We are anonymous, we are legion

Meeting on Net Neutrality and Related Issues

praskrishna — 2016-08-02T15:56:10Z

A meeting was convened by the Telecom Regulatory Authority of India on July 15, 2016 in New Delhi to discuss Net Neutrality and related issues. Sunil Abraham attended this meeting.

Click to view the Invitation Letter sent by the Telecom Regulatory Authority of India.

For more details visit https://cis-india.org/internet-governance/news/meeting-on-net-neutrality-and-related-issues

New Approaches to Information Privacy – Revisiting the Purpose Limitation Principle

amber — 2016-11-09T13:54:28Z

Article on Aadhaar throwing light on privacy and data protection.

This was published in Digital Policy Portal on July 13, 2016.

Introduction

Last year, Mukul Rohatgi, the Attorney General of India, called into question existing jurisprudence of the last 50 years on the constitutional validity of the right to privacy.¹ Mohatgi was rebutting the arguments on privacy made against Aadhaar, the unique identity project initiated and implemented in the country without any legislative mandate.² The question of the right to privacy becomes all the more relevant in the context of events over the last few years—among them, the significant rise in data collection by the state through various e-governance schemes,³ systematic access to personal data by various wings of the state through a host of surveillance and law enforcement initiatives launched in the last decade,⁴ the multifold increase in the number of Indians online, and the ubiquitous collection of personal data by private parties.⁵

These developments have led to a call for a comprehensive privacy legislation in India and the adoption of the National Privacy Principles as laid down by the Expert Committee led by Justice AP Shah.⁶ There are privacy-protection legislation currently in place such as the Information Technology Act, 2000 (IT Act), which was enacted to govern digital content and communication and provide legal recognition to electronic transactions. This legislation has provisions that can safeguard—and dilute—online privacy. At the heart of the data protection provisions in the IT Act lies section 43A and the rules framed under it, i.e., Reasonable security practices and procedures and sensitive personal data information.⁷Section 43A mandates that body corporates who receive, possess, store, deal, or handle any personal data to implement and maintain ‘reasonable security practices’, failing which, they are held liable to compensate those affected. Rules drafted under this provision also mandated a number of data protection obligations on corporations such the need to seek consent before collection, specifying the purposes of data collection, and restricting the use of data to such purposes only. There have been questions raised about the validity of the Section 43A Rules as they seek to do much more than mandate in the parent provisions, Section 43A— requiring entities to maintain reasonable security practices.

Privacy as control?

Even setting aside the issue of legal validity, the kind of data protection framework envisioned by Section 43A rules is proving to be outdated in the context of how data is now being collected and processed. The focus of Section 43 A Rules—as well as that of draft privacy legislations in India⁸—is based on the idea of individual control. Most apt is Alan Westin’s definition of privacy: “the claim of individuals, groups, or institutions to determine for themselves when, how, and to what extent information about them is communicated to other.”⁹ Westin and his followers rely on the normative idea of “informational self- determination”, the notion of a pure, disembodied, and atomistic self, capable of making rational and isolated choices in order to assert complete control over personal information. More and more this has proved to be a fiction especially in a networked society.

Much before the need for governance of information technologies had reached a critical mass in India, Western countries were already dealing with the implications of the use of these technologies on personal data. In 1973, the US Department of Health, Education and Welfare appointed a committee to address this issue, leading to a report called ‘Records, Computers and Rights of Citizens.’¹⁰ The Committee’s mandate was to “explore the impact of computers on record keeping about individuals and, in addition, to inquire into, and make recommendations regarding, the use of the Social Security number.” The Report articulated five principles which were to be the basis of fair information practices: transparency; use limitation; access and correction; data quality; and security. Building upon these principles, the Committee of Ministers of the Organization for Economic Cooperation and Development (OECD) arrived at the Guidelines on the Protection of Privacy and Transborder Flows of Personal Data in 1980.¹¹ These principles— Collection Limitation, Data Quality, Purpose Specification, Use Limitation, Security Safeguards, Openness, Individual Participation and Accountability—are what inform most data protection regulations today including the APEC Framework, the EU Data Protection Directive, and the Section 43A Rules and Justice AP Shah Principles in India.

Fred Cate describes the import of these privacy regimes as such:

“All of these data protection instruments reflect the same approach: tell individuals what data you wish to collect or use, give them a choice, grant them access, secure those data with appropriate technologies and procedures, and be subject to third-party enforcement if you fail to comply with these requirements or individuals’ expressed preferences”¹²

This is in line with Alan Westin’s idea of privacy exercised through individual control. Therefore the focus of these principles is on empowering the individuals to exercise choice, but not on protecting individuals from harmful or unnecessary practices of data collection and processing. The author of this article has earlier written¹³ about the sheer inefficacy of this framework which places the responsibility on individuals. Other scholars like Daniel Solove,¹⁴ Jonathan Obar¹⁵ and Fred Cate¹⁶ have also written about the failure of traditional data protection practices of notice and consent. While these essays dealt with the privacy principles of choice and informed consent, this paper will focus on the principles of purpose limitation.

Purpose Limitation and Impact of Big Data

The principles of purpose limitation or purpose specification seeks to ensure the following four objectives:

Personal information collected and processed should be adequate and relevant to the purposes for which they are processed.
The entities collect, process, disclose, make available, or otherwise use personal information only for the stated purposes.
In case of change in purpose, the data’s subject needs to be informed and their consent has to be obtained.
After personal information has been used in accordance with the identified purpose, it has to be destroyed as per the identified procedures.

The purpose limitation along with the data minimisation principle—which requires that no more data may be processed than is necessary for the stated purpose—aim to limit the use of data to what is agreed to by the data subject. These principles are in direct conflict with new technology which relies on ubiquitous collection and indiscriminate uses of data. The main import of Big Data technologies on the inherent value in data which can be harvested not by the primary purposes of data collection but through various secondary purposes which involve processing of the data repeatedly.¹⁷Further, instead to destroying the data when its purpose has been achieved, the intent is to retain as much data as possible for secondary uses. Importantly, as these secondary uses are of an inherently unanticipated nature, it becomes impossible to account for it at the stage of collection and providing the choice to the data subject.

Followers of the discourse on Big Data would be well aware of its potential impacts on privacy. De-identification techniques to protect the identities of individuals in dataset face a threat from an increase in the amount of data available either publicly or otherwise to a party seeking to reverse-engineer an anonymised dataset to re-identify individuals. ¹⁸ Further, Big Data analytics promise to find patterns and connections that can contribute to the knowledge available to the public to make decisions. What is also likely is that it will lead to revealing insights about people that they would have preferred to keep private.¹⁹In turn, as people become more aware of being constantly profiled by their actions, they will self-regulate and ‘discipline’ their behaviour. This can lead to a chilling effect.²⁰ Meanwhile, Big Data is also fuelling an industry that incentivises businesses to collect more data, as it has a high and growing monetary value. However, Big Data also promises a completely new kind of knowledge that can prove to be revolutionary in fields as diverse as medicine, disaster-management, governance, agriculture, transport, service delivery, and decision-making.²¹ As long as there is a sufficiently large and diverse amount of data, there could be invaluable insights locked in it, accessing which can provide solutions to a number of problems. In light of this, it is important to consider what kind of regulatory framework is most suitable which could facilitate some of the promised benefits of Big Data and at the same time mitigate its potential harm. This, coupled with the fact that the existing data protection principles have, by most accounts, run their course, makes the examination of alternative frameworks even more important. This article will examine some alternate proposals made to the existing framework of purpose limitation below.

Harms-based approach

Some scholars like Fred Cate²² and Daniel Solove²³ have argued that there is a need for the primary focus of data protection law to move from control at the stage of data collection to actual use cases. In his article on the failure of Fair Information Practice Principles,²⁴Cate puts forth a proposal for ‘Consumer Privacy Protection Principles.’ Cate envisions a more interventionist role of the data protection authorities by regulating information flows when required, in order to protect individuals from risky or harmful uses of information. Cate’s attempt is to extend the principles of consumer protection law of prevention and remedy of harms.

In a re-examination of the OECD Privacy Principles, Cate and Viktor Mayer Schöemberger attempt to discard the use of personal data to only purposes specified. They felt that restricting the use of personal to only specified purposes could significantly threaten various research and beneficial uses of Big Data. Instead of articulating a positive obligations of what personal data collected could be used for, they attempt to arrive at a negative obligation of use-cases prevented by law. Their working definition of the Use specification principle broaden the scope of use cases by only preventing use of data “if the use is fraudulent, unlawful, deceptive or discriminatory; society has deemed the use inappropriate through a standard of unfairness; the use is likely to cause unjustified harm to the individual; or the use is over the well-founded objection of the individual, unless necessary to serve an over-riding public interest, or unless required by law.”²⁵

While most standards in the above definition have established understanding in jurisprudence, the concept of unjustifiable harm is what we are interested in. Any theory of harms-based approach goes back to John Stuart Mill’s dictum that the only justifiable purpose to exert power over the will of an individual is to prevent harm to others. Therefore, any regulation that seeks to control or prevent autonomy of individuals (in this case, the ability of individuals to allow data collectors to use their personal data, and the ability of data collectors to do so, without any limitation) must clearly demonstrate the harm to the individuals in question.

Fred Cate articulates the following steps to identify tangible harm and respond to its presence:²⁶

Focus on Use — Actual use of the data should be considered, not mere possession. The assumption is that the collection, possession, or transfer of information do not significantly harm people, rather it is the use of information following such collection, possession, or transfer.
Proportionality — Any regulatory measure must be proportional to the likelihood and severity of the harm identified.
Per se Harmful Uses — Uses which are always harmful must be prohibited by law
Per se not Harmful Uses — If uses can be considered inherently not harmful, they should not be regulated.
Sensitive Uses — In case where the uses are not per se harmful or not harmful, individual consent must be sought for using that data for those purposes.

The proposal by Cate argues for what is called a ‘use based system’, which is extremely popular with American scholars. Under this system, data collection itself is not subject to restrictions; rather, only the use of data is regulated. This argument has great appeal for both businesses who can reduce their overheads significantly if consent obligations are done away with as long as they use the data in ways which are not harmful, as well as critics of the current data protection framework which relies on informed consent. Lokke Moerel explains the philosophy of ‘harms based approach’ or ‘use based system’ in United States by juxtaposing it against the ‘rights based approach’ in Europe.²⁷ In Europe, rights of individuals with regard to processing of their personal data is a fundamental human right and therefore, a precautionary principle is followed with much greater top-down control upon data collection. However, in the United States, there is a far greater reliance on market mechanisms and self-regulating organisations to check inappropriate processing activities, and government intervention is limited to cases where a clear harm is demonstrable.²⁸

Continuing research by the Centre for Information Policy Leadership under its Privacy Risk Framework Project looks at a system of articulating what harms and risks arising from use of collected data. They have arrived a matrix of threats and harms. Threats are categorised as —a) inappropriate use of personal information and b) personal information in the wrong hands. More importantly for our purposes, harms are divided into: a) tangible harms which are physical or economic in nature (bodily harm, loss of liberty, damage to earning power and economic interests); b) intangible harms which can be demonstrated (chilling effects, reputational harm, detriment from surveillance, discrimination and intrusion into private life); and c) societal harm (damage to democratic institutions and loss of social trust).²⁹For any harms-based system, a matrix like above needs to emerge clearly so that regulation can focus on mitigating practices leading to the harms.

Legitimate interests

Lokke Moerel and Corien Prins, in their article “Privacy for Homo Digitalis – Proposal for a new regulatory framework for data protection in the light of Big Data and Internet of Things”³⁰ use the ideal of responsive regulation which considers empirically observable practices and institutions while determining the regulation and enforcement required. They state that current data protection frameworks—which rely on mandating some principles of how data has to be processed—is exercised through merely procedural notification and consent requirements. Further, Moerel and Prins feel that data protection law cannot only involve a consideration of individual interest but also needs to take into account collective interest. Therefore, the test must be a broader assessment than merely the purpose limitation articulating the interests of the parties directly involved, but whether a legitimate interest is achieved.

Legitimate interest has been put forth as an alternative to the purpose limitation. Legitimate is not a new concept and has been a part of the EU Data Protection Directive and also finds a place in the new General Data Protection Regulation. Article 7 (f) of the EU Directive³¹ provided for legitimate interest balanced against the interests or fundamental rights and freedoms of the data subject as the last justifiable reason for use of data. Due to confusion in its interpretation, the Article 29 Working Party, in 2014,³²looked into the role of legitimate interest and arrived at the following factors to determine the presence of a legitimate interest— a) the status of the individual (employee, consumer, patient) and the controller (employer, company in a dominant position, healthcare service); b) the circumstances surrounding the data processing (contract relationship of data subject and processor); c) the legitimate expectations of the individual.

Federico Ferretti has criticised the legitimate interest principle as vague and ambiguous. The balancing of legitimate interest in using the data against fundamental rights and freedoms of the data subject gives the data controllers some degree of flexibility in determining whether data may be processed; however, this also reduces the legal certainty that data subject have of their data not being used for purposes they have not agreed to.³³However, it is this paper’s contention that it is not the intent of the legitimate interest criteria but the lack of consensus on its application which creates an ambiguity. Moerel and Prins articulate a test for using legitimate interest which is cognizant of the need to use data for the purpose of Big Data processing, as well as ensuring that the rights of data subjects are not harmed.

As demonstrated earlier, the processing of data and its underlying purposes have become exceedingly complex and the conventional tool to describe these processes ‘privacy notices’ are too lengthy, too complex and too profuse in numbers to have any meaningful impact.³⁴The idea of information self-determination, as contemplated by Westin in American jurisprudence, is not achieved under the current framework. Moerel and Prins recommend five factors³⁵ as relevant in determining the legitimate interest. Of the five, the following three are relevant to the present discussion:

Collective Interest — A cost-benefit analysis should be conducted, which examines the implications for privacy for the data subjects as well as the society, as a whole.
The nature of the data — Rather than having specific categories of data, the nature of data needs to be assessed contextually to determine legitimate interest.
Contractual relationship and consent not independent grounds — This test has two parts. First, in case of contractual relationship between data subject and data controller: the more specific the contractual relationship, the more restrictions apply to the use of the data. Second, consent does not function as a separate principle which, once satisfied, need not be revisited. The nature of the consent (opportunities made available to data subject, opt in/opt out, and others) will continue to play a role in determining legitimate interest.

Conclusion

Replacing the purpose limitation principles with a use-based system as articulated above poses the danger of allowing governments and the private sector to carry out indiscriminate data collection under the blanket guise that any and all data may be of some use in the future. The harms-based approach has many merits and there is a stark need for more use of risk assessments techniques and privacy impact assessments in data governance. However, it is important that it merely adds to the existing controls imposed at data collection, and not replace them in their entirety. On the other hand, the legitimate interests principle, especially as put forth by Moerel and Prins, is more cognizant of the different factors at play — the inefficacy of existing purpose limitation principles, the need for businesses to use data for purposes unidentified at the stage of collection, and the need to ensure that it is not misused for indiscriminate collection and purposes. However, it also poses a much heavier burden on data controllers to take into account various factors before determining legitimate interest. If legitimate interest has to emerge as a realistic alternative to purpose limitation, there needs to be greater clarity on how data controllers must apply this principle.

Endnotes

Prachi Shrivastava, “Privacy not a fundamental right, argues Mukul Rohatgi for Govt as Govt affidavit says otherwise,” Legally India, Jyly 23, 2015, http://www.legallyindia.com/Constitutional-law/privacy-not-a-fundamental-right-argues-mukul-rohatgi-for-govt-as-govt-affidavit-says-otherwise.
Rebecca Bowe, “Growing Mistrust of India’s Biometric ID Scheme,” Electronic Frontier Foundation, May 4, 2012, https://www.eff.org/deeplinks/2012/05/growing-mistrust-india-biometric-id-scheme.
Lisa Hayes, “Digital India’s Impact on Privacy: Aadhaar numbers, biometrics, and more,” Centre for Democracy and Technology, January 20, 2015, https://cdt.org/blog/digital-indias-impact-on-privacy-aadhaar-numbers-biometrics-and-more/.
“India’s Surveillance State,” Software Freedom Law Centre, http://sflc.in/indias-surveillance-state-our-report-on-communications-surveillance-in-india/.
“Internet Privacy in India,” Centre for Internet and Society, http://cis-india.org/telecom/knowledge-repository-on-internet-access/internet-privacy-in-india.
Vivek Pai, “Indian Government says it is still drafting privacy law, but doesn’t give timelines,” Medianama, May 4, 2016, http://www.medianama.com/2016/05/223-government-privacy-draft-policy/.
Information Technology (Intermediaries Guidelines) Rules, 2011,
http://deity.gov.in/sites/upload_files/dit/files/GSR314E_10511%281%29.pdf.
Discussion Points for the Meeting to be taken by Home Secretary at 2:30 pm on 7-10-11 to discuss the drat Privacy Bill, http://cis-india.org/internet-governance/draft-bill-on-right-to-privacy.
Alan Westin, Privacy and Freedom (New York: Atheneum, 2015).
US Secretary’s Advisory Committee on Automated Personal Data Systems, Records, Computers and the Rights of Citizens, http://www.justice.gov/opcl/docs/rec-com-rights.pdf.
OECD Guidelines on the Protection of Privacy and Transborder Flows of Personal Data, http://www.oecd.org/sti/ieconomy/oecdguidelinesontheprotectionofprivacyandtransborderflowsofpersonaldata.htm
Fred Cate, “The Failure of Information Practice Principles,” in Consumer Protection in the Age of the Information Economy, ed. Jane K. Winn (Burlington: Aldershot, Hants, England, 2006) http://papers.ssrn.com/sol3/papers.cfm?abstract_id=1156972.
Amber Sinha and Scott Mason, “A Critique of Consent in Informational Privacy,” Centre for Internet and Society, January 11, 2016, http://cis-india.org/internet-governance/blog/a-critique-of-consent-in-information-privacy.
Daniel Solove, “Privacy self-management and consent dilemma,” Harvard Law Review 126, (2013): 1880.
Jonathan Obar, “Big Data and the Phantom Public: Walter Lippmann and the fallacy of data privacy self management,” Big Data and Society 2(2), (2015), doi: 10.1177/2053951715608876.
Supra Note 12.
Supra Note 14.
Paul Ohm, “Broken Promises of Privacy: Responding to the Surprising Failure of Anonymization” available at http://papers.ssrn.com/sol3/papers.cfm?abstract_id=1450006; Arvind Narayanan and Vitaly Shmatikov, “Robust De-anonymization of Large Sparse Datasets” available at https://www.cs.utexas.edu/~shmat/shmat_oak08netflix.pdf.
D. Hirsch, “That’s Unfair! Or is it? Big Data, Discrimination and the FTC’s Unfairness Authority,” Kentucky Law Journal, Vol. 103, available at: http://www.kentuckylawjournal.org/wp-content/uploads/2015/02/103KyLJ345.pdf
A Marthews and C Tucker, “Government Surveillance and Internet Search Behavior”, available at http://ssrn.com/abstract=2412564; Danah Boyd and Kate Crawford, “Critical Questions for Big Data: Provocations for a cultural, technological, and scholarly phenomenon”, Information, Communication & Society, Vol. 15, Issue 5, (2012).
Scott Mason, “Benefits and Harms of Big Data”, Centre for Internet and Society, available at http://cis-india.org/internet-governance/blog/benefits-and-harms-of-big-data#_ftn37.
Cate, “The Failure of Information Practice Principles.”
Solove, “Privacy self-management and consent dilemma,” 1882.
Cate, “The Failure of Information Practice Principles.”
Fred Cate and Viktor Schoenberger, “Notice and Consent in a world of Big Data,” International Data Privacy Law 3(2), (2013): 69.
Solove, “Privacy self-management and consent dilemma,” 1883.
Lokke Moerel, “Netherlands: Big Data Protection: How To Make The Draft EU Regulation On Data Protection Future Proof”, Mondaq, March 11. 2014, http://www.mondaq.com/x/298416/data+protection/Big+Data+Protection+How+To+Make+The+Dra%20ft+EU+Regulation+On+Data+Protection+Future+Proof%20al%20Lecture.
Moerel, “Netherlands: Big Data Protection.”
Centre for Information Policy Leadership, “A Risk-based Approach to Privacy: Improving Effectiveness in Practice,” Hunton and Williams LLP, June 19, 2014, https://www.informationpolicycentre.com/uploads/5/7/1/0/57104281/white_paper_1-a_risk_based_approach_to_privacy_improving_effectiveness_in_practice.pdf.
Lokke Moerel and Corien Prins, “Privacy for Homo Digitalis: Proposal for a new regulatory framework for data protection in the light of Big Data and Internet of Things”, Social Science Research Network, May 25, 2016, http://papers.ssrn.com/sol3/papers.cfm?abstract_id=2784123.
EU Directive 95/46/EC – The Data Protection Directive, https://www.dataprotection.ie/docs/EU-Directive-95-46-EC-Chapter-2/93.htm.
Article 29 Data Protection Working Party, “Opinion 06/2014 on the notion of legitimate interests of the data controller under Article 7 of Directive 95/46/EC,” http://ec.europa.eu/justice/data-protection/article-29/documentation/opinion-recommendation/files/2014/wp217_en.pdf.
Frederico Ferretti, “Data protection and the legitimate interest of data controllers: Much ado about nothing or the winter of rights?,” Common Market Law Review 51(2014): 1-26. http://bura.brunel.ac.uk/bitstream/2438/9724/1/Fulltext.pdf.
Sinha and Mason, “A Critique of Consent in Informational Privacy.”
Moerel and Prins, “Privacy for Homo Digitalis.”

For more details visit https://cis-india.org/internet-governance/blog/digital-policy-portal-july-13-2016-new-approaches-to-information-privacy-revisiting-the-purpose-limitation-principle

No, India did NOT oppose the United Nations move to “make internet access a human right”

Pranesh Prakash and Japreet Grewal — 2016-07-13T16:09:31Z

Last Friday, the United Nations Human Rights Council (UNHRC) passed a resolution titled “The promotion, protection and enjoyment of human rights on the Internet.”

The article by Pranesh Prakash and Japreet Grewal was published in Factordaily on July 13, 2016.

Several media outlets, including T he Verge, India Today, and BuzzFeed, reported that the resolution was ‘opposed’ by China, Russia, Saudi Arabia, South Africa and India. The Verge, for instance, reported that these countries “specifically opposed” a clause of the resolution that “condemns unequivocally measures to intentionally prevent or disrupt access to or dissemination of information online and calls for all countries to refrain from such measures”. This is pure bunkum. Some media organisations have also been reporting that the UNHRC resolution “declares that access to the Internet is a human right”. This too is fiction.

What’s the truth? The UNHRC resolution covers wide ground, including the reaffirmations of two previous resolutions, which stated that the same rights that people have offline must also be protected online as well. As ARTICLE19, an international free speech NGO, notes: “The draft resolution goes further than its predecessors, including by stressing the importance of an accessible and open Internet to the achievement of the Sustainable Development Goals, as well as in calling for accountability for extrajudicial killings, arbitrary detentions and other violations against people for expressing themselves online.” Importantly, the resolution “unequivocally condemns” internet shutdowns, such as the one that happened in Kashmir just last week after security forces killed guerrilla Burhan Wani.

This resolution was, in fact, adopted without any opposition. So why the brouhaha over countries like India?

Here are the facts

There were four separate amendments, two of which were proposed by Belarus, China and Russia (referred as L85, L86 in this article) and the other two were proposed by Belarus, China, Russia and Iran (referred as L87 and L88). None of these amendments comment on the paragraph in the resolution that condemns intentional disruption of access or dissemination of internet services. So the headlines in most of the reports are just plain wrong. Let’s examine each of these four amendments one by one

In L85, an amendment was suggested to a paragraph that refers to past resolutions by the UNHRC and the UN General Assembly relating to freedom of expression and the right to privacy online. The amendment, which proposed including a reference to a previous UNHRC resolution on the rights of children online, was later withdrawn.

In L86 the proposed amendments both added and removed some text, and was hotly opposed by organisations like ARTICLE19. The proposed amendment said that the same rights people have offline must also be protected online, in particular, freedom of expression and the right to privacy, in accordance with articles 17 and 19 of the International Covenant on Civil and Political Rights (ICCPR), a multilateral treaty adopted by the United National General Assembly to respect civil and political rights of individuals. Major additions: Some text on right to privacy and a reference to Article 17 of the ICCPR, which is about privacy. Major deletions: a reference to the Universal Declaration on Human Rights, and language stating that that freedom of expression is “applicable regardless of frontiers and through any media of one’s choice”, which is present in article 19 of the ICCPR. However, article 19 of the ICCPR is incorporated by reference even in the proposed amendment! So is there a real loss in purely legal terms? Not really.

The amendments in L87 sought to replace the term “human rights based approach” that stressed on the need to provide and expand access to the internet, and to replace it with the term “comprehensive and integrated approach.” The problem is that there is no clarity about what a “human rights based approach” to providing and expanding access to the internet is. What does it even mean? Is there a “human rights based approach” to spectrum auctions and spectrum sharing? Or the laying of fibre optic cables? Or anything else associated with internet access? If there is, indeed, a human rights based approach to providing and expanding access to the internet, it should be spelt out, rather than simply calling it that. Similarly, the term “comprehensive and integrated approach” is equally vague.

Even if one harbours reservations about these amendments, none of these amendments could be reasonably be characterised as “opposing” the condemnation of Internet shutdowns or “opposing” online freedoms.

Finally, in L88, the amendments proposed that the UN resolution should acknowledge concerns about using the internet and information technology for spreading ideas about “racial superiority or hatred, incitement to racial discrimination, xenophobia and related intolerance.” In the light of this, it is difficult to understand how adding concerns relating to hate speech to the resolution is seen as “being opposed” to online freedoms, especially when there is no direct action contemplated in the proposed amendment.

Indeed, in Paragraph 9, gender violence is mentioned, and in Paragraph 11, incitement to hatred is mentioned. Adding an additional, more specific reference can hardly be construed as being opposed to online freedoms. After all, states have a positive obligation to enact laws to prohibit hate speech under Article 20 (2) of the ICCPR, which is a centrepiece of international human rights law.

Even if one harbours reservations about these amendments, none of these amendments could be reasonably be characterised as “opposing” the condemnation of Internet shutdowns or “opposing” online freedoms. And factually, no states (including India, China, South Africa, Russia, and more) voted against the resolution.

A game of Chinese whispers

So why did so many prominent news organisations around the world get it so wrong? My theory is that it happened because organisation like ARTICLE19 put out press releases on what they perceived as the ‘weakening’ of the resolutions by the amendments examined above, and their regret that even democratic states like India and South Africa voted for these amendments. This was wrongly portrayed in much of the media as opposition by these countries to the resolution itself, to online freedoms, and particularly as opposition to the idea of condemning internet shutdowns. Thanks to the Chinese whispers nature of news reporting, this mistaken idea spread far and wide without any of the reporters bothering to check the original UN documents.

It is shameful if India condemns internet shutdowns at the UNHRC while deploying them for purposes such as preventing cheating during an examinations, during Ganesha visarjan, during Eid, during wrestling matches, and during protests.

However, regardless of the faulty reportage, there is a real crisis in India, with organisations like Medianama and the Software Freedom Law Centre having counted at least nine internet shutdowns this year alone, and at least 30 since 2013. It is shameful if India condemns internet shutdowns at the UNHRC while deploying them for purposes such as preventing cheating during an examinations, during Ganesha visarjan, during Eid, during wrestling matches, and during protests.

We at the Centre for Internet and Society have previously explained why a Gujarat High Court order allowing for an internet shutdown during riots was wrong in law, and violated our Constitution as well as our international human rights obligations. That is something the India media ought to be focussing far more on, but aren’t.

Lastly, it would also be welcome for the individual civil society organisations that signed an open letter to UNHRC members to explain why they too believed that these amendments would have significantly harmed our freedoms online. We see it instead as a case of ‘human rights politics’ being played out, when none of the proposed amendments would have had much of a negative legal impact, but only a political impact.

Should civil society organisations really get worked up about these?

Edited by: Pranav Dixit

For more details visit https://cis-india.org/internet-governance/blog/factordaily-pranesh-prakash-and-japreet-grewal-july-13-2016-no-india-did-not-oppose-un-move-to-make-internet-access-a-human-right

Tamil Nadu likely to hold Facebook accountable for suicide case

praskrishna — 2016-07-13T13:44:58Z

The recent suicide of a 21-year-old woman from Salem district in Tamil Nadu over her morphed pictures being uploaded on Facebook could turn into a flash-point between the state police and the world's most-popular social networking site.

The article by V. Prem Shanker was published in the Economic Times on July 13, 2016.

"We are exploring the possibility of holding Facebook accountable for the delay in responding to our requests since that was one of the factors which led to the young lady committing suicide," Salem superintendent of police Amit Kumar Singh told ET in an exclusive interaction. On June 23, the Salem police had received a complaint from the father of the 21-year-old stating that someone had uploaded her morphed nude pictures on Facebook. The father had requested the police to get the photographs removed from the site and also find and warn the perpetrator.

The police recorded the complaint the same evening and later sent what is called a 'Law Enforcement Online Request' to Facebook asking for details of the IP address from which the morphed photographs were uploaded on the website. Officials also requested Facebook to take down the objectionable photographs of the young woman.

Five days after the request was sent, Facebook responded with the IP address on June 28 and within 12 hours after that the police cracked the case and nabbed the suspect.

However, all this was a bit too late because the previous day, on June 27, the young woman had ended her life. Her morphed nude photographs were taken down only on the day of her death, according to the police.

"Apart from addressing Facebook, we also investigated the case from other angles but couldn't make headway. Thus, there was nothing we could do about the pictures still being online apart from waiting for Facebook to act," Singh said, adding "enforcement of compliance is a matter of grave concern."

Officials are considering charging Facebook with abetment to suicide and including Facebook in the chargesheet if the site is found culpable after investigations. However, the state police is said to be discussing with legal experts on how this can be done as there is no precedent for a website having been charged in a crime.

Facebook did not reply to an email seeking comment. Earlier in a communique, responding to criticisms of police inaction in this case, Singh had pointed out that "Only Facebook can block a page and it exercises this discretion as per its Facebook Community Standards and not the law of the land it is being viewed in. Facebook does not provide the police with any special powers to take down a page even if the police receive a cognizable complaint of identity theft and uploading of obscene content. There is no tool available, at least as of now, with the police to coerce or goad Facebook to act expeditiously even if the matter is very urgent and there is a flagrant violation of Indian law."

Experts point out that the disparity with which Facebook treats child abuse laws and copyright infringements as opposed to violation of women's rights is stark.

"Look at the war against child pornography. In the United Kingdom there is an independent foundation that has immunity under UK child pornography law. They generate a database and circulate it across all platforms and ensure that it is kept absolutely squeaky clean," points out Sunil Abraham, executive director of Bengaluru based research organisation, Centre for Internet and Society.

"There definitely needs to be a law to ensure that such platforms do not violate the law of the land, especially when it comes to women's rights. But in interim, the government can create an information escrow or a platform where the victims can place on record their problems and it is there for these sites to see and take action," Abraham added.

For more details visit https://cis-india.org/internet-governance/news/economic-times-v-prem-shanker-july-13-2016-tamil-nadu-likely-to-hold-facebook-accountable-for-suicide-case

Place for a safety net

praskrishna — 2016-07-13T02:45:56Z

Vinupriya took her life last week, humiliated by the morphed images of her naked body posted on a social media site. Experts warn that the spike in Internet traffic brings with it an increase in online sexual crimes. Measures must be taken urgently to save lives, they tell T.V. Jayan.

The article was published in the Telegraph on July 10, 2016.

Sangeeta (not her name) was 25 and working for a private company in Mumbai when she suddenly told her family that she was going to quit her job and stay at home. Her parents were flummoxed, but questioning and coaxing yielded no answers. As the days rolled on, the management graduate slipped into depression. Her worried family took her to a counsellor. And it was only then that she came out with her story.

Soon after she joined the company, Sangeeta got romantically involved with her boss. By the time she learnt he was married, the involvement had taken a physical turn. And when she tried to put an end to it, the man, who had recorded their intimate moments, used the video clips to blackmail her for sexual favours. After Sangeeta's confession and a police complaint, the blackmailing boss was nabbed and put behind bars.

Vinupriya, an undergraduate student from Salem, Tamil Nadu, was not so lucky. She found that her morphed images had been uploaded on Facebook. She committed suicide last week after her parents refused to believe her story, and the police failed to act swiftly.

Cyber experts are alarmed by the increase in online crimes against women in India. According to them, what is more worrying is that though the risks are catastrophic, the issues are not being addressed at a larger level.

"Vinupriya's case is particularly frightening. I suspect this would be the first of many such tragedies. They might even result in honour killings, as such crimes can destroy the reputation of families," says American cyber lawyer Parry Aftab, executive director of the voluntary organisation, Wired Safety, which she founded 20 years ago, and which deals extensively with cyber stalking and other crimes.

Earlier this week, a man was arrested in Delhi for sending obscene messages to more than 1,500 women in the National Capital Region. According to the police, the miscreant would randomly dial any number and if the caller turned out to be a woman, he would save the number and later check out her WhatsApp profile picture. He would then send obscene clips to the woman. One news report said some of the marriages were in trouble because husbands had seen the messages and suspected that their wives were in a relationship with the man sending those explicit messages.

Aftab has been studying the dangers of online stalking for a while. There are no figures on this in India, but a top United Nations official, stationed in New Delhi and dealing with trafficking, told her that about 500 rape and sexual assault cases were recorded and shared over WhatsApp in India this year.

She referred to a study conducted in the US that said one in three girls and boys engaged in sexting. Children involved in sexting contemplated suicide three times more than others of the same age, she said.

According to her, Wired Safety volunteers come across five cases of sextortion and sexting every day from Asian countries, including India, and act upon them by red-flagging social media organisations where such images are posted.

Pavan Duggal, a cyber lawyer based in Delhi, feels that social media service providers are not doing enough to stop online sexual abuse. "They are hiding behind a 2015 Supreme Court judgment, which said content can be removed only on judicial orders or in response to government notifications," he says.

The verdict he refers to was delivered in a case filed by a student called Shreya Singhal. In 2012, two girls were arrested over their Facebook post questioning the Mumbai shutdown for Shiv Sena patriarch Bal Thackeray's funeral. The incident made an impression on Singhal, a student of astrophysics at the University of Bristol, who was in India at the time.

Upon research she discovered that Section 66(A) of India's IT Act was subjective and any seemingly offensive social media post could land anyone in jail. Singhal filed a writ petition in the Supreme Court protesting that the section violated the constitutional right to freedom of speech and expression, and in 2015, the apex court ruled in her favour.

This judgment, however, emboldened cyber miscreants. "All the cyber bullies and cyber stalkers now have a misplaced feeling that nothing can happen to them," says Duggal. He points out that while the delivery of justice takes time, the harassment happens 24x7.

"Who do the victims turn to for help? There are provisions in the 2011 IT rules that clearly say that social medial service providers should have rules and regulations in place to deal with objectionable content, but they do not act," he holds.

Aftab, however, believes that some efforts are in place. She cites the example of Microsoft's PhotoDNA technology, which is used by many social media and online search firms, including Facebook, Google and Twitter, to prevent child pornography on the Internet. PhotoDNA works by creating a number of mini hashes on a single image and combining them to have a full hash. If anything is changed, even a pixel, then the hash signature will not match.

But she holds that on a larger scale, it is difficult to technologically deal with revenge porn, sextortion (using a sexual or provocative image to blackmail people for sexual favours) and sexting (sharing sexually provocative images of people, especially women) with the intention of damaging reputation.

Sunil Abraham, executive director of the Bangalore-based Centre for Internet and Society, hints at a lack of initiative on the part of the social media organisations. "When it comes to enforcing intellectual property, organisations like Facebook do an excellent job of keeping their platform free of copyright infringement," he says. "So, clearly these companies can police activities on their platform when it affects their bottom-line."

And while this debate continues, more and more Indians join the online experience, thereby increasing the chances of more such cases. Aftab, who plans to set up a voluntary organisation relating to cyber safety in India, says it is best to focus on proactive measures in the interim.

Last month, she addressed 1,200 teenage girls from a Bangalore college. "One of the first questions posed to me was from a young girl who said she was currently being blackmailed by someone who threatened to morph her pictures into sexually explicit images and send them to her family and others. Morphed image issue seems to be a lot more serious in India than in the West."

The problem, she stresses, is that such incidents can lead to self-harm. To counter this, the affected person needs to inform his or her family and enlist their support. Together, they should approach social media organisations to ensure that the objectionable content is removed in time. To prevent the offenders from doing further harm, they then need to take the help of law enforcement agencies.

"The government for its part must amplify the voices of women and hold these Internet corporations accountable for an information escrow. There should be an independent mechanism to monitor whether Internet platforms are taking complaints from women seriously," Abraham says. Only then can a young girl like Vinupriya pluck up the courage to fight online abuse.

For more details visit https://cis-india.org/internet-governance/news/the-telegraph-july-10-2016-place-for-a-safety-net

Trans Pacific Partnership and Digital 2 Dozen: Implications for Data Protection and Digital Privacy

Shubhangi Heda — 2016-07-12T07:56:24Z

In this essay, Shubhangi Heda explores the concerns related to data protection and digital privacy under the Trans Pacific Partnership (TPP) agreement signed recently between United States of America and eleven countries located around the pacific ocean region, across South America, Australia, and Asia. TPP is a free trade agreement (FTA) that emphasises, among other things, the need for liberalising global digital economy. The essay also analyses the critical document titled ‘Digital 2 Dozen’ (D2D), which compiles the key action items within TPP addressing liberalisation of digital economy, and sets up the relevant goals for the member nations.

1. Introduction

2. Analysis of TPP and D2D

2.1. Trans Pacific Partnership (TPP)

2.2. Digital 2 Dozen (D2D)

3. Major Criticisms of the Digital Agenda of TPP

3.1. Data Protection

3.2. Digital Privacy

4. Implications of TPP for RCEP

5. Implications of TPP in the Context of EU Safe Harbour Judgement

6. Implications of TPP for India after US-India Cyber Relationship Agreement

7. Conclusion

8. Endnotes

9. Author Profile

1. Introduction

This essay explores the concerns related to data protection and digital privacy under the Trans Pacific Partnership (TPP) agreement signed recently between United States of America and eleven countries located around the pacific ocean region, across South America, Australia, and Asia [1]. TPP is a free trade agreement (FTA) that emphasises, among other things, the need for liberalising global digital economy. The essay also analyses the critical document titled ‘Digital 2 Dozen’ (D2D), which compiles the key action items within TPP addressing liberalisation of digital economy, and sets up the relevant goals for the member nations. TPP requires the member countries to facilitate unhindered digital data flow across nations, for commercial and governmental purposes, which evidently have major implications for national and regional data protection and privacy regimes. These implications must also be seen in the context the recent judgement by the EU Court of Justice against the validity of the EU-USA data transfer agreement of 2000. Further, the essay discusses the potential impacts that TPP/D2D might have on India, in the context of the ongoing USA-India Cyber Relationship dialogue. If the privacy concerns are not raised right now TPP might act as a model framework for future FTAs which will fail to encompass proper data protection and digital privacy regime within it.

2. Analysis of TPP and D2D

2.1. Trans Pacific Partnership (TPP)

Trans Pacific Partnership (TPP) is a large multi-partner free trade agreement amongst twelve Asia-Pacific countries, which is closely led by geo-political and economic strategies of the USA. Countries started the negotiation of TPP in 2008 when USA joined Pacific Four (P-4) negotiations and in 2015 negotiations of TPP was concluded and text was released. Ministers from the member countries signed the agreement on February 4, 2016 [2]. The main aim of TPP is to liberalise trade and investment beyond what is provided for within the WTO. It is also considered to be a strategic move by the US to counter the trade linkages that are being established in the Asian region. TPP largely covers topics of market access, and rules on various related issues such as intellectual property rights, labour laws, and environment standards [3].

Between 1992 -2012 there has been an upsurge in bilateral trade agreements being signed in Asia from 25 to 103 and the effect of these FTAs is called the ‘noodle bowl effect’. TPP is seen as framework which will replace these FTAs which are causing the ‘noodle bowl effect’.While these FTAs are being replaced but with TPP being signed there are various bilateral arrangements signed along with TPP. USA has also stated that TPP will not affect the already existing NAFTA [4]. While TPP is being concluded there is another free trade agreement being negotiated between USA and EU , which is Trans Trade and Investment Partnership (TTIP). Both TPP and TTIP and are considered to be serving similar objective which is to deal with new and modern trade issues. Also both the agreements are US led and since negotiation for TPP are now finalised it may have a significant impact on TTIP [5].

TPP is one of the first document which deals specifically with digital economy and applies across borders. The main aims of TPP are to promote free flow of data across borders without data localisation. It aims to remove national clouts and regional internets. It also includes provisions to combat theft of trade secrets. It allows you to create transparent regulatory process with inputs from various stakeholders. It also aims to provide access to tools and procedures for conduct of e-commerce [6].

Some of the major criticism to TPP were regarding the issues related to [7]:

environment, wherein it does not address the issue of climate change and the language used in the agreement is very weak;
labour rights provision mandates parties to adhere to the ILO provision but it does not seem to provide for effective framework and might not bring the desired change;
investment chapter is seen to be controversial because of the investor state dispute settlement clause which will allow foreign investor to sue government over policies that might cause harm to them;
e-commerce and telecommunication chapter raises major privacy concerns;
intellectual property chapter wherein it includes controversial rules regarding pharmaceutical companies and data exclusivity apart from the privacy concerns.

2.2 Digital 2 Dozen (D2D)

D2D is set of rules and aims which is specifically drafted to be followed for the trade agreements related to open internet and digital economy. More specific aims of TPP as provided within the ‘Digital 2 Dozen,’ aiming for more liberalised trade in digital goods and services, are [8]:

promoting free and open internet,
prohibiting digital custom duties,
securing basic non-discrimination principles,
enabling cross-border data flows,
preventing localization barriers,
barring forced technology transfers,
advancing innovative authentication methods,
delivering enforceable consumer protections,
safeguarding network competition,
fostering innovative encryption products, and
building an adaptable framework.

Strategic goal of the US in introducing D2D as goals of TPP has been to set up a trend within Asian region for all the trade agreements. It is expected to ensure that if TPP is a success, similar goals and policy frameworks will be followed for other trade agreements as we. For example, the USA-India partnership also enshrines similar aims and so does the USA-Korea partnership. Hence while India is not part of TPP, USA is nonetheless trying to get India into a partnership which is similar to the TPP. The language proposed by the USA in TPP negotiations has always been supportive for cross border data flows as it claims that companies have mechanism to keep a privacy check and privacy would not be undermined, but countries like New Zealand and Australia which have strong privacy protection laws nationally have raised concerns which will be discussed in further sections [9]. Also not only in privacy rights but Digital Dozen initiative also affects other digital rights related to - excessive copyright terms TPP proposed to extend the term of copyright to hundred years which deprive access to knowledge; as in the U.S motive to give more power to private entities , the ISP obligations enumerated within TPP which puts freedom of expression and privacy at risk as ISPs are allowed to check for copyright infringement and TPP does not put any privacy restriction in this regard; introduction of new fair use rules; ban on circumvention of digital locks or DRMs; no compulsory limitation for persons with disabilities; lack of fair use for journalistic right; while net neutrality is major issue is many developing nations in Asia no effective provision for net neutrality is aimed at in the D2D initiative; prohibits open source mandates which puts barrier for countries which want to release any software as open source as a policy decision [10].

3. Major Issues Related to Data Protection and Privacy in the TPP

3.1. Data Protection

One of the major concern raised against TPP is regarding data protection provisions that have been integrated within the E- Commerce chapter of the agreement. Article 14.11 and Article 14 .13 are the ones that deal with data flow related to consumer information.Article 14.11 in the agreement puts a requirement on the member states to allow transfer of data across border and Article 14.13 does not allow the companies to host data on local servers. Concerns were raised in few member states for instance, Australian Privacy Foundation raised concerns over Article 14.11 which requires transfers to be allowed in context of business activities of service suppliers. It claimed that exception to this provision is very narrow and the repercussion for not following the exception is that investor state dispute settlement proceedings can be initiated, which is not sufficient to protect privacy. Also, it highlighted the issue that with the narrow exception provided under Article 14.13 which relates to prohibition on data localisation, it might have adverse effect on the implementation of national privacy laws within Australia [11].

Another provision which is of major concern is Article 14.13 which prohibit data localisation. It will raise problems for countries like Indonesia and China which will have to change their local laws to implement the provision [12]. Since there already has been a major concern with regard to USA- EU Safe Harbour Agreement which was later made subject to the ECJ’s ruling on data protection, which invalidated any arrangement which provides voluntary enterprises responsibility to enforce privacy. But both the USA and EU are in process of renegotiating the agreement.The major concern was that in EU data protection is a fundamental right while in USA data protection is more consumer centric. When similar concerns were raised in TPP negotiations, they were rebutted as USA claimed that FTA does not concern itself with data protection [13].

In 2012 Australia proposed an alternative language to TPP which allowed countries to place restriction on data flow as long as it was not a barrier to trade. U.S responded to concerns raised by the Australia through a side letter which ensured Australia that U.S and Australia have a mutual understanding in relation to privacy and U.S will ensure the privacy of data with regards to Australia. While Australia’s concern was given acknowledgement other countries which raised similar issues were not given any assurances [14]. US instead proposed ad- hoc strategy that gave private companies power to form privacy policy with implementation through state machinery [15].

3.2. Digital Privacy

Article 14.8 in the E- Commerce chapter of the agreement states that countries can form legal framework for the protection of rights but the kind of ‘legal framework’ is not defined. Also, nowhere it states that the privacy protection or data protection laws are expressly exempted, rather it states that any such policy implemented by member states will be put under review of TPP standards. The standards which TPP proposes to follow are based on the underlying idea that any such policy should not hinder free trade in any way. This test will be applied by tribunals which are experts in trade and investment and not on data protection or human rights [16]. While Article 14.8 provides for protection of private information of consumers but the footnote to the provision renders it ineffective. The footnote states that member countries can adopt legal framework for the protection of data which can be done by self-regulation by industry and does not provide for any comprehensive data protection obligation upon the member states [17]. Similar to this Article 13.4 of the telecommunications chapter under TPP also states that the countries can apply regulation regarding confidentiality of the messages as long as it is not “a means of arbitrary or unjustifiable discrimination or a disguised restriction on trade in services" [18].

Another chapter which raises major concerns about the privacy rights is intellectual property. It affects privacy through the provisions related to technological protective measures and the provision that regulate ISP’s liability. Regarding the TPM provision, the TPP follows the DMCA model whereby the exception to anti- circumvention provision is very narrow and does not apply to anti- trafficking provision. The exception allows user to circumvent TPM if it affect the user's privacy in any way, although this provision does not apply to ant- trafficking of TPM. The provision regarding ISP’s liability states that there should be cooperation between ISPs and rights holders and it does not prohibit ISPs to monitor its users. Also TPP proposes the notice for takedown and identification of the infringer by the ISP but this provision is not in consonance with laws of member states, like that of Peru which does not have any copyright law on ISP . Also many countries have tried to introduce proper privacy laws along with implementation of ISP liability but that is not done within the TPP [19]. TPP as whole aims to give greater power to private regulators without providing for minimum standard for protection of privacy.

Although TPP is not a data protection agreement but it consequently deals with various aspects of data protection, hence it is prospective model for privacy and data protection practices in future trade agreements. If positive obligations are included within the free trade agreements it will have an advancing impact on the data protection regime.

4.Implications of TPP for RCEP

While TPP has such lacunas similar provision are proposed in RCEP to which India is a party and which will have serious implication as many of the countries have inadequate data protection laws nationally and with the introduction of such an FTA the exploitation of privacy rights will be rampant [20]. To avoid this EU directive on data protection should be taken into consideration in the negotiations of such FTAs. But for the RCEP negotiations are still going on and in India many companies like Flipkart, Snapdeal etc. have started preparing for the changing norms. The government claims that it is going to accept best practices in the region which indicates that it is going to have same policies as that of TPP. Although people from industry have raised concerns that while there are national laws but it is difficult to check third party involvement within the business and it is becoming increasingly difficult to keep the consumer data confidential [21].

5. Implications of TPP in the Context of EU Safe-Harbour Judgement

Mr. Maximillian Schrems, an Austrian National residing in Austria, has been a user of the Facebook social network since 2008. Any person residing in EU who wishes to use Facebook is required to conclude, at the time of his registration, a contract with Facebook Ireland (a subsidiary of Facebook Inc. which itself is established in Unites States). Some or all of the personal data of the Facebook Ireland’s users who residing in EU is transferred to servers belonging to Facebook Inc. that are located in United States, where it undergoes processing. On 25 June 2013 Mr Schrems made a complaint to the commissioner by which he in essence asked the latter to exercise his statutory powers by prohibiting Facebook Ireland from transferring his personal data to Unites States, and this led to the Maximillian Schrems v Data Protection Commissioner case [22]. He contended that in his complaint that the law and practice in force in that country did not ensure adequate protection of the personal data held in its territory against the surveillance activities that were engaged in thereby by the public authorities. Mr Schrems referred in this regard to the revelations made by Edward Snowden concerning the activities of the United States intelligence services, in particular those of the NSA.(para 26, 27, 28). The case came in the court ruled that “that a third country which ensures an adequate level of protection, does not prevent a supervisory authority of a Member State, within the meaning of Article 28 of the EU 94/46 directive as amended, from examining the claim of a person concerning the protection of his rights and freedoms in regard to the processing of personal data relating to him which has been transferred from a Member State to that third country when that person contends that the law and practices in force in the third country do not ensure an adequate level of protection. The ruling implies that personal data cannot be transferred to third country which does not provide adequate level of protection.

EU safe harbour judgment and EU directive on privacy provide contrasting rules related to privacy. While TPP gives power to private entities to formulate rules regarding privacy while the recent ECJ judgment invalidated giving such power to private entities under EU-US Safe Harbour Agreement. Also in context of the same judgment Hamburg’s Commissioner for Data Privacy And Freedom of Information announced an investigation into the data transfer taking place through Facebook and Google to U.S. Hence in the light of the recent judgment member states within EU are not allowed to permit cross border data flow, in contrast to this one of the main goals of TPP is to maintain free flow of data across border [23]. EU is this regard has also set forth the proposal to introduce General Data Protection Regulation. (GDPR). Although U.S and EU are trying to renegotiate the agreement but the privacy concerns raised cannot be ignored. Hence following the same model as was invalidate under the ECJ judgment lets US exploit privacy of member states under TPP. Similar concerns as raised within the judgment are also raised in India as it also following the same model within U.S-India Cyber Relationship Agreement and in RCEP negotiations.

6. Implications of TPP in the context of USA-India Cyber Relationship

While India is not part of TPP but it might have an effect on the U.S India Cyber Relationship Agreement. In August 2015 there was re- initiation of the India-U.S cyber dialogue to address common concerns related to cybersecurity and to develop better partnerships between public and private sector for betterment of digital economy [24]. One of the key aim of this agreement is free flow of information between two nations, which suffers from similar problem that it will put privacy of the citizens at risk. Also India does not have any bilateral treaty which ensures cyber data protection in such a scenario the only solution is data localisation, but this agreement will put data at risk [25]. Hence while the TPP negotiations were going on and also RCEP is being discussed the concerns about privacy and data protection need to be raised as mention in earlier section regarding implications of TPP on RCEP, the USA-India Cyber Relationship also faces the same implications..Although the aim of USA-India Cyber Relationship is to ensure cybersecurity. After the cases of Muzaffarnagar riots, upheaval in North -Eastern states and Gujarat riots, India has realised it is important to ensure compliance from the social media companies. India sees the USA-India Cyber Relationship as an opportunity to achieve this goal. The Google Transparency Report states that that India made around three thousand requests to Google for user data [26], which indicate at the country's interest in having a common data understanding with the major social media companies (almost all of which are located in USA) about requesting and sharing of user activity data. While this concern is being addressed through the agreement, it is difficult to ignore the clause related to free flow of information, and if the meaning of the term is extended and adopted from TPP itself will put digital privacy of Indian citizens at risk [27].

7. Conclusion

Even though TPP negotiation are completed but the ratification of the agreement is still underway. TPP is being seen as one of a kind trade agreement because it is the first time that countries across the globe have come together as a whole to address concerns of modern trade. Although it fails to address some of the key concerns related to privacy and data protection which are becoming increasingly important. Data protection and privacy issues cannot be seen in isolation and needs to merged within the modern day trade agreements. The D2D component by the USA is strategic move to have trade dominance in Asia and to compete with China’s growth . TPP has privacy and data protection lacunae within the e- commerce , telecommunications and intellectual property discussion.Although it might have serious implications on RCEP negotiation and USA- India Cyber Relationship Dialogue. Similar concern regarding data protection has already been addressed by ECJ judgment invalidating USA-EU Safe Harbour Agreement but the similar ad - hoc strategy has been incorporated within TPP. Since TPP might be considered as best practice model for future FTAs in the Asian region it is important to raise and address these privacy concerns now.

8. Endnotes

[1] The signatory countries include Australia, Canada, Japan, Malaysia, Mexico, Peru, United States of America, Vietnam, Chile, Brunei, Singapore, New Zealand. "The Trans-Pacific Partnership," http://www.ustr.gov/tpp (last visited Jul 7, 2016).

[2] "The Origins and Evolution of the Trans-Pacific Partnership (TPP)," Global Research, http://www.globalresearch.ca/the-origins-and-evolution-of-the-trans-pacific-partnership-tpp/5357495 (last visited Jul 7, 2016).

[3] Fergusson, Ian F., Mark A. McMinimy & Brock R. Williams, "The Trans-Pacific Partnership (TPP): In Brief," (2015), http://digitalcommons.ilr.cornell.edu/key_workplace/1477/ (last visited Jul 1, 2016).

[4] Gajdos, Lukas, The Trans-Pacific Partnership and its impact on EU trade, Policy Department, Directorate-General for External Policies, Policy Briefing (2013), http://www.europarl.europa.eu/RegData/etudes/briefing_note/join/2013/491479/EXPO-INTA_SP(2013)491479_EN.pdf.

[5] Twining, Daniel, Hans Kundnani & Peter Sparding, Trans-Pacific Partnership: geopolitical implications for EU-US relations, Policy Department, Directorate-General for External Policies, June 24 (2016), http://www.europarl.europa.eu/RegData/etudes/STUD/2016/535008/EXPO_STU(2016)535008_EN.pdf.

[6] USTR, "Remarks by Deputy U.S. Trade Representative Robert Holleyman to the New Democrat Network," https://ustr.gov/about-us/policy-offices/press-office/speechestranscripts/2015/may/remarks-deputy-us-trade (last visited Jul 4, 2016).

[7] Murphy, Katharine, "Trans-Pacific Partnership: four key issues to watch out for," The Guardian, November 6, 2015, https://www.theguardian.com/business/2015/nov/06/trans-pacific-partnership-four-key-issues-to-watch-out-for (last visited Jul 7, 2016).

[8] USTR, "The Digital 2 Dozen" (2016), https://ustr.gov/sites/default/files/Digital-2-Dozen-Final.pdf (last visited Jul 1, 2016).

[9] Fergusson, Ian F.m Mark A. McMinimy & Brock R. Williams, "The Trans-Pacific Partnership (TPP) negotiations and issues for congress," (2015), http://digitalcommons.ilr.cornell.edu/key_workplace/1412/ (last visited Jul 8, 2016).

[10] "How the TPP Will Affect You and Your Digital Rights," Electronic Frontier Foundation (2015), https://www.eff.org/deeplinks/2015/12/how-tpp-will-affect-you-and-your-digital-rights (last visited Jul 7, 2016).

[11] Australian Privacy Foundation (APF), Trans Pacific Partnership Agreement (2016), https://www.privacy.org.au/Papers/Parlt-TPP-160310.pdf.

[12] Greenleaf, Graham, "The TPP & Other Free Trade Agreements: Faustian Bargains for Privacy?," SSRN (2016), http://papers.ssrn.com/sol3/Papers.cfm?abstract_id=2732386 (last visited Jul 1, 2016).

[13] "GED-Project: Transatlantic Data Flows and Data Protection," GED Blog (2015), https://ged-project.de/topics/competitiveness/transatlantic-data-flows-and-data-protection-the-state-of-the-debate/ (last visited Jul 1, 2016).

[14] Geist, Michael, "The Trouble with the TPP, Day 14: No U.S. Assurances for Canada on Privacy," (2016), http://www.michaelgeist.ca/2016/01/the-trouble-with-the-tpp-day-14-no-u-s-assurances-for-canada-on-privacy/ (last visited Jul 4, 2016).

[15] Aaronson, Susan Ariel, "What does TPP mean for the Open Internet?" From Policy Brief on Trade Agreements and Internet Governance Prepared for the Global Commission on Internet Governance (2015), https://www.gwu.edu/~iiep/events/DigitalTrade2016/TPPPolicyBrief.pdf (last visited Jul 5, 2016).

[16] Lomas, Natasha, "TPP Trade Agreement Slammed For Eroding Online Rights," TechCrunch, http://social.techcrunch.com/2015/11/05/tpp-vs-privacy/ (last visited Jun 30, 2016).

[17] "Q&A: The Trans-Pacific Partnership," Human Rights Watch (2016), https://www.hrw.org/news/2016/01/12/qa-trans-pacific-partnership (last visited Jul 1, 2016).

[18] "TPP Full Text Released," People Over Politics (2015), http://peopleoverpolitics.org/2015/11/07/tpp-just-as-bad-as-you-thought/ (last visited Jul 7, 2016).

[19] "Right to Privacy in Trans-Pacific Partnership (TPP ) Negotiations," Knowledge Ecology International, http://keionline.org/node/1164 (last visited Jul 1, 2016).

[20] Asian Trade Centre, "E-Commerce and Digital Trade Proposals for RCEP (2016)," http://static1.squarespace.com/static/5393d501e4b0643446abd228/t/575a654c86db438e86009fa1/1465541967821/RCEP+E-commerce+June+2016.pdf (last visited Jul 1, 2016).

[21] "E-commerce companies like Flipkart, Snapdeal to beef up data security to meet RCEP norms," The Economic Times, http://economictimes.indiatimes.com//articleshow/49068419.cms (last visited Jul 1, 2016).

[22] ECLI:EU:C:2015:650 (C -362/14)

[23] King et al., "Privacy law, cross-border data flows, and the Trans Pacific Partnership Agreement: what counsel need to know," Lexology, http://www.lexology.com/library/detail.aspx?g=b5c0b400-8161-4439-a4b7-131552ad5209 (last visited Jul 4, 2016).

[24] "U.S.-India Business Council Applauds Resumption of Cybersecurity Dialogue," U.S.-India Business Council (2015), http://www.usibc.com/press-release/us-india-business-council-applauds-resumption-cybersecurity-dialogue (last visited Jul 5, 2016).

[25] Sukumar, Arun Mohan, "India Is Coming up Against the Limits of Its Strategic Partnership With the United States," The Wire (2016), http://thewire.in/40403/india-is-coming-up-against-the-limits-of-its-strategic-partnership-with-the-united-states/ (last visited Jul 4, 2016).

[26] Countries – Google Transparency Report, https://www.google.com/transparencyreport/userdatarequests/countries/ (last visited Jul 8, 2016).

[27] Sukumar, Arun Mohan, "A case for the Net’s Ctrl+Alt+Del," The Hindu, September 5, 2015, http://www.thehindu.com/opinion/op-ed/a-case-for-the-nets-ctrlaltdel/article7616355.ece (last visited Jul 5, 2016).

9. Author Profile

Shubhangi Heda is a Student of Jindal Global Law School, O.P Jindal Global University. She has completed her fourth year. She gives due importance to popular culture in her life and loves to read fiction and like to watch TV-shows, her favorite being 'White Collar'.

For more details visit https://cis-india.org/internet-governance/blog/tpp-and-d2-implications-for-data-protection-and-digital-privacy

India may not be guilty of opposing UN move to save internet rights

praskrishna — 2016-07-09T02:58:53Z

India is a democratic country, but the standards for freedom of expression promised to us—online and offline—are highly questionable, especially with online content being censured and comedians being threatened to be arrested for sedition.

This was published by Ciol on July 7, 2016.

So the media criticism came as no surprise when India supported the amendments proposed by countries like China and Russia last week when the United Nations Human Rights Council (UNHRC) passed a resolution on the “promotion, protection and enjoyment of human rights on the Internet”.

According to some media reports, countries like Russia, China, and Saudi Arabia, as well as democracies like South Africa and India, called for the UN to delete a passage in the resolution that ‘condemns unequivocally measures to intentionally prevent or disrupt access to our dissemination of information online’.”

India has also been struggling to draft a comprehensive privacy bill, and most recently came out with a geospatial information regulation bill that would establish ownership over all forms of location data.

However, the fact that the resolution was adopted without a vote (with oral revision)—as noted by the UNHRC—puts these news reports on a faulty ground. So technically, India did not ‘vote against’ the resolution. Moreover, none of the four amendments supported by India called for the deletion of a passage that condemned the prevention or disruption of Internet access and online information dissemination, as noted by the Centre for Internet and Society. Although, India flouts the said clause in spirit, back at home.

Out of the four amendments—L85-88 in the UNHRC resolution–the first amendment (L85) sought to include a reference to fighting against the exploitation of children online. This was withdrawn by Russia before it was considered by member states. L86 can truly be described as diluting language regarding freedom of expression online. L88 includes reference to hate speech, asks to introduce a new paragraph that states “Expresses its concern at the use of the Internet and information and communications technology to disseminate ideas based on racial superiority or hatred, and incitement to racial discrimination, xenophobia, and related intolerance.” This amendment was proposed by Belarus, China, Iran and the Russian Federation.

Considering that the Internet and other online media technologies are increasingly used for incitement and as a means of propagating intolerance and xenophobia in India and other Asian countries, the resolution does touch on an important issue. But it doesn’t seek to limit internet freedom particularly.

For more details visit https://cis-india.org/internet-governance/news/ciol-july-7-2016-india-may-not-be-guilty-of-opposing-un-move-to-save-internet-rights

India No Haven For Net Freedom But It Did Not Oppose UN Move on Internet Rights

praskrishna — 2016-07-09T02:25:51Z

India hasn’t had the best record when it comes to Internet rights. The country regularly carries out Internet shutdowns under flimsy pretexts, is still fumbling when it comes to the drafting of a comprehensive privacy bill, and most recently came out with a geospatial information regulation bill that would establish ownership over all forms of location data.

The article by Anuj Srinivas was published in the Wire on July 6, 2016.

So, last week, when the United Nations Human Rights Council (UNHRC) passed a resolution on the “promotion, protection and enjoyment of human rights on the Internet”, it wasn’t surprising to see the wave of media criticism of the amendments that were proposed by countries such as China and Russia – and which were supported by India.

South Africa’s Mail & Guardian ran a story headlined “South Africa votes with China, Russia and India against Internet freedoms in UN resolution”. Private Internet Access’s headline was “These 17 Countries Don’t Believe that Freedom of Expression on the Internet is a Human Right”. Popular tech website The Verge noted that the resolution was opposed “by a minority of authoritarian regimes including Russia, China and Saudi Arabia, as well as democracies like South Africa and India. These nations called for the UN to delete a passage in the resolution that ‘condemns unequivocally measures to intentionally prevent or disrupt access to our dissemination of information online’.”

The Verge‘s report was followed up by a number of Indian publications including IndiaToday and Medianama – the latter incorrectly stating that the UNHRC resolution “recognised Internet usage as a basic human right – as well a host of other global publications.

The facts
There were two fundamental mistakes with some of these reports. Firstly, the resolution was adopted without vote (with oral revision) as noted by the UNHRC. Therefore, while there were a number of countries which co-sponsored the resolution and many that didn’t, it is completely wrong to state that India – as the Mail & Guardian reported – or any other country, voted against the resolution.

Secondly, as noted by the Centre for Internet and Society, none of the four amendments supported by India called for the deletion of a passage that condemned the prevention or disruption of Internet access and online information dissemination. Although it may fit neatly within India’s history of issuing Internet block orders, no country was opposed to this paragraph at the UNHRC forum (although many countries including India flout this clause in spirit back at home). No such amendment was proposed.

What then were these four amendments, which Article 19, an organisation that advocates freedom of expression, statedwould “substantially weaken the resolution”? Out of the four amendments (referred to as L85-88 in the UNHRC resolution), the first amendment (L85) – which sought to include a reference to fighting against the exploitation of children online – was withdrawn by Russia before it was considered by member states.

The other three amendments, while not completely endorsed by the countries that co-sponsored the resolution, do carry a certain level of nuance. Only one of the amendments (L86) can truly be described as diluting language regarding freedom of expression online, although this could have been potentially a result of procedural politics.

L88: Including Reference to Hate Speech
This amendment – proposed by Belarus, China, Iran and the Russian Federation – asks to introduce a new paragraph that states:

“Expresses its concern at the use of the Internet and information and communications technology to disseminate ideas based on racial superiority or hatred, and incitement to racial discrimination, xenophobia and related intolerance.”

Article 19 says of this amendment that it would “undermine the intended focus of the draft resolution on protecting human rights online, in particular freedom of expression..” While it is true that a few paragraphs of the resolution’s preamble include a reference to hate speech, it is difficult to see what harm this amendment would have brought in and even more difficult to accept that it would dilute the focus of the overall resolution.

Using the Internet and other online media technologies for incitement and as a means of propagating intolerance and xenophobia is a very real problem in India and other Asian countries, the most notable example of which was the role that social media played in the exodus of north-east Indian migrants from Bangalore four years ago. While shutdowns are obviously not the best way of dealing with this, it is important to acknowledge the role of the Internet as a medium in this aspect. In sum, this amendment certainly would not have diluted the resolution’s aim of promoting freedom of expression online.

L87: Human-Rights Approach
The second amendment replaces the term “human rights-based approach” with “comprehensive and integrated approach” in two paragraphs on expanding Internet access:

PP17: Stressing the importance of applying a comprehensive and integrated (human rights-based approach) in providing and expanding access to the Internet and for the Internet to be open, accessible and nurtured by multistakeholder participation,

OP5: Affirms also the importance of applying a comprehensive and integrated (human rights-based approach) in providing and in expanding access to Internet and requests all States to make efforts to bridge the many forms of digital divides..

This amendment was a little trickier. According to people involved in the country stakeholder discussions, whom The Wirespoke with, the aversion to a ‘human-rights’ approach towards expanding Internet access came as a result of China and Russia playing procedural politics. The language that was proposed in the amendment – “comprehensive and integrated” – while certainly not the strongest possible language that could have been used, would not have legally diluted the proposal to expand Internet access while maintaining an open and multistakeholder approach towards Internet governance.

Stepping back, what would a human rights-based approach in expanding Internet access look like? Would it include legitimising the act of zero-rating and the approval of schemes such as Facebook’s Free Basics? Both of which, incidentally, have been banned in India. While the proposed amendment certainly does not speak well of the motivations of China, Russia and India, the term is also vague enough that its mere removal doesn’t indicate a lack of support towards Internet freedom.

L88 – Right to privacy and removal of UDHR reference
This amendment, proposed by China and the Russian Federation, was more straightforward. In two paragraphs, it sought to add the specific term ‘right to privacy’, while in another paragraph it proposed removing reference to language from, and articles in, the Universal Declaration of Human Rights. Had the amendment been passed, the changes in the following paragraphs would have been made:

PP7: Noting that the exercise of human rights, in particular the right to freedom of expression and the right to privacy, on the Internet is an issue of increasing interest and importance as the rapid pace of technological development enables individuals all over the world to use new information and communication technologies,

OP15: Decides to continue its consideration of the promotion, protection and enjoyment of human rights, including the right to freedom of expression and the right to privacy, on the Internet and other information and communication technology, as well as of how the Internet can be an important tool for fostering citizen and civil society participation, for the realisation of development in every community and for exercising human rights, in accordance with its programme of work.

OP1: Affirms that the same rights that people have offline must also be protected online, in particular freedom of expression ~~which is applicable regardless of frontiers and through any media of one’s choice~~, and the right to privacy in accordance with articles 17 and 19 of the ~~Universal Declaration of Human Rights and the~~ International Covenant on Civil and Political Rights;

On one hand, this amendment would have added specific reference to the right to privacy. That specific term doesn’t appear in the draft resolution, although there are a few references to privacy in general in the resolution’s preamble.

However, the addition of a ‘right to privacy’ is coupled with a watering down of clear references to the protection of freedom of expression. Cynical observers would rightly note that China and Russia are probably less concerned with online privacy and more irked with the clear support of freedom of expression “regardless of frontiers” and “in accordance with the Universal Declaration of Human Rights”; which is probably why this particular proposed amendment combined both issues to improve its chances of passing. While there is little doubt that this amendment would have diluted the resolution’s focus on protecting freedom of expression, the alternative phrasing also doesn’t create legal loopholes that renders it useless. Moreover, it still contains reference to the International Covenant on Civil and Political Rights, especially Article 19, which goes beyond Article 19 of the UDHR .

India, a guardian?
It would be naive and wrong to take a strong position either way. To state that the amendments supported by India are all antithetical to the spirit of the UNHRC resolution, as some have done, is simply incorrect. On the other hand, this doesn’t mean India, and even less, China and Russia, are guardians of Internet freedom.

The UNHRC resolution in its entirety is a fine document. While non-binding, it provides a foundation for claiming that the same rights people have offline “must also be protected online”. Other crucial sections state that governments “should ensure accountability for all human rights violations and abuses committed against persons for exercising their human rights online”, while condemning “measures to intentionally prevent or disrupt access to or dissemination of information online”.

While the amendments India supported may not wholly oppose this resolution, it is also true that successive Indian governments also do not have an admirable track-record of upholding the resolution’s aims. Freedom for online speech had to be reclaimed in the form of court judgements, with the current government still supporting regulations that would allow it clamp down on online freedom of expression. In certain states within the country, Internet shutdowns happen without public explanations or justifiable reasoning. Over the last four years, for instance, Jammu and Kashmir has lost 18 days of Internet access. While it may not have wholly opposed the UNHRC resolution, the country still has a ways to go in terms of Internet freedom.

For more details visit https://cis-india.org/internet-governance/news/the-week-anuj-srinivas-july-6-2016-india-no-haven-for-net-freedom-but-did-not-oppose-un-move-on-internet-rights

Flashpoint #TrollControl: Maneka versus NCW

praskrishna — 2016-07-09T02:11:59Z

Amidst the debate over controlling online trolls - the proposal by Union Women and Child Development Minister to curb violence against women on the internet has triggered a fight between the minister and the National Commission for Women (NCW).

While Maneka Gandhi asked the NCW to monitor the internet to control trolls against women - NCW Chief Lalitha Kumaramangalam questioning the feasibility of the Minister's proposal, saying the internet is too big a space to be monitored. Sunil Abraham was interviewed. Times Now Television interviewed Sunil Abraham on this. Watch the video here.

For more details visit https://cis-india.org/internet-governance/news/times-now-july-8-2016-flashpoint-troll-control-maneka-versus-ncw

FB & Google have already monopolised Indian cyberspace

praskrishna — 2016-07-08T15:59:46Z

In an interview with Catch, Sunil Abraham, executive director of Center for Internet & Society, puts the recent US-India cyber relationship framework into perspective. Abraham also talks about how Indian surveillance policies are outdated and why the country has failed to check the hegemonic tendencies of companies like Facebook and Google.

The interview was published by Catch News on July 3, 2016.

US-India signed a cyber relationship framework earlier this month. Could you explain some of the takeouts that may have important implications in the near future?

In the framework, both sides have made a "commitment to the multi-stakeholder model of Internet governance" - in immediate practical terms that means India will accept the Internet Assigned Numbers Authority (IANA) transition proposed for the Internet Corporation for Assigned Names and Numbers (ICANN). Unfortunately, as my colleague Pranesh Prakash points out "U.S. state control over the core of the internet's domain name system is not being removed by the transition that is currently underway."

India along with Brazil and other emerging powers should have insisted that the question of jurisdiction be addressed before the transition. We must remember, that the multi-stakeholder model is just a fancy name for open and participatory self-regulation by the private sector. While the multi-stakeholder model is useful as a complement to traditional state-led regulation, it cannot be used to protect human rights or ensure the security of a nation state.

[That is precisely why - the very next sentence in the announcement for the the framework for the US-India Cyber Relationship says "a recognition of the leading role for governments in cyber security matters relating to national security". This is because ICANN-style multistakeholderism requires all stakeholders to be on "equal footing" without "distinct roles and responsibilities". In other words, the governments are saying that the multistakeholder model is fine for all Internet Governance areas with the exception of Cyber Security. Given the limits of the multistakeholder model this is indeed the wise thing to do. Since American corporations dominate the Internet, US foreign policy has historically pushed for the multistakeholder model as fig leaf for forbearance and reduced foreign regulatory burden American corporations operating in other jurisdictions. Therefore India must not drink the multistakeholder cool-aid whole sale. It cannot afford a laissez-faire approach where it waits for corporations to self-regulate - it must regulate whenever public interest or human rights are harmed. In other words, it must go beyond the multistakeholder model and produce appropriate regulation where necessary. Needless to add - it must also deregulate in areas where harms don't exist. Apart from this many of the details of the announcement are positive steps that will increase security in India and the USA, and indeed the also across the world.]

What are some aspects of Intellectual Property Rights that should be looked at, in the context of the framework?

There is some language around Intellectual Property Rights (IPR) that should be examined carefully too. The US corporations benefit from a maximalist IP regime. But Make in India, Digital India and Startup India all depend on flexibilities to the IP regime and therefore India should refuse signing. Trans-Pacific Partnership (TPP) obligations like the "Digital 2 Dozen" which the US is actively proselytizing across the Pacific. If we make that mistake, we will make zero progress in indigenous security research and product development and also many other areas of our economy, health sector and education sector will be severely compromised. Therefore it would be best to keep IP rights expansion and enforcement out of the framework for the US-India Cyber Relationship.

The PIL seeking a ban on WhatsApp was refused by the SC recently. Encrypted messaging services like Telegram however, have been used in the past by terror groups. What's your take on such end-to-end encryption services?

Privacy and security are two sides of the same coin. You cannot have one without the other. End-to-end encryption is the basis for online privacy. End-to-end encryption is a pre-requisite for many legitimate actions of law abiding citizens online such as commerce, banking, tele-medicine, protection of intellectual property, witness/source protection, client confidentiality etc. Therefore, banning end-to-end encryption would mean the death of individual privacy and national security.

If the government wants to promote cyber security it should promote the use of end-to-end encryption amongst law abiding citizens.

Terrorist have to be stopped through targeted profiling, surveillance and interception. Big data analytics may be useful to watch for patterns in the meta data but there is no replacement for good old fashioned police work.

Once suspects have been identified the encrypted channels can be compromised by:

Placing trojans on the end-user devices
Performing man-in-the-middle attacks and
Using brute force attacks with super computers.

Snowden's revelations have made it very clear that blanket and mass surveillance does not help foil terror attacks or stop organised crime. So far, research and government reports from across the world indicate that only a minority of terrorists use encryption. However, this situation may change.

We don't have any proper encryption policy under the IT Act yet. What's taking so long and what are the key points that any policy in this matter must include in future?

We need many different types of encryption policies. We need a policy that mandates encryption and digital signature for all government personnel and also for all government transactions. We need policies that promote research and development in cryptography and mathematics. We need to update our criminal procedure code so that encrypted communications and data can be targeted by law enforcement and used effectively in the criminal justice process.

However, we should not have any broad encryption policy that tries to regulate encryption as a technology. That would be a highly regressive move and will be impossible to enforce. That would breed contempt for rule of law.

Surveillance and the tech around it has been contentious for various governments. Where do we stand vis-a-vis regulating surveillance measures by the state?

Our surveillance and interception laws are outdated. They need to be modernized to deal with advancements in technology and also global developments when it comes to data protection and privacy law.

In fact, our organisation was part of a global effort called Necessary and Proportionate which identified 13 principles to modernise surveillance which are connected to various aspects such as Legality, Legitimate aim, Competent judicial authority, Integrity of communications and systems and more. Some of these principles may have to be customised for the Indian context. [For example, given the load on courts perhaps India should stay with executive authorization of interceptions and data access requests. However, getting the law correct is only half the job. For the law cannot fix what the technology has broken. Some surveillance projects are well designed. For ex. the NATGRID - from what I understand it is a standard and platform that which will allow 12 security, intelligence and law enforcement agencies to temporarily make unions of sub-sets of 21 data sources. These automated temporary databases will be created under existing data access provisions of the law. I also hope the NATGRID is also using cryptography to ensure the maintenance of a non-repudiable log that will identify all officers involved in authorizing the each request and accessing the resultant data. Unfortunately, other surveillance projects are unmitigated disasters. For example, UID or Aadhaar. Many Indians don't realize that Aadhaar is a surveillance project. Biometrics is just a fancy name for remote, covert and non-consensual identification technology. Using the UID database the government can identify every single Indian without their consent. The so called "consent layer" in the India Stack is being developed by volunteers outside the UIDAI to avoid transparency under the Right to Information Act. Nothing in the current layer of the "consent layer" allows citizens to revoke consent. There is no facility in the UID Act to delete yourself from the database. Identity information aka the UID number and authentication information aka your biometrics for about a billion Indians have been collected and stored in a centralized location. It is as if our parliamentarians have written an open letter to criminals and foreign governments says "here is the information you need to wreck whole sale damage - come and get it". Hopefully the Supreme Court will save us from this impending disaster.]

With a sluggish US market, India has the biggest potential for companies like FB & Google, next only to China. Do you feel that in the quest to take over the Indian market, FB & Google are going to monopolise cyberspace in India?

I have news for you - they have already monopolised Indian cyberspace. They have completely wiped out competition in certain domains.

One of the many reasons they have done this is because we don't have laws and regulations to temper their hegemonic tendencies. For example, we could use data portability and interoperability mandates for social media to spark competition in markets where there are entrenched monopolies.

Competition law can be used to protect other firms from abuse of market power. Consumer protection law and privacy law could be used to ensure that user's rights are not compromised in the race for market share. In addition, a modern privacy law compliant with the best practices in the European Data Protection Regulation 2016, would allow emerging Indian companies to compete with giants like Facebook and Google on a level playing field. [Speaking of level playing field - only recently has the government introduced the "equalization levy". This was long overdue. Imagine the amount of tax that could have been collected so far and damage that has been done to competition. Regardless the current NDA government deserves our kudos for ensuring that Facebook and Google contribute their fair share of taxes. The new IPR Policy was also an opportunity to address the monopoly of Google and Facebook. There should have been a concerted attempt to use free/open source software, open standard and open content to bolster Indic language technologies. A billion dollars from every spectrum auction should be used to create incentives for Indian private sector, research and academic organisation who can contribute openly to the Indic cyberspace. This is the market where we can still build a highly competitive market. Today, given government inaction - millions of Indians are training Google's language platforms every time they use machine translation or speech to text technologies. This corpus of information will not be available for public interest research. Ideally we should also have Indians contributing to commons-based peer production projects like Wikipedia for their Indic language needs. Unfortunately the government totally missed this opportunity.]

For more details visit https://cis-india.org/internet-governance/news/catch-news-asad-ali-july-3-2016-fb-and-google-have-already-monopolised-indian-cyberspace

Big Data Governance Frameworks for 'Data Revolution for Sustainable Development'

Meera Manoj — 2016-07-05T13:13:32Z

A key component of the process to achieve the Sustainable Development Goals is the call for a global 'data revolution' to better understand, monitor, and implement development interventions. Recently there has been several international proposals to use big data, along with reconfigured national statistical systems, to operationalise this 'data revolution for sustainable development.' This analysis by Meera Manoj highlights the different models of collection, management, sharing, and governance of global development data that are being discussed.

1. What are the Sustainable Development Goals?

2. The Need for a Data Revolution

3. Big Data: Characteristics and Use for Development

3.1. Characteristics of Big Data

3.2. Using Big Data for Development

4. Sustainable Development and Data Rights

5. Governance Frameworks Proposed

5.1. UN Sustainable Development Solutions Network

5.2. The UN DATA Revolution Group

5.3. Organization for Economic Co-Operation and Development

5.4. The Global Partnership for Sustainable Development of Data

5.5. The World Economic Forum (WEF)

5.6. Dr. Julia Lane - A Quadruple Data Helix

5.7. Data Pop Alliance

6. Conclusion

7. Endnotes

8. Author Profile

Speaking on Big Data, Dan Ariely commented that, "Everyone talks about it, nobody really knows how to do it, and everyone thinks everyone else is doing it, so everyone claims they are doing it" [1]. This offers a useful insight into the lack of adequate discourse on the kind of governance and accountability frameworks that are needed to facilitate the developmental, sustainable, and responsible uses of big data.

In light of the recent international proposals to use big data to track the Sustainable Development Goals, this paper highlights the different models of management, sharing, and governance of data that are being discussed, and concurrently, how they conceptualise the various rights around big data and how are they to be protected.

1. What are the Sustainable Development Goals?

The Sustainable Development Goals, otherwise known as the Global Goals, build on the Millennium Development Goals (MDGs). Adopted on 1 January 2016, these universally applicable 17 goals of the 2030 Agenda for Sustainable Development, seek to end all forms of poverty, fight inequalities, tackle climate change and address a range of social needs like education, health, social protection and job opportunities over the next 15 years [2].

Source: UN Data Revolution Group, A World that Counts, 2014, p.12.

2. The Need for a Data Revolution

An overwhelming cause of concern regarding the precursor to the SDGs, the MDGs, is the data unavailability to monitor their progress. For instance, the figure below indicates that there is no five-year period when the availability of MDG related data is more than 70% of what is required. Entire groups of people and key issues remain invisible [3]. Lack of data is not only a problem for global statisticians, but also for people whose needs and demands remain invisible due to lack of quantitative representation of the same. For instance, the incidences of gender related crimes when not recorded could lead to a misconception on the achievement of the MDG of gender equality.

Source: UN, Sustainable Development Goals.

As the new goals (SDGs) cover a wider range of issues it is clear that a far higher level of detail is required. To this effect the High-Level Panel of Eminent Persons on the post-2015 agenda has called for a "data revolution for sustainable development" [4].

The world is experiencing a Data Revolution and a "data deluge." One estimate has it that 90% of the data in the world has been created in the last 2 years. As Eric Schmidt of Google in 2010 famously said, "There were 5 exabytes of information created between the dawn of civilization through 2003, but that much information is now created every 2 days [5].

In its report A World that Counts, the UN Data Revolution Group defines the data revolution as an explosion in the volume of data, the speed with which data are produced, the number of producers of data, the dissemination of data, and the range of things on which there is data, coming from new technologies such as mobile phones and the “internet of things”, and from other sources, such as qualitative data, citizen-generated data and perceptions data [6].

This data revolution in the context of sustainable development has been defined by the UN Secretary General’s Independent Expert Advisory Group (IEAG) as follows:

[T]he integration of data coming from new technologies with traditional data in order to produce relevant high‐quality information with more details and at higher frequencies to foster and monitor sustainable development. This revolution also entails the increase in accessibility to data through much more openness and transparency, and ultimately more empowered people for better policies, better decisions and greater participation and accountability, leading to better outcomes for the people and the planet [7].

The majority of such “data coming from new technologies” is what can be called big data. It is data being generated in real-time, in high velocity and volume, in a variety of forms and formats, and on an increasing range of phenomenon that are being mediated by digital technologies – from governance to human communication. Further, a good part of such big data is not about the content of the phenomenon concerned but about its process – for example, Call Detail Records are generated for each mobile phone call a person makes and it contains data about the process of the call (time, location, duration, recipient, etc.) but not about the content of the call. Big data about various governmental and human processes are becoming a crucial instrument for documenting and monitoring of the same.

3. Big Data: Characteristics and Use for Development

3.1. Characteristics of Big Data

The simplest definition of big data is that it is a dataset of more than 1 petabyte. The US Bureau of Labour Statistics terms it to be non-sampled data, characterized by the creation of databases from electronic sources whose primary purpose is something other than statistical inference [8].

The characteristics which broadly distinguish Big Data are sometimes called the “3 V’s”: more volume, more variety and higher rates of velocity [9]. Big data sources generally share some or all of these features [10]:

Digitally generated,
Passively produced,
Automatically collected,
Geographically or temporally trackable, and
Continuously analysed.

Increasingly, Big Data is recognised as creating "new possibilities for international development" [11]. It could provide faster, cheaper, more granular data and help meet growing and changing demands. It was claimed, for example, that "Google knows or is in a position to know more about France than INSEE" [12], its highly resourceful national statistical agency. To illustrate, Global Pulse gives the example of a hypothetical small household facing soaring commodity prices, particularly food and fuel [13]. They have the options of:

Getting part of their food at a nearby World Food Programme distribution centre,
Reducing mobile usage,
Temporarily taking their children out of school,
Calling a health hotline when children show signs of malnutrition related diseases, and
Venting about their frustration on social media.

Such a systemic shock of food insecurity will prompt thousands of households to react in roughly similar ways. These collective behavioural changes may show up in different digital data sources:

WFP might record that it serves twice as many meals a day,
The local mobile operator may see reduced usage,
UNICEF data may indicate that school attendance has dropped,
Health hotlines might see increased volumes of calls reporting malnutrition, and
Tweets mentioning the difficulty to “afford food” might begin to rise.

Thus the power of real-time, digital data to predict paths for development is immense. Amassing such a large volume of data which tracks practically every aspect of social behavious can revolutionize the field of official statistics and policy making.

Two points to be noted are: 1) all these data sources are not available for comparison in the real-time by default, so one task before using big data in developmental work is to make data from different sources available across agencies and make them comparable, and 2) finding repeating patterns within large data sets, sourced from varied origins, can not only allow for monitoring but also (statistically) predicting future possibilities and implications for development action.

3.2. Using Big Data for Development

There are several international organizations attempting to use such data.

Global Pulse, a United Nations initiative, launched by the Secretary-General in 2009, seeks to leverage innovations in digital data, rapid data collection and analysis to help decision-makers gain a real-time understanding of how crises impact vulnerable populations. To this end, Global Pulse is establishing an integrated, global network of Pulse Labs, anchored in Pulse Lab New York, to pilot the approach at country level [14].

The Global Working Group on Big Data for Official Statistics, created in May 2014, pursuant to Statistical Commission, makes an inventory of ongoing activities and examples regarding the use of big data, addresses concerns related to methodology, human resources, quality and confidentiality, and develops guidelines on classifying various types of big data sources [15].

There have been applications even on a national and individual level. For instance, in 2013, various sources reported that the CIA had admitted to the “full monitoring of Facebook, Twitter, and other social networks” to identify links between events and sequences or paths leading to national security threats, ultimately leading to forecasting future activities and events [16].

In the field of conflict prevention is the emerging applications to map and analyse unstructured data generated by politically active Internet use by academics, activists, civil society organizations, and even general citizens. In reference to Iran’s post-election crisis beginning in 2009, it is possible to detect web-based usage of terms that reflect a general shift from awareness towards mobilization, and eventually action within the population [17].

The "Big Data, Small Credit" report proposes that financial inclusion can be promoted by allowing consumers with mobile phones to access credit formally as customers [18].

At a national level, the biggest challenge for most big data projects is the limited or restricted access the government agencies have to potential big data sets owned by the private sector [19]. The overall consensus is that Big Data to track SDGs must complement traditional data sources [20]. This is because big data may not always be available for the entire population, or include a diverse enough sample of the population. Moreover most big data projects measure development indicators through a correlation which may not always be correct unlike official data. For instance big data might help in predicting lowered household income through reducing mobile bills while traditional data directly collects income statistics.

In a survey by the Global Working Group on Big Data for Official Statistics [21], it was found that only a few countries have developed a long-term vision for the use of big data, while many are formulating a big data strategy. Most countries have not yet defined business processes for integrating big data sources and results into their work and do not have a defined structure for managing big data projects.

Thus there exists a need to identify a governance framework for big data for sustainable development, not only at national level, but also at the international level.

4. Sustainable Development and Data Rights

Any discussion on governance frameworks would be incomplete without defining the kind of data rights they must seek to protect.

In the famous parable of the six blind men and the elephant they conclude that the elephant is like a wall, snake, spear, tree, fan or rope, depending upon where they touch. Similarly Internet experiences of individual users (what they touch) often contrast drastically with different views (what they conclude) on what would constitute data rights.

The IEAG in its report has identified the following set of data related rights, but has not defined any actual framework or process for ensuring them (yet) [22]:

Right to be counted,
Right to an identity,
Right to privacy and to ownership of personal data,
Right to due process (for example when data is used as evidence in proceedings, or in administrative decisions),
Freedom of expression,
Right to participation,
Right to non-discrimination and equality, and
Principles of consent.

Personal data is broadly defined as "any information relating to an identified or identifiable individual" [23]. Often primary data producers (users of services and devices generating data) are unaware of individual privacy infringements [24].

A survey by the Global Working Group on Big Data for Official Statistics found that only a few countries have a specific privacy framework for big data, while most apply the privacy framework for traditional statistics to big data as well [25].

Conventionally, safeguards against the re-use of big data to protect data rights have involved the “anonymization” or “de-identification” of data, to conceal individual identities. Global Pulse, for instance, is putting forth the concept of Data Philanthropy, whereby "corporations take the initiative to anonymize (strip out all personal information) their data sets and provide this data to social innovators to mine the data for insights, patterns and trends in real-time or near real-time" [26]. There however exists a debate on whether data can actually be anonymized effectively. Several state that data can never be effectively de-anonymized due to technological challenges [27]. For instance, when the New York City government released de-anonymised data sets of New York cab drivers were made re-identifiable by approaching a separate method. Within less than 2 hours work, researchers knew which driver drove every single trip in this entire dataset. It would be even be easy to calculate drivers’ gross income, or infer where they live [28].

Even the OECD opines that the current model of limiting identifiability of individuals is unsustainable. It recommends moving towards one where the focus is on transparency around how data is being used, rather than preventing specific types of use, stating that - "research funding agencies and data protection authorities should collaborate to develop an internationally recognized framework code of conduct covering the use of new forms of personal data, particularly those generated via network communication. This framework, built on best practice procedures for consent from data subjects, data sharing and re-use, anonymization methods, etc., could be adapted as necessary for specific national circumstances" [29].

Thus, there is a push for the arguement that the historical approaches to protecting privacy and confidentiality — namely, informed consent and anonymity — no longer hold [30]. Some have even suggested using big data itself to keep track of user permissions for each piece of data to act as a legal contract [31].

There is an overall consensus that any legal or regulatory mechanisms set up to mobilise the 'data revolution for sustainable development' should protect the data rights of the people [32], without any clear agreement on what these rights may be.

5. Governance Frameworks Proposed

A largely unanswered question that is posed in light of the emerging consensus on the use of Big Data for monitoring SDGs is within what sort of governance frameworks these data collection and analysis methods will operate. Methods of collection and the key actors involved in data analysis, management, storage and coordination. The role of NGOs and CSOs, if any, within these systems must be delineated. Certain key global organizations and eminent researchers have suggested the following models.

5.1. UN Sustainable Development Solutions Network

In 2012, the UN Secretary-General launched the UN Sustainable Development Solutions Network (SDSN) to mobilize global scientific and technological expertise to promote practical problem solving for sustainable development, including the design and implementation of the Sustainable Development Goals (SDGs) [33]. It has proposed the following.

Collection

The Inter-Agency and Expert Group on Sustainable Development Goal Indicators (IAEGSDG) and the United Nations Statistical Commission are to establish roadmaps for strengthening specific data collection tools that enable the monitoring of SDG indicators.

Analysis

Based on discussions with a large number of statistical offices, including Eurostat, BPS Indonesia, the OECD, the Philippines, the UK, and many others, 100 is recommended to be the maximum number of global indicators to analyse data for which NSOs can report and communicate effectively in a harmonized manner. This conclusion was strongly endorsed during the 46th UN Statistical Commission and the Expert Group Meeting on SDG indicators [34].

Specialist indicators developed by thematic communities must be used for data analysis as they include input and process metrics that are helpful complements to official indicators, which tend to be more outcome-focused. For example, the UN Inter-Agency Group on Child Mortality Estimation has developed a specialist hub responsible for analysing, checking, and improving mortality estimation. This is a leading source for child morality information for both governments and non-governmental actors [35].

Research arms of private companies such as Microsoft Research, IBM research, SAS, and R&D arms of telecom companies could directly partner with official statistical systems to share sophisticated analysing techniques [36].

Management

Four levels of monitoring, national, regional, global, and thematic, should be "organized in an integrated architecture" [37].

Countries must decide individually whether official data must be complemented with non-official indicators from big data which can add richness to the monitoring of the SDGs.

Where possible, regional monitoring should build on existing regional mechanisms, such as the Regional Economic Commissions, the Africa Peer Review Mechanism, or the Asia-Pacific Forum on Sustainable Development [38].

To coordinate thematic monitoring under the SDGs, each thematic initiative may have one or more lead specialist agencies or “custodians” as per the IAEG-MDG monitoring processes. Lead agencies would be responsible for convening multi-stakeholder groups, compiling detailed thematic reports, and encouraging ongoing dialogues on innovation. These thematic groups can become testing grounds in launching a data revolution for the SDGs, trialling new measurements and metrics that in time can feed into the global monitoring process with annual reports [39].

Schematic illustration with explanation of the indicators for national, regional, global, and thematic monitoring.
Source: UN Sustainable Development Solutions Network, Indicators and a Monitoring Framework for the Sustainable Development Goals: Launching a Data Revolution for the SDGs, 2015, p.3.

Role of NSOs

Monitoring the SDG agenda will require substantive improvements in national statistical capacity. Assessments of existing capacity to fulfil SDG monitoring expectations must be undertaken and needs be integrated into National Strategies for the Development of Statistics (NSDSs) [40].

Coordination

A Global Partnership for Sustainable Development Data must be established and a World Forum on Sustainable Development Data be convened in 2016 to create mechanisms for ongoing collaboration and innovation.

A high-level, powerful group of businesses and states must convene the various data and transparency sustainable development initiatives under one umbrella.

To ensure comparability, Global Monitoring Indicators must be harmonized across countries by one lead technical or specialist agency which will additionally coordinate data standards and collection and provide technical support.

The following table indicates the suggested Lead Agencies for individual SDGs [41].

Number	Sustainable Development Goal	Lead Agencies
1.	No Poverty	World Bank, UNDP, UNSD, UNICEF, ILO, FAO, UN-Habitat, UNISDR, WHO, CRED, UNFPA, and UN Population Division
2.	No Hunger	FAO, WHO, UNICEF, and Internal Fertilizer Industry Associaton (IFA)
3.	Good Health	WHO, UN Population Division, UNICEF, World Bank, GAVI, UN AIDS, and UN-Habitat
4.	Quality Education	UNESCO, UNICEF, and World Bank
5.	Gender Equality	UNICEF, UN Women, WHO, UNSD, ILO, UN Population Division, and UNFPA
6.	Clean Water and Sanitation	WHO/UNICEF Joint Monitoring Programme (JMP), FAO, UN Water, and UNEP
7.	Renewable Energy	Sustainable Energy for All, IEA, WHO, World Bank, and UNFCC
8.	Good Jobs and Economic Growth	IMF, World Bank, UNSD, and ILO
9.	Innovation and Infrastructure	World Bank, OECD, UNIDO, UNFCC, UNESCO, and ITU
10.	Reduced Inequalities	UNSD, World Bank, and OECD
11.	Sustainable Cities and Communities	UN-Habitat, Global City Indicators Facility, WHO, CRED, UNISDR, FAO, and UNEP
12.	Responsible Consumption	EITI, UNCTAD, UN Global Compact, FAO, UNEP Ozone Secretariat, WBCSD, GRI, IIRC, and Global Compact
13.	Climate Action	OECD DAC, UNFCCC, and IEA
14.	Life below Water	UNEP-WCMC, IUCN, and FMC
15.	Life on Land	FAO, UNEP, IUCN, and UNEP- WCMC
16.	Peace and Justice	UNODC, WHO, UNOCHA, UNCHR, IOM, OCHA, OECD, UN Global Compact, EITI, UNCTAD, UNICEF, UNESCO, and Transparency International
17.	Partnership for the Goals	BIS, IASB, IFRS, IMF, WIPO, WTO, UNSD, OECD, World Bank, OECD DAC, and SDSN

5.2. The UN DATA Revolution Group

The group constituted by the UN Secretary-General Ban Ki-moon in August 2014, is an Independent Expert Advisory Group with the aim of making concrete recommendations on bringing about a 'data revolution for sustainable development' [42]. In its report, A World that Counts, it makes the following recommendations [43].

Collection

Clear standards on data collection methods must be developed based on the UN Fundamental Principles of Official Statistics. Periodic audits must be conducted by professional and independent third parties to ensure data quality.

Governments, civil society, academia and the philanthropic sector must work together strengthening statistical literacy so that all people have capacity to input into and evaluate the quality of data.

Social entrepreneurs, private sector, academia, media, civil society and other individuals and institutions must be engaged globally with incentives (prizes, data challenges) to encourage data sharing.

Analysis

A SDGs Analysis and Visualisation Platform is to be set up for fostering private-public partnerships and community-led peer-production efforts for data analysis.

A dashboard on ”the state of the world” will engage the UN, think-tanks, academics and NGOs in analysing, and auditing data.

Academics and scientists are to analyse data to provide long-term perspectives, knowledge and data resources at all levels.

The “Global Forum of SDG-Data Users” will ensure feedback loops between data producers, processors and users to improve the usefulness of data and information produced.

A “SDGs data lab” to support the development of a first wave of SDG indicators is to be established mobilizing key public, private and civil society data providers, academics and stakeholders working with the Sustainable Development Solutions Network.

Storage

A “world statistics cloud” will store data and metadata produced by different institutions but according to common standards, rules and specifications.

Role of NSOs

Civil society organisations must share data and processing methods with private and public counterparts on the basis of agreements. They must hold governments and companies accountable using evidence on the impact of their actions, provide feedback to data producers, develop data literacy and help communities and individuals generate and use data.

NSOs are the central players of the Data Revolution. Their autonomy must be strengthened to maintain data quality. They must abandon expensive and cumbersome production processes, incorporate new data sources like big data that is human and machine-readable, compatible with geospatial information systems and available quickly enough to ensure that the data cycle matches the decision cycle. Collaborations with the private sector can boost technical and financial investments.

Coordination

Key stakeholders must create a “Global Consensus on Data”, to adopt principles concerning legal, technical, privacy, geospatial and statistical standards. Best practices related to public data such as the Open Government Partnership (OGP) and the G8 Open Data Charter are recommended foundations for such principles.

A UN-led “Global Partnership for Sustainable Development Data” is proposed, to coordinate and broker key global public-private partnerships for data sharing [44].

A “World Forum on Sustainable Development Data” and “Network of Data Innovation Networks” will be a converging point for the data ecosystem to share ideas and experiences for improvements, innovation and technology transfer.

5.3. Organization for Economic Co-Operation and Development (OECD)

The Organisation for Economic Co-operation and Development (OECD) is an inter-governmental organization that seeks to promote policies that will improve the economic and social well-being of people globally. It has made the following proposals [45].

Collection

Data is to be collected from National statistical agencies, national and international researchers and international organisations.

Role of NSOs

By leveraging the expertise of telecommunications companies and software developers, for instance, national statistical systems could potentially reduce costs and improve the availability of data to monitor development goals [46].

Coordination

National Data Forums for Social Science Data must be created for the development of social science data for improved coordination between social scientists, data producers (national statistical agencies, government departments, large private sector businesses and sources undertaking academic direction), and data curators.

Social science research communities must contribute to national plans of action after a needs assessment [47]. Research funding agencies must collaborate at the international level for a common system for referencing datasets in research publications [48].

5.4. The Global Partnership for Sustainable Development of Data

The partnership is a global network of governments, NGOs, and businesses working to strengthen the inclusivity, trust, and innovation in the way that data is used to address the world’s sustainable development efforts [49].

Analysis

There must be a common framework for information processing. At minimum, a simple lexicon must tag each datum specifying:

What: i.e. the type of information contained in the data,
Who: the observer or reporter,
How: the channel through which the data was acquired,
How much: whether the data is quantitative or qualitative, and
Where and when: the spatio-temporal granularity of the data.

Analysis of data involves filtering relevant information, summarising keywords and categorising into indicators. This intensive mining of socioeconomic data, known as “reality mining,” can be done by: (1) Continuous analysis of real time streaming data, (2) Digestion of semi-structured and unstructured data to determine perceptions, needs and wants. (3) Real-time correlation of streaming data with slowly accessible historical data repositories.

Use of big data for developmental goals can draw upon all three techniques to various degrees depending on availability of data and the specific needs.

Role of NSOs

NSOs have a pivotal part to play in the data revolution. Countries and organizations believe that big data cannot replace traditional official statistical data as it is based more on perception than facts. To quote Winston Churchill, "Do not trust any statistics that you did not fake yourself."

For instance, a study found that Google Flu Trends, to detect influenza epidemics, predicted nonspecific flu-like respiratory illnesses well but not actual flu. The mismatch was due to popular misconceptions on influenza symptoms. This has important policy implications. Doctors using Google Flu Trends may overstock on flu vaccines or be overly inclined to diagnose normal respiratory illnesses as influenza [50].

However Big Data if understood correctly, can inform where further targeted investigation is necessary and give immediate responses to favourably change outcomes.

5.5. The World Economic Forum (WEF)

The WEF is an International Organization for Public-Private Cooperation. It engages the foremost political, business and other leaders of society to shape global, regional and industry agendas [51]. In the report titled Big Data, Big Impact: New Possibilities for International Development, it makes the following recommendations [52].

Collection

Data production and development actors include individuals, public sector and the private sector. Each produce different kinds of data that have unique requirements. The private sector maintains vast troves of transactional data, much of which is "data exhaust," or data created as a by-product of other transactions. The public sector maintains enormous datasets in the form of census data, health indicators, and tax and expenditure information. The following figure highlights the different kinds of data that each sector collects and what incentives they have to share the data along with requirements to maintain such data.

World Economic Forum - Diagram on Data Commons.
Source: World Economic Forum, Big Data, Big Impact: New Possibilities for International Development, 2012, p.4.

Business models must be created to provide the appropriate incentives for private-sector actors to share data. Such models already exist in the Internet environment. For instance companies in search and social networking profit from products they offer at no charge to end users because the usage data these products generate is valuable to other ecosystem actors. Similar models could be created in garnering Big Data for SDGs. The following flowchart illustrates how different sectors must work together to incentivise data collection and sharing.

World Economic Forum - Diagram on Global Coordination.
Source: World Economic Forum, Big Data, Big Impact: New Possibilities for International Development, 2012, p.7.

5.6. Dr. Julia Lane - A Quadruple Data Helix

Dr. Julia Lane is a Professor in the Wagner School of Public Policy at New York University; and also a Provostial Fellow in Innovation Analytics and a Professor in the Center for Urban Science and Policy [53]. She has done extensive research on the uses of big data. In her paper titled "Big Data for Public Policy: A Quadruple Data Helix," she makes the following suggestions [54].

Collection

In the future there will exist a model of a quadruple data helix for data collection which will have four strands — state and city agencies, universities, private data providers, and federal agencies.i

A new set of institution, city/university data facilities, must be established. These institutions should form the backbone of the quadruple helix, with direct connections to the private sector and to the federal statistical agencies.

Analysis

There is a need for graduate training for non-traditional students, who need to understand how to use data science tools as part of their regular employment. They must identify and capture the appropriate data, understand how data science models and tools can be applied, and determine how associated errors and limitations can be identified from a social science perspective.i

Universities can act as a trusted independent third party to process, store, analyze, and disseminate data. ii

Management

The new infrastructure must ensure that data from disparate sources are collected managed and used in a manner that is informed by end users. There are many technical challenges: disparate data sets must be ingested, their provenance determined, and metadata documented. Researchers must be able to query data sets to know what data are available and how they can be used. And if data sets are to be joined, they must be joined in a scientific manner, which means that workflows need to be traced and managed in such a way that the research can be replicated.

Coordination

The role of State and City agencies is to address immediate policy issues, rather than to build long-term data infrastructures as their mandate is to work with city data than the full spectrum of available data.

5.7. Data-Pop Alliance

Data-Pop Alliance is a global coalition on Big Data and development created by the Harvard Humanitarian Initiative, MIT Media Lab, and Overseas Development Institute that brings together researchers, experts, practitioners, and activists to promote a people-centred big data revolution through collaborative research, capacity building, and community engagement [55]. It makes the following suggestions.

Collection

The idea of shared responsibility between the public and private sector is a proposed operational principles to create a deliberative space. Mechanisms and legal frameworks must be devised for private companies to share their big data under formalized and stable arrangements instead of being compelled by ad hoc requests from researchers and policymakers.

The media too, could avoid publishing statistical data collected by unexplained methodologies by employing "statistical editors" and disseminate verified information.

Role of NSOs

For official statistics, engaging with Big Data is not a technical consideration but a political obligation. In a two tier system of official and non-official statistics, the public and investors tend to distrust official figures. For instance, the results of the 2010 census in the UK are being disputed on the basis of sewage data.

It is imperative for NSOs to retain, or regain, their primary role as the legitimate custodian of knowledge and creator of a deliberative public space to democratically drive human development [56].

6. Conclusion

The Big data frameworks provide some useful insights on monitoring mechanisms though some questions remain unanswered in each model. Key actors that have been proposed include city and state agencies like NSOs, private companies, social scientists, private individuals and international research agencies. Data analysis can be through public-private collaborations, data philanthropy, and using indicators by thematic communities.

Collection

There appears consensus across models that collection must be effected through public private partnerships while providing incentives.

Analysis

While several methods of analysis have been proposed by the Global Partnership it is unclear on who will be conducting the analysis. The UNSDSN has suggested that it be conducted by academics and scientists with Julia Lane stating it must be through public private partnerships which appear more feasible and transparent.

Role of NSOs

All frameworks agree on the pivotal role of NSOs and acknowledge them as the key players and coordinators at the national level. They must be strengthened financially, technologically and politically. Most frameworks seek to empower national agencies which will coordinate collaborations with the private sector through incentives while protecting personal data.

Coordination

Several international fora have been proposed to enable coordination while there is consensus that the NSOs. A Global Partnership for Sustainable Development Data, a Global Consensus on Data and a World Forum on Sustainable Development Data have been suggested. UN organizations appear to be suggesting more responsibility for those in the UN framework with UNSDSN giving an extensive list of lead agencies (UNDP, UN Women, Who etc) while the WEF emphasises on the private sector, Data Pop Alliance on NSOs, and Prof. Lane on State and City agencies.

On an international level countries can opt to join international organization that are being setup for the purpose. It remains to be seen whether all countries globally can achieve such a feat in a coordinated manner without infringing on data rights when unanswerable to any set international organization. The burden appears to fall on civil society and market forces within the private sector to regulate this process. For instance when a private sector company starts providing large un-anonymized data sets for government use, the privacy concerns of civil society that result in them opting for the company’s competitor’s more privacy friendly products will result in a regulation through market forces. However these forces may have disparate strengths in different contexts and countries depending on market practices and information asymmetry resulting in the lack of a uniform accountability mechanism.

7. Endnotes

[1] Dan Ariely, Facebook, January 06, 2013, https://www.facebook.com/dan.ariely/posts/904383595868.

[2] United Nations Organizations, 'Sustainable Development Goals' (United Nations Sustainable Development, 26 September 2015), http://www.un.org/sustainabledevelopment/sustainable-development-goals/, accessed 6 June 2016.

[3] Data Revolution Group, 'A World that Counts: Mobilising the Data Revolution for Sustainable Development' (November 2014), http://www.undatarevolution.org/wp-content/uploads/2014/12/A-World-That-Counts2.pdf, accessed 8 June 2016.

[4] High level panel on the post-2015 development agenda , 'A New Global Partnership: Eradicate Poverty and Transform Economies through Sustainable Development'(Post2015hlp,0rg, July 2012), http://www.post2015hlp.org/, accessed 8 June 2016.

[5] Gary King, 'Ensuring the Data-Rich Future of the Social Sciences' [2011] 3(2) Science, http://gking.harvard.edu/files/datarich.pdf, accessed 8 June 2016.

[6] See [3].

[7] Ibid.

[8] Michael Horrigan, 'Big Data: A Perspective from the BLS' (Amstatorg, 1 January 2013) http://magazine.amstat.org/blog/2013/01/01/sci-policy-jan2013/, accessed 4 June 2016.

[9] UN Global Pulse, 'Big Data for Development: Challenges & Opportunities' (6 May 2012) http://www.unglobalpulse.org/sites/default/files/BigDataforDevelopment-UNGlobalPulseJune2012.pdf, accessed 5 June 2016.

[10] Emmanuel Letouzé and Johannes Jütting, 'Official Statistics, Big Data and Human Development: Towards a New Conceptual and Operational Approach' (2014) 12(3), Data-Pop Alliance White papers Series, https://www.odi.org/sites/odi.org.uk/files/odi-assets/events-documents/5161.pdf, accessed 4 June 2016.

[11] See [9].

[12] See [10].

[13] See [9].

[14] UN Global Pulse, 'About: United Nations Global Pulse' (2016) http://www.unglobalpulse.org/about-new, accessed 7 June 2016.

[15] UN Stats, 'Global Working Group' (2014) http://unstats.un.org/unsd/bigdata/, accessed 8 June 2016.

[16] New York City Press Release, ‘Mayor Bloomberg, Police Commissioner Kelly and Microsoft Unveil New, State-of-the-Art Law Enforcement Technology that Aggregates and Analyzes Existing Public Safety Data in Real Time to Provide a Comprehensive View of Potential Threats and Criminal Activity’ (New York City, 8 August 2012), http://www1.nyc.gov/office-of-the-mayor/news/291-12/mayor-bloomberg-police-commissioner-kelly-microsoft-new-state-of-the-art-law, accessed 2 July 2016.

[17] Francesco Mancini, 'New Technology and the Prevention of Violence and Conflict' (Reliefwebint, April 2013), http://reliefweb.int/sites/reliefweb.int/files/resources/ipi-e-pub-nw-technology-conflict-prevention-advance.pdf, accessed 2 July 2016.

[18] Arjuna Costa, Anamitra Deb, and Michael Kubzansky, 'Big Data, Small Credit: The Digital Revolution and Its Impact on Emerging Market Consumers,' (Omidyar, 3 March 2013) https://www.omidyar.com/sites/default/files/file_archive/insights/Big%20Data,%20Small%20Credit%20Report%202015/BDSC_Digital%20Final_RV.pdf, accessed 2 July 2016.

[19] United Nations Economic and Social Council, 'Report of the Global Working Group on Big Data for Official Statistics' (UN Stats, 3 March 2015), http://unstats.un.org/unsd/statcom/doc15/2015-4-BigData-E.pdf, accessed 8 June 2016.

[20] Ibid.

[21] Ibid.

[22] See [3].

[23] OECD, 'OECD Guidelines on the Protection of Privacy and Transborder Flows of Personal Data' (23 September 1980), http://www.oecd.org/sti/ieconomy/oecdguidelinesontheprotectionofprivacyandtransborderflowsofpersonaldata.htm, accessed 29 May 2016.

[24] Amir Efrati, ''Like' Button Follows Web Users' (WSJ, 18 May 2011) http://www.wsj.com/articles/SB10001424052748704281504576329441432995616, accessed 23 May 2016.

[25] See [15].

[26] Robert Kirkpatrick, 'Data Philanthropy: Public and Private Sector Data Sharing for Global Resilience' (UN Global Pulse, 16 September 2011), http://www.unglobalpulse.org/blog/data-philanthropy-public-private-sector-data-sharing-global-resilience, accessed 4 June 2016.

[27] Ibid.

[28] Arvind Narayanan, 'No silver bullet: De-identification still doesn't work' (1 April 2016), http://randomwalker.info/publications/no-silver-bullet-de-identification.pdf, accessed 3 July 2016.

[29] OECD Global Science Forum, 'New Data for Understanding the Human Condition: International Perspectives,' (February 2013) http://www.oecd.org/sti/sci-tech/new-data-for-understanding-the-human-condition.pdf, accessed 2 June 2016.

[30] S. Barocas, 'The Limits of Anonymity and Consent in the Big Data Age,' in Privacy, Big Data, and the public good: Frameworks for Engagement (Cambridge University Press, 2014).

[31] A. Pentland, 'Institutional Controls: The New Deal on Data,' in Privacy, Big Data, and the public good: Frameworks for Engagement (Cambridge University Press, 2014).

[32] See [3].

[33] UN Sustainable Development Solutions Network, 'About Us: Vision and Organization' (2012) http://unsdsn.org/about-us/vision-and-organization/, accessed 2 June 2016.

[34] UN Sustainable Development Solutions Network, 'Indicators and a Monitoring Framework for the Sustainable Development Goals: Launching a data revolution for the SDGs' (12 June 2015) http://unsdsn.org/wp-content/uploads/2015/05/150612-FINAL-SDSN-Indicator-Report1.pdf, accessed 4 June 2016.

[35] UNICEF, 'CME Info - Child Mortality Estimates' (2014) http://www.childmortality.org/, accessed 1 June 2016.

[36] See [10].

[37] UNESCO, 'Technical report by the Bureau of the United Nations Statistical Commission (UNSC) on the process of the development of an indicator framework for the goals and targets of the post-2015 development agenda' (6 March 2015) http://www.uis.unesco.org/ScienceTechnology/Documents/unsc-post-2015-draft-indicators.pdf, accessed 3 June 2016.

[38] UN, 'The Road to Dignity by 2030: Ending Poverty, Transforming All Lives and Protecting the Planet ' (4 December 2014) http://www.un.org/disabilities/documents/reports/SG_Synthesis_Report_Road_to_Dignity_by_2030.pdf, accessed 7 June 2016.

[39] Ibid.

[40] UN Sustainable Development Solutions Network, 'Data for Development: An Action Plan to Finance the Data Revolution for Sustainable Development' (10 July 2015) http://unsdsn.org/wp-content/uploads/2015/04/Data-For-Development-An-Action-Plan-July-2015.pdf, accessed 3 June 2016.

[41] See [34].

[42] UN Data Revolution Group, 'About the Independent Expert Advisory Group' (6 November 2014) http://www.undatarevolution.org/about-ieag/, accessed 4 June 2016.

[43] See [3].

[44] The Partnership has already been established, and it is developing a further framework.

[45] Organisation for Economic Co-Operation and Development), 'The Organisation for Economic Co-operation and Development (OECD): About' (2016) http://www.oecd.org/about/, accessed 2 June 2016.

[46] Organisation for Economic Co-Operation and Development, 'Strengthening National Statistical Systems to Monitor Global Goals' (2015) http://www.oecd.org/dac/POST-2015%20P21.pdf, accessed 1 June 2016.

[47] Ibid.

[48] OECD Global Science Forum, 'New Data for Understanding the Human Condition: International Perspectives' (February 2013) http://www.oecd.org/sti/sci-tech/new-data-for-understanding-the-human-condition.pdf, accessed 2 June 2016.

[49] The Global Partnership On Sustainable Development Data, 'Who We Are: The Data Ecosystem and the Global Partnership' (2016) http://www.data4sdgs.org/who-we-are/, accessed 5 June 2016.

[50] World Economic Forum, 'Big Data, Big Impact: New Possibilities for International Development' (22 January 2012) http://www3.weforum.org/docs/WEF_TC_MFS_BigDataBigImpact_Briefing_2012.pdf, accessed 8 June 2016.

[51] World Economic Forum, 'Our Mission: The World Economic Forum' (12 January 2016) https://www.weforum.org/about/world-economic-forum/, accessed 7 June 2016.

[52] See [50].

[53] Julia Lane, Homepage, http://www.julialane.org/.

[54] Julia Lane, 'Big Data for Public Policy: The Quadruple Helix' (2016) 8(1) Journal of Policy Analysis and Management, DOI:10.1002/pam.21921, accessed 1 June 2016.

[55] Data-Pop Alliance, 'Data-Pop Alliance: Our Mission' (May 2014) http://datapopalliance.org/, accessed 1 June 2016.

[56] See [10].

8. Author Profile

Meera Manoj is a law student at the Gujarat National Law University, Gandhinagar and has completed her first year. She is passionate about civil rights, feminism, economics in law and anything involving paneer. She aspires to travel the world and build up a vast library, with unparalleled sections on International Law and Archie comics.

For more details visit https://cis-india.org/internet-governance/blog/big-data-governance-frameworks-for-data-revolution-for-sustainable-development

Cyberstalkers, the new bullies in town

praskrishna — 2016-07-04T02:44:39Z

The advent of social media and an increase in accessibility has led to increasing concerns with regard to cyber safety.

The article by S. Poorvaja was published in the Hindu on July 4, 2016. Pranesh Prakash gave inputs.

Bombarded with messages, poems and photographs from a cyber stalker across multiple social networking platforms, Shradha Muralidharan, a consultant in the city, said that being curt and asking the stalker to stop bothering was of no use.

“I initially did not want to engage with him as I was afraid that it would only provoke him more. But then ignoring him did not help as well and I was forced to speak to him. He, however, went ahead and contacted a host of my friends on these sites and asked them if they could introduce me to him,” she recalled.

Cyberstalking is now on the increase with people being flooded with messages and having their information online manipulated and used to threaten them with.

Vandhana,* an engineer from the city, says she thinks twice before posting content online — be it on her Instagram or her Facebook profile.

“Despite having adequate privacy tools, I later found that my photos and other information were being shared by a colleague who was on my friends’ list to his friend, who then proceeded to cyberstalk me,” she said.

What to share?

While multiple tools that social media sites offer do allow people to mute, block or even report people, Pranesh Prakash, Policy Director for the Centre for Internet and Society, said technical restrictions didn’t play much of a part in a situation where information one posts to a private audience is shared further, without their consent.

“Trust plays a large role in what you share online since someone can find a way to get around technological restrictions. While there are some violations that can be addressed by the law, a few cannot be, and it is important for people to be aware of the legal provisions that exist,” he added.

Be it social media meet-ups, Facebook friends catching up outside of the virtual world or web writers meeting to brainstorm ideas, the last five years have seen a gradual increase in such socialising and new safety concerns have cropped up.

Karthika, a chartered accountant from the city who went through an unpleasant experience of being stalked on social media sites and cyber-bullied, said that while the police were helpful when she sought them out, she was also constantly questioned as to why she was befriending people online in the first place.

“I tried not to keep mum about what was happening to me but was also simultaneously told by people that it would seem like I was drawing unnecessary attention to myself if I made public what was happening to me. More people should come forward and support the person who is getting stalked, rather than be intimidated,” she said.

The use of internet, email or any form of electronic communication to contact and harrass a person who has expressed disinterest, and to cause them trauma is what qualifies as Cyberstalking

To prevent misuse of information, social media users can use privacy tools and settings that enable them have a control on who vies their information

With smartphone apps for social media sites that have access to the user's location, caution must be exercised by the user in knowing who is privy to such information

With children being active online as well, the use of parental control softwares that helps monitor the content they share is necessary as they are vulnerable victims to stalking and cyber bullying

Knowledge about the cyber crime laws and where/whom to report incidences of the same to.

For more details visit https://cis-india.org/internet-governance/news/the-hindu-s-poorvaja-july-4-2016-cyberstalkers-the-new-bullies-in-town

Why Geospatial Bill is draconian and how it will hurt startups

praskrishna — 2016-07-02T04:57:35Z

Last week, the Indian government rejected Google’s plans to map Indian cities, tourist spots and mountain ranges, using the 360-degree panoramic Google Street View feature.

The article was published in Indian Express on June 13, 2016

Last week, the Indian government rejected Google’s plans to map Indian cities, tourist spots and mountain ranges, using the 360-degree panoramic Google Street View feature. The government officials cited “national security” as a reason for not granting permission to Google. It is expected that the Google’s Street View permission would be relooked at, once the draft Geospatial Information Regulation Bill, 2016, is enforced as law. Many however feel that this draft bill is draconian and will have serious repercussions on the startup ecosystem.

The Geospatial Bill seeks to make creating, accessing and distribution or sharing of map related information, illegal and that every company will have to take prior permission and license from the government for the same. Wayback in 2011, Google had announced the introduction of Street View for Bangalore, on Google Maps. But the project ran into trouble with Bangalore Police stopping Street View cars from plying in the city, citing security reasons.

Google Street View, launched in 2007, is popular in San Francisco, Las Vegas, Denver, New York and Miami, which allows users to navigate virtual streets from photographs gathered from directional cameras on special vehicles. While the service has been hugely successful it has caused problems of privacy in some countries.

In 2010 almost 250,000 Germans told Google to blur pictures of their homes on the Street View service, while Czech government also banned Google from taking any new photos for the service. In Switzerland, the matter went to the court and it was accepted that Google would be obliged to pixelate 99% of images to blur faces, vehicle registrations and that it would not be filming certain sensitive places such as schools, prisons and shelter homes.

This adds to the list of recent controversies on Google Earth, and the draft Geospatial Information Regulation Bill, on adoption of mapping technology in India. Commenting on the development, Sumandro Chattapadhyay, research director at the Centre for Internet and Society said, the key country where the Google Street View faced legal challenge, and was fined too, is Germany. This legal challenge, however, was not based on the concern for national security but on that for the privacy of the citizens. However, it was eventually allowed to roll out Street View in Germany provided that it asks for consent from the house owners before images of any house.”

“One of the crucial concerns with the draft Geospatial Information Regulation Bill remains its vast scope of application. Not only initiatives like Google Street View may be regulated under it (for capturing geo-referenced imagery from the street level) but absolutely any mobile application that requires the user’s geo-location (either automatically detected, or manually entered by the user) would be within the purview of this Bill. This evidently creates a great pressure upon the entire ICT-enable product and service sector in India,” Chattapadhyay added.

This would mean that, any company, particularly the new age startups, those in the food tech, fintech and e-commerce space, which uses geo-location to identify the customer location to either deliver goods, food products, or the likes of Ola and Uber which uses maps to pickup and drop customers, will have to obtain license from the government.

Raman Shukla, director—strategy and product, Medikoe, said, “At Medikoe we are helping users to locate the nearest healthcare service provider with the available technologies. Google Maps is one of key feature our company banks on. Though we understand the country’s security concerns, the draft bill, if implemented, would be a violation of independent internet. We believe that a much better solution can be identified to solve security concerns.”

Venu Kondur, founder of LOBB, the online truck booking platform said, “Geostatial data is a very important data for our business. Customers booking truck through LOBB platform get real-time track & trace facility. Our customers rely heavily on this data for their day-day activity. Startups like us depend largely on maps data for real-time tracking of consignment. Lot of our business intelligence data is drawn out of it.”

In case, if the draft gets implemented, many startups will be forced to change the business model and while it will also increase the product delivery time. A group of 15 volunteers created a SaveTheMap.in portal to educate the readers about the draft bill and also give complete information on how the bill have an impact on the citizen and users of certain application. Sajjad Anwar one of the volunteer, said, through the portal about 1700 mails have been sent to the ministry of home affairs airing their view on why they do not support the draft Bill.

Comparing with other countries, Chattapadhyay further said, “At first, other countries deal with the question of display of security establishments in publicly available maps through direct interactions with large mapping companies, and does not turn this into a financial and political burden for the entire economy. Secondly, it is the concern about privacy of the citizens that should frame the Indian government’s response to products and services like Google Street View, and not concerns regarding national security.”

What the draft bill says

No person shall, in any manner, make use of, disseminate, publish or distribute any geospatial information of India, outside India, without prior permission from the security vetting authority under the Central government.

Penalty

Whoever acquires any geospatial information of India in contravention to the rules, shall be punished with a fine ranging from Rs 1 crore to Rs 100 crore and /or imprisonment for a period upto seven years.

Application for license

Every person who has already acquired any geospatial imagery or data of any part of India either through space or aerial platforms such as satellite, aircrafts, airships, balloons, unmanned aerial vehicles or terrestrial vehicles shall within one year from the commencement of this Act, make an application along with requisite fees to the security vetting authority.

For more details visit https://cis-india.org/internet-governance/news/financial-express-prabhu-mallikarjunan-june-13-2016-why-geospatial-bill-is-draconian-and-how-it-will-hurt-startups

Here is the entire list of 'escorts service' websites that the government has banned

praskrishna — 2016-07-02T04:51:30Z

Another day and another opaque order asking Indian service providers to block websites that allegedly offer or advertise escort services in India. In total, the government has ordered ban on 237 websites. But as it happens whenever the Indian government bans website, there has been no public communication about the same.

The article was published in India Today on June 16, 2016

Also, it has not been explained what, if any, process was followed before these websites were banned and what norms were applied for the order that the internet service providers have received.

However, now Centre for Internet and Society has caught hold of the list of the websites that have been banned. Here is what the organisation says, "Unfortunately, the government does not make available publicly the list of websites they have ordered ISPs to block. Given that knowledge of what is censored by the government is crucial in a democracy, we are publishing the entire list of blocked websites."

As for the websites and URLs here they are:

www.sterlingbioscience.com
rawpoint.biz
www.onemillionbabes.com
www.mumbaihotcollection.in
simranoberoi.in
rubinakapoor.biz
talita.biz
www.mumbaiescortsagency.net
www.mumbaifunclubs.com
www.alishajain.co.in
www.ankitatalwar.co.in
https://www.jennyarora.ind.in
www.riya-kapoor.com
shneha.in
missinimi.in
www.mumbaiglamour.in
kalyn.in
www.saumyagiri.co.in/city/mumbai/
bookerotic.com
www.divyamalik.in
www.suhanisharma.co.in
www.ruhi.biz
umbaiqueens.in
www.aliyaghosh.com
priyasen.in
www.highprofilemumbaiescorts.co.in
charmingmumbai.com
www.poojamehata.in
kiiran.in/
mansikher.in
www.newmumbaiescorts.in
www.mumbaifunclubs.com
www.punarbas.in
www.discreetbabes.in
www.alisharoy.in
www.arpitarai.in
www.nidhipatel.in
navimumbailescort.com
www.zoyaescorts.com
www.juhioberoi.in
shoniya.in
panchibora.in
rehu.in
www.nehaanand.com
www.aditiray.co.in
www.rakhibajaj.in
www.alianoidaescorts.in
www.sobiya.in
www.alishaparul.in
mumbai-escorts.leathercurrency.com
ankita-ahuja.in
www.yamika.in
mumbailescort.co
www.ranjika.in
www.aditiray.com
www.alinamumbailescort.in
www.sonikaa.com/services/
riyamodel.in
soonam.in
www.sejalthakkar.com
www.yomika-tandon.in
www.asika.in
www.siyasharma.org/
www.rubikamathur.in
www.mumbaiescortslady.com
www.sexyshe.in
www.indepandentescorts.com
www.saanvichopra.co.in
www.goswamipatel.in
ojaloberoi.in
www.naincy.in
www.sonyamehra.com
www.pinkgrapes.in
anjalitomar.in/
www.nishakohli.com/
sagentia.co.in
mumbai.vivastreet.co.in/escort+mumbai
www.deseescortgirls.in
guides.wonobo.com/mumbai/mumbai-escorts-service/.4299
jasmineescorts.com
www.shalinisethi.com
www.highclassmumbailescort.com
www.vipescortsinmumbai.com
www.mumbaiescorts69.co.in
monikabas.co.in
www.riyasehgal.com
onlycelebrity.in
www.greatmumbaiescorts.com/escort-service-mumbai.html
www.aishamumbailescort.com
www.jennydsouzaescort.com
www.desifun.in
www.siyaescort.co.in
masti-escort.in
www.sofya.in
www.mumbaiwali.in/navi-mumbai-escort-service.php
www.mumbaiwali.in
www.calldaina.com
www.mumbaiescortsservice.co.in
www.escortsgirlsinmumbai.com
www.passionmumbai.escorts.com
www.nehakapoor.in
meerakapoor.com
www.dianamumbaiescorts.net .in
www.allmumbailescort.in
www.rakhiarora.in
www.ritikasingh.com
www.rekhapatil.com
www.mumbaidolls.com
www.piapandey.com
www.mumbaicuteescorts.in
www.mumbaiescortssevice.com
www.onlycelebrity.com
www.meetescortservice.com
onlyoneescorts.com
simirai.org
www.riyamumbaiescorts.in
www.neharana.in
www.mumbaihiprofilegirls.in
www.sexyescortsmumbai.in
www.sexymumbai.escorts.com
www.four-seasons-escort.in
www.mumbaiescortsgirl.com
www.vdreamescorts.com
www.passionatemumbaiescorts.in
www.payalmalhotra.in
www.shrutisinha.com
www.juliemumbaiescorts.com
www.indiasexservices.com/mumbai.html
www.mumbai-escorts.co.in
www.aliyamumbaiescorts.net.in
shivaniarora.co.in/escort-service-mumbai.html
www.pinkisingh.com
soyam.in
www.arpitaray.com
www.localescorts.in
www.jennifermumbaiescorts.com
www.yanaroy.com
escorts18.in/mumbai-escorts.html
www.tinamumbaiescorts.com
www.mumbaijannatescorts.com
www.deepikaroy.com
www.nancy.co.in
www.pearlpatel.in
30minsmumbaiescorts.in
www.datinghopes.com
https://www.riyaroy.com/services.html
www.sonalikajain.com
www.zainakapoor.co.in
kavyajain.in
www.kinnu.co.in
exmumbai.in/
www.mansimathur.in/pinkyagarwal
exmumbai.in
www.mansimathur.in/pinkyagarwal
www.devikabatra.in
katlin.in
riyaverma.in
escortsinindia.co/
www.snehamumbaiescorts.in
shimi.in
www.mumbaiescortsforu.com/about
www.chetnagaur.co.in/chetna-gaur.html
www.escortspoint.in
www.rupalikakkar.in
www.hemangisinha.co.in
1escorts.in/location/mumbai.html
www.salini.in/navi-mumbai-independent-escort-service.php
www.salini.in/navi-mumbai-independent-escort-service.php
www.mumbaibella.in
mohitescortservicesmumbai.com
www.anchu.in
www.aliyaroy.co.in
jaanu.co.in/mumbai-escorts-service-call-girls.html
www.andyverma.com
dreams-come-true.biz
feel-better.biz
jellyroll.biz
dreamgirlmumbai.com
role-play.biz
mansi-mathur.com
www.zarinmumbaiescorts.com
mymumbai.escortss.com
www.goldentouchescorts.com
www.mumbaipassion.biz
ishitamalhotra.com
happy-ending.biz
juicylips.biz
www.escortsmumbai.name
www.kirstygbasai.net
www.hiremumbaiescorts.com
www.meeraescorts.com/mumbai-escorts.php
3-5-7star.biz
www.pranjaltiwari.com
www.richagupta.biz
way2heaven.biz
piya.co/
pinkflowers.info
www.beautifulmumbaiescorts.com
www.bestescortsinmumbai.com/charges-html
www.mumbaiescorts.me
www.tanikatondon.com
www.escortsinmumbai.biz
www.escortgirlmumbai.com
www.mumbaicallgrils.com
www.quickescort4u.com
www.mayamalhotra.com
www.legal-escort.com
escortsbaba.com/mumbai-escorts.html
rupa.biz
www.mumbaiescorts.agency/erotic-service-mumbai.html
www.escortscelebrity.com
www.independentescortservicemumbai.com/mumbai%20escort%20servi..
garimachopra.com
kajalgupta.biz
lipkiss.site
aanu.in
bombayescort.in
hotkiran.co.in
khushikapoor.in
joyapatel.in
rici.in
aaditi.in
andheriescorts.org.in
www.jiyapatel.in
spicymumbai.in
rimpyarora.in
lovemaking.co.in
riyadubey.co.in
escortservicesmumbai.in
mumbaiescorts.co.in
midnightprincess.in/
vashiescorts.co.in/
angee.in/
www.rozakhan.in/
www.mumbaiescortsvilla.in/
kylie.co.in/
escortservicemumbai.co.in

For more details visit https://cis-india.org/internet-governance/news/india-today-june-16-2016-here-is-the-entire-list-of-escorts-service-websites-that-govt-has-banned

ISPs start blocking escort websites following govt order

praskrishna — 2016-07-02T04:17:25Z

DoT on Monday ordered blocking of 240 URLs; blocking of websites takes place under Section 69A of the IT Act, and Information Technology Rules.

The article by Moulishree Srivastava was published in the Business Standard on June 14, 2016.

The Internet Service Providers (ISPs) have started blocking websites allegedly offering escort services after an order from the Department of Telecommunication (DoT).

The DoT on Monday asked ISPs to immediately block around 240 such URLs (Uniform Resource Locator) offering escort services, to filter out obscene content on the internet. Speaking to Business Standard, Internet Service Providers Association of India’s (ISPAI) President Rajesh Chharia said the ISPs were in process of shutting down these websites. ISPAI represents 60 ISPs including Bharti Airtel, Tata Teleservices, Reliance Communication, Vodafone and Idea Cellular.

“We received the order yesterday, and it entails a list of about 240 websites that the government wants us to block,” said Chharia. “CERT-In, which works under the Department of Electronics and Information Technology (Deity), advised the department on certain websites that it feels could be a national or social threat. Deity then reached out to DoT, which is our licensor. We are the licensee, and as per the licensing agreement, we have to comply with the order.”

While declining to comment on whether this is the first such order the association had received this year, Chharia said, “Since last few years, we have been receiving orders to block websites which hosts content that may be a threat to social order or national security.” Blocking of websites takes place under Section 69A of the IT Act, and a 2009 secondary legislation called the Information Technology (Procedure and Safeguards for Blocking for Access of Information by Public) Rules (“Blocking Rules”).

The rules empower the central government to direct any agency or intermediary to block access to information when satisfied that it is “necessary or expedient so to do” in the interest of the “sovereignty and integrity of India, defense of India, security of the state, friendly relations with foreign states or public order or for preventing incitement to the commission of any cognisable offence relating to above. Intermediaries failing to comply are punishable with fines and prison terms up to seven years.”

In December 2014, around six months after the Modi-led BJP government came into power, the DoT ordered ISPs to block 32 websites, including Vimeo, Dailymotion, GitHub and Pastebin.

According to an RTI filed by no-for-profit organisation Software Freedom Law Centre in March last year, Deity said 2341 URLs were blocked in 2014, adding that “barring few numbers, all URLs were blocked on the orders of the Court”.

Another RTI filed by Bangalore based think tank Centre for Internet and Society (CIS) found that 143 URLs were blocked in first three months of 2015 in order to comply with the directions of the competent courts. Later that year, the government attempted to block about 857 porn websites, but it had to revoke the order following the backlash online and offline.

The recent notice named a number of websites that need to be banned, including pinkysingh.com, jasmineescorts.com, onlyoneescorts.com, payalmalhotra.in, localescorts.in, pearlpatel.in, kavyajain.in, xmumbai.in, shimi.in and anchu.in.

According to Freedom on the Net 2015 report by Freedom House, which termed India as a “partly free” country on the internet, there were 129 operational ISPs in India as of May 2015.

For more details visit https://cis-india.org/internet-governance/news/business-standard-moulishree-srivastava-june-14-2016-isps-start-blocking-escort-websites-following-govt-order

We are anonymous, we are legion

Meeting on Net Neutrality and Related Issues

New Approaches to Information Privacy – Revisiting the Purpose Limitation Principle

Introduction

Privacy as control?

Purpose Limitation and Impact of Big Data

Harms-based approach

Legitimate interests

Conclusion

Endnotes

No, India did NOT oppose the United Nations move to “make internet access a human right”

Tamil Nadu likely to hold Facebook accountable for suicide case

Place for a safety net

Trans Pacific Partnership and Digital 2 Dozen: Implications for Data Protection and Digital Privacy

1. Introduction

2. Analysis of TPP and D2D

2.1. Trans Pacific Partnership (TPP)

2.2 Digital 2 Dozen (D2D)

3. Major Issues Related to Data Protection and Privacy in the TPP

3.1. Data Protection

3.2. Digital Privacy

4.Implications of TPP for RCEP

5. Implications of TPP in the Context of EU Safe-Harbour Judgement

6. Implications of TPP in the context of USA-India Cyber Relationship

7. Conclusion

8. Endnotes

9. Author Profile

India may not be guilty of opposing UN move to save internet rights

India No Haven For Net Freedom But It Did Not Oppose UN Move on Internet Rights

Flashpoint #TrollControl: Maneka versus NCW

FB & Google have already monopolised Indian cyberspace

US-India signed a cyber relationship framework earlier this month. Could you explain some of the takeouts that may have important implications in the near future?

What are some aspects of Intellectual Property Rights that should be looked at, in the context of the framework?

The PIL seeking a ban on WhatsApp was refused by the SC recently. Encrypted messaging services like Telegram however, have been used in the past by terror groups. What's your take on such end-to-end encryption services?

We don't have any proper encryption policy under the IT Act yet. What's taking so long and what are the key points that any policy in this matter must include in future?

Surveillance and the tech around it has been contentious for various governments. Where do we stand vis-a-vis regulating surveillance measures by the state?

With a sluggish US market, India has the biggest potential for companies like FB & Google, next only to China. Do you feel that in the quest to take over the Indian market, FB & Google are going to monopolise cyberspace in India?

Big Data Governance Frameworks for 'Data Revolution for Sustainable Development'

1. What are the Sustainable Development Goals?

Source: UN Data Revolution Group, A World that Counts, 2014, p.12.

2. The Need for a Data Revolution

Source: UN, Sustainable Development Goals.

3. Big Data: Characteristics and Use for Development

3.1. Characteristics of Big Data

3.2. Using Big Data for Development

4. Sustainable Development and Data Rights

5. Governance Frameworks Proposed

5.1. UN Sustainable Development Solutions Network

Schematic illustration with explanation of the indicators for national, regional, global, and thematic monitoring.Source: UN Sustainable Development Solutions Network, Indicators and a Monitoring Framework for the Sustainable Development Goals: Launching a Data Revolution for the SDGs, 2015, p.3.

5.2. The UN DATA Revolution Group

5.3. Organization for Economic Co-Operation and Development (OECD)

5.4. The Global Partnership for Sustainable Development of Data

5.5. The World Economic Forum (WEF)

World Economic Forum - Diagram on Data Commons. Source: World Economic Forum, Big Data, Big Impact: New Possibilities for International Development, 2012, p.4.

World Economic Forum - Diagram on Global Coordination. Source: World Economic Forum, Big Data, Big Impact: New Possibilities for International Development, 2012, p.7.

5.6. Dr. Julia Lane - A Quadruple Data Helix

5.7. Data-Pop Alliance

6. Conclusion

7. Endnotes

8. Author Profile

Cyberstalkers, the new bullies in town

Why Geospatial Bill is draconian and how it will hurt startups

Here is the entire list of 'escorts service' websites that the government has banned

ISPs start blocking escort websites following govt order

Schematic illustration with explanation of the indicators for national, regional, global, and thematic monitoring.
Source: UN Sustainable Development Solutions Network, Indicators and a Monitoring Framework for the Sustainable Development Goals: Launching a Data Revolution for the SDGs, 2015, p.3.

World Economic Forum - Diagram on Data Commons.
Source: World Economic Forum, Big Data, Big Impact: New Possibilities for International Development, 2012, p.4.

World Economic Forum - Diagram on Global Coordination.
Source: World Economic Forum, Big Data, Big Impact: New Possibilities for International Development, 2012, p.7.