note for creating unified authentication and payment infrastructure will enable nationwide standard for authentication and payment interoperability?</h4>
<p><strong>3.1.</strong> No. The proposed infrastructure is likely to be costly for a large number of actors to implement and undermine some of the ongoing innovation in the Indian digital payment services industry. Rather than being helpful, it risks introducing additional requirements on an industry that TRAI has already identified as facing a number of large challenges.</p>
<p><strong>3.2.</strong> There is no need for a unified architecture that provides nationwide standard for authentication and payment interoperability. It does not offer any incentive towards provision of public Wi-Fi networks. Neither is there an interoperability problem at the physical or data link layers that has been pointed out, nor is government mandated interoperability required at the payment or ID layer since there are private entities that provide such interoperability (like, payment aggregators). Additionally, we believe it is inappropriate that the TRAI is trying to predict the most suitable business/technological model for digital payments to be used for accessing commercial Wi-Fi networks. India has a booming online payments industry, and it must be allowed to evolve in an enabling regulatory environment that allow for competition and ensures responsible practices.</p>
<p><strong>3.3.</strong> The Note identifies several structural impediments to expansion of public Wi-Fi networks in India, namely paucity of backhaul connectivity infrastructure (Section C.6.a), Inadequate associated infrastructure to offer carrier grade Wi-Fi network (Section C.6.c), dependency of authentication mechanism on pre-existing (Indian) mobile phone connection (Section C.6.b), and limited availability of spectrum to be used for public Wi-Fi networks (Section C.6.e). All these are crucial concerns and none of them have been addressed by the architecture suggested in the Note.</p>
<h4>Q2. Would you like to suggest any alternate model?</h4>
<p><strong>3.4.</strong> Yes. The model proposed in the Note is likely to exclude several types of potential users (say, foreigners and tourists), and impose a single authentication and payment service provider for accessing public Wi-Fi networks, which may undermine both competition and security in the market for these services.</p>
<p><strong>3.5.</strong> Internationally, there are cities and regions (say, the city of Barcelona and the Catalonia region in Spain) where public Wi-Fi networks have been provided in a pervasive and efficient manner by taking a light regulatory approach that enables opportunities for potential providers to set up their own infrastructures and additionally have access to backhaul. Further, reducing legal requirements on authentication should be considered in place of government mandated technical architectures for authentication and payment. In particular, allowing for anonymous access to Public Wi-Fi or wireless connectivity would reduce both the administrative and the technical burden on potential providers at the hyper-local level, especially for providers whose main activity it is not, and cannot be, to provide internet services (say, event venues, malls, and shops).</p>
<p><strong>3.6.</strong> The CIS suggests the following steps towards conceptualising an “alternative model”:</p>
<ol><li>remove existing regulatory disincentives,<br /><br /></li>
<li>urgently explore policies to promote deployment of wired infrastructures in general, and to enable a larger range of actors, including local authorities, to invest in and deploy local infrastructures by reducing licensing requirements in particular,<br /><br /></li>
<li>examine spectrum requirements for provision of public Wi-Fi, and<br /><br /></li>
<li>provide incentives, such as allowing telecom service providers to share backhaul traffic over public Wi-Fi, and ways for telecom service providers to lower their costs if they also make Internet access available for free.</li></ol>
<h4>Q3. Can Public Wi-Fi access providers resell capacity and bandwidth to retail users? Is “light touch regulation” using methods such as “registration” instead of “licensing” preferred for them?</h4>
<p><strong>3.7.</strong> CIS holds that capacity and bandwidth are neither comparable to tangible goods nor to digital currency. They are a utility, and the provider of the utility has to accept that their customers use the utility in the way they see fit, even if that use entails sharing said capacity and bandwidth with downstream private persons or customers. Wi-Fi capabilities are currently a built-in standardised feature of all consumer routers. Any individual, community, or store with access to an internet connection and a consumer router could become a public Wi-Fi access provider at no additional cost to themselves, furthering the goals of the Indian government in its Digital India strategy to ensure public and universal access to the internet.</p>
<p><strong>3.8.</strong> In order to exploit the opportunities awarded by a large amount of entities in the Indian society potentially becoming Public Wi-Fi providers, TRAI should require neither registration nor licensing of these actors. Imposing administrative burdens on potential public Wi-Fi access providers creates legal uncertainty and will cause a lot of actors, who may otherwise contribute to the goals of Digital India, not to do so. This is particularly true for community organisers and citizens, who may not have access to legal assistance and therefore may avoid contributing to the goals of the government.</p>
<p><strong>3.9.</strong> Light touch regulation when it comes to both granting license to public Wi-Fi access providers as well as authentication of retail users, however, are needed not only as an exceptional practice for such instances but as a general practice in case of entities offering public Wi-Fi services, either commercially or otherwise. Further, additional laxity in administrative responsibilities is needed to incentivise provision of free, that is non-commercial, public Wi-Fi networks.</p>
<h4>Q4. What should be the regulatory guidelines on “unbundling” Wi-Fi at access and backhaul level?</h4>
<p><strong>3.10.</strong> The Note refers to unbundling of activities related to provision of Wi-Fi but it does not define the term. It is neither explained which specific activities at access and backhaul levels must be considered for unbundling.</p>
<p><strong>3.11.</strong> While unbundling should clearly be allowed and any regulatory hurdles to unbundling should be removed, any such decision must be taken with a focus on urgently addressing the stagnated growth in landline and backhaul, as identified in Section C.6.a of the Note. Relying only on spectrum intensive infrastructures, such as mobile base stations, for providing connectivity, creates a heavy regulatory burden for the TRAI, while simultaneously not ensuring optimal connectivity for business and private users. The CIS is concerned that the focus of the Note on standardising a government-mediated authentication and payment mechanism detracts attention from this urgent obstacle to the fulfillment of the Digital India plans of accelerated provision of broadband highways, universal access, and public, especially free, access to internet services.</p>
<p><strong>3.12.</strong> From the example of European telecommunications legislations, implementation of policy measures to ensure that vertical integration between infrastructure (say, cables, switches, and hubs) providers and service (say, providing a subscriber with a household modem or a SIM card) providers in the telecommunications sector does not become a barrier to new market entrants has yielded much success in countries that have pursued it, like Sweden and Great Britain.</p>
<p><strong>3.13.</strong> Further, there should be no default assumption of bundling by the TRAI. In particular, the TRAI should consider reviewing all regulations that may cause bundling to occur when this is not necessary, and put in place in a monitoring mechanism for ensuring that bundled practises (especially in electronic networks, base station infrastructures, backhaul and similar) do not cause competitive problems or raise market entry barriers <strong>[9]</strong>. In most EU countries, especially where the corporate structure of incumbent(s) is not highly vertically integrated, interconnection requirements for electronic network providers of wired networks in the backhaul or backbone (effectively price regulated interconnection), and a conscious effort to ensure that new market players can enter the field, have ensured a competitive telecommunications environment. TRAI may consider reviewing the European regulation on local loop unbundling (1999) and discussions on functional separation (especially by the British regulatory authority Ofcom), within an Indian context.</p>
<h4>Q5. Whether reselling of bandwidth should be allowed to venue owners such as shop keepers through Wi-Fi at premise? In such a scenario please suggest the mechanism for security compliance.</h4>
<p><strong>3.14.</strong> Yes. Venue owners should be allowed to provide public Wi-Fi service both on a commercial and non-commercial basis.</p>
<p><strong>3.15.</strong> It is not clear from the Note and the question what type of security concerns the TRAI is seeking to address. In terms of payment security, the payment industry already has a large range of verification and testing mechanisms. The CIS objects to the mandatory introduction of the proposed payment system so as to ensure greater security for Wi-Fi access providers and the users.</p>
<p><strong>3.16.</strong> As far as hardware-related security issues are concerned, it is again unclear why consumer equipment compliant with existing Wi-Fi standards would not be sufficiently secure in the Indian context. Wi-Fi has proven to be a sturdy technical standard, its adoption is high in multiple jurisdictions around the world, and it also enjoys great technical stability. Similar security assessments could easily be made for alternative wireless technologies, such as WiMaX.</p>
<p><strong>3.17.</strong> The CIS foresees problems is in the allocation of risk and liability by law. The already existing legal obligation to verify the identity of each user, for instance, is likely to introduce a large administrative burden on potential Public Wi-Fi providers, which may lead to such potential providers abstaining from entering the market. Should the identification requirement be removed, however, other concerns pertaining to legal obligations may arise. These include liability for user activities on the web or on the internet (cf. copyright infringement, libel, hate speech). We propose a “safe harbour” mechanism in these cases, limiting the liability of the potential public Wi-Fi provider.</p>
<h4>Q6. What should be the guidelines regarding sharing of costs and revenue across all entities in the public Wi-Fi value chain? Is regulatory intervention required or it should be left to forbearance and individual contracting?</h4>
<p><strong>3.18.</strong> The market segments identified by the TRAI in Section F.18 of the Note should normally all be competitive markets themselves, and so do not require regulatory assistance in sharing of costs and revenues. The more elaborate the requirements imposed on each actor of each market segment identified by the TRAI in Section F.18, the more costly the roll-out of public Wi-Fi is going to be for the market actors. Such a cost is not avoided by price regulation.</p>
<p><strong>3.19.</strong> The TRAI may instead consider introducing public funding for backhaul roll-out in remote areas, where the market is unlikely to engage in such roll-out on its own. Presently, some Indian states (such as Karnataka) are committing to public funding for wireless access in remote areas. The Union Government can assist such endeavours.</p>
<h2>Endnotes</h2>
<p><strong>[1]</strong> See: <a href="http://cis-india.org/">http://cis-india.org/</a>.</p>
<p><strong>[2]</strong> See: <a href="http://trai.gov.in/Content/ConDis/20801_0.aspx">http://trai.gov.in/Content/ConDis/20801_0.aspx</a>.</p>
<p><strong>[3]</strong> See Section C.6 of the Note.</p>
<p><strong>[4]</strong> See: <a href="http://trai.gov.in/Content/ConDis/20782_0.aspx">http://trai.gov.in/Content/ConDis/20782_0.aspx</a>.</p>
<p><strong>[5]</strong> See: <a href="http://cis-india.org/telecom/blog/cis-submission-to-trai-consultation-on-proliferation-of-broadband-through-public-wifi-networks">http://cis-india.org/telecom/blog/cis-submission-to-trai-consultation-on-proliferation-of-broadband-through-public-wifi-networks</a>.</p>
<p><strong>[6]</strong> See Section E.11. of the Note.</p>
<p><strong>[7]</strong> See: <a href="http://cis-india.org/telecom/blog/cis-submission-to-trai-consultation-on-proliferation-of-broadband-through-public-wifi-networks">http://cis-india.org/telecom/blog/cis-submission-to-trai-consultation-on-proliferation-of-broadband-through-public-wifi-networks</a>.</p>
<p><strong>[8]</strong> See: <a href="https://www.wi-fi.org/">https://www.wi-fi.org/</a>.</p>
<p><strong>[9]</strong> See: Monitoring bundled products in the telecommunications sector is also recommended by the OECD: <a href="http://oecdinsights.org/2015/06/22/triple-and-quadruple-play-bundles-of-communication-services-towards-all-in-one-packages/">http://oecdinsights.org/2015/06/22/triple-and-quadruple-play-bundles-of-communication-services-towards-all-in-one-packages/</a>.</p>
<p> </p>
<p>
For more details visit <a href='https://cis-india.org/telecom/blog/cis-submission-trai-note-on-interoperable-scalable-public-wifi'>https://cis-india.org/telecom/blog/cis-submission-trai-note-on-interoperable-scalable-public-wifi</a>
</p>
No publisherJapreet Grewal, Pranesh Prakash, Sharath Chandra, Sumandro Chattapadhyay, Sunil Abraham, and Udbhav Tiwari, with expert comments from Amelia AndersdotterDigital PaymentPublic Wireless NetworkTRAIInternet GovernanceTelecomFeaturedAadhaarHomepageUID2016-12-12T13:59:00ZBlog EntryHabeas Data in India
https://cis-india.org/internet-governance/blog/habeas-data-in-india
<b>Habeas Data is a latin word which can be loosely translated to mean “have the data”. The right has been primarily conceptualized, designed, ratified, and implemented by various nation-states in the background of a shared common history of decades of torture, terror, and other repressive practices under military juntas and other fascist regimes.</b>
<hr />
<p style="text-align: justify; "><a class="external-link" href="http://cis-india.org/internet-governance/files/habeas-data-india.pdf/view"><b>Download the Paper</b></a> (PDF)</p>
<hr style="text-align: justify; " />
<h3 style="text-align: justify; ">Introduction</h3>
<p style="text-align: justify; ">The writ of habeas data was a distinct response to these recent histories which provided individuals with basic rights to access personal information collected by the state (and sometimes byprivate agencies of a public nature) and to challenge and correct such data, requiring the state to safeguard the privacy and accuracy of people's personal data.<a href="#fn1" name="fr1">[1] </a></p>
<p style="text-align: justify; ">The origins of Habeas Data are traced back, unsurprisingly, to the European legal regime since Europe is considered as the fountainhead of modern data protection laws. The inspiration for Habeas Data is often considered to be the Council of Europe's 108th Convention on Data Protection of 1981.<a href="#fn2" name="fr2">[2] </a>The purpose of the Convention was to secure the privacy of individuals regarding the automated processing of personal data. For this purpose, individuals were granted several rights including a right to access their personal data held in an automated database.<a href="#fn3" name="fr3">[3] </a></p>
<p style="text-align: justify; ">Another source or inspiration behind Habeas Data is considered to be the German legal system where a constitutional right to information self-determination was created by the German Constitutional Tribunal by interpretation of the existing rights of human dignity and personality. This is a right to know what type of data is stored on manual and automatic databases about an individual, and it implies that there must be transparency on the gathering and processing of such data.<a href="#fn4" name="fr4">[4] </a></p>
<p style="text-align: justify; ">Habeas Data is essentially a right or mechanism for an individual complaint presented to a constitutional court, to protect the image, privacy, honour, information self-determination and freedom of information of a person. <a href="#fn5" name="fr5">[5] </a></p>
<p style="text-align: justify; ">A Habeas Data complaint can be filed by any citizen against any register to find out what information is held about his or her person. That person can request the rectification, update or even the destruction of the personal data held, it does not matter most of the times if the register is private or public.<a href="#fn6" name="fr6">[6] </a></p>
<h3 style="text-align: justify; ">Habeas Data in different jurisdictions</h3>
<p style="text-align: justify; ">Habeas Data does not have any one specific definition and has different characteristics in different jurisdictions. Therefore, in order to better understand the right, it will be useful to describe the scope of Habeas Data as it has been incorporated in certain jurisdictions in order to better understand what the right entails:<a href="#fn7" name="fr7">[7] </a></p>
<p style="text-align: justify; "><b>Brazil</b></p>
<p style="text-align: justify; ">The Constitution of Brazil grants its citizens the right to get a habeas data “a. to assure knowledge of personal information about the petitioner contained in records or data banks of government agencies or entities of a public character; b. to correct data whenever the petitioner prefers not to do so through confidential judicial or administrative proceedings;<a href="#fn8" name="fr8">[8] </a></p>
<p style="text-align: justify; ">The place or tribunal where the Habeas Data action is to be filed changes depending on who is it presented against, which creates a complicated system of venues. Both the Brazilian constitution and the 1997 law stipulate that the court will be:</p>
<ul style="text-align: justify; ">
<li>The Superior Federal Tribunal for actions against the President, both chambers of Congress and itself;</li>
<li>The Superior Justice Tribunal for actions against Ministers or itself;</li>
<li>The regional federal judges for actions against federal authorities;</li>
<li>State tribunals according to each state law;</li>
<li>State judges for all other cases.<a href="#fn9" name="fr9">[9] </a></li>
</ul>
<p style="text-align: justify; "><b>Paraguay</b><br />The Constitution of Paraguay grants a similar right of habeas data in its constitution which states:</p>
<p style="text-align: justify; ">"All persons may access the information and the data that about themselves, or about their assets, [that] is [obren] in official or private registries of a public character, as well as to know the use made of the same and of their end. [All persons] may request before the competent magistrate the updating, the rectification or the destruction of these, if they were wrong or illegitimately affected their rights."<a href="#fn10" name="fr10">[10] </a></p>
<p style="text-align: justify; ">Compared to the right granted in Brazil, the text of the Paraguay Constitution specifically recognises that the citizen also has the right to know the use his/her data is being put to.</p>
<p style="text-align: justify; "><b>Argentina</b></p>
<p style="text-align: justify; ">Article 43 of the Constitution of Argentina grants the right of habeas data, though it has been included under the action of “amparo”,<a href="#fn11" name="fr11">[11] </a>the relevant portion of Article 43 states as follows:</p>
<p style="text-align: justify; ">"Any person may file an amparo action to find out and to learn the purpose of data about him which is on record in public registries or data banks, or in any private [registers or data banks] whose purpose is to provide information, and in case of falsity or discrimination, to demand the suppression, rectification, confidentiality, or updating of the same. The secrecy of journalistic information sources shall not be affected."<a href="#fn12" name="fr12">[12] </a></p>
<p style="text-align: justify; ">The version of Habeas Data recognised in Argentina includes most of the protections seen in Brazil and Paraguay, such as the right to access the data, rectify it, update it or destroy it, etc. Nevertheless, the Argentinean constitution also includes certain other features such as the fact that it incorporates the Peruvian idea of confidentiality of data, being interpreted as the prohibition to broadcast or transmit incorrect or false information. Another feature of the Argentinean law is that it specifically excludes the press from the action, which may be considered as reasonable or unreasonable depending upon the context and country in which it is applied.<a href="#fn13" name="fr13">[13] </a></p>
<p style="text-align: justify; "><b>Venezuela</b><br />Article 28 of the Constitution of Venezuela established the writ of habeas data, which expressly permits access to information stored in official and private registries. It states as follows:</p>
<p style="text-align: justify; ">"All individuals have a right to access information and data about themselves and about their property stored in official as well as private registries. Secondly, they are entitled to know the purpose of and the policy behind these registries. Thirdly, they have a right to request, before a competent tribunal, the updating, rectification, or destruction of any database that is inaccurate or that undermines their entitlements. The law shall establish exceptions to these principles. By the same token, any person shall have access to information that is of interest to communities and groups. The secrecy of the sources of newspapers-and of other entities or individuals as defined by law-shall be preserved."<a href="#fn14" name="fr14">[14] </a></p>
<p style="text-align: justify; ">The Venezuelan writ of habeas data expressly provides that individuals "are entitled to know the purpose of and the policy behind these registries." Also, it expresses a right to "updating, rectification, or destruction of any database that is inaccurate or that undermines their entitlements." Article 28 also declares that the “secrecy of the sources of newspapers and of other entities or individuals as defined by law-shall be preserved."<a href="#fn15" name="fr15">[15] </a></p>
<p style="text-align: justify; "><b>Philippines</b></p>
<p style="text-align: justify; ">It is not as if the remedy of Habeas Data is available only in Latin American jurisdictions, but even in Asia the writ of Habeas Data has been specifically granted by the Supreme Court of the Philippines vide its resolution dated January 22, 2008 which provides that “The writ of habeas data is a remedy available to any person whose right to privacy in life, liberty or security is violated or threatened by an unlawful act or omission of a public official or employee, or of a private individual or entity engaged in the gathering, collecting or storing of data or information regarding the person, family, home and correspondence of the aggrieved party.” According to the Rule on Writ of Habeas Data, the petition is to be filed with the Regional Trial Court where the petitioner or respondent resides, or which has jurisdiction over the place where the data or information is gathered, collected or stored, at the option of the petitioner. The petition may also be filed with the Supreme Court or the Court of Appeals or the Sandiganbayan when the action concerns public data files of government offices.<a href="#fn16" name="fr16">[16] </a></p>
<p style="text-align: justify; ">Two major distinctions are immediately visible between the Philippine right and that in the latin jurisdictions discussed above. One is the fact that in countries such as Bazil, Argentina and Paraguay, there does not appear to be a prerequisite to filing such an action asking for the information, whereas in Philippines it seems that such a petition can only be filed only if an individual’s “right to privacy in life, liberty or security is violated or threatened by an unlawful act or omission”. This means that the Philippine concept of habeas data is much more limited in its scope and is available to the citizens only under certain specific conditions. On the other hand the scope of the Philippine right of Habeas Data is much wider in its applicability in the sense that this right is available even against private individual and entities who are “engaged in the gathering, collecting or storing of data or information regarding the person, family, home and correspondence”. In the Latin American jurisdictions discussed above, this writ appears to be available only against either public institutions or private institutions having some public character.</p>
<h3 style="text-align: justify; ">Main features of Habeas Data</h3>
<p style="text-align: justify; ">Thus from the discussion above, the main features of the writ of habeas data, as it is applied in various jurisdictions can be culled out as follows: <a href="#fn17" name="fr17">[17] </a></p>
<ul style="text-align: justify; ">
<li>It is a right to the individual or citizen to ask for his/her information contained with any data registry;</li>
<li>It is available only against public (government) entities or employees; or private entities having a public character;<a href="#fn18" name="fr18">[18] </a> </li>
<li>Usually it also gives the individuals the right to correct any wrong information contained in the data registry;</li>
<li>It is a remedy that is usually available by approaching any single judicial forum.</li>
</ul>
<p style="text-align: justify; ">Since the writ of Habeas Data has been established and evolved primarily in Latin American countries, there is not too much literature on it available freely in the English language and that is a serious hurdle in researching this area. For example, this author did not find many article mentioning the scope of the writ of habeas data, for example whether it is an absolute right and on what grounds can it be denied. The Constitution of Venezuela, for example, specifies that the law shall establish exceptions to these principles and infact mentions the secrecy of sources for newspapers as an exception to this rule.<a href="#fn19" name="fr19">[19] </a></p>
<p style="text-align: justify; ">Similarly in Argentina, there exists a public interest exception to the issuance of the writ of Habeas Data.<a href="#fn20" name="fr20">[20] </a></p>
<p style="text-align: justify; ">That said, although little literature on the specific exceptions to habeas data is freely available in English, references can still be found to exceptions such as state security (Brazil), secrecy of newspaper sources (Argentina and Venezuela), or other entities defined by law (Venezuela).<a href="#fn21" name="fr21">[21] </a></p>
<p style="text-align: justify; ">This suggests that the, as would be expected, the right to ask for the writ of habeas data is not an absolute right but would also be subject to certain exceptions and balanced against other needs such as state security and police investigations.</p>
<h3 style="text-align: justify; ">Habeas Data in the context of Privacy</h3>
<p style="text-align: justify; ">Data protection legislation and mechanisms protect people against misuse of personal information by data controllers. Habeas Data, being a figure for use only by certain countries, gives the individuals the right to access, correct, and object to the processing of their information.</p>
<p style="text-align: justify; ">In general, privacy is the genus and data protection is the species, data protection is a right to personal privacy that people have against the possible use of their personal data by data controllers in an unauthorized manner or against the requirements of force. Habeas Data is an action that is brought before the courts to allow the protection of the individual’s image, privacy, honour, self-determination of information and freedom of information of a person. In that sense, the right of Habeas Data can be found within the broader ambit of data protection. It does not require data processors to ensure the protection of personal data processed but is a legal action requiring the person aggrieved, after filing a complaint with the courts of justice, the access and/or rectification to any personal data which may jeopardize their right to privacy.<a href="#fn22" name="fr22">[22] </a></p>
<h3 style="text-align: justify; ">Habeas Data in the Indian Context</h3>
<p style="text-align: justify; ">Although a number of judgments of the Apex Court in India have recognised the existence of a right to privacy by interpreting the fundamental rights to life and free movement in the Constitution of India,<a href="#fn23" name="fr23">[23] </a></p>
<p style="text-align: justify; ">the writ of habeas data has no legal recognition under Indian law. However, as is evident from the discussion above, a writ of habeas data is very useful in protecting the right to privacy of individuals and it would be a very useful tool to have in the hands of the citizens. The fact that India has a fairly robust right to information legislation means that atleast some facets of the right of habeas data are available under Indian law. We shall now examine the Indian Right to Information Act, 2005 (RTI Act) to see what facets of habeas data are already available under this Act and what aspects are left wanting. As mentioned above, the writ of habeas data has the following main features:</p>
<ul style="text-align: justify; ">
<li>It is a right to the individual or citizen to ask for his/her information contained with any data registry;</li>
<li>It is available only against public (government) entities or employees; or private entities having a public character;<a href="#fn24" name="fr24">[24] </a></li>
<li>Usually it also gives the individuals the right to correct any wrong information contained in the data registry;</li>
<li>It is a remedy that is usually available by approaching any single judicial forum.</li>
</ul>
<p style="text-align: justify; ">We shall now take each of these features and analyse whether the RTI Act provides any similar rights and how they differ from each other.</p>
<p style="text-align: justify; "><b>Right to seek his/her information contained with a data registry</b></p>
<p style="text-align: justify; ">Habeas data enables the individual to seek his or her information contained in any data registry. The RTI Act allows citizens to seek “information” which is under the control of or held by any public authority. The term information has been defined under the RTI Act to mean “any material in any form, including records, documents, memos, e-mails, opinions, advices, press releases, circulars, orders, logbooks, contracts, reports, papers, samples, models, data material held in any electronic form and information relating to any private body which can be accessed by a public authority under any other law for the time being in force”.<a href="#fn25" name="fr25">[25] </a></p>
<p style="text-align: justify; ">Further, the term “record” has been defined to include “(a) any document, manuscript and file; (b) any microfilm, microfiche and facsimile copy of a document; (c) any reproduction of image or images embodied in such microfilm (whether enlarged or not); and (d) any other material produced by a computer or any other device”. It is quite apparent that the meaning given to the term information is quite wide and can include various types of information within its fold. The term “information” as defined in the RTI Act has been further elaborated by the Supreme Court in the case of Central Board of Secondary Education v. Aditya Bandopadhyay,<a href="#fn26" name="fr26">[26] </a></p>
<p style="text-align: justify; ">where the Court has held that a person’s evaluated answer sheet for the board exams held by the CBSE would come under the ambit of “information” and should be accessible to the person under the RTI Act.<a href="#fn27" name="fr27">[27] </a></p>
<p style="text-align: justify; ">An illustrative list of items that have been considered to be “information” under the RTI Act would be helpful in further understanding the concept:</p>
<ol style="text-align: justify; ">
<li>Asset declarations by Judges;<a href="#fn28" name="fr28">[28]</a></li>
<li>Copy of inspection report prepared by the Reserve Bank of India about a Co-operative Bank;<a href="#fn29" name="fr29">[29] </a></li>
<li>Information on the status of an enquiry;<a href="#fn30" name="fr30">[30] </a></li>
<li>Information regarding cancellation of an appointment letter;<a href="#fn31" name="fr31">[31] </a></li>
<li>Information regarding transfer of services;<a href="#fn32" name="fr32">[32] </a></li>
<li>Information regarding donations given by the President of India out of public funds.<a href="#fn33" name="fr33">[33] </a></li>
</ol>
<p style="text-align: justify; ">The above list would indicate that any personal information relation to an individual that is available in a government registry would in all likelihood be considered as “information” under the RTI Act.</p>
<p style="text-align: justify; ">However, just because the information asked for is considered to come within the ambit of section 2(h) does not mean that the person will be granted access to such information if it falls under any of the exceptions listed in section 8 of the RTI Act. Section 8 provides that if the information asked falls into any of the categories specified below then such information shall not be released in an application under the RTI Act, the categories are:</p>
<p style="text-align: justify; ">"(a) information, disclosure of which would prejudicially affect the sovereignty and integrity of India, the security, strategic, scientific or economic interests of the State, relation with foreign State or lead to incitement of an offence; <br />(b) information which has been expressly forbidden to be published by any court of law or tribunal or the disclosure of which may constitute contempt of court; <br />(c) information, the disclosure of which would cause a breach of privilege of Parliament or the State Legislature; <br />(d) information including commercial confidence, trade secrets or intellectual property, the disclosure of which would harm the competitive position of a third party, unless the competent authority is satisfied that larger public interest warrants the disclosure of such information; <br />(e) information available to a person in his fiduciary relationship, unless the competent authority is satisfied that the larger public interest warrants the disclosure of such information; <br />(f) information received in confidence from foreign Government; <br />(g) information, the disclosure of which would endanger the life or physical safety of any person or identify the source of information or assistance given in confidence for law enforcement or security purposes; <br />(h) information which would impede the process of investigation or apprehension or prosecution of offenders; <br />(i) cabinet papers including records of deliberations of the Council of Ministers, Secretaries and other officers: <br />Provided that the decisions of Council of Ministers, the reasons thereof, and the material on the basis of which the decisions were taken shall be made public after the decision has been taken, and the matter is complete, or over: <br />Provided further that those matters which come under the exemptions specified in this section shall not be disclosed; <br />(j) information which relates to personal information the disclosure of which has no relationship to any public activity or interest, or which would cause unwarranted invasion of the privacy of the individual unless the Central Public Information Officer or the State Public Information Officer or the appellate authority, as the case may be, is satisfied that the larger public interest justifies the disclosure of such information: <br />Provided that the information which cannot be denied to the Parliament or a State Legislature shall not be denied to any person."</p>
<p style="text-align: justify; ">The above mentioned exceptions seem fairly reasonable and infact are important since public records may contain information of a private nature which the data subject would not want revealed, and that is exactly why personal information is a specific exception mentioned under the RTI Act. When comparing this list to the recognised exceptions under habeas data, it must be remembered that a number of the exceptions listed above would not be relevant in a habeas data petition such as commercial secrets, personal information, etc. The exceptions which could be relevant for both the RTI Act as well as a habeas data writ would be (a) national security or sovereignty, (b) prohibition on publication by a court, (c) endangering the physical safety of a person, (d) hindrance in investigation of a crime. It is difficult to imagine a court (especially in India) granting a habeas data writ in violation of these four exceptions.</p>
<p style="text-align: justify; ">Certain other exceptions that may be relevant in a habeas data context but are not mentioned in the common list above are (a) information received in a fiduciary relationship; (b) breach of legislative privilege, (c) cabinet papers; and (d) information received in confidence from a foreign government. These four exceptions are not as immediately appealing as the others listed above because there are obviously competing interests involved here and different jurisdictions may take different points of view on these competing interests.<a href="#fn34" name="fr34">[34] </a></p>
<p style="text-align: justify; ">Available only against public (government) entities or entities having public character.</p>
<p style="text-align: justify; ">A habeas corpus writ is maintainable in a court to ask for information relating to the petitioner held by either a public entity or a private entity having a public character. In India, the right to information as defined in the RTI Act means the right to information accessible under the Act held by or under the control of any public authority. The term "public authority" has been defined under the Act to mean “any authority or body or institution of self-government established or constituted—</p>
<p style="text-align: justify; ">(a) by or under the Constitution;<br />(b) by any other law made by Parliament;<br />(c) by any other law made by State Legislature;<br />(d) by notification issued or order made by the appropriate Government, and includes any— (i) body owned, controlled or substantially financed; (ii) non-Government organisation substantially financed, directly or indirectly by funds provided by the appropriate Government;"<a href="#fn35" name="fr35">[35] </a></p>
<p style="text-align: justify; ">Therefore most government departments as well as statutory as well as government controlled corporations would come under the purview of the term "public authority". For the purposes of the RTI Act, either control or substantial financing by the government would be enough to bring an entity under the definition of public authority.<a href="#fn36" name="fr36">[36]</a></p>
<p style="text-align: justify; ">The above interpretation is further bolstered by the fact that the preamble of the RTI Act contains the term “governments and their instrumentalities".<a href="#fn37" name="fr37">[37] </a></p>
<p style="text-align: justify; "><b>Right to correct wrong information</b> <br />While certain sectoral legislations such as the Representation of the People Act and the Collection of Statistics Act, etc. may provide for correction of inaccurate information, the RTI Act does not have any such provisions. This stands to reason because the RTI Act is not geared towards providing people with information about themselves but is instead a transparency law which is geared at dissemination of information, which may or may not relate to an individual.</p>
<p style="text-align: justify; "><b>Available upon approaching a single judicial forum<br /></b>While the right of habeas data is available only upon approaching a judicial forum, the right to information under the RTI Act is realised entirely through the bureaucratic machinery. This also means that the individuals have to approach different entities in order to get the information that they need instead of approaching just one centralised entity.</p>
<h3 style="text-align: justify; ">Conclusion</h3>
<p style="text-align: justify; ">There is no doubt that habeas data, by itself cannot end massive electronic surveillance of the kind that is being carried out by various governments in this day and age and the excessive collection of data by private sector companies, but providing the citizenry with the right to ask for such a writ would provide a critical check on such policies and practices of vast surveillance.<a href="#fn38" name="fr38">[38] </a></p>
<p style="text-align: justify; ">An informed citizenry, armed with a right such as habeas data, would be better able to learn about the information being collected and kept on them under the garb of law and governance, to access such information, and to demand its correction or deletion when its retention by the government is not justified.</p>
<p style="text-align: justify; ">As we have discussed in this paper, under Indian law the RTI Act gives the citizens certain aspects of this right but with a few notable exceptions. Therefore, if a writ such as habeas data is to be effectuated in India, it might perhaps be a better idea to approach it by amending/tweaking the existing structure of the RTI Act to grant individuals the right to correct mistakes in the data along with creating a separate department/mechanism so that the applications demanding access to one’s own data do not have to be submitted in different departments but can be submitted at one central place. This approach may be more pragmatic rather than asking for a change in the Constitution to grant to the citizens the right to ask for a writ in the nature of habeas data.</p>
<p style="text-align: justify; ">There may be calls to also include private data processors within the ambit of the right to habeas data, but it could be challenging to enforce this right. This is because it is still feasible to assume that the government can put in place machinery to ensure that it can find out whether information about a particular individual is available with any of the government’s myriad departments and corporations, however it would be almost impossible for the government to track every single private database and then scan those databases to find out how many of them contain information about any specific individual. This also throws up the question whether a right such as habeas data, which originated in a specific context of government surveillance, is appropriate to protect the privacy of individuals in the private sector. Since under Indian law section 43A and the Rules thereunder, which regulate data protection, already provide for consent and notice as major bulwarks against unauthorised data collection, and limit the purpose for which such data can be utilised, privacy concerns in this context can perhaps be better addressed by strengthening these provisions rather than trying to extend the concept of habeas data to the private sector.</p>
<hr style="text-align: justify; " />
<p style="text-align: justify; ">[<a href="#fr1" name="fn1">1</a>]. González, Marc-Tizoc, ‘Habeas Data: Comparative Constitutional Interventions from Latin America Against Neoliberal States of Insecurity and Surveillance’, (2015). Chicago-Kent Law Review, Vol. 90, No. 2, 2015; St. Thomas University School of Law (Florida) Research Paper No. 2015-06. Available at SSRN:<a href="http://ssrn.com/abstract=2694803">http://ssrn.com/abstract=2694803</a></p>
<p style="text-align: justify; ">[<a href="#fr2" name="fn2">2</a>]. Article 8 of the Convention for the Protection of Individuals with regard to Automatic Processing of Personal Data, 1981, available at <a href="https://www.coe.int/en/web/conventions/full-list/-/conventions/rms/0900001680078b37">https://www.coe.int/en/web/conventions/full-list/-/conventions/rms/0900001680078b37</a></p>
<p style="text-align: justify; ">[<a href="#fr3" name="fn3">3</a>]. Guadamuz A, 'Habeas Data: The Latin-American Response to Data Protection',<a href="https://www2.warwick.ac.uk/fac/soc/law/elj/jilt/">2000 (2)</a> <i>The Journal of Information, Law and Technology (JILT)</i>.</p>
<p style="text-align: justify; ">[<a href="#fr4" name="fn4">4</a>]. <i>Id.</i></p>
<p style="text-align: justify; ">[<a href="#fr5" name="fn5">5</a>]. Speech by Chief Justice Reynato Puno, Supreme Court of Philippines delivered at the <i>UNESCO Policy Forum and Organizational Meeting of the Information for all Program (IFAP), Philippine National Committee</i>, on November 19, 2007, available at <a href="http://jlp-law.com/blog/writ-of-habeas-data-by-chief-justice-reynato-puno/">http://jlp-law.com/blog/writ-of-habeas-data-by-chief-justice-reynato-puno/</a></p>
<p style="text-align: justify; ">[<a href="#fr6" name="fn6">6</a>]. Guadamuz A, 'Habeas Data: The Latin-American Response to Data Protection',<a href="https://www2.warwick.ac.uk/fac/soc/law/elj/jilt/">2000 (2)</a> <i>The Journal of Information, Law and Technology (JILT)</i>.</p>
<p style="text-align: justify; ">[<a href="#fr7" name="fn7">7</a>]. The author does not purport to be an expert on the laws of these jurisdictions and the analysis in this paper has been based on a reading of the actual text or interpretations given in the papers that have been cited as the sources. The views in this paper should be viewed keeping this context in mind.</p>
<p style="text-align: justify; ">[<a href="#fr8" name="fn8">8</a>]. Article 5, LXXII of the Constitution of Brazil, available at <a href="https://www.constituteproject.org/constitution/Brazil_2014.pdf">https://www.constituteproject.org/constitution/Brazil_2014.pdf</a></p>
<p style="text-align: justify; ">[<a href="#fr9" name="fn9">9</a>]. Guadamuz A, 'Habeas Data vs the European Data Protection Directive', Refereed article, <a href="https://www2.warwick.ac.uk/fac/soc/law/elj/jilt/">2001 (3)</a> <i>The Journal of Information, Law and Technology (JILT)</i>.</p>
<p style="text-align: justify; ">[<a href="#fr10" name="fn10">10</a>]. Article 135 of the Constitution of Paraguay, available at <a href="https://www.constituteproject.org/constitution/Paraguay_2011.pdf?lang=en">https://www.constituteproject.org/constitution/Paraguay_2011.pdf?lang=en</a></p>
<p style="text-align: justify; ">[<a href="#fr11" name="fn11">11</a>]. The petition for a writ of amparo is a remedy available to any person whose right to life, liberty and security is violated or threatened with violation by an unlawful act or omission of a public official or employee, or of a private individual or entity.</p>
<p style="text-align: justify; ">[<a href="#fr12" name="fn12">12</a>]. Article 43 of the Constitution of Argentina, available at <a href="https://www.constituteproject.org/constitution/Argentina_1994.pdf?lang=en">https://www.constituteproject.org/constitution/Argentina_1994.pdf?lang=en</a></p>
<p style="text-align: justify; ">[<a href="#fr13" name="fn13">13</a>].<a class="external-link" href="https://www2.warwick.ac.uk/fac/soc/law/elj/jilt/2001_3/guadamuz/"> https://www2.warwick.ac.uk/fac/soc/law/elj/jilt/2001_3/guadamuz/</a></p>
<p style="text-align: justify; ">[<a href="#fr14" name="fn14">14</a>]. Article 28 of the Venezuelan Constitution, available at <a href="http://www.venezuelaemb.or.kr/english/ConstitutionoftheBolivarianingles.pdf">http://www.venezuelaemb.or.kr/english/ConstitutionoftheBolivarianingles.pdf</a></p>
<p style="text-align: justify; ">[<a href="#fr15" name="fn15">15</a>]. González, Marc-Tizoc, ‘Habeas Data: Comparative Constitutional Interventions from Latin America Against Neoliberal States of Insecurity and Surveillance’, (2015). Chicago-Kent Law Review, Vol. 90, No. 2, 2015; St. Thomas University School of Law (Florida) Research Paper No. 2015-06. Available at SSRN:<a href="http://ssrn.com/abstract=2694803">http://ssrn.com/abstract=2694803</a></p>
<p style="text-align: justify; ">[<a href="#fr16" name="fn16">16</a>]. Rule on the Writ of Habeas Data Resolution, available at <a class="external-link" href="http://hrlibrary.umn.edu/research/Philippines/Rule%20on%20Habeas%20Data.pdf">http://hrlibrary.umn.edu/research/Philippines/Rule%20on%20Habeas%20Data.pdf</a></p>
<p style="text-align: justify; ">[<a href="#fr17" name="fn17">17</a>]. The characteristics of habeas data culled out in this paper are by no means exhaustive and based only on the analysis of the jurisdictions discussed in this paper. This author does not claim to have done an exhaustive analysis of every jurisdiction where Habeas Data is available and the views in this paper should be viewed in that context.</p>
<p style="text-align: justify; ">[<a href="#fr18" name="fn18">18</a>]. Except in the case of the Philippines and Venezeula. This paper has not done an analysis of the writ of habeas data in every jurisdiction where it is available and there may be jurisdictions other than the Philippines which also give this right against private entities.</p>
<p style="text-align: justify; ">[<a href="#fr19" name="fn19">19</a>]. González, Marc-Tizoc, ‘Habeas Data: Comparative Constitutional Interventions from Latin America Against Neoliberal States of Insecurity and Surveillance’, (2015). Chicago-Kent Law Review, Vol. 90, No. 2, 2015; St. Thomas University School of Law (Florida) Research Paper No. 2015-06. Available at SSRN:<a href="http://ssrn.com/abstract=2694803">http://ssrn.com/abstract=2694803</a></p>
<p style="text-align: justify; ">[<a href="#fr20" name="fn20">20</a>]. The case of <i>Ganora v. Estado Nacional</i>, Supreme Court of Argentina, September 16, 1999, <i>cf.</i><a href="http://www.worldlii.org/int/journals/EPICPrivHR/2006/PHR2006-Argentin.html">http://www.worldlii.org/int/journals/EPICPrivHR/2006/PHR2006-Argentin.html</a></p>
<p style="text-align: justify; ">[<a href="#fr21" name="fn21">21</a>]. González, Marc-Tizoc, ‘Habeas Data: Comparative Constitutional Interventions from Latin America Against Neoliberal States of Insecurity and Surveillance’, (2015). Chicago-Kent Law Review, Vol. 90, No. 2, 2015; St. Thomas University School of Law (Florida) Research Paper No. 2015-06. Available at SSRN:<a href="http://ssrn.com/abstract=2694803">http://ssrn.com/abstract=2694803</a></p>
<p style="text-align: justify; ">[<a href="#fr22" name="fn22">22</a>].<a href="http://www.oas.org/dil/data_protection_privacy_habeas_data.htm"> http://www.oas.org/dil/data_protection_privacy_habeas_data.htm</a></p>
<p style="text-align: justify; ">[<a href="#fr23" name="fn23">23</a>]. Even the scope of the right to privacy is currently under review in the Supreme Court of India. See “Right to Privacy in Peril”, <a href="http://cis-india.org/internet-governance/blog/right-to-privacy-in-peril">http://cis-india.org/internet-governance/blog/right-to-privacy-in-peril</a></p>
<p style="text-align: justify; ">[<a href="#fr24" name="fn24">24</a>]. Except in the case of the Philippines. This paper has not done an analysis of the writ of habeas data in every jurisdiction where it is available and there may be jurisdictions other than the Philippines which also give this right against private entities.</p>
<p style="text-align: justify; ">[<a href="#fr25" name="fn25">25</a>]. Section 2(f) of the Right to Information Act, 2005.</p>
<p style="text-align: justify; ">[<a href="#fr26" name="fn26">26</a>]. 2011 (106) AIC 187 (SC), also available at <a href="http://judis.nic.in/supremecourt/imgst.aspx?filename=38344">http://judis.nic.in/supremecourt/imgst.aspx?filename=38344</a></p>
<p style="text-align: justify; ">[<a href="#fr27" name="fn27">27</a>]. The exact words of the Court were: “The definition of `information' in section 2(f) of the RTI Act refers to any material in any form which includes records, documents, opinions, papers among several other enumerated items. The term `record' is defined in section 2(i) of the said Act as including any document, manuscript or file among others. When a candidate participates in an examination and writes his answers in an answer-book and submits it to the examining body for evaluation and declaration of the result, the answer-book is a document or record. When the answer-book is evaluated by an examiner appointed by the examining body, the evaluated answer-book becomes a record containing the `opinion' of the examiner. Therefore the evaluated answer-book is also an `information' under the RTI Act.”</p>
<p style="text-align: justify; ">[<a href="#fr28" name="fn28">28</a>]. <i>Secretary General, Supreme Court of India</i> v. <i>Subhash Chandra Agarwal</i>, AIR 2010 Del 159, available at <a href="https://indiankanoon.org/doc/1342199/">https://indiankanoon.org/doc/1342199/</a></p>
<p style="text-align: justify; ">[<a href="#fr29" name="fn29">29</a>].<i> Ravi Ronchodlal Patel</i> v. <i>Reserve Bank of India</i>, Central Information Commission, dated 6-9-2006.</p>
<p style="text-align: justify; ">[<a href="#fr30" name="fn30">30</a>].<i> Anurag Mittal</i> v. <i>National Institute of Health and Family Welfare</i>, Central Information Commission, dated 29-6-2006.</p>
<p style="text-align: justify; ">[<a href="#fr31" name="fn31">31</a>].<i> Sandeep Bansal</i> v. <i>Army Headquarters, Ministry of Defence</i>, Central Information Commission, dated 10-11-2008.</p>
<p style="text-align: justify; ">[<a href="#fr32" name="fn32">32</a>].<i> M.M. Kalra</i> v. <i>DDA</i>, Central Information Commission, dated 20-11-2008.</p>
<p style="text-align: justify; ">[<a href="#fr33" name="fn33">33</a>].<i> Nitesh Kumar Tripathi</i> v. <i>CPIO</i>, Central Information Commission, dated 4-5-2012.</p>
<p style="text-align: justify; ">[<a href="#fr34" name="fn34">34</a>]. A similar logic may apply to the exceptions of (i) cabinet papers, and (ii) parliamentary privilege.</p>
<p style="text-align: justify; ">[<a href="#fr35" name="fn35">35</a>]. Section 2 (h) of the Right to Information Act, 2005.</p>
<p style="text-align: justify; ">[<a href="#fr36" name="fn36">36</a>].<i> M.P. Verghese</i> v. <i>Mahatma Gandhi University</i>, 2007 (58) AIC 663 (Ker), available at <a href="https://indiankanoon.org/doc/1189278/">https://indiankanoon.org/doc/1189278/</a></p>
<p style="text-align: justify; ">[<a href="#fr37" name="fn37">37</a>].<i> Principal, M.D. Sanatan Dharam Girls College, Ambala City</i> v. <i>State Information Commissioner</i>, AIR 2008 P&H 101, available at <a href="https://indiankanoon.org/doc/1672120/">https://indiankanoon.org/doc/1672120/</a></p>
<p style="text-align: justify; ">[<a href="#fr38" name="fn38">38</a>]. González, Marc-Tizoc, ‘Habeas Data: Comparative Constitutional Interventions from Latin America Against Neoliberal States of Insecurity and Surveillance’, (2015). Chicago-Kent Law Review, Vol. 90, No. 2, 2015; St. Thomas University School of Law (Florida) Research Paper No. 2015-06. Available at SSRN:<a href="http://ssrn.com/abstract=2694803">http://ssrn.com/abstract=2694803</a></p>
<p>
For more details visit <a href='https://cis-india.org/internet-governance/blog/habeas-data-in-india'>https://cis-india.org/internet-governance/blog/habeas-data-in-india</a>
</p>
No publisherVipul Kharbanda and edited by Elonnai HickokFeaturedHabeas DataInternet GovernancePrivacy2016-12-10T04:01:40ZBlog EntryIndian Newspapers' Digital Transition
https://cis-india.org/raw/indian-newspapers-digital-transition
<b>This report examines the digital transition underway at three leading newspapers in India, the Dainik Jagran in Hindi, English-language Hindustan Times, and Malayala Manorama in Malayalam. Our focus is on how they are changing their newsroom organisation and journalistic work to expand their digital presence and adapt to a changing media environment. The report comes out of a collaboration between the CIS and the Reuters Institute for the Study of Journalism, University of Oxford, and was supported by the latter. The research was undertaken by Zeenab Aneez, with contributions from Rasmus Kleis Nielsen, Vibodh Parthasarathi, and Sumandro Chattapadhyay.</b>
<p> </p>
<h4>Download: <a href="http://reutersinstitute.politics.ox.ac.uk/sites/default/files/Indian%20Newspapers%27%20Digital%20Transition.pdf">PDF</a>.</h4>
<p>Cross-posted from the <a href="http://reutersinstitute.politics.ox.ac.uk/publication/indian-newspapers-digital-transition">Reuters Institute for the Study of Journalism</a> (December 08, 2016).</p>
<hr />
<h2>Executive Summary</h2>
<p>This report examines the digital transition underway at three leading newspapers in India, the <em>Dainik Jagran</em> in Hindi, English-language <em>Hindustan Times</em>, and <em>Malayala Manorama</em> in Malayalam. Our focus is on how they are changing their newsroom organisation and journalistic work to expand their digital presence and adapt to a changing media environment.</p>
<p>The background for the report is the rapid and continued growth in digital media use in India. Especially since 2010, internet use has grown at an explosive pace, driven by the spread of mobile web access, also outside large urban areas and the more affluent and highly educated English-language minority that have historically represented a large part of India’s internet users. Some analysts estimate more than 30% of Indians had some form of internet access by the end of 2015 (IAMAI-IMRB, 2015). With this growth has come a perceptible shift of audience attention and advertising investment away from legacy media like print and television and towards digital media. This shift has been accompanied by the launch of a number of new digital media start-ups in India and, especially, the growing role of large international technology companies investing in the Indian market.</p>
<p>These developments present Indian newspapers with new challenges and opportunities. Print circulation and advertising is still growing in India, but more slowly than in the past, and especially the English-language market
seems saturated and ripe for the shift towards digital media that has happened elsewhere. From 2014 to 2015, the Indian advertising market grew by 13%. Print grew 8%, but English-language newspaper advertising only half of that. Digital advertising, in contrast, grew by 38%, and is projected to continue to grow for years to come as digital media become more central to India’s overall media environment (KPMG-FICCI, 2016).</p>
<p>If they want to secure their long-term future and continued editorial and commercial success, Indian newspapers have to adapt to these changes. The three case studies in this report represent three different examples of how major newspapers are navigating this transition.</p>
<p>Based on over 30 interviews conducted with senior management, editors, and rank-and-file reporters from three major newspapers, as well as other senior journalists and researchers who have wider experience in the Indian
news industry, plus secondary sources including industry reports and academic research, we show the following.</p>
<ul><li>All three newspapers are proactively investing in digital media technology and expertise, and adapting their editorial priorities, parts of their daily workflow, distribution strategies, and business model to the
rise of digital media. Tools like Chartbeat are now commonplace; search engine optimisation, social media optimisation, and audience analytics are part of everyday work; and some are experimenting with new
formats (<em>Hindustan Times</em> was a launch partner for Facebook Instant Articles; <em>Manorama Online</em> has produced both Virtual Reality and 360 videos, an Apple watch app, and is on Amazon Echo).<br /><br /></li>
<li>Given that the print newspaper industry is still growing in India, especially in Indian-language markets, these newspapers are innovating from a position of relative strength in comparison to their North American and European counterparts. However, this is done with the awareness that that print is becoming a relatively less important part of the Indian media environment, and digital media more important. Short-term, reach and profits come from print, but longer term, all have to build a strong digital presence to succeed editorially and commercially.<br /><br /></li>
<li>All three newspapers aim to do this by building on the assets they have as legacy media organisations, and trying to leverage their brand reputation, audience reach, and editorial resources to maintain an edge over digital news start-ups and international news providers. Their legacy, however, offers not only assets, but also liabilities. As successful incumbents, all of them struggle with the inertia that comes from established organisational structures and professional cultures. To change their organisation and culture, and thus more effectively combine new technologies and skills with existing core competences, each newspaper is not only investing in digital media and personnel, but also trying to change at least parts of the existing newspaper to adapt to an increasingly digital media environment.<br /><br /></li>
<li>They do this in different ways. At <em>Dainik Jagran</em> and <em>Malayala Manorama</em>, the focus has been on building up separate digital operations at Jagran.com and Manorama Online, apart from the printed newspaper itself. At the <em>Hindustan Times</em>, in contrast, the aim has been to integrate print and digital in a joint operation working across platforms and channels. <em>Dainik Jagran</em> and <em>Malayala Manoroma</em> have thus focused mostly on building up new digital assets, whereas the <em>Hindustan Times</em> has been transforming existing assets to work across platforms. At <em>Dainik Jagran</em> and <em>Malayala Manorama</em>, much of the push for change has come from management, whereas there has been a stronger editorial involvement at the <em>Hindustan Times</em>, and a greater attempt to engage rank-and-file reporters through training sessions and other initiative designed to demonstrate not only the commercial importance, but also the editorial potential, of digital media.<br /><br /></li>
<li>All three newspapers have found that expanding their digital operations requires investment of money in new technologies and in staff with new skills. But it is also clear that this is not enough. Investment in technology has to be accompanied by a change in organisation and culture to effectively leverage existing assets in a digital media environment. In their attempts to do this, the most significant barriers have been a perceived cultural hierarchy, deeply ingrained especially in the newsroom, that print journalism is somehow inherently superior to
digital journalism, and a lack of effective synergy between editorial leaders and managers, often combined with a lack of technical know-how. Money can buy new tools and bring in new expertise, but it cannot on its own change culture, ensure synergy, or align the organisation with new priorities. This requires leadership and broad-based change. Long-term, senior editors, management, and rank-and-file reporters will have to work and change together to secure Indian newspapers’ role in an increasingly digital media environment.</li></ul>
<p>Digital media thus present Indian newspapers with challenges and opportunities similar to those newspapers have faced elsewhere. Only they face these from a position of greater strength, because of the continued growth in their print business, and with the benefit of having seen how things have developed in more technologically developed markets. We hope this report will help them navigate the digital transition ahead.</p>
<p> </p>
<p>
For more details visit <a href='https://cis-india.org/raw/indian-newspapers-digital-transition'>https://cis-india.org/raw/indian-newspapers-digital-transition</a>
</p>
No publisherzeenabDigital NewsRAW PublicationsResearchers at WorkResearchDigital MediaFeaturedPublicationsHomepage2016-12-09T07:12:53ZBlog EntryThe Technology behind Big Data
https://cis-india.org/internet-governance/blog/technology-behind-big-data
<b>The authors undertakes a high-level literature review of the most commonly used technological tools and processes in the big data life cycle. The big data life cycle is a conceptual construct that can be used to study the various stages that typically occur in collecting, storing and analysing big data, along with the principles that can govern these processes.</b>
<p> </p>
<h4><a class="external-link" href="http://cis-india.org/internet-governance/files/technology-behind-big-data.pdf/view">Download the Paper</a> (PDF, 277 kb)</h4>
<hr />
<h2 style="text-align: justify;">Introduction</h2>
<p style="text-align: justify;">Defining big data is a disputed area in the field of computer science<a name="_ftnref1" href="#_ftn1"><sup><sup>[1]</sup></sup></a>, there is some consensus on a basic structure to its definition<a name="_ftnref2" href="#_ftn2"><sup><sup>[2]</sup></sup></a>. Big data is data that is collected in the form of datasets that has three main criteria: size, variety & velocity, all of which operate at an immense scale<a name="_ftnref3" href="#_ftn3"><sup><sup>[3]</sup></sup></a>. It is ‘big’ in size, often running into petabytes of information, has vast variety within its components, and is created, captured and analysed at an incredibly rapid velocity. All of this also makes big data difficult to handle using traditional technological tools and techniques.</p>
<p style="text-align: justify;">This paper will attempt to perform a high-level literature review of the most commonly used technological tools and processes in the big data life cycle. The big data life cycle is a conceptual construct that can be used to study the various stages that typically occur in collecting, storing and analysing big data, along with the principles that can govern these processes. The big data life cycle consists of four components, which will also be the key structural points of the paper, namely: Data Acquisition, Data Awareness, Data Analytics & Data Governance.<strong><sup>4</sup> </strong>The paper will focus on the aspects that the author believes are relevant for analysing the technological impact of big data on both technology itself and society at large.</p>
<p style="text-align: justify;"><strong>Scope: </strong>The scope of the paper is to study the technology used in big data using the "Life Cycle of Big Data" as model structure to categorise & study the vast range of technologies that are involved in big data. However, the paper will be limited to the study of technology related directly to the big data life cycle. It shall specifically exclude the use/utilisation of big data from its scope since big data is most often being fed into other, unrelated technologies for consumption leading to rather limitless possibilities.</p>
<p style="text-align: justify;"><strong>Goal:</strong> Goal of the paper is twofold: a.) to use the available literature on the technological aspects of big data, to perform a brief overview of the technology in the field and b.) to frame the relevant research questions for studying the technology of big data and its possible impact on society.</p>
<h2 style="text-align: justify;">Data Acquisition</h2>
<p style="text-align: justify;">Acquiring big data has two main sub components to it, the first being sensing the existence of the data’ itself and the second, the stage of collecting and storing this data. Both of these subcomponents are incredibly diverse fields, with lots of rapid change occurring in the technology utilised to carry out these tasks. The section will provide a brief overview of the subcomponents and then discuss the technology used to fulfil the tasks.</p>
<h2 style="text-align: justify;">Data Sensing</h2>
<p style="text-align: justify;">Data does not exist in a vacuum and is always created as a part of a larger process, especially in the aspect of modern technology. Therefore, the source of the data itself plays a vital role in determining how it can be captured and analysed in the larger scheme of things. Entities constantly emit information into the environment that can be utilised for the purposes of big data, leading to two main kinds of data: data that is “born digital” or “born analogue.”<a name="_ftnref4" href="#_ftn4"><sup><sup>[4]</sup></sup></a></p>
<h3 style="text-align: justify;">Born Digital Data</h3>
<p style="text-align: justify;">Information that is “born digital,” is created, by a user or by a digital system, specifically for use by a computer or data‐processing system. This is a vast range of information and newer fields are being added to this category on a daily basis. It includes, as a short, indicative list: email and text messaging, any form of digital input, including keyboards, mouse interactions and touch screens, GPS location data, data from daily home appliances (Internet of Things), etc. All of this data can be tracked and tagged to users as well as be aggregated to form a larger picture, massively increasing the scope of what may constitute the ‘data’ in big data.</p>
<p style="text-align: justify;">Some indicative uses of how such born digital data is catalogued by technological solutions on the user side, prior to being sent for collection/storage are:</p>
<p style="text-align: justify;">a.) Cookies - There are small, often just text, files that are left on user devices by websites in order to that visit, task or action (for example, logging into an email account) with a subsequent event.<a name="_ftnref5" href="#_ftn5"><sup><sup>[5]</sup></sup></a> (for example, revisiting the website)</p>
<p style="text-align: justify;">b.) Website Analytics<a name="_ftnref6" href="#_ftn6"><sup><sup>[6]</sup></sup></a> - Various services, such as Google Analytics, Piwik, etc., can use JavaScript and other web development languages to record a very detailed, intimate track of a user's actions on a website, including how long a user hovers above a link, the time spent on the website/application and in some cases, even the time spent specific aspects of the page.</p>
<p style="text-align: justify;">c.) GPS<a name="_ftnref7" href="#_ftn7"><sup><sup>[7]</sup></sup></a> - With the almost pervasive usage of smartphones with basic location capabilities, GPS sensors on these devices are used to provide regular, minute driven updates to applications, operating systems and even third parties about the user's location. Modern variations such as A-GPS can be used to provide basic positioning information even without satellite coverage, vastly expanding the indoor capabilities of location collection.</p>
<p style="text-align: justify;">All of these instances of sensing born digital data are common terms, used in daily parlance by billions of people from all over the world, which is a symbolic of just how deeply they have pervaded into our daily lifestyle. Apart from privacy & security concerns this in turn also leads to an exponential increase in the data available to collect for any interested party.</p>
<h3 style="text-align: justify;">Sensor Data</h3>
<p style="text-align: justify;">Information is said to be “analogue” when it contains characteristics of the physical world, such as images, video, heartbeats, etc. Such information becomes electronic when processed by a “sensor,” a device that can record physical phenomena and convert it into digital information. Some examples to better illustrate information that is born analogue but collected via digital means are:</p>
<p style="text-align: justify;">a.) Voice and/or video content on devices - Apart from phone calls and other forms communication, video and voice based interactions have started to regularly be captured to provide enhanced services. These include Google Now<a name="_ftnref8" href="#_ftn8"><sup><sup>[8]</sup></sup></a>, Cortana<a name="_ftnref9" href="#_ftn9"><sup><sup>[9]</sup></sup></a> and other digital assistants as well as voice guided navigation systems in cars, etc.</p>
<p style="text-align: justify;">b.) Personal health data such as heartbeats, blood pressure, respiration, velocity, etc. - This personal, potentially very powerful information is collected by dedicated sensors on devices such as Fitbit<a name="_ftnref10" href="#_ftn10"><sup><sup>[10]</sup></sup></a>, Mi Band<a name="_ftnref11" href="#_ftn11"><sup><sup>[11]</sup></sup></a>, etc. as well as by increasingly sophisticated smartphone applications such as Google Fit that can do so without any special device.</p>
<p style="text-align: justify;">c.) Camera on Home Appliances - Cameras and sensors on devices such as video game consoles (Kinect<a name="_ftnref12" href="#_ftn12"><sup><sup>[12]</sup></sup></a> being a relevant example) can record detailed human interactions, which can be mined for vast amounts of information apart from carrying out the basic interactions with the devices itself.</p>
<p style="text-align: justify;">While not as vast a category as born digital data, the increasingly lower costs of technology and ubiquitous usage of digital, networked devices is leading to information that was traditionally analogue in nature to be captured for use at a rapidly increasing rate.</p>
<h2 style="text-align: justify;">Data Collection & Storage</h2>
<p style="text-align: justify;">Traditional data was normally processed using the Extract, Transform, Load (ETL) methodology, which was used to collect the data from outside sources, modify the data to fit needs, and then upload the data into the data storage system for future use.<a name="_ftnref13" href="#_ftn13"><sup><sup>[13]</sup></sup></a> Technology such as spreadsheets, RDBMS databases, Structured Query Languages (SQL), etc. were all initially used to carry out these tasks, more often than not manually. <a name="_ftnref14" href="#_ftn14"><sup><sup>[14]</sup></sup></a></p>
<p style="text-align: justify;">However, for big data, the methodology traditionally followed is both inefficient and insufficient to meet the demands of modern use. Therefore, the Magnetic, Agile, Deep (MAD) process is used to collect and store data<a name="_ftnref15" href="#_ftn15"><sup><sup>[15]</sup></sup></a><a name="_ftnref16" href="#_ftn16"><sup><sup>[16]</sup></sup></a>. The needs and benefits of such a system are: attracting all the data sources regardless of their quality (magnetic), logical and physical contents of storage systems adapting to the rapid data evolution in big data (agile) and complex algorithmic statistical analysis required of big data on a very short notice<a name="_ftnref17" href="#_ftn17"><sup><sup>[17]</sup></sup></a>. (deep)</p>
<p style="text-align: justify;">The technology used to perform data storage using the MAD process requires vast amount of processing power, which is very difficult to create in a single, physical space/unit for nonstate or research entities, who cannot afford supercomputers. Therefore, most solutions used in big data rely on two major components to store data: distributed systems and Massive Parallel Processing<a name="_ftnref18" href="#_ftn18"><sup><sup>[18]</sup></sup></a> (MPP) that run on non-relational (in-memory) database systems. Database performance and reliability is traditionally gauged using pure performance metrics (FLOPS per second, etc.) as well as the Atomicity, consistency, isolation, durability (ACID) criteria.<a name="_ftnref19" href="#_ftn19"><sup><sup>[19]</sup></sup></a> The most commonly used database systems for big data applications are given below. The specific operational qualities and performance of each of these databases is beyond the scope of this review but the common criteria that makes them well suited for big data storage have been delineated below.</p>
<h3 style="text-align: justify;">Non-relational databases</h3>
<p style="text-align: justify;">Databases traditionally used to be structured entities that operated solely on the ability to correlate information stored in them using explicitly defined relationships. Even prior to the advent of big data, this outlook was turning out to be a limiting factor in how large amounts of stored information could be leveraged, this led to the evolution of non relational database systems. Before going into them in detail, a basic primer on their data transfer protocols will be helpful in understanding their operation.</p>
<p style="text-align: justify;">A protocol is a model that structures instructions in a particular manner so that it can be reproduced from one system to another<a name="_ftnref20" href="#_ftn20"><sup><sup>[20]</sup></sup></a><a name="_ftnref21" href="#_ftn21"><sup><sup>[21]</sup></sup></a>. The protocols which govern technology in the case of big data have gone through many stages of evolution, starting off with simple HTML based systems<a name="_ftnref22" href="#_ftn22"><sup><sup>[22]</sup></sup></a>, which then evolved to XML driven SOAP systems<a name="_ftnref23" href="#_ftn23"><sup><sup>[23]</sup></sup></a>, which led to JavaScript Object Notation, or JSON<a name="_ftnref24" href="#_ftn24"><sup><sup>[24]</sup></sup></a>, the currently used form for in most big database systems. JSON is an open format used to transfer data objects, using human-readable text and is the basis for most of the commonly used non-relational database management systems. Examples of Non-relational databases also known as NoSQL databases, include MongoDB<a name="_ftnref25" href="#_ftn25"><sup><sup>[25]</sup></sup></a>, Couchbase<a name="_ftnref26" href="#_ftn26"><sup><sup>[26]</sup></sup></a>, etc. They were developed for both managing as well as storing unstructured data. They aim for scaling, flexibility, and simplified development. Such databases rather focus on the high-performance scalable data storage, and allow tasks to be written in the application layer instead of databases specific languages, allowing for greater interoperability.<a name="_ftnref27" href="#_ftn27"><sup><sup>[27]</sup></sup></a></p>
<h3 style="text-align: justify;">In-Memory Databases</h3>
<p style="text-align: justify;">In order to overcome performance limitation of traditional database systems, some modern databases now use in-memory databases. These systems manage the data in the RAM memory of the server, thus eliminating storage disk input/output. This allows for almost realtime responses from the database, in comparisons to minutes or hours required on traditional database systems. This improvement in the performance is so massive that, entirely new applications are being developed for using IMDB systems.<a name="_ftnref28" href="#_ftn28"><sup><sup>[28]</sup></sup></a> These IMDB systems are also being used for advanced analytics on big data, especially to increase the access speed to data and increase the scoring rate of analytic models for analysis.<a name="_ftnref29" href="#_ftn29"><sup><sup>[29]</sup></sup></a> Examples of IMDB include VoltDB<a name="_ftnref30" href="#_ftn30"><sup><sup>[30]</sup></sup></a>, NuoDB<a name="_ftnref31" href="#_ftn31"><sup><sup>[31]</sup></sup></a>, SolidDB<a name="_ftnref32" href="#_ftn32"><sup><sup>[32]</sup></sup></a> and Apache Spark<a name="_ftnref33" href="#_ftn33"><sup><sup>[33]</sup></sup></a>.</p>
<h2 style="text-align: justify;">Hybrid Systems</h2>
<p style="text-align: justify;">These are the two major systems used to store data prior to it being processed or analysed in a big data application. However, the divide between data storage and data management is a slim one and most database systems also contain various unique attributes that cater them to specific kinds of analysis. (as can be seen from the IMDB example above) One example of a very commonly used Hybrid system that deals with storage as well as awareness of the data is Apache Hadoop<sup>33</sup>, which is detailed below.</p>
<h2 style="text-align: justify;">Apache Hadoop</h2>
<p style="text-align: justify;">Hadoop consists of two main components: the HDFS for the big data storage, and MapReduce for big data analytics, each of which will be detailed in their respective section.</p>
<ol style="text-align: justify;">
<li>The HDFS<a name="_ftnref34" href="#_ftn34"><sup><sup>[34]</sup></sup></a><a name="_ftnref35" href="#_ftn35"><sup><sup>[35]</sup></sup></a> storage function in Hadoop provides a reliable distributed file system, stored across multiple systems for processing & redundancy reasons. The file system is optimized for large files, as single files are split into blocks and spread across systems known as cluster nodes.<a name="_ftnref36" href="#_ftn36"><sup><sup>[36]</sup></sup></a> Additionally, the data is protected among the nodes by a replication mechanism, which ensures availability even if any node fails. Further, there are two types of nodes: Data Nodes and Name Nodes.<a name="_ftnref37" href="#_ftn37"><sup><sup>[37]</sup></sup></a> Data is stored in the form of file blocks across the multiple Data Nodes while the Name Node acts as an intermediary between the client and the Data Node, where it directs the requesting client to the particular Data Node which contains the requested data.</li></ol>
<p style="text-align: justify;">This operating structure for storing data also has various variations within Hadoop such as HBase for key/value pair type queries (a NoSQL based system), Hive for relational type queries, etc. Hadoop’s redundancy, speed, ability to run on commodity hardware, industry support and rapid pace of development have led to it being almost co-equivalently associated with big data.<a name="_ftnref38" href="#_ftn38"><sup><sup>[38]</sup></sup></a></p>
<h2 style="text-align: justify;">Data Awareness</h2>
<p style="text-align: justify;">Data Awareness, in the context of big data, is the task of creating a scheme of relationships within a set of data, to allow different users of the data to determine a fluid yet valid context and utilise it for their desired tasks.<a name="_ftnref39" href="#_ftn39"><sup><sup>[39]</sup></sup></a> It is a relatively new field, in which most of the work is currently being done on semantic structures to allow data to gain context in an interoperable format, in contrast to the current system where data is given context using unique, model specific constructs.<a name="_ftnref40" href="#_ftn40"><sup><sup>[40]</sup></sup></a> (such as XML Schemes, etc.)</p>
<p style="text-align: justify;">Some of the original work on this field was carried out in the form of utilising the Resource Description Framework (RDF), which was built primarily to allow describing of data in a portable manner, especially being agnostic towards platforms and systems for Semantic Web at the W3C. SPARQL is the language used to implement RDF based designs but both largely remain underutilised in both the public domain as well as big data. Authors such as Kurt</p>
<p style="text-align: justify;">Cagle<a name="_ftnref41" href="#_ftn41"><sup><sup>[41]</sup></sup></a> and Bob DuCharme<a name="_ftnref42" href="#_ftn42"><sup><sup>[42]</sup></sup></a> predict its explosion in the next couple of years. Companies have also started realising the value of interoperable context, with Oracle Spatial<a name="_ftnref43" href="#_ftn43"><sup><sup>[43]</sup></sup></a> and IBM’s DB2<a name="_ftnref44" href="#_ftn44"><sup><sup>[44]</sup></sup></a> already including RDF and SPARQL support in the past 3 years.</p>
<p style="text-align: justify;">While underutilised, the rapid developments taking place in the field will make the impact that data awareness may have on big data as big as Hadoop and maybe even SQL. Some aspects of it are already beginning to be used in Artificial Intelligence, Natural Language Processing, etc. with tremendous scope for development.<a name="_ftnref45" href="#_ftn45"><sup><sup>[45]</sup></sup></a></p>
<h2 style="text-align: justify;">Data Processing & Analytics</h2>
<p style="text-align: justify;">Data Processing largely has three primary goals: a. determines if the data collected is internally consistent; b. make the data meaningful to other systems or users using either metaphors or analogy they can understand; and (what many consider most importantly) provide predictions about future events and behaviours based upon past data and trends.<a name="_ftnref46" href="#_ftn46"><sup><sup>[46]</sup></sup></a></p>
<p style="text-align: justify;">Being a very vast field with rapidly changing technologies governing its operation, this section will largely concentrate on the most commonly used technologies in data analytics.</p>
<p style="text-align: justify;">Data analytics requires four primary conditions to be met in order to carry out effective processing: fast, data loading, fast query processing, efficient utilisation of storage and adaptivity to dynamic workload patterns. The analytical model most commonly associated with meeting this criteria and with big data in general is MapReduce, detailed below. There are other, more niche models and algorithms (such as Project Voldemort<a name="_ftnref47" href="#_ftn47"><sup><sup>[47]</sup></sup></a> used by LinkedIn), which are used in big data but they are beyond the scope of the review, and more information about them can be read at article linked in the previous citation. (Reference architecture and classification of technologies, products and services for big data system)</p>
<h2 style="text-align: justify;">MapReduce</h2>
<p style="text-align: justify;">MapReduce is a generic parallel programming concept, derived from the “Map” and “Reduce” of functional programming languages, which makes it particularly suited for big data operations. It is at the core of Hadoop<a name="_ftnref48" href="#_ftn48"><sup><sup>[48]</sup></sup></a>, and performs the data processing and analytics functions in other big data systems as well.<a name="_ftnref49" href="#_ftn49"><sup><sup>[49]</sup></sup></a> The fundamental premise of MapReduce is scaling out rather than scaling up, i.e., (adding more numerical resources, rather than increasing the power of a single system)<a name="_ftnref50" href="#_ftn50"><sup><sup>[50]</sup></sup></a></p>
<p style="text-align: justify;">MapReduce operates by breaking a task down into steps and executing the steps in parallel, across many systems. This comes with two advantages, a reduction in the time needed to finish the task and also a decrease in the amount of resources one has to expend to perform the task, in both power and energy. This model makes it ideally suited for the large data sets and quick response times required of big data operations generally.</p>
<p style="text-align: justify;">The first step of a MapReduce job is to correlate the input values to a set of keys/value pairs as output. The “Map” function then partitions the processing tasks into smaller tasks, and assigns them to the appropriate key/value pairs.<a name="_ftnref51" href="#_ftn51"><sup><sup>[51]</sup></sup></a> This allows unstructured data, such as plain text, to be mapped to a structured key/value pair. As an example, the key could be the punctuation in a sentence and the value of the pair could be the number of occurrences of the punctuation overall. This output of the Map function is then passed on “Reduce” function.<a name="_ftnref52" href="#_ftn52"><sup><sup>[52]</sup></sup></a> Reduce then collects and combines this output, using identical key/value pairs, to provide the final result of the task.<a name="_ftnref53" href="#_ftn53"><sup><sup>[53]</sup></sup></a> These steps are carried using the Job Tracker & Task Tracker in Hadoop but different systems have different methodologies to carry out similar tasks.</p>
<h2 style="text-align: justify;">Data Governance</h2>
<p style="text-align: justify;">Data Governance is the act of managing raw big data as well as the processed information that arises from big data in order to meet legal, regulatory and business imposed requirements. While there is no standardized format for data governance, there have been increasing call with various sectors (especially healthcare) to create such a format to ensure reliable, secure and consistent big data utilisation across the board. The following tactics and techniques have been utilised or suggested for data governance, with varying degrees of success:</p>
<ol style="text-align: justify;">
<li><strong>Zero-knowledge systems</strong>: This technological proposal maintains secrecy with respect to the low-level data while allowing encrypted data to be examined for certain higherlevel abstractions.<a name="_ftnref54" href="#_ftn54"><sup><sup>[54]</sup></sup></a> For the system to be zero-knowledge, the client’s system will have to encrypt the data and send it to the storage provider. Due to this, the provider stores the data in the encrypted format and cannot decipher the same unless he/she is in possession of the key which will decrypt the data into plaintext. This allows the individual to store his data with a storage provider while also maintaining anonymity of the details contained in such information. However, these are currently just beginning to be used in simple situations. As of now, they are not expandable to unstructured and complex cases and have to be developed marginally before they can be used for research and data mining purposes.</li>
<li><strong>Homomorphic encryption</strong>: Homomorphic encryption is a privacy preserving technique which performs searches and other computations over data that is encrypted while also protecting the individual’s privacy.<a name="_ftnref55" href="#_ftn55"><sup><sup>[55]</sup></sup></a> This technique has however been considered to be impractical and is deemed to be an unlikely policy alternative for near future purposes in the context of preserving privacy in the age of big data.<a name="_ftnref56" href="#_ftn56"><sup><sup>[56]</sup></sup></a></li>
<li><strong>Multi-party computation</strong>: In this technique, computation is done on encrypted distributed data stores.<a name="_ftnref57" href="#_ftn57"><sup><sup>[57]</sup></sup></a> This mechanism is closely related to homomorphic encryption where individual data is kept private using encryption algorithms called “collusion-robust” while the same is used to calculate statistics.<a name="_ftnref58" href="#_ftn58"><sup><sup>[58]</sup></sup></a> The parties involved are aware of some private data and each of them use a protocol which produces results based on the information they are aware of and the information they are not aware of, without revealing the data they are not already aware of.<a name="_ftnref59" href="#_ftn59"><sup><sup>[59]</sup></sup></a> Multi-party computations thus help in generating useful data for statistical and research purposes without compromising the privacy of the individuals.</li></ol>
<ol style="text-align: justify;">
<li><strong>Differential Privacy</strong>: Although this technological development is related to encryption, it follows a different technique. Differential privacy aims at maximizing the precision of computations and database queries while reducing the identifiability of the data owners who have records in the database, usually through obfuscation of query results.<a name="_ftnref60" href="#_ftn60"><sup><sup>[60]</sup></sup></a> This is widely applied today in the existence of big data in order to ensure preservation of privacy while trying to reap the benefits of large scale data collection.<a name="_ftnref61" href="#_ftn61"><sup><sup>[61]</sup></sup></a></li>
<li><strong>Searchable encryption</strong>: Through this mechanism, the data subject can make certain data searchable while minimizing exposure and maximizing privacy.<a name="_ftnref62" href="#_ftn62"><sup><sup>[62]</sup></sup></a> The data owner can make his information available through search engines by providing the data in an encrypted format but by adding tags consisting of certain keywords which can be deciphered by the search engine. This encrypted data shows up in the search results when searched with these particular keywords but can only be read when the person is in possession of the key which is required for decrypting the information.</li></ol>
<p style="text-align: justify;">This technique of encryption provides maximum security to the individual’s data and preserves privacy to the greatest possible extent.</p>
<ol style="text-align: justify;">
<li><strong>K-anonymity</strong>: The property of k-anonymity is being applied in the present day in order to preserve privacy and avoid re-identification.<a name="_ftnref63" href="#_ftn63"><sup><sup>[63]</sup></sup></a> A certain data set is said to possess the property of k-anonymity if individual specific data can be released and used for various purposes without re-identification. The analysis of the data should be carried out without attributing the data to the individual to whom it belongs and should give scientific guarantees for the same.</li>
<li><strong>Identity Management Systems</strong>: These systems enable the individuals to establish and safeguard their identities, explain those identities with the help of attributes, follow the activity of their identities and also delete their identities if they wish to.<a name="_ftnref64" href="#_ftn64"><sup><sup>[64]</sup></sup></a> It uses cryptographic schemes and protocols to make anonymous or pseudonymous the identities and credentials of the individuals before analysing the data.</li>
<li><strong>Privacy Preserving Data Publishing</strong>: This is a method in which the analysts are provided with the individual’s personal information with the ability to decipher particular information from the database while preventing the inference of certain other information which might lead to a breach of privacy.<a name="_ftnref65" href="#_ftn65"><sup><sup>[65]</sup></sup></a> Data which is essential for the analysis will be provided for processing while sensitive data will not be disclosed. This tool primarily focuses on microdata.</li>
<li><strong>Privacy Preserving Data Mining</strong>: This mechanism uses perturbation methods and randomization along with cryptography in order to permit data mining on a filtered version of the data which does not contain any form of sensitive information. PPDM focuses on data mining results unlike PPDP.<a name="_ftnref66" href="#_ftn66"><sup><sup>[66]</sup></sup></a> </li></ol>
<h2 style="text-align: justify;">Conclusion</h2>
<p style="text-align: justify;">Studying the technology surrounding big data has led to two major observations: the rapid pace of development in the industry and the stark lack of industry standards or government regulations directed towards big data technologies. These observations have been the primary motivating factor for framing further research in the field. Understanding how to deal with big data technologically, rather than just the potential regulation of possible harms after the technological processes have been performed might be critical for the human rights dialogue as these processes become even more extensive, opaque and technologically complicated.</p>
<hr style="text-align: justify;" />
<p style="text-align: justify;"><a name="_ftn1" href="#_ftnref1">[1]</a> EMC: Data Science and Big Data Analytics. In: EMC Education Services, pp. 1–508 (2012)</p>
<p style="text-align: justify;"><a name="_ftn2" href="#_ftnref2">[2]</a> Bakshi, K.: Considerations for Big Data: Architecture and Approaches. In: Proceedings of the IEEE Aerospace Conference, pp. 1–7 (2012)</p>
<p style="text-align: justify;"><a name="_ftn3" href="#_ftnref3">[3]</a> Adams, M.N.: Perspectives on Data Mining. International Journal of Market Research 52(1), 11–19 (2010) <sup>4</sup> Elgendy, N.: Big Data Analytics in Support of the Decision Making Process. MSc Thesis, German University in Cairo, p. 164 (2013)</p>
<p style="text-align: justify;"><a name="_ftn4" href="#_ftnref4">[4]</a> Big Data and Privacy: A Technological Perspective - President’s Council of Advisors on Science and</p>
<p style="text-align: justify;">Technology (May 2014)</p>
<p style="text-align: justify;"><a name="_ftn5" href="#_ftnref5">[5]</a> Chen, Hsinchun, Roger HL Chiang, and Veda C. Storey. "Business Intelligence and Analytics: From Big Data to Big Impact." MIS quarterly 36.4 (2012): 1165-1188.</p>
<p style="text-align: justify;"><a name="_ftn6" href="#_ftnref6">[6]</a> Chandramouli, Badrish, Jonathan Goldstein, and Songyun Duan. "Temporal analytics on big data for web advertising." 2012 IEEE 28th international conference on data engineering. IEEE, 2012.</p>
<p style="text-align: justify;"><a name="_ftn7" href="#_ftnref7">[7]</a> Laurila, Juha K., et al. "The mobile data challenge: Big data for mobile computing research." Pervasive Computing. No. EPFL-CONF-192489. 2012.</p>
<p style="text-align: justify;"><a name="_ftn8" href="#_ftnref8">[8]</a> Lazer, David, et al. "The parable of Google flu: traps in big data analysis." <em>Science</em> 343.6176 (2014): 12031205.</p>
<p style="text-align: justify;"><a name="_ftn9" href="#_ftnref9">[9]</a> <em>ibid</em></p>
<p style="text-align: justify;"><a name="_ftn10" href="#_ftnref10">[10]</a> Banaee, Hadi, Mobyen Uddin Ahmed, and Amy Loutfi. "Data mining for wearable sensors in health monitoring systems: a review of recent trends and challenges." <em>Sensors</em> 13.12 (2013): 17472-17500.</p>
<p style="text-align: justify;"><a name="_ftn11" href="#_ftnref11">[11]</a> <em>ibid</em></p>
<p style="text-align: justify;"><a name="_ftn12" href="#_ftnref12">[12]</a> Chung, Eric S., John D. Davis, and Jaewon Lee. "Linqits: Big data on little clients." <em>ACM SIGARCH Computer Architecture News</em>. Vol. 41. No. 3. ACM, 2013.</p>
<p style="text-align: justify;"><a name="_ftn13" href="#_ftnref13">[13]</a> Kornelson, Kevin Paul, et al. "Method and system for developing extract transform load systems for data warehouses." U.S. Patent No. 7,139,779. 21 Nov. 2006.</p>
<p style="text-align: justify;"><a name="_ftn14" href="#_ftnref14">[14]</a> Henry, Scott, et al. "Engineering trade study: extract, transform, load tools for data migration." <em>2005 IEEE Design Symposium, Systems and Information Engineering</em>. IEEE, 2005.</p>
<p style="text-align: justify;"><a name="_ftn15" href="#_ftnref15">[15]</a> Cohen, Jeffrey, et al. "MAD skills: new analysis practices for big data." <em>Proceedings of the VLDB Endowment</em></p>
<p style="text-align: justify;"><a name="_ftn16" href="#_ftnref16">[16]</a> .2 (2009): 1481-1492.</p>
<p style="text-align: justify;"><a name="_ftn17" href="#_ftnref17">[17]</a> Elgendy, Nada, and Ahmed Elragal. "Big data analytics: a literature review paper." <em>Industrial Conference on Data Mining</em>. Springer International Publishing, 2014.</p>
<p style="text-align: justify;"><a name="_ftn18" href="#_ftnref18">[18]</a> Wu, Xindong, et al. "Data mining with big data." <em>IEEE transactions on knowledge and data engineering</em> 26.1 (2014): 97-107.</p>
<p style="text-align: justify;"><a name="_ftn19" href="#_ftnref19">[19]</a> Supra Note 17</p>
<p style="text-align: justify;"><a name="_ftn20" href="#_ftnref20">[20]</a> Hu, Han, et al. "Toward scalable systems for big data analytics: A technology tutorial." <em>IEEE Access</em> 2 (2014):</p>
<p style="text-align: justify;"><a name="_ftn21" href="#_ftnref21">[21]</a> -687.</p>
<p style="text-align: justify;"><a name="_ftn22" href="#_ftnref22">[22]</a> Kurt Cagle, Understanding the Big Data Lifecycle - LinkedIn Pulse (2015)</p>
<p style="text-align: justify;"><a name="_ftn23" href="#_ftnref23">[23]</a> Coyle, Frank P. <em>XML, Web services, and the data revolution</em>. Addison-Wesley Longman Publishing Co., Inc., 2002.</p>
<p style="text-align: justify;"><a name="_ftn24" href="#_ftnref24">[24]</a> Pautasso, Cesare, Olaf Zimmermann, and Frank Leymann. "Restful web services vs. big'web services: making the right architectural decision." <em>Proceedings of the 17th international conference on World Wide Web</em>. ACM, 2008.</p>
<p style="text-align: justify;"><a name="_ftn25" href="#_ftnref25">[25]</a> Banker, Kyle. <em>MongoDB in action</em>. Manning Publications Co., 2011</p>
<p style="text-align: justify;"><a name="_ftn26" href="#_ftnref26">[26]</a> McCreary, Dan, and Ann Kelly. "Making sense of NoSQL." <em>Shelter Island: Manning</em> (2014): 19-20.</p>
<p style="text-align: justify;"><a name="_ftn27" href="#_ftnref27">[27]</a> <em>ibid</em></p>
<p style="text-align: justify;"><a name="_ftn28" href="#_ftnref28">[28]</a> Zhang, Hao, et al. "In-memory big data management and processing: A survey." <em>IEEE Transactions on Knowledge and Data Engineering</em> 27.7 (2015): 1920-1948.</p>
<p style="text-align: justify;"><a name="_ftn29" href="#_ftnref29">[29]</a> <em>ibid</em></p>
<p style="text-align: justify;"><a name="_ftn30" href="#_ftnref30">[30]</a> <em>ibid</em></p>
<p style="text-align: justify;"><a name="_ftn31" href="#_ftnref31">[31]</a> Supra Note 20</p>
<p style="text-align: justify;"><a name="_ftn32" href="#_ftnref32">[32]</a> Ballard, Chuck, et al. <em>IBM solidDB: Delivering Data with Extreme Speed</em>. IBM Redbooks, 2011.</p>
<p style="text-align: justify;"><a name="_ftn33" href="#_ftnref33">[33]</a> Shanahan, James G., and Laing Dai. "Large scale distributed data science using apache spark." <em>Proceedings of the 21th ACM SIGKDD International Conference on Knowledge Discovery and Data Mining</em>. ACM, 2015. <sup>33</sup> Shvachko, Konstantin, et al. "The hadoop distributed file system." <em>2010 IEEE 26th symposium on mass storage systems and technologies (MSST)</em>. IEEE, 2010.</p>
<p style="text-align: justify;"><a name="_ftn34" href="#_ftnref34">[34]</a> Borthakur, Dhruba. "The hadoop distributed file system: Architecture and design." <em>Hadoop Project Website</em></p>
<p style="text-align: justify;"><a name="_ftn35" href="#_ftnref35">[35]</a> .2007 (2007): 21.</p>
<p style="text-align: justify;"><a name="_ftn36" href="#_ftnref36">[36]</a> <em>ibid</em></p>
<p style="text-align: justify;"><a name="_ftn37" href="#_ftnref37">[37]</a> <em>ibid</em></p>
<p style="text-align: justify;"><a name="_ftn38" href="#_ftnref38">[38]</a> Zikopoulos, Paul, and Chris Eaton. <em>Understanding big data: Analytics for enterprise class hadoop and streaming data</em>. McGraw-Hill Osborne Media, 2011.</p>
<p style="text-align: justify;"><a name="_ftn39" href="#_ftnref39">[39]</a> Bizer, Christian, et al. "The meaningful use of big data: four perspectives--four challenges." <em>ACM SIGMOD Record</em> 40.4 (2012): 56-60.</p>
<p style="text-align: justify;"><a name="_ftn40" href="#_ftnref40">[40]</a> Kaisler, Stephen, et al. "Big data: issues and challenges moving forward." <em>System Sciences (HICSS), 2013 46th Hawaii International Conference on</em>. IEEE, 2013.</p>
<p style="text-align: justify;"><a name="_ftn41" href="#_ftnref41">[41]</a> Supra Note 21</p>
<p style="text-align: justify;"><a name="_ftn42" href="#_ftnref42">[42]</a> DuCharme, Bob. "What Do RDF and SPARQL bring to Big Data Projects?." <em>Big Data</em> 1.1 (2013): 38-41.</p>
<p style="text-align: justify;"><a name="_ftn43" href="#_ftnref43">[43]</a> Zhong, Yunqin, et al. "Towards parallel spatial query processing for big spatial data." <em>Parallel and </em></p>
<p style="text-align: justify;"><em>Distributed Processing Symposium Workshops & PhD Forum (IPDPSW), 2012 IEEE 26th International</em>. IEEE, 2012.</p>
<p style="text-align: justify;"><a name="_ftn44" href="#_ftnref44">[44]</a> Ma, Li, et al. "Effective and efficient semantic web data management over DB2." <em>Proceedings of the 2008 ACM SIGMOD international conference on Management of data</em>. ACM, 2008.</p>
<p style="text-align: justify;"><a name="_ftn45" href="#_ftnref45">[45]</a> Lohr, Steve. "The age of big data." <em>New York Times</em> 11 (2012).</p>
<p style="text-align: justify;"><a name="_ftn46" href="#_ftnref46">[46]</a> Pääkkönen, Pekka, and Daniel Pakkala. "Reference architecture and classification of technologies, products and services for big data systems." <em>Big Data Research</em> 2.4 (2015): 166-186.</p>
<p style="text-align: justify;"><a name="_ftn47" href="#_ftnref47">[47]</a> Sumbaly, Roshan, et al. "Serving large-scale batch computed data with project voldemort." <em>Proceedings of the 10th USENIX conference on File and Storage Technologies</em>. USENIX Association, 2012.</p>
<p style="text-align: justify;"><a name="_ftn48" href="#_ftnref48">[48]</a> Bar-Sinai, Michael. "Big Data Technology Literature Review." <em>arXiv preprint arXiv:1506.08978</em> (2015).</p>
<p style="text-align: justify;"><a name="_ftn49" href="#_ftnref49">[49]</a> ibid</p>
<p style="text-align: justify;"><a name="_ftn50" href="#_ftnref50">[50]</a> Condie, Tyson, et al. "MapReduce Online." <em>Nsdi</em>. Vol. 10. No. 4. 2010.</p>
<p style="text-align: justify;"><a name="_ftn51" href="#_ftnref51">[51]</a> Supra Note 47</p>
<p style="text-align: justify;"><a name="_ftn52" href="#_ftnref52">[52]</a> Dean, Jeffrey, and Sanjay Ghemawat. "MapReduce: a flexible data processing tool." <em>Communications of the ACM</em> 53.1 (2010): 72-77.</p>
<p style="text-align: justify;"><a name="_ftn53" href="#_ftnref53">[53]</a> ibid</p>
<p style="text-align: justify;"><a name="_ftn54" href="#_ftnref54">[54]</a> Big Data and Privacy: A Technological Perspective, White House,</p>
<p style="text-align: justify;">https://www.whitehouse.gov/sites/default/files/microsites/ostp/PCAST/pcast_big_data_and_privacy__may_2014</p>
<p style="text-align: justify;"><a name="_ftn55" href="#_ftnref55">[55]</a> Tene, Omer, and Jules Polonetsky. "Big data for all: Privacy and user control in the age of analytics." <em>Nw. J. Tech. & Intell. Prop.</em> 11 (2012): xxvii.</p>
<p style="text-align: justify;"><a name="_ftn56" href="#_ftnref56">[56]</a> Big Data and Privacy: A Technological Perspective, White House,</p>
<p style="text-align: justify;">https://www.whitehouse.gov/sites/default/files/microsites/ostp/PCAST/pcast_big_data_and_privacy__may_2014</p>
<p style="text-align: justify;"><a name="_ftn57" href="#_ftnref57">[57]</a> Privacy by design in big data, ENISA</p>
<p style="text-align: justify;"><a name="_ftn58" href="#_ftnref58">[58]</a> Big Data and Privacy: A Technological Perspective, White House,</p>
<p style="text-align: justify;">https://www.whitehouse.gov/sites/default/files/microsites/ostp/PCAST/pcast_big_data_and_privacy__may_2014</p>
<p style="text-align: justify;"><a name="_ftn59" href="#_ftnref59">[59]</a> Id</p>
<p style="text-align: justify;"><a name="_ftn60" href="#_ftnref60">[60]</a> Id</p>
<p style="text-align: justify;"><a name="_ftn61" href="#_ftnref61">[61]</a> Tene, Omer, and Jules Polonetsky. "Privacy in the age of big data: a time for big decisions." <em>Stanford Law Review Online</em> 64 (2012): 63.</p>
<p style="text-align: justify;"><a name="_ftn62" href="#_ftnref62">[62]</a> Lane, Julia, et al., eds. <em>Privacy, big data, and the public good: Frameworks for engagement</em>. Cambridge University Press, 2014.</p>
<p style="text-align: justify;"><a name="_ftn63" href="#_ftnref63">[63]</a> Crawford, Kate, and Jason Schultz. "Big data and due process: Toward a framework to redress predictive privacy harms." <em>BCL Rev.</em> 55 (2014): 93.</p>
<p style="text-align: justify;"><a name="_ftn64" href="#_ftnref64">[64]</a> http://homes.esat.kuleuven.be/~sguerses/papers/DanezisGuersesSurveillancePets2010.pdf</p>
<p style="text-align: justify;"><a name="_ftn65" href="#_ftnref65">[65]</a> Seda Gurses and George Danezis, A critical review of 10 years of privacy technology, August 12th 2010, http://homes.esat.kuleuven.be/~sguerses/papers/DanezisGuersesSurveillancePets2010.pdf</p>
<p style="text-align: justify;"><a name="_ftn66" href="#_ftnref66">[66]</a> Id</p>
<p>
For more details visit <a href='https://cis-india.org/internet-governance/blog/technology-behind-big-data'>https://cis-india.org/internet-governance/blog/technology-behind-big-data</a>
</p>
No publisherGeethanjali Jujjavarapu and Udbhav TiwariBig DataPrivacyInternet GovernanceFeaturedHomepage2016-12-04T09:53:43ZBlog Entry Internet Researchers' Conference 2017 (IRC17) - Selection of Sessions
https://cis-india.org/raw/irc17-selection
<b>We have a wonderful range of session proposals for the second Internet Researchers' Conference (IRC17) to take place in Bengaluru on March 03-05, 2017. From the 23 submitted session proposals, we will now select 10 to be part of the final Conference agenda. The selection will be done through votes casted by the teams that have proposed the sessions. This will take place in December 2016. Before that, we invite the session teams and other contributors to share their comments and suggestions on the submitted sessions. Please share your comments by December 14, either on session pages directly, or via email (sent to raw at cis-india dot org).</b>
<p> </p>
<p>The Internet Researchers' Conference 2017 (IRC17) will be organised by the Centre for Internet and Society (CIS) in partnership with the <a href="http://citapp.iiitb.ac.in/">Centre for Information Technology and Public Policy</a> at the International Institute of Information Technology Bangalore (IIIT-B).</p>
<hr />
<h3><strong>Proposed Sessions</strong></h3>
<h4>01. <a href="https://cis-india.github.io/irc/irc17/sessions/notfewnotweird.html" target="_blank">#NotFewNotWeird</a> (Surfatial: Malavika Rajnarayan, Prayas Abhinav, and Satya Gummuluri)</h4>
<h4>02. <a href="https://cis-india.github.io/irc/irc17/sessions/virtualfringe.html" target="_blank">#VirtualFringe</a> (Ritika Pant, Sagorika Singha, and Vibhushan Subba)</h4>
<h4>03. <a href="https://cis-india.github.io/irc/irc17/sessions/studentindicusageonline.html" target="_blank">#StudentIndicUsageOnline</a> (Shruti Nagpal and Sneha Verghese)</h4>
<h4>04. <a href="https://cis-india.github.io/irc/irc17/sessions/speakmylanguageinternet.html" target="_blank">#SpeakMyLanguageInternet</a> (Anubhuti Yadav, Sunetra Sen Narayan, Shalini Narayanan, Anand Pradhan, and Shashwati Goswami)</h4>
<h4>05. <a href="https://cis-india.github.io/irc/irc17/sessions/archivesforstorytelling.html" target="_blank">#ArchivesForStorytelling</a> (V Jayant, Venkat Srinivasan, Chaluvaraju, Bhanu Prakash, and Dinesh)</h4>
<h4>06. <a href="https://cis-india.github.io/irc/irc17/sessions/selfiesfromthefield.html" target="_blank">#SelfiesFromTheField</a> (Kavitha Narayanan, Oindrila Matilal and Onkar Hoysala)</h4>
<h4>07. <a href="https://cis-india.github.io/irc/irc17/sessions/openaccessscholarlypublishing.html" target="_blank">#OpenAccessScholarlyPublishing</a> (Nirmala Menon, Abhishek Shrivastava and Dibyaduti Roy)</h4>
<h4>08. <a href="https://cis-india.github.io/irc/irc17/sessions/digitalpedagogies.html" target="_blank">#DigitalPedagogies</a> (Nidhi Kalra, Ashutosh Potdar, and Ravikant Kisana)</h4>
<h4>09. <a href="https://cis-india.github.io/irc/irc17/sessions/digitalmusicanddigitalreactions.html" target="_blank">#DigitalMusicAndDigitalReactions</a> (Shivangi Narayan and Sarvpriya Raj)</h4>
<h4>10. <a href="https://cis-india.github.io/irc/irc17/sessions/renarrationweb.html" target="_blank">#RenarrationWeb</a> (Dinesh, Venkatesh Choppella, Srinath Srinivasa, and Deepak Prince)</h4>
<h4>11. <a href="https://cis-india.github.io/irc/irc17/sessions/indiclanguagesandinternetcohabitation.html" target="_blank">IndicLanguagesAndInternetCoHabitation</a> (Sreedhar Kallahalla, Ranjeet Kumar, Mohan Rao, and Anjali K. Mohan)</h4>
<h4>12. <a href="https://cis-india.github.io/irc/irc17/sessions/digitalpedagogy.html" target="_blank">#DigitalPedagogy</a> (Padmini Ray Murray and Dibyaduti Roy)</h4>
<h4>13. <a href="https://cis-india.github.io/irc/irc17/sessions/copyleftrightleft.html" target="_blank">#CopyLeftRightLeft</a> (Ravishankar Ayyakkannu and Srikanth Lakshmanan)</h4>
<h4>14. <a href="https://cis-india.github.io/irc/irc17/sessions/objectsofdigitalgovernance.html" target="_blank">#ObjectsofDigitalGovernance</a> (Marine Al Dahdah, Rajiv K. Mishra, Khetrimayum Monish Singh, and Sohan Prasad Sha)</h4>
<h4>15. <a href="https://cis-india.github.io/irc/irc17/sessions/materializingwriting.html" target="_blank">#MaterializingWriting</a> (Sneha Puthiya Purayil, Padmini Ray Murray, Dibyadyuti Roy, and Indrani Roy)</h4>
<h4>16. <a href="https://cis-india.github.io/irc/irc17/sessions/dotbharatadoption.html" target="_blank">#DotBharatAdoption</a> (V. Sridhar and Amit Prakash)</h4>
<h4>17. <a href="https://cis-india.github.io/irc/irc17/sessions/digitaldesires.html" target="_blank">#DigitalDesires</a> (Dhiren Borisa, Akhil Kang, and Dhrubo Jyoti)</h4>
<h4>18. <a href="https://cis-india.github.io/irc/irc17/sessions/thedigitalcommonplace.html" target="_blank">#TheDigitalCommonplace</a> (Ammel Sharon and Sujeet George)</h4>
<h4>19. <a href="https://cis-india.github.io/irc/irc17/sessions/digitalidentities.html" target="_blank">#DigitalIdentities</a> (Janaki Srinivasan, Savita Bailur, Emrys Schoemaker, Jonathan Donner, and Sarita Seshagiri)</h4>
<h4>20. <a href="https://cis-india.github.io/irc/irc17/sessions/toolstoamultitextuniverse.html" target="_blank">#ToolsToAMultitextUniverse</a> (Spandana Bhowmik and Sunanda Bose)</h4>
<h4>21. <a href="https://cis-india.github.io/irc/irc17/sessions/digitalisingknowledge.html" target="_blank">#DigitalisingKnowledge</a> (Sneha Ragavan)</h4>
<h4>22. <a href="https://cis-india.github.io/irc/irc17/sessions/ICTDethics.html" target="_blank">#ICTDEthics</a> (Bidisha Chaudhuri, Andy Dearden, Linus Kendall, Dorothea Kleine, and Janaki Srinivasan)</h4>
<h4>23. <a href="https://cis-india.github.io/irc/irc17/sessions/representationandpower.html" target="_blank">#RepresentationAndPower</a> (Bidisha Chaudhuri, Andy Dearden, Linus Kendall, Dorothea Kleine, and Janaki Srinivasan)</h4>
<p> </p>
<p>
For more details visit <a href='https://cis-india.org/raw/irc17-selection'>https://cis-india.org/raw/irc17-selection</a>
</p>
No publishersumandroInternet StudiesInternet Researcher's ConferenceResearchers at WorkFeaturedLearningIRC17Homepage2016-12-12T13:37:23ZBlog EntryBig Data in India: Benefits, Harms, and Human Rights - Workshop Report
https://cis-india.org/internet-governance/big-data-in-india-benefits-harms-and-human-rights-a-report
<b>The Centre for Internet and Society held a one-day workshop on “Big Data in India: Benefits, Harms and Human Rights” at India Habitat Centre, New Delhi on the 1st of October, 2016. This report is a compilation of the the issues discussed, ideas exchanged and challenges recognized during the workshop. The objective of the workshop was to discuss aspects of big data technologies in terms of harms, opportunities and human rights. The discussion was designed around an extensive study of current and potential future uses of big data for governance in India, that CIS has undertaken over the last year with support from the MacArthur Foundation.</b>
<p> </p>
<p><strong>Contents</strong></p>
<p><a href="#1"><strong>Big Data: Definitions and Global South Perspectives</strong></a></p>
<p><a href="#2"><strong>Aadhaar as Big Data</strong></a></p>
<p><a href="#3"><strong>Seeding</strong></a></p>
<p><a href="#4"><strong>Aadhaar and Data Security</strong></a></p>
<p><a href="#5"><strong>Aadhaar’s Relational Arrangement with Big Data Scheme</strong></a></p>
<p><a href="#6"><strong>The Myths surrounding Aadhaar</strong></a></p>
<p><a href="#7"><strong>IndiaStack and FinTech Apps</strong></a></p>
<p><a href="#8"><strong>Problems with UID</strong></a></p>
<hr />
<h2 id="1">Big Data: Definitions and Global South Perspectives</h2>
<div style="text-align: justify;" dir="ltr"> </div>
<p style="text-align: justify;" dir="ltr">“Big Data” has been defined by multiple scholars till date. The first consideration at the workshop was to discuss various definitions of big data, and also to understand what could be considered Big Data in terms of governance, especially in the absence of academic consensus. One of the most basic ways to define it, as given by the National Institute of Standards and Technology, USA, is to take it to be the data that is beyond the computational capacity of current systems. This definition has been accepted by the UIDAI of India. Another participant pointed out that Big Data is not only indicative of size, but rather the nature of data which is unstructured, and continuously flowing. The Gartner definition of Big Data relies on the three Vs i.e. Volume (size), Velocity (infinite number of ways in which data is being continuously collected) and Variety (the number of ways in which data can be collected in rows and columns).</p>
<p style="text-align: justify;" dir="ltr">The presentation also looked at ways in which Big Data is different from traditional data. It was pointed out that it can accommodate diverse unstructured datasets, and it is ‘relational’ i.e. it needs the presence of common field(s) across datasets which allows these fields to be conjoined. For e.g., the UID in India is being linked to many different datasets, and they don’t constitute Big Data separately, but do so together. An increasingly popular definition is to define data as “Big Data” based on what can be achieved through it. It has been described by authors as the ability to harness new kinds of insight which can inform decision making. It was pointed out that CIS does not subscribe to any particular definition, and is still in the process of coming up with a comprehensive definition of Big Data.</p>
<p style="text-align: justify;" dir="ltr">Further, discussion touched upon the approach to Big Data in the Global South. It was pointed out that most discussions about Big Data in the Global South are about the kind of value that it can have, the ways in which it can change our society. The Global North, on the other hand, has moved on to discussing the ethics and privacy issues associated with Big Data.</p>
<p style="text-align: justify;" dir="ltr">After this, the presentation focussed on case studies surrounding key Central Government initiatives and projects like Aadhaar, Predictive Policing, and Financial Technology (FinTech).</p>
<h2 id="2">Aadhaar as Big Data</h2>
<p style="text-align: justify;" dir="ltr">In presenting CIS’ case study on Aadhaar, it was pointed out that initially, Aadhaar, with its enrollment dataset was by itself being seen as Big Data. However, upon careful consideration in light of definitions discussed above, it can be seen as something that enables Big Data. The different e-governance projects within Digital India, along with Aadhaar, constitute Big Data. The case study discussed the Big Data implications of Aadhaar, and in particular looked at a ‘cradle to grave’ identity mapping through various e-government projects and the datafication of various transaction generated data.</p>
<h2 id="3">Seeding</h2>
<p style="text-align: justify;" dir="ltr">Any digital identity like Aadhaar typically has three features: 1. Identification i.e. a number or card used to identify yourself; 2. Authentication, which is based on your number or card and any other digital attributes that you might have; 3. Authorisation: As bearers of the digital identity, we can authorise the service providers to take some steps on our behalf. The case study discussed ‘seeding’ which enables the Big Data aspects of Digital India. In the process of seeding, different government databases can be seeded with the UID number using a platform called Ginger. Due to this, other databases can be connected to UIDAI, and through it, data from other databases can be queried by using your Aadhaar identity itself. This is an example of relationality, where fractured data is being brought together. At the moment, it is not clear whether this access by UIDAI means that an actual physical copy of such data from various sources will be transferred to UIDAI’s servers or if they will just access it through internet, but the data remains on the host government agency’s server. An example of even private parties becoming a part of this infrastructure was raised by a participant when it was pointed out that Reliance Jio is now asking for fingerprints. This can then be connected to the relational infrastructure being created by UIDAI. The discussion then focused on how such a structure will function, where it was mentioned that as of now, it cannot be said with certainty that UIDAI will be the agency managing this relational infrastructure in the long run, even though it is the one building it.</p>
<h2 id="4">Aadhaar and Data Security</h2>
<p style="text-align: justify;" dir="ltr">This case study also dealt with the sheer lack of data protection legislation in India except for S.43A of the IT Act. The section does not provide adequate protection as the constitutionality of the rules and regulations under S.43A is ambivalent. More importantly, it only refers to private bodies. Hence, any seeding which is being done by the government is outside the scope of data protection legislation. Thus, at the moment, no legal framework covers the processes and the structures being used for datasets. Due to the inapplicability of S.43A to public bodies, questions were raised as to the existence of a comprehensive data protection policy for government institutions. Participants answered the question in the negative. They pointed out that if any government department starts collecting data, they develop their own privacy policy. There are no set guidelines for such policies and they do not address concerns related to consent, data minimisation and purpose limitation at all. Questions were also raised about the access and control over Big Data with government institutions. A tentative answer from a participant was that such data will remain under the control of the domain specific government ministry or department, for e.g. MNREGA data with the Ministry of Rural Development, because the focus is not on data centralisation but rather on data linking. As long as such fractured data is linked and there is an agency that is responsible to link them, this data can be brought together. Such data is primarily for government agencies. But the government is opening up certain aspects of the data present with it for public consumption for research and entrepreneurial purposes.The UIDAI provides you access to your own data after paying a minimal fee. The procedure for such access is still developing.</p>
<h2 id="5">Aadhaar’s Relational Arrangement with Big Data Scheme</h2>
<p style="text-align: justify;" dir="ltr">The various Digital India schemes brought in by the government were elucidated during the workshop. It was pointed out that these schemes extend to myriad aspects of a citizen’s daily life and cover all the essential public services like health, education etc. This makes Aadhaar imperative even though the Supreme Court has observed that it is not mandatory for every citizen to have a unique identity number. The benefits of such identity mapping and the ecosystem being generated by it was also enumerated during the discourse. But the complete absence of any data ethics or data confidentiality principles make us unaware of the costs at which these benefits are being conferred on us. Apart from surveillance concerns, the knowledge gap being created between the citizens and the government was also flagged. Three main benefits touted to be provided by Aadhaar were then analysed. The first is the efficient delivery of services. This appears to be an overblown claim as the Aadhaar specific digitisation and automation does not affect the way in which employment will be provided to citizens through MNREGA or how wage payment delays will be overcome. These are administrative problems that Aadhaar and associated technologies cannot solve. The second is convenience to the citizens. The fallacies in this assertion were also brought out and identified. Before the Aadhaar scheme was rolled in, ration cards were issued based on certain exclusion and inclusion criteria.. The exclusion and inclusion criteria remain the same while another hurdle in the form of Aadhaar has been created. As India is still lacking in supporting infrastructure such as electricity, server connectivity among other things, Aadhaar is acting as a barrier rather than making it convenient for citizens to enroll in such schemes.The third benefit is fraud management. Here, a participant pointed out that this benefit was due to digitisation in the form of GPS chips in food delivery trucks and electronic payment and not the relational nature of Aadhaar. Aadhaar is only concerned with the linking up or relational part. About deduplication, it was pointed out how various government agencies have tackled it quite successfully by using technology different from biometrics which is unreliable at the best of times.</p>
<h2 id="6">The Myths surrounding Aadhaar</h2>
<p style="text-align: justify;" dir="ltr">The discussion also reflected on the fact that Aadhaar is often considered to be a panacea that subsumes all kinds of technologies to tackle leakages. However, this does not take into account the fact that leakages happen in many ways. A system should have been built to tackle those specific kinds of leakages, but the focus is solely on Aadhaar as the cure for all. Notably, participants who have been a part of the government pointed out how this myth is misleading and should instead be seen as the first step towards a more digitally enhanced country which is combining different technologies through one medium.</p>
<h2 id="7">IndiaStack and FinTech Apps</h2>
<h3 id="71">What is India Stack?</h3>
<p style="text-align: justify;" dir="ltr">The focus then shifted to another extremely important Big Data project, India Stack, being conceptualised and developed by a team of private developers called iStack, for the NPCI. It builds on the UID project, Jan Dhan Yojana and mobile services trinity to propagate and develop a cashless, presence-less, paperless and granular consent layer based on UID infrastructure to digitise India.</p>
<p style="text-align: justify;" dir="ltr">A participant pointed out that the idea of India Stack is to use UID as a platform and keep stacking things on it, such that more and more applications are developed. This in turn will help us to move from being a ‘data poor’ country to a ‘data rich’ one. The economic benefits of this data though as evidenced from the TAGUP report - a report about the creation of National Information Utilities to manage the data that is present with the government - is for the corporations and not the common man. The TAGUP report openly talks about privatisation of data.</p>
<h3 id="72">Problems with India Stack</h3>
<p style="text-align: justify;" dir="ltr">The granular consent layer of India Stack hasn’t been developed yet but they have proposed to base it on MIT Media Lab’s OpenPDS system. The idea being that, on the basis of the choices made by the concerned person, access to a person’s personal information may be granted to an agency like a bank. What is more revolutionary is that India Stack might even revoke this access if the concerned person expresses a wish to do so or the surrounding circumstances signal to India Stack that it will be prudent to do so. It should be pointed out that the the technology required for OpenPDS is extremely complex and is not available in India. Moreover, it’s not clear how this system would work. Apart from this, even the paperless layer has its faults and has been criticised by many since its inception, because an actual government signed and stamped paper has been the basis of a claim.. In the paperless system, you are provided a Digilocker in which all your papers are stored electronically, on the basis of your UID number. However, it was brought to light that this doesn’t take into account those who either do not want a Digilocker or UID number or cases where they do not have access to their digital records. How in such cases will people make claims?</p>
<h3 id="73">A Digital Post-Dated Cheque: It’s Ramifications</h3>
<p style="text-align: justify;" dir="ltr">A key change that FinTech apps and the surrounding ecosystem want to make is to create a digital post-dated cheque so as to allow individuals to get loans from their mobiles especially in remote areas. This will potentially cut out the need to construct new banks, thus reducing the capital expenditure , while at the same time allowing the credit services to grow. The direct transfer of money between UID numbers without the involvement of banks is a step to further help this ecosystem grow. Once an individual consents to such a system, however, automatic transfer of money from one’s bank accounts will be affected, regardless of the reason for payment. This is different from auto debt deductions done by banks presently, as in the present system banks have other forms of collateral as well. The automatic deduction now is only affected if these other forms are defaulted upon. There is no knowledge as to whether this consent will be reversible or irreversible. As Jan Dhan Yojana accounts are zero balance accounts, the account holder will be bled dry. The implication of schemes such as “Loan in under 8 minutes” were also discussed. The advantage of such schemes is that transaction costs are reduced.The financial institution can thus grant loans for the minimum amount without any additional enquiries. It was pointed out that this new system is based on living on future income much like the US housing bubble crash. Interestingly, in Public Distribution Systems, biometrics are insisted upon even though it disrupts the system. This can be seen as a part of the larger infrastructure to ensure that digital post-dated cheques become a success.</p>
<h3 id="74">The Role of FinTech Apps</h3>
<p style="text-align: justify;" dir="ltr">FinTech ‘apps’ are being presented with the aim of propagating financial inclusion. The Technology Advisory Group for Unique Projects report stated that as managing such information sources is a big task, just like electricity utilities, a National Information Utilities (NIU) should be set up for data sources. These NIUs as per the report will follow a fee based model where they will be charging for their services for government schemes. The report identified two key NIUs namely the National Payments Corporation of India (NPCI) and the Goods and Services Tax Network (GSTN). The key usage that FinTech applications will serve is credit scoring. The traditional credit scoring data sources only comprised a thin file of records for an individual, but the data that FinTech apps collect - a person’s UID number, mobile number. and bank account number all linked up, allow for a far more comprehensive credit rating. Government departments are willing to share this data with FinTech apps as they are getting analysis in return. Thus, by using UID and the varied data sources that have been linked together by UID, a ‘thick file’ is now being created by FinTech apps. Banking apps have not yet gone down the route of FinTech apps to utilise Big Data for credit scoring purposes.</p>
<p style="text-align: justify;" dir="ltr"> </p>
<p style="text-align: justify;" dir="ltr">The two main problems with such apps is that there is no uniform way of credit scoring. This distorts the rate at which a person has to pay interest. The consent layer adds another layer of complication as refusal to share mobile data with a FinTech app may lead to the app declaring one to be a risky investment thus, subjecting that individual to a higher rate of interest .</p>
<div style="text-align: justify;" dir="ltr"> </div>
<h3 id="75">Regulation of FinTech Apps and the UID Infrastructure</h3>
<p style="text-align: justify;" dir="ltr"> India Stack and the applications that are being built on it, generate a lot of transaction metadata that is very intimate in nature. The privacy aspects of the UID legislation doesn't cover such data. The granular consent layer which has been touted to cover this still has to come into existence. Also, Big Data is based on sharing and linking of data. Here, privacy concerns and Big Data objectives clash. Big Data by its very nature challenges privacy principles like data minimisation and purpose limitation.The need for regulation to cover the various new apps and infrastructure which are being developed was pointed out.</p>
<h2 id="8">Problems with UID</h2>
<p style="text-align: justify;" dir="ltr">It has been observed that any problem present with Aadhaar is usually labelled as a teething problem, it’s claimed that it will be solved in the next 10 years. But, this begs the question - why is the system online right now?</p>
<div style="text-align: justify;" dir="ltr"> </div>
<p style="text-align: justify;" dir="ltr">Aadhaar is essentially a new data condition and a new exclusion or inclusion criteria. Data exclusion modalities as observed in Rajasthan after the introduction of biometric Point of Service (POS) machines at ration shops was found to be 45% of the population availing PDS services. This number also includes those who were excluded from the database by being included in the wrong dataset. There is no information present to tell us how many actual duplicates and how many genuine ration card holders were weeded out/excluded by POS.</p>
<div style="text-align: justify;" dir="ltr"> </div>
<p style="text-align: justify;" dir="ltr">It was also mentioned that any attempt to question Aadhaar is considered to be an attempt to go back to the manual system and this binary thinking needs to change. Big Data has the potential to benefit people, as has been evidenced by the scholarship and pension portals. However, Big Data’s problems arise in systems like PDS, where there is centralised exclusion at the level of the cloud. Moreover, the quantity problem present in the PDS and MNREGA systems persists. There is still the possibility of getting lesser grains and salary even with analysis of biometrics, hence proving that there are better technologies to tackle these problems. Presently, the accountability mechanisms are being weakened as the poor don’t know where to go to for redressal. Moreover, the mechanisms to check whether the people excluded are duplicates or not is not there. At the time of UID enrollment, out of 90 crores, 9 crore were rejected. There was no feedback or follow-up mechanism to figure out why are people being rejected. It was just assumed that they might have been duplicates.</p>
<div style="text-align: justify;" dir="ltr"> </div>
<p style="text-align: justify;" dir="ltr">Another problem is the rolling out of software without checking for inefficiencies or problems at a beta testing phase. The control of developers over this software, is so massive that it can be changed so easily without any accountability.. The decision making components of the software are all proprietary like in the the de-duplication algorithm being used by the UIDAI. Thus, this leads to a loss of accountability because the system itself is in flux, none of it is present in public domain and there are no means to analyse it in a transparent fashion..</p>
<div style="text-align: justify;" dir="ltr"> </div>
<p style="text-align: justify;" dir="ltr">These schemes are also being pushed through due to database politics. On a field study of NPR of citizens, another Big Data scheme, it was found that you are assumed to be an alien if you did not have the documents to prove that you are a citizen. Hence, unless you fulfill certain conditions of a database, you are excluded and are not eligible for the benefits that being on the database afford you.</p>
<div style="text-align: justify;" dir="ltr"> </div>
<p style="text-align: justify;" dir="ltr">Why is the private sector pushing for UIDAI and the surrounding ecosystem?</p>
<p style="text-align: justify;" dir="ltr">Financial institutions stand to gain from encouraging the UID as it encourages the credit culture and reduces transaction costs.. Another advantage for the private sector is perhaps the more obvious one, that is allows for efficient marketing of products and services..</p>
<div style="text-align: justify;" dir="ltr"> </div>
<p style="text-align: justify;" dir="ltr">The above mentioned fears and challenges were actually observed on the ground and the same was shown through the medium of a case study in West Bengal on the smart meters being installed there by the state electricity utility. While the data coming in from these smart meters is being used to ensure that a more efficient system is developed,it is also being used as a surrogate for income mapping on the basis of electricity bills being paid. This helps companies profile neighbourhoods. The technical officer who first receives that data has complete control over it and he can easily misuse the data. This case study again shows that instruments like Aadhaar and India Stack are limited in their application and aren’t the panacea that they are portrayed to be.</p>
<div style="text-align: justify;" dir="ltr"> </div>
<p style="text-align: justify;" dir="ltr">A participant pointed out that in the light of the above discussions, the aim appears to be to get all kinds of data, through any source, and once you have gotten the UID, you link all of this data to the UID number, and then use it in all the corporate schemes that are being started. Most of the problems associated with Big Data are being described as teething problems. The India Stack and FinTech scheme is coming in when we already know about the problems being faced by UID. The same problems will be faced by India Stack as well.</p>
<div style="text-align: justify;" dir="ltr"> </div>
<p style="text-align: justify;" dir="ltr">Can you opt out of the Aadhaar system and the surrounding ecosystem?</p>
<div style="text-align: justify;" dir="ltr"> </div>
<p style="text-align: justify;" dir="ltr">The discussion then turned towards whether there can be voluntary opting out from Aadhaar. It was pointed out that the government has stated that you cannot opt out of Aadhaar. Further, the privacy principles in the UIDAI bill are ambiguously worded where individuals only have recourse for basic things like correction of your personal information. The enforcement mechanism present in the UIDAI Act is also severely deficient. There is no notification procedure if a data breach occurs. . The appellate body ‘Cyber Appellate Tribunal’ has not been set up in three years.</p>
<div style="text-align: justify;" dir="ltr"> </div>
<p style="text-align: justify;" dir="ltr">CCTNS: Big Data and its Predictive Uses</p>
<div style="text-align: justify;" dir="ltr"> </div>
<p style="text-align: justify;" dir="ltr">What is Predictive Policing?</p>
<p style="text-align: justify;" dir="ltr">The next big Big Data case study was on the Crime and Criminal Tracking Network & Systems (CCTNS). Originally it was supposed to be a digitisation and interconnection scheme where police records would be digitised and police stations across the length and breadth of the country would be interconnected. But, in the last few years some police departments of states like Chandigarh, Delhi and Jharkhand have mooted the idea of moving on to predictive policing techniques. It envisages the use of existing statistical and actuarial techniques along with many other tropes of data to do so. It works in four ways: 1. By predicting the place and time where crimes might occur; 2. To predict potential future offenders; 3. To create profiles of past crimes in order to predict future crimes; 4. Predicting groups of individuals who are likely to be victims of future crimes.</p>
<div style="text-align: justify;" dir="ltr"> </div>
<p style="text-align: justify;" dir="ltr">How is Predictive Policing done?</p>
<p style="text-align: justify;" dir="ltr">To achieve this, the following process is followed: 1. Data collection from various sources which includes structured data like FIRs and unstructured data like call detail records, neighbourhood data, crime seasonal patterns etc. 2. Analysis by using theories like the near repeat theory, regression models on the basis of risk factors etc. 3. Intervention</p>
<div style="text-align: justify;" dir="ltr"> </div>
<div style="text-align: justify;" dir="ltr"> </div>
<p style="text-align: justify;" dir="ltr">Flaws in Predictive Policing and questions of bias</p>
<p style="text-align: justify;" dir="ltr">An obvious weak point in the system is that if the initial data going into the system is wrong or biased, the analysis will also be wrong. Efforts are being made to detect such biases. An important way to do so will be by building data collection practices into the system that protect its accuracy. The historical data being entered into the system is carrying on the prejudices inherited from the British Raj and biases based on religion, caste, socio-economic background etc.</p>
<div style="text-align: justify;" dir="ltr"> </div>
<p style="text-align: justify;" dir="ltr">One participant brought about the issue of data digitization in police stations, and the impact of this haphazard, unreliable data on a Big Data system. This coupled with paucity of data is bound to lead to arbitrary results. An effective example was that of black neighbourhoods in the USA. These are considered problematic and thus they are policed more, leading to a higher crime rate as they are arrested for doing things that white people in an affluent neighbourhood get away with. This in turn further perpetuates the crime rate and it becomes a self-fulfilling prophecy. In India, such a phenomenon might easily develop in the case of migrants, de-notified tribes, Muslims etc. A counter-view on bias and discrimination was offered here. One participant pointed out that problems with haphazard or poor quality of data is not a colossal issue as private companies are willing to fill this void and are actually doing so in exchange for access to this raw data. It was also pointed out how bias by itself is being used as an all encompassing term. There are multiplicities of biases and while analysing the data, care should be taken to keep it in mind that one person’s bias and analysis might and usually does differ from another. Even after a computer has analysed the data, the data still falls into human hands for implementation.</p>
<p style="text-align: justify;" dir="ltr">The issue of such databases being used to target particular communities on the basis of religion, race, caste, ethnicity among other parameters was raised. Questions about control and analysis of data were also discussed, i.e. whether it will be top-down with data analysis being done in state capitals or will this analysis be done at village and thana levels as well too. It was discussed as topointed out how this could play a major role in the success and possible persecutory treatment of citizens, as the policemen at both these levels will have different perceptions of what the data is saying. . It was further pointed out, that at the moment, there’s no clarity on the mode of implementation of Big Data policing systems. Police in the USA have been seen to rely on Big Data so much that they have been seen to become ‘data myopic’. For those who are on the bad side of Big Data, in the Indian context, laws like preventive detention can be heavily misused.There’s a very high chance that predictive policing due to the inherent biases in the system and the prejudices and inefficiency of the legal system will further suppress the already targeted sections of the society. A counterpoint was raised and it was suggested that contrary to our fears, CCTNS might lead to changes in our understanding and help us to overcome longstanding biases.</p>
<p style="text-align: justify;" dir="ltr">Open Knowledge Architecture as a solution to Big Data biases?</p>
<p style="text-align: justify;" dir="ltr">The conference then mulled over the use of ‘Open Knowledge’ architecture to see whether it can provide the solution to rid Big Data of its biases and inaccuracies if enough eyes are there. It was pointed out that Open Knowledge itself can’t provide foolproof protection against these biases as the people who make up the eyes themselves are predominantly male belonging to the affluent sections of the society and they themselves suffer from these biases.</p>
<p style="text-align: justify;" dir="ltr">Who exactly is Big Data supposed to serve?</p>
<p style="text-align: justify;" dir="ltr">The discussion also looked at questions such as who is this data for? Janata Information System (JIS), is a concept developed by MKSS where the data collected and generated by the government is taken to be for the common citizens. For e.g. MNREGA data should be used to serve the purposes of the labourers. The raw data as is available at the moment, usually cannot be used by the common man as it is so vast and full of information that is not useful for them at all. It was pointed out that while using Big Data for policy planning purposes, the actual string of information that turned out to be needed was very little but the task of unravelling this data for civil society purposes is humongous. By presenting the data in the right manner, the individual can be empowered. The importance of data presentation was also flagged. It was agreed upon that the content of the data should be for the labourer and not a MNC, as the MNC has the capability to utilise the raw data on it’s own regardless.</p>
<p style="text-align: justify;" dir="ltr">Concerns about Big Data usage</p>
<ol><li style="list-style-type: decimal;" dir="ltr">
<p style="text-align: justify;" dir="ltr">Participants pointed out that privacy concerns are usually brushed under the table due to a belief that the law is sufficient or that the privacy battle has already been lost. </p>
</li><li style="list-style-type: decimal;" dir="ltr">
<p style="text-align: justify;" dir="ltr">In the absence of knowledge of domain and context, Big Data analysis is quite limited. Big Data’s accuracy and potential to solve problems needs to be factually backed.</p>
</li><li style="list-style-type: decimal;" dir="ltr">
<p style="text-align: justify;" dir="ltr">The narrative of Big Data often rests on the assumption that descriptive statistics take over inferential statistics, thus eliminating the need for domain specific knowledge. It is claimed that the data is so big that it will describe everything that we need to know.</p>
</li><li style="list-style-type: decimal;" dir="ltr">
<p style="text-align: justify;" dir="ltr">Big Data is creating a shift from a deductive model of scientific rigour to an inductive one. In response to this, a participant offered the idea that troves of good data allow us to make informed questions on the basis of which the deductive model will be formed. A hybrid approach combining both deductive and inductive might serve us best.</p>
</li><li style="list-style-type: decimal;" dir="ltr">
<p style="text-align: justify;" dir="ltr">The need to collect the right data in the correct format, in the right place was also expressed.</p>
</li></ol>
<div style="text-align: justify;" dir="ltr"> </div>
<p style="text-align: justify;" dir="ltr">Potential Research Questions & Participants’ Areas of Research</p>
<p style="text-align: justify;" dir="ltr">Following this discussion, participants brainstormed to come up with potential areas of research and research questions. They have been captured below:</p>
<div style="text-align: justify;" dir="ltr"> </div>
<p style="text-align: justify;" dir="ltr">Big Data, Aadhaar and India Stack:</p>
<div style="text-align: justify;" dir="ltr"> </div>
<ol><li style="list-style-type: decimal;" dir="ltr">
<p style="text-align: justify;" dir="ltr">Has Aadhaar been able to tackle illegal ways of claiming services or are local negotiations and other methods still prevalent?</p>
</li><li style="list-style-type: decimal;" dir="ltr">
<p style="text-align: justify;" dir="ltr">Is the consent layer of India Stack being developed in a way that provides an opportunity to the UID user to give informed consent? The OpenPDS and its counterpart in the EU i.e. the My Data Structure were designed for countries with strong privacy laws. Importantly, they were meant for information shared on social media and not for an individual’s health or credit history. India is using it in a completely different sphere without strong data protection laws. What were the granular consent layer structures present in the West designed for and what were they supposed to protect?</p>
</li><li style="list-style-type: decimal;" dir="ltr">
<p style="text-align: justify;" dir="ltr">The question of ownership of data needs to be studied especially in context of a globalised world where MNCs are collecting copious amounts of data of Indian citizens. What is the interaction of private parties in this regard?</p>
</li></ol>
<div style="text-align: justify;" dir="ltr"> </div>
<p style="text-align: justify;" dir="ltr">Big Data and Predictive Policing:</p>
<div style="text-align: justify;" dir="ltr"> </div>
<ol><li style="list-style-type: decimal;" dir="ltr">
<p style="text-align: justify;" dir="ltr">How are inequalities being created through the Big Data systems? Lessons should be taken from the Western experience with the advent of predictive policing and other big data techniques - they tend to lead to perpetuation of the current biases which are already ingrained in the system.</p>
</li><li style="list-style-type: decimal;" dir="ltr">
<p style="text-align: justify;" dir="ltr">It was also pointed out how while studying these topics and anything related to technology generally, we become aware of a divide that is present between the computational sciences and social sciences. This divide needs to be erased if Big Data or any kind of data is to be used efficiently. There should be a cross-pollination between different groups of academics. An example of this can be seen to be the ‘computational social sciences departments’ that have been coming up in the last 3-4 years.</p>
</li><li style="list-style-type: decimal;" dir="ltr">
<p style="text-align: justify;" dir="ltr">Why are so many interim promises made by Big Data failing? A study of this phenomenon needs to be done from a social science perspective. This will allow one to look at it from a different angle.</p>
</li></ol>
<div style="text-align: justify;" dir="ltr"> </div>
<p style="text-align: justify;" dir="ltr">Studying Big Data:</p>
<div style="text-align: justify;" dir="ltr"> </div>
<ol><li style="list-style-type: decimal;" dir="ltr">
<p style="text-align: justify;" dir="ltr">What is the historical context of the terms of reference being used for Big Data? The current Big Data debate in India is based on parameters set by the West. For better understanding of Big Data, it was suggested that P.C. Mahalanobis’ experience while conducting the Indian census, (which was the Big Data of that time) can be looked at to get a historical perspective on Big Data. This comparison might allow us to discover questions that are important in the Indian context. It was also suggested that rather than using ‘Big Data’ as a catchphrase to describe these new technological innovations, we need to be more discerning.</p>
</li><li style="list-style-type: decimal;" dir="ltr">
<p style="text-align: justify;" dir="ltr">What are the ideological aspects that must be considered while studying Big Data? What does the dialectical promise of technology mean? It was contended that every time there is a shift in technology, the zeitgeist of that period is extremely excited and there are claims that it will solve everything. There’s a need to study this dialectical promise and the social promise surrounding it.</p>
</li><li style="list-style-type: decimal;" dir="ltr">
<p style="text-align: justify;" dir="ltr">Apart from the legitimate fears that Big Data might lead to exclusion, what are the possibilities in which it improve inclusion too?</p>
</li><li style="list-style-type: decimal;" dir="ltr">
<p style="text-align: justify;" dir="ltr">The diminishing barrier between the public and private self, which is a tangent to the larger public-private debate was mentioned.</p>
</li><li style="list-style-type: decimal;" dir="ltr">
<p style="text-align: justify;" dir="ltr">How does one distinguish between technology failure and process failure while studying Big Data? </p>
</li></ol>
<div style="text-align: justify;" dir="ltr"> </div>
<div style="text-align: justify;" dir="ltr"> </div>
<div style="text-align: justify;" dir="ltr"> </div>
<p style="text-align: justify;" dir="ltr">Big Data: A Friend?</p>
<p style="text-align: justify;" dir="ltr">In the concluding session, the fact that the Big Data moment cannot be wished away was acknowledged. The use of analytics and predictive modelling by the private sector is now commonplace and India has made a move towards a database state through UID and Digital India. The need for a nuanced debate, that does away with the false equivalence of being either a Big Data enthusiast or a luddite is crucial.</p>
<div style="text-align: justify;" dir="ltr"> </div>
<p style="text-align: justify;" dir="ltr">A participant offered two approaches to solving a Big Data problem. The first was the Big Data due process framework which states that if a decision has been taken that impacts the rights of a citizen, it needs to be cross examined. The efficacy and practicality of such an approach is still not clear. The second, slightly paternalistic in nature, was the approach where Big Data problems would be solved at the data science level itself. This is much like the affirmative algorithmic approach which says that if in a particular dataset, the data for the minority community is not available then it should be artificially introduced in the dataset. It was also suggested that carefully calibrated free market competition can be used to regulate Big Data. For e.g. a private personal wallet company that charges higher, but does not share your data at all can be an example of such competition. </p>
<div style="text-align: justify;" dir="ltr"> </div>
<p style="text-align: justify;" dir="ltr">Another important observation was the need to understand Big Data in a Global South context and account for unique challenges that arise. While the convenience of Big Data is promising, its actual manifestation depends on externalities like connectivity, accurate and adequate data etc that must be studied in the Global South.</p>
<div style="text-align: justify;" dir="ltr"> </div>
<p style="text-align: justify;" dir="ltr">While the promises of Big Data are encouraging, it is also important to examine its impacts and its interaction with people's rights. Regulatory solutions to mitigate the harms of big data while also reaping its benefits need to evolve.</p>
<div style="text-align: justify;" dir="ltr"> </div>
<div style="text-align: justify;" dir="ltr"> </div>
<p><span id="docs-internal-guid-90fa226f-6157-27d9-30cd-050bdc280875"></span></p>
<div style="text-align: justify;" dir="ltr"> </div>
<p>
For more details visit <a href='https://cis-india.org/internet-governance/big-data-in-india-benefits-harms-and-human-rights-a-report'>https://cis-india.org/internet-governance/big-data-in-india-benefits-harms-and-human-rights-a-report</a>
</p>
No publisherVidushi Marda, Akash Deep Singh and Geethanjali JujjavarapuHuman RightsUIDBig DataPrivacyArtificial IntelligenceInternet GovernanceMachine LearningFeaturedDigital IndiaAadhaarInformation TechnologyE-Governance2016-11-18T12:58:19ZBlog EntryRBI Directions on Account Aggregators
https://cis-india.org/internet-governance/blog/rbi-directions-on-account-aggregators
<b>The Reserve Bank of India's (RBI) Directions for account aggregator services in India seem to lay great emphasis on data security by allowing only direct access between institutions and do away with data scraping techniques.</b>
<p style="text-align: justify; ">These days’ people have access to various financial services and manage their finances in a diverse manner while dealing with a large number of financial service providers, each providing one or more services that the user may need such as banking, credit card services, investment services, etc. This multiplicity of financial service providers could make it inconvenient for the users to keep track of their finances since all the information cannot be provided at the same place. This problem is sought to be solved by the account aggregators by providing all the financial data of the user at a single place. Account aggregation is the consolidation of online financial account information (e.g., from banks, credit card companies, etc.) for online retrieval at one site. In a typical arrangement, an intermediary (e.g., a portal) agrees with a third party service provider to provide the service to consumers, the intermediary would then generally privately label the service and offer consumers access to it at the intermediary’s website.<a href="#_ftn1" name="_ftnref1">[1]</a> There are two major ways in which account aggregation takes place, (i) <i>direct access</i>: wherein the account aggregator gets direct access to the data of the user residing in the computer system of the financial service provider; and (ii) <i>scraping</i>: where the user provides the account aggregator the username and password for its account in the different financial service providers and the account aggregator scrapes the information off the website/portal of the different financial service providers.</p>
<p style="text-align: justify; ">Since account aggregation involves the use and exchange of financial information there could be a number of potential risks associated with it such as (i) loss of passwords; (ii) frauds; (iii) security breaches at the account aggregator, etc. It is for this reason that on the advice of the Financial Stability and Development Council,<a href="#_ftn2" name="_ftnref2">[2]</a> the Reserve Bank of India (“<b>RBI</b>”) felt the need to regulate this sector and on September 2, 2016 issued the Non-Banking Financial Company - Account Aggregator (Reserve Bank) Directions, 2016 to provide a framework for the registration and operation of Account Aggregators in India (the “<b>Directions</b>”). The Directions provide that no company shall be allowed to undertake the business of account aggregators without being registered with the RBI as an NBFC-Account Aggregator. The Directions also specify the conditions that have to be fulfilled for consideration of an entity as an Account Aggregator such as:</p>
<ol style="text-align: justify; ">
<li>the company should have a net owned fund of not less than rupees two crore, or such higher amount as the Bank may specify;</li>
<li>the company should have the necessary resources and wherewithal to offer account aggregator services;</li>
<li>the company should have adequate capital structure to undertake the business of an account aggregator;</li>
<li>the promoters of the company should be fit and proper individuals;</li>
<li>the general character of the management or proposed management of the company should not be prejudicial to the public interest;</li>
<li>the company should have a plan for a robust Information Technology system;</li>
<li>the company should not have a leverage ratio of more than seven;</li>
<li>the public interest should be served by the grant of certificate of registration; and</li>
<li>Any other condition that made be specified by the Bank from time to time.<a href="#_ftn3" name="_ftnref3">[3]</a></li>
</ol>
<p style="text-align: justify; ">The Direction further talk about the responsibilities of the Account Aggregators and specify that the account aggregators shall have the duties such as: (a) Providing services to a customer based on the customer’s explicit consent; (b) Ensuring that the provision of services is backed by appropriate agreements/ authorisations between the Account Aggregator, the customer and the financial information providers; (c) Ensuring proper customer identification; (d) Sharing the financial information only with the customer or any other financial information user specifically authorized by the customer; (e) Having a Citizen's Charter explicitly guaranteeing protection of the rights of a customer.<a href="#_ftn4" name="_ftnref4">[4]</a></p>
<p style="text-align: justify; ">The Account Aggregators are also prohibited from indulging in certain activities such as: (a) Support transactions by customers; (b) Undertaking any other business other than the business of account aggregator; (c) Keeping or “residing” with itself the financial information of the customer accessed by it; (d) Using the services of a third party for undertaking its business activities; (e) Accessing user authentication credentials of customers; (f) Disclosing or parting with any information that it may come to acquire from/ on behalf of a customer without the explicit consent of the customer.<a href="#_ftn5" name="_ftnref5">[5]</a> The fact that there is a prohibition on the information accessed from actually residing with the Account Aggregator will ensure greater security and protection of the information.</p>
<p style="text-align: justify; "><b>Consent Framework</b></p>
<p style="text-align: justify; ">The Directions specify that the function of obtaining, submitting and managing the customer’s consent should be performed strictly in accordance with the Directions and that no information shall be retrieved, shared or transferred without the explicit consent of the customer.<a href="#_ftn6" name="_ftnref6">[6]</a> The consent is to be taken in a standardized artefact, which can also be obtained in electronic form,<a href="#_ftn7" name="_ftnref7">[7]</a> and shall contain details as to (i) the identity of the customer and optional contact information; (ii) the nature of the financial information requested; (iii) purpose of collecting the information; (iv) the identity of the recipients of the information, if any; (v) URL or other address to which notification needs to be sent every time the consent artefact is used to access information; (vi) Consent creation date, expiry date, identity and signature/ digital signature of the Account Aggregator; and (vii) any other attribute as may be prescribed by the RBI.<a href="#_ftn8" name="_ftnref8">[8]</a> The account aggregator is required to inform the customer of all the necessary attributes to be contained in the consent artefact as well as the customer’s right to file complaints with the relevant authorities.<a href="#_ftn9" name="_ftnref9">[9]</a> The customers shall also be provided an option to revoke consent to obtain information that is rendered accessible by a consent artefact, including the ability to revoke consent to obtain parts of such information.<a href="#_ftn10" name="_ftnref10">[10]</a></p>
<p style="text-align: justify; ">Comments: While the Directions have specific provisions regarding how the financial data shall be dealt with, it is pertinent to note that the actual consent artefact also has personal information and it is not clear whether Account Aggregators are allowed disclose that information to third parties are not.</p>
<p style="text-align: justify; "><b>Disclosure and sharing of financial information</b></p>
<p style="text-align: justify; ">Financial information providers such as banks, mutual funds, etc. are allowed to share information with account aggregators only upon being presented with a valid consent artifact and also have the responsibility to verify the consent as well as the credentials of the account aggregator.<a href="#_ftn11" name="_ftnref11">[11]</a> Once the verification is done, the financial information provider shall digitally sign the financial information and transmit the same to the Account Aggregator in a secure manner in real time, as per the terms of the consent.<a href="#_ftn12" name="_ftnref12">[12]</a> In order to ensure smooth flow of data, the Directions also impose an obligation on financial information providers to:</p>
<ul style="text-align: justify; ">
<li>implement interfaces that will allow an Account Aggregator to submit consent artefacts, and authenticate each other, and enable secure flow of financial information;</li>
<li>adopt means to verify the consent including digital signatures;</li>
<li>implement means to digitally sign the financial information; and</li>
<li>maintain a log of all information sharing requests and the actions performed pursuant to such requests, and submit the same to the Account Aggregator.<a href="#_ftn13" name="_ftnref13">[13]</a></li>
</ul>
<p style="text-align: justify; ">Comments: The Directions provide that the Account Aggregator will not support any transactions by the customers and this seems to suggest that in case of any mistakes in the information the customer would have to approach the financial information provider and not the Account Aggregator.</p>
<p style="text-align: justify; "><b>Use of Information</b></p>
<p style="text-align: justify; ">The Directions provide that in cases where financial information has been provided by a financial information provider to an Account Aggregator for transferring the same to a financial information user with the explicit consent of the customer, the Account Aggregator shall transfer the same in a secure manner in accordance with the terms of the consent artefact only after verifying the identity of the financial information user.<a href="#_ftn14" name="_ftnref14">[14]</a> Such information, as well as information which may be provided for transferring to the customer, shall not be used or disclosed by the Account Aggregator or the Financial Information user except as specified in the consent artefact.<a href="#_ftn15" name="_ftnref15">[15]</a></p>
<p style="text-align: justify; "><b>Data Security</b></p>
<p style="text-align: justify; ">The Directions specify that the business of an Account Aggregator will be entirely Information Technology (IT) driven and they are required to adopt <b>required IT framework</b> and interfaces to ensure secure data flows from the financial information providers to their own systems and onwards to the financial information users.<a href="#_ftn16" name="_ftnref16">[16]</a> This technology should also be scalable to cover any other financial information or financial information providers as may be specified by the RBI in the future.<a href="#_ftn17" name="_ftnref17">[17]</a> The IT systems should also have adequate safeguards to ensure they are protected against unauthorised access, alteration, destruction, disclosure or dissemination of records and data.<a href="#_ftn18" name="_ftnref18">[18]</a> Information System Audit of the internal systems and processes should be in place and be conducted at least once in two years by CISA certified external auditors whose report is to be submitted to the RBI.<a href="#_ftn19" name="_ftnref19">[19]</a> The Account Aggregators are prohibited from asking for or storing customer credentials (like passwords, PINs, private keys) which may be used for authenticating customers to the financial information providers and their access to customer’s information will be based only on consent-based authorisation (for scraping).<a href="#_ftn20" name="_ftnref20">[20]</a></p>
<p style="text-align: justify; "><b>Grievance Redressal</b></p>
<p style="text-align: justify; ">The Directions require the Account Aggregator to put in place a policy for handling/ disposal of customer grievances/ complaints, which shall be approved by its Board and also have a dedicated set-up to address customer grievances/ complaints which shall be handled and addressed in the manner prescribed in the policy.<a href="#_ftn21" name="_ftnref21">[21]</a> The Account Aggregator also has to display the name and details of the Grievance Redressal Officer on its website as well as place of business.<a href="#_ftn22" name="_ftnref22">[22]</a></p>
<p style="text-align: justify; "><b>Supervision</b></p>
<p style="text-align: justify; ">The Directions require the Account Aggregators to put in place various internal checks and balances to ensure that the business of the Account Aggregator does not violate any laws or regulations such as constitution of an Audit Committee, a Nomination Committee to ensure the “fit and proper” status of its Directors, a Risk Management Committee and establishment of a robust and well documented risk management framework.<a href="#_ftn23" name="_ftnref23">[23]</a> The Risk Management Committee is required to (a) give due consideration to factors such as reputation, customer confidence, consequential impact and legal implications, with regard to investment in controls and security measures for computer systems, networks, data centres, operations and backup facilities; and b) have oversight of technology risks and ensure that the organisation’s IT function is capable of supporting its business strategies and objectives.<a href="#_ftn24" name="_ftnref24">[24]</a> Further the RBI also has the power to inspect any Account Aggregator at any time.<a href="#_ftn25" name="_ftnref25">[25]</a></p>
<p style="text-align: justify; "><b>Penalties</b></p>
<p style="text-align: justify; ">The Directions themselves do not provide for any penalties for non compliance, however since the Directions are issued under Section 45JA of the Reserve Bank of India Act, 1934 (“<b>RBI Act</b>”), this means that any contravention of these directions will be punishable under Section 58B of the RBI Act which provides for an imprisonment of upto 3 years as well as a fine for any contravention of such directions.</p>
<p style="text-align: justify; "><b>Conclusion</b></p>
<p style="text-align: justify; ">The Directions by the RBI provide a number of regulations and checks on Account Aggregators with the view to ensure safety of customer financial data. These Directions appear to be quite trendsetting in the sense that in most other jurisdictions such as the United States or even Europe there are no specific regulations governing Account Aggregators but their activities are mainly being governed under existing privacy or consumer protection legislations.<a href="#_ftn26" name="_ftnref26">[26]</a></p>
<p style="text-align: justify; ">The entire regulatory regime for Account Aggregators seems to suggest that the RBI wants Account Aggregators to be like funnels to channel information from various platforms right to the customer (or financial information user) and it does not want to take a chance with the information actually residing with the Account Aggregators. Further, by prohibiting Account Aggregators from accessing user authentication credentials, the RBI is trying to eliminate the possibility of this information being leaked or stolen. Although this may make it more onerous for Account Aggregators to provide their services, it is a great step to ensure the safety and security of customer data.</p>
<p style="text-align: justify; ">In recent months the RBI has been trying to actively engage with the various new products being introduced in the financial sector owing to various technological advancements, be it the circular informing the public about the risks of virtual currencies including Bitcoin, the consultation paper on P2P lending platforms or these current guidelines on Account Aggregators. These recent actions of the RBI seem to suggest that the RBI is well aware of various technological advancements in the financial sector and is keeping a keen eye on these technologies and products, but appears to be taking a cautious and weighted approach regarding how to deal with them.</p>
<hr />
<p style="text-align: justify; "><a href="#_ftnref1" name="_ftn1">[1]</a> Ann S. Spiotto, <i>Financial Account Aggregation: The Liability Perspective</i>, Fordham Journal of Corporate & Financial Law, 2006, Volume 8, Issue 2, Article 6, available at <a href="http://ir.lawnet.fordham.edu/cgi/viewcontent.cgi?article=1181&context=jcfl">http://ir.lawnet.fordham.edu/cgi/viewcontent.cgi?article=1181&context=jcfl</a></p>
<p style="text-align: justify; "><a href="#_ftnref2" name="_ftn2">[2]</a> <a href="https://rbi.org.in/scripts/BS_PressReleaseDisplay.aspx?prid=34345">https://rbi.org.in/scripts/BS_PressReleaseDisplay.aspx?prid=34345</a></p>
<p style="text-align: justify; "><a href="#_ftnref3" name="_ftn3">[3]</a> Clause 4.2.2 of the Directions.</p>
<p style="text-align: justify; "><a href="#_ftnref4" name="_ftn4">[4]</a> Clause 5 of the Directions.</p>
<p style="text-align: justify; "><a href="#_ftnref5" name="_ftn5">[5]</a> Clause 5 of the Directions.</p>
<p style="text-align: justify; "><a href="#_ftnref6" name="_ftn6">[6]</a> Clauses 6.1 and 6.2 of the Directions.</p>
<p style="text-align: justify; "><a href="#_ftnref7" name="_ftn7">[7]</a> Clause 6.4 of the Directions.</p>
<p style="text-align: justify; "><a href="#_ftnref8" name="_ftn8">[8]</a> Clause 6.3 of the Directions.</p>
<p style="text-align: justify; "><a href="#_ftnref9" name="_ftn9">[9]</a> Clause 6.5 of the Directions.</p>
<p style="text-align: justify; "><a href="#_ftnref10" name="_ftn10">[10]</a> Clause 6.6 of the Directions.</p>
<p style="text-align: justify; "><a href="#_ftnref11" name="_ftn11">[11]</a> Clauses 7.1 and 7.2 of the Directions.</p>
<p style="text-align: justify; "><a href="#_ftnref12" name="_ftn12">[12]</a> Clauses 7.3 and 7.4 of the Directions.</p>
<p style="text-align: justify; "><a href="#_ftnref13" name="_ftn13">[13]</a> Clause 7.5 of the Directions.</p>
<p style="text-align: justify; "><a href="#_ftnref14" name="_ftn14">[14]</a> Clause 7.6.1 of the Directions.</p>
<p style="text-align: justify; "><a href="#_ftnref15" name="_ftn15">[15]</a> Clause 7.6.2 of the Directions.</p>
<p style="text-align: justify; "><a href="#_ftnref16" name="_ftn16">[16]</a> Clause 9(a) of the Directions.</p>
<p style="text-align: justify; "><a href="#_ftnref17" name="_ftn17">[17]</a> Clause 9(c) of the Directions.</p>
<p style="text-align: justify; "><a href="#_ftnref18" name="_ftn18">[18]</a> Clause 9(d) of the Directions.</p>
<p style="text-align: justify; "><a href="#_ftnref19" name="_ftn19">[19]</a> Clause 9(f) of the Directions.</p>
<p style="text-align: justify; "><a href="#_ftnref20" name="_ftn20">[20]</a> Clause 9(b) of the Directions.</p>
<p style="text-align: justify; "><a href="#_ftnref21" name="_ftn21">[21]</a> Clauses 10.1 and 10.2 of the Directions.</p>
<p style="text-align: justify; "><a href="#_ftnref22" name="_ftn22">[22]</a> Clause 10.3 of the Directions.</p>
<p style="text-align: justify; "><a href="#_ftnref23" name="_ftn23">[23]</a> Clauses 12.2, 12.3 and 12.4 of the Directions.</p>
<p style="text-align: justify; "><a href="#_ftnref24" name="_ftn24">[24]</a> Clause 12.4 of the Directions.</p>
<p style="text-align: justify; "><a href="#_ftnref25" name="_ftn25">[25]</a> Clause 15 of the Directions.</p>
<p style="text-align: justify; "><a href="#_ftnref26" name="_ftn26">[26]</a> <a href="http://www.canadiancybersecuritylaw.com/2016/07/german-regulator-finds-banks-data-rules-impede-non-bank-competitors/">http://www.canadiancybersecuritylaw.com/2016/07/german-regulator-finds-banks-data-rules-impede-non-bank-competitors/</a></p>
<p>
For more details visit <a href='https://cis-india.org/internet-governance/blog/rbi-directions-on-account-aggregators'>https://cis-india.org/internet-governance/blog/rbi-directions-on-account-aggregators</a>
</p>
No publisherVipul Kharbanda and Elonnai HickokBankingFeaturedInternet GovernancePrivacy2016-10-21T15:25:01ZBlog Entry