We are anonymous, we are legion

The quest for genuine clout on the internet

praskrishna — 2013-10-29T07:08:40Z

There is a lot of interest and speculation on the impact of social media on politics because of its amplification effects.

The article by Karthik Subramanian was published in the Hindu on October 13, 2013. T. Vishnu Vardhan is quoted.

There is no denying that it has overtaken the traditional media in certain facets of news - most notably when it comes to breaking news and that it provides grounds for expressing one's ideas unbounded.

But the marketing and the advertising world are only just coming to grips with the medium. (Twitter is set to launch its IPO soon and Facebook is going to increasingly face the need to monetize its services. The Web has a history of complaints where users have found it tough to different between user-generated content and 'promoted' content.)

In effect, the question of the “influence” that social media and its star patrons wield is still being assessed, especially in the loaded context of whether its proactive use would translate to votes in the upcoming Lok Sabha elections. Not only are the number of active social media users negligible in the Indian context, there are doubts on whether a 'cause and effect' scenario is possible.

There are two predominant points of view, while talking about the influence of social media campaigns on politics: One that closely reads the Facebook ‘likes’ and Twitter trends as an important measure of public pulse; and the other which dismisses any sort of influence that social media has on real and grass root level politics.

T. Vishnu Vardhan, a researcher at Bangalore-based Centre for Internet and Society, prefers the middle ground. “It is important to not ignore the growing popularity of social media in India with [telecom] service providers providing Facebook access at Rs. 1 for an entire day. However, I would refrain from seeing a direct correlation between a person's participation on social media to real-time events in society including politics.”

Propaganda fallacy

“In India and especially in Tamil Nadu it has been proved that the Propaganda Model is a fallacy. There is no simple formula, whether it be cinema of 1970s or the Social Media of the 2010s. There are too many factors and layers that influence real-time events.”

Companies around the world are trying to make sense of this 'Big Data' that people's digital lives are generating. And whilst individuals and even some clever campaigns make snap pronouncements based on superficial data and analysis, there are a few companies that are looking at it through the prism of complex algorithms and technology-enabled web crawling.

One such company Kochi-based startup Riafy Technologies is attempting to make sense of the digital noise in a broad sweeping sense looking at three domains: relational intelligence, predictive analysis and big data.

One of the their applications 'Movie Tarot' predicts the outcome of Friday releases at the movie box office, based on the digital traffic on the days preceding the release. Not every instance of praise or every denouncement is treated equally. Instead, they have an intelligent algorithm that they apply to predict the box office collections and the ultimate verdict. (They claim to have a fairly accurate track record thus far.)

The company's CEO John Mathew says there is a correlation between a person's online presence and behaviour in the real world. “This influence is significant in age groups of 18-34,” he says. “As for Lok Sabha elections, the 'social media influenced' voter turnout would be marginal when we look at the country as a whole, but this number would be substantial in the 'swing constituencies'.”

For more details visit https://cis-india.org/news/the-hindu-october-13-2013-karthik-subramanian-the-quest-for-genuine-clout-on-the-internet

Fragmentation in a Democracy : The Role of Social Movements and the Media

praskrishna — 2013-10-29T07:45:31Z

The Observer Research Foundation, Delhi, together with the Rosa Luxemburg Stiftung, Berlin, will be convening a Round-table on Fragmentation in a Democracy : The Role of Social Movements and the Media on October 16, 2013 at the Observer Research Foundation in New Delhi. Sunil Abraham is a speaker in the session on Impact of Media, Social Media & Technology on Democracy / Governance.

The round-table will examine the changing role of civil society as a political actor and also how this is being impacted by the Media and Social Media.

This round-table is being designed as a brainstorming session and therefore there will not be any formal written papers. Ideally, we will aim to have one or two prepared comments in each session to lay out the issues and a general discussion thereafter.

Agenda

10.00 10.05	Opening Remarks by Roundtable Chairperson:
10.05 11.45	Session 1: The Changing Role of Civil Society in a Democracy/Democratic Governance Trilochan Sastry, Founder and trustee, Association for Democratic Reform, Bangalore Chakshu Rai,/PRS Legislative Research Institute for Policy Research Studies, Delhi Paranjoy Guha Thakurta, Independent Journalist, Delhi Anand Kumar, Professor, JNU, Delhi
11.45 12.00	Tea/Coffee Break
	Session 2: The Impact of Media, Social Media & Technology on Democracy / Governance Sunil Abraham, CIS Bangalore Aditya Kalra, Thomson Rueters, Delhi R. Swaminathan, ORF, Mumbai Niranjan Sahoo, ORF, Delhi
13.45	Lunch

For more details visit https://cis-india.org/news/fragmentation-in-a-democracy

Concerns Regarding DNA Law

bhairav — 2013-10-29T10:09:26Z

Recently, a long government process to draft a law to permit the collection, processing, profiling, use and storage of human DNA is nearing conclusion. There are several concerns with this government effort. Below, we present broad-level issues to be kept in mind while dealing with DNA law.

Background

The Department of Biotechnology released, in 29 April 2012, a working draft of a proposed Human DNA Profiling Bill, 2012 ("DBT Bill") for public comments. The draft reveals an effort to (i) permit the collection of human blood, tissue and other samples for the purpose of creating DNA profiles, (ii) license private laboratories that create and store the profiles, (iii) store the DNA samples and profiles in various large databanks in a number of indices, and (iv) permit the use of the completed DNA profiles in scientific research and law enforcement. The regulation of human DNA profiling is of significant importance to the efficacy of law enforcement and the criminal justice system and correspondingly has a deep impact on the freedoms of ordinary citizens from profiling and monitoring. Below, we highlight five important concerns to bear in mind before drafting and implementing DNA legislation.

Primary Issues

Purpose of DNA Profiling

DNA profiling serves two broad purposes – (i) forensic – to establish unique identity of a person in the criminal justice system; and, (ii) research – to understand human genetics and its contribution to anthropology, biology and other sciences. These two purposes have very different approaches to DNA profiling and the issues and concerns attendant on them vary accordingly. Forensic DNA profiling is undertaken to afford either party in a criminal trial a better possibility of adducing corroborative evidence to prosecute, or to defend, an alleged offence. DNA, like fingerprints, is a biometric estimation of the individuality of a person. By itself, in the same manner that fingerprint evidence is only proof of the presence of a person at a particular place and not proof of the commission of a crime, DNA is merely corroborative evidence and cannot, on its own strength, result in a conviction or acquittal of an offence. Therefore, DNA and fingerprints, and the process by which they are collected and used as evidence, should be broadly similar.

Procedural Integrity

Forensic DNA profiling results from biological source material that is usually collected from crime scenes or forcibly from offenders and convicts. Biological source material found at a crime scene is very rarely non-contaminated and the procedure by which it is collected and its integrity ensured is of primary legislative importance. To avoid the danger of contaminated crime scene evidence being introduced in the criminal justice system to pervert the course of justice, it is crucial to ensure that DNA is collected only from intact human cells and not from compromised genetic material. Therefore, if the biological source material found at a crime scene does not contain at least one intact human cell, the whole of the biological source material should be destroyed to prevent the possibility of compromised genetic material being collected to yield inconclusive results. Adherence to this basic principle will obviate the possibility of partial matches of DNA profiles and the resulting controversy and confusion that ensues.

Conditions of Collection

In India, the taking of fingerprints is chiefly governed by the Identification of Prisoners Act, 1920 ("Prisoners Act") and section 73 of the Indian Evidence Act, 1872 ("Evidence Act"). The Prisoners Act permits the forcible taking of fingerprints from convicts and suspects in certain conditions. The Evidence Act, in addition, permits courts to require the taking of fingerprints for the forensic purpose of establishing unique identity in a criminal trial. No
provisions exist for consensual taking of fingerprints, presumably because of the danger of self-incrimination and general privacy concerns. Since, as discussed earlier, fingerprints and DNA are biometric measurements that should be treated equally to the extent possible, the conditions for the collection of DNA should be similar to those for the taking of fingerprints.Accordingly, there should be no legal provisions that enable other kinds of collection, including from volunteers and innocent people.

Retention of DNA

As a general rule applicable in India, the retention of biometric measurements must be supported by a clear purpose that is legitimate, judicially sanctioned and transparent. The Prisoners Act, which permits the forcible taking of fingerprints from convicts, also mandates the destruction of these fingerprints when the person is acquitted or discharged. The indefinite collection of biometric measurements of people is dangerous, susceptible to abuse and invasive of civil rights. Therefore, once lawfully collected from crime scenes and offenders, their DNA profiles must be retained in strictly controlled databases with highly restricted access for the forensic purpose of law enforcement only. DNA should not be held in databases that allow non-forensic use. Further, the indices within these databases should be watertight and exclusive of each other.

DNA Laboratories

The process by which DNA profiles are created from biological source material is of critical importance. Because of the evidentiary value of DNA profiles, the laboratories in which these profiles are created must be properly licensed, professionally managed and manned by competent and impartial personnel. Therefore, the process by which DNA laboratories are licensed and permitted to operate is significant.

For more details visit https://cis-india.org/internet-governance/blog/concerns-regarding-dna-law

The India Privacy Monitor Map

maria — 2013-10-09T16:26:14Z

The Centre for Internet and Society has started the first Privacy Watch in India! Check out our map which includes data on the UID, NPR and CCTNS schemes, as well as on the installation of CCTV cameras and the use of drones throughout the country.

In a country of twenty-eight diverse states and seven union territories, it remained unclear to what extent surveillance, biometric and other privacy-intrusive schemes are being implemented. We are trying to make up for this by mapping out data in every single state in India on the UID, CCTNS and NPR schemes, as well as on the installation of CCTV cameras and the use of Unmanned Aerial Vehicles (UAVs), otherwise known as drones.

In particular, the map in its current format includes data on the following:

UID: The Unique Identification Number (UID), also known as AADHAAR, is a 12-digit unique identification number which the Unique Identification Authority of India (UIDAI) is currently issuing for all residents in India (on a voluntary basis). Each UID is stored in a centralised database and linked to the basic demographic and biometric information of each individual. The UIDAI and AADHAAR currently lack legal backing.

NPR: Under the National Population Register (NPR), the demographic data of all residents in India is collected on a mandatory basis. The Unique Identification Authority of India (UIDAI) supplements the NPR with the collection of biometric data and the issue of the AADHAAR number.

CCTV: Closed-circuit television cameras which can produce images or recordings for surveillance purposes.

UAV: Unmanned Aerial Vehicles (UAVs), otherwise known as drones, are aircrafts without a human pilot on board. The flight of a UAV is controlled either autonomously by computers in the vehicle or under the remote control of a pilot on the ground or in another vehicle. UAVs are used for surveillance purposes.

CCTNS: The Crime and Criminal Tracking Networks and Systems (CCTNS) is a nationwide networking infrastructure for enhancing efficiency and effectiveness of policing and sharing data among 14,000 police stations across India.

Our India Privacy Monitor Map can be viewed through the following link: http://cis-india.org/cisprivacymonitor

This map is part of on-going research and will hopefully expand to include other schemes and projects which are potentially privacy-intrusive. We encourage all feedback and additional data!

For more details visit https://cis-india.org/internet-governance/blog/india-privacy-monitor-map

Re: The Human DNA Profiling Bill, 2012

bhairav — 2013-10-29T10:00:47Z

This short note speaks to legal issues arising from the proposed Human DNA Profiling Bill, 2012 ("DBT Bill") that was circulated drafted under the aegis of the Department of Biotechnology of the Ministry of Science and Technology, Government of India, which seeks to collect human DNA samples, profile them and store them. These comments are made clause-by-clause against the DBT Bill.

Note: Clause-by-clause comments on the Working Draft version of April 29, 2012 from the Centre for Internet and Society

This short note speaks to legal issues arising from the proposed Human DNA Profiling Bill, 2012 ("DBT Bill") that was circulated within the Experts Committee constituted under the aegis of the Department of Biotechnology of the Ministry of Science and Technology, Government of India.
This note must be read against the relevant provisions of the DBT Bill and, where indicated, together with the proposed Forensic DNA Profiling (Regulation) Bill, 2013 that was drafted by the Centre for Internet & Society, Bangalore ("CIS Bill"). These comments must also be read alongside the two-page submission titled “A Brief Note on the Forensic DNA Profiling (Regulation) Bill, 2013” ("CIS Note"). Whereas the aforesaid CIS Note raised issues that informed the drafting of the CIS Bill, this present note seeks to provide legal comments on the DBT Bill.
Preamble
The DBT Bill, in its current working form, lacks a preamble. No doubt, a preamble will be added later once the text of the DBT Bill is finalised. Instead, the DBT Bill contains an introduction. It must be borne in mind that the purpose of the legislation should be spelt out in the preamble since preambular clauses have interpretative value. [See, A. Thangal Kunju Musaliar AIR 1956 SC 246; Burrakur Coal Co. Ltd. AIR 1961 SC 954; and Arnit Das (2000) 5 SCC 488]. Hence, a preamble that states the intent of Parliament to create permissible conditions for DNA source material collection, profiling, retention and forensic use in criminal trials is necessary.
Objects Clause
An ‘objects clause,’ detailing the intention of the legislature and containing principles to inform the application of a statute, in the main body of the statute is an enforceable mechanism to give directions to a statute and can be a formidable primary aid in statutory interpretation. [See, for example, section 83 of the Patents Act, 1970 that directly informed the Order of the Controller of Patents, Mumbai, in the matter of NATCO Pharma and Bayer Corporation in Compulsory Licence Application No. 1 of 2011.] Therefore, the DBT Bill should incorporate an objects clause that makes clear that (i) the principles of notice, confidentiality, collection limitation, personal autonomy, purpose limitation and data minimisation must be adhered to at all times; (ii) DNA profiles merely estimate the identity of persons, they do not conclusively establish unique identity; (iii) all individuals have a right to privacy that must be continuously weighed against efforts to collect and retain DNA; (iv) centralised databases are inherently dangerous because of the volume of information that is at risk; (v) forensic DNA profiling is intended to have probative value; therefore, if there is any doubt regarding a DNA profile, it should not be received in evidence by a court; (vi) once adduced, the evidence created by a DNA profile is only corroborative and must be treated on par with other biometric evidence such as fingerprint measurements.
Definitions
The definition of “analytical procedure” in clause 2(1)(a) of the DBT Bill is practically redundant and should be removed. It is used only twice – in clauses 24 and 66(2)(p) which give the DNA Profiling Board the power to frame procedural regulations. In the absence of specifying the content of any analytical procedure, the definition serves no purpose.
The definition of “audit” in clause 2(1)(b) is relevant for measuring the training programmes and laboratory conditions specified in clauses 12(f) and 27. However, the term “audit” is subsequently used in an entirely different manner in Chapter IX which relates to financial information and transparency. This is a conflicting definition. The term “audit” has a well-established use for financial information that does not require a definition. Hence, this definition should be removed.
The definition of “calibration” in clause 2(1)(d) is redundant and should be removed since the term is not meaningfully used in the DBT Bill.
The definition of “DNA Data Bank” in clause 2(1)(h) is unnecessary. The DBT Bill seeks to establish a National DNA Data Bank, State DNA Data Banks and Regional DNA Data Banks vide clause 32. These national, state and regional databases must be defined individually with reference to their establishment clauses. Defining a “DNA Data Bank”, exclusive of the national, state and regional databases, creates the assumption that any private individual can start and maintain a database. This is a drafting error.
The definition of “DNA Data Bank Manager” in clause 2(1)(i) is misleading since, in the text of the DBT Bill, it is only used in relation to the proposed National DNA Data Bank and never in relation to the State and Regional Data Banks. If it is the intention of DBT Bill that only the national database should have a manager, the definition should be renamed to ‘National DNA Data Bank Manager’ and the clause should specifically identify the National DNA Data Bank. This is a drafting error.
The definition of “DNA laboratory” in clause 2(1)(j) should refer to the specific clauses that empower the Central Government and State Governments to license and recognise DNA laboratories. This is a drafting error.
The definition of “DNA profile” in clause 2(1)(l) is too vague. Merely the results of an analysis of a DNA sample may not be sufficient to create an actual DNA profile. Further, the results of the analysis may yield DNA information that, because of incompleteness or lack of information, is inconclusive. These incomplete bits of information should not be recognised as DNA profiles. This definition should be amended to clearly specify the contents of a complete and valid DNA profile that contains, at least, numerical representations of 17 or more loci of short tandem repeats that are sufficient to estimate biometric individuality of a person.
The definition of “forensic material” in clause 2(1)(o) needs to be amended to remove the references to intimate and non-intimate body samples. If the references are retained, then evidence collected from a crime scene, where an intimate or non-intimate collection procedure was obviously not followed, will not fall within the scope of “forensic material”.
The terms “intimate body sample” and “non-intimate body sample” that are defined in clauses 2(1)(q) and 2(1)(v) respectively are not used anywhere outside the definitions clause except for an inconsequential reference to non-intimate body samples only in the rule-making provision of clause 66(2)(zg). “Intimate body sample” is not used anywhere outside the definitions clause. Both these definitions are redundant and should be removed.
The terms “intimate forensic procedure” and “non-intimate forensic procedure”, that are defined in clauses 2(1)(r) and 2(1)(w) respectively, are not used anywhere except for an inconsequential reference of non-intimate forensic procedure in the rule-making provision of clause 66(2)(zg). “Intimate forensic procedure” is not used anywhere outside the definitions clause. Both these definitions are redundant and should be removed.
The term “known samples” that is defined in clause 2(1)(s) is not used anywhere outside the definitions clause and should be removed for redundancy.
The definition of “offender” in clause 2(1)(y) if vague because it does not specify the offences for which an “offender” need be convicted. It is also linked to an unclear definition of the term “undertrial”, which does not specify the nature of pending criminal proceedings and, therefore, could be used to describe simple offences such as, for example, failure to pay an electricity bill, which also attracts criminal penalties.
The term “proficiency testing” that is defined in clause 2(1)(zb) is not used anywhere in the text of the DBT Bill and should be removed.
The definitions of “quality assurance”, “quality manual” and “quality system” serve no enforceable purpose since they are used only in relation to the DNA Profiling Board’s rule-making powers under clauses 18 and 66. Their inclusion in the definitions clause is redundant. Accordingly, these definitions should be removed.
The term “suspect” defined in clause 2(1)(zi) is vague and imprecise. The standard by which suspicion is to be measured, and by whom suspicion may be entertained – whether police or others, has not been specified. The term “suspect” is not defined in either the Code of Criminal Procedure, 1973 ("CrPC") or the Indian Penal Code, 1860 ("IPC").
The DNA Profiling Board
Clause 3 of the DBT Bill, which provides for the establishment of the DNA Profiling Board, contains a sub-clause (2) which vests the Board with corporate identity. This vesting of legal personality in the DNA Profiling Board – when other boards and authorities, even ministries and independent departments, and even the armed forces do not enjoy this function – is ill-advised and made without sufficient thought. Bodies corporate may be corporations sole – such the President of India, or corporations aggregate – such as companies. The intent of corporate identity is to create a fictional legal personality where none previously existed in order for the fictional legal personality to exist apart from its members, enjoy perpetual succession and to sue in its own legal name. Article 300 of the Constitution of India vests the Central Government with legal personality in the legal name of the Union of India and the State Governments with legal personality in the legal names of their respective states. Apart from this constitutional dispensation, some regulatory authorities, such as the Telecom Regulatory Authority of India ("TRAI") and the Securities and Exchange Board of India ("SEBI") have been individually vested with legal personalities as bodies corporate to enable their autonomous governance and independent functioning to secure their ability to free, fairly and impartially regulate the market free from governmental or private collusion. Similarly, some overarching national commissions, such as the Election Commission of India and the National Human Rights Commission ("NHRC") have been vested with the power to sue and be sued in their own names. In comparison, the DNA Profiling Board is neither an independent market regulator nor an overarching national commission with judicial powers. There is no legal reason for it to be vested with a legal personality on par with the Central Government or a company. Therefore, clause 3(2) should be removed.
The size and composition of the Board that is staffed under clause 4 is extremely large. Creating unwieldy and top-heavy bureaucratic authorities and investing them with regulatory powers, including the powers of licensing, is avoidable. The DBT Bill proposes to create a Board of 16 members, most of them from a scientific background and including a few policemen and one legal administrator. In its present form, the Board is larger than many High Courts but does not have a single legal member able to conduct licensing. Drawing from the experiences of other administrative and regulatory bodies in India, the size of the Board should be drastically reduced to no more than five members, at least half of whom should be lawyers or ex-judges. The change in the legal composition of the Board is necessary because the DBT Bill contemplates that it will perform the legal function of licensing that must obey basic tenets of administrative law. The current membership may be viable only if the Board is divested of its administrative and regulatory powers and left with only scientific advice functions. Moreover, stacking the Board with scientists and policemen appears to ignore the perils that DNA collection and retention pose to the privacy of ordinary citizens and their criminal law rights. The Board should have adequate representation from the human rights community – both institutional (e.g NHRC and the State Human Rights Commissions) and non-institutional (well-regarded and experienced human rights activists). The Board should also have privacy advocates.
Clauses 5(2) and 5(3) establish an unequal hierarchy within the Board by privileging some members with longer terms than others. There is no good reason for why the Vice-Chancellor of a National Law University, the Director General of Police of a State, the Director of a Central Forensic Science Laboratory and the Director of a State Forensic Science Laboratory should serve membership terms on the Board that are longer than those of molecular biologists, population geneticists and other scientists. Such artificial hierarchies should be removed at the outset. The Board should have one pre-eminent chairperson and other equal members with equal terms.
The Chairperson of the Board, who is first mentioned in clause 5(1), has not been duly and properly appointed. Clause 4 should be modified to mention the appointment of the Chairperson and other Members.
Clause 7 deals with the issue of conflict of interest in narrow cases. The clause requires members to react on a case-by-case basis to the business of the Board by recusing themselves from deliberations and voting where necessary. Instead, it may be more appropriate to require members to make a full and public disclosures of their real and potential conflicts of interest, and then granting the Chairperson the power to prevent such members from voting on interested matters. Failure to follow these anti-collusion and anti-corruption safeguards should attract criminal penalties.
Clause 10 anticipates the appointment of a Chief Executive Officer of the Board who shall be a serving Joint Secretary to the Central Government. Clause 10(3) further requires this officer to be scientist. This may not be possible because the administrative hierarchy of the Central Government may not contain a genetic scientist.
The functions of the Board specified in clause 12 are overbroad. Advising ministries, facilitating governments, recommending the size of funds and so on – these are administrative and governance functions best left to the executive. Once the Board is modified to have sufficient legal and human rights representation, then the functions of the Board can non-controversially include licensing, developing standards and norms, safeguarding privacy and other rights, ensuring public transparency, promoting information and debate and a few other limited functions necessary for a regulatory authority.
DNA Laboratories
The provisions of Chapters V and VI may be simplified and merged.
DNA Data Banks
The creation of multiple indices in clause 32(4) cannot be justified and must be removed. The collection of biological source material is an invasion of privacy that must be conducted only in strict conditions when the potential harm to individuals is outweighed by the public good. This balance may only be struck when dealing with the collection and profiling of samples from certain categories of offenders. The implications of collecting and profiling DNA samples from corpses, suspects, missing persons and others are vast and have either not been properly understood or deliberately ignored. At this moment, the forcible collection of biological source material should be restricted to the categories of offenders mentioned in the Identification of Prisoners Act, 1920 ("Prisoners Act") with a suitable addition for persons arrested in connection with certain specified terrorism-related offences. Therefore, databases should contain only an offenders’ index and a crime scene index.
Clause 32(6), which requires the names of individuals to be connected to their profiles, and hence accessible to persons connected with the database, should be removed. DNA profiles, once developed, should be anonymised and retained separate from the names of their owners.
Clause 36, which allows international disclosures of DNA profiles of Indians, should be removed immediately. Whereas an Indian may have legal remedies against the National DNA Data Bank, he/she certainly will not be able to enforce any rights against a foreign government or entity. This provision will be misused to rendition DNA profiles abroad for activities not permitted in India. Similarly, as in data protection regimes around the world, DNA profiles should remain within jurisdictions with high privacy and other legal standards.
Use
The only legitimate purpose for which DNA profiles may be used is for establishing the identity of individuals in criminal trials and confirming their presence or absence from a certain location. Accordingly, clauses 39 and 40 should be re-drafted to specify this sole forensic purpose and also specify the manner in which DNA profiles may be received in evidence. For more information on this point, see the relevant provisions of the CIS Note and the CIS Bill.
The disclosure of DNA profiles should only take place to a law enforcement agency conducting a valid investigation into certain offences and to courts currently trying the individuals to whom the DNA profiles pertains. All other disclosures of DNA profiles should be made illegal. Non-consensual disclosure of DNA profiles for the study of population genetics is specifically illegal. The DBT Bill does not prescribe stringent criminal penalties and other mechanisms to affix individual liability on individual scientists and research institutions for improper use of DNA profiles; it is therefore open to the criticism that it seeks to sacrifice individual rights of persons, including the fundamental right to privacy, without parallel remedies and penalties. Clause 40 should be removed in entirety.
Clause 43 should be removed in entirety. This note does not contemplate the retention of DNA profiles of suspects and victims, except as derived from a crime scene.
Clause 45 sets out a post-conviction right related to criminal procedure and evidence. This would fundamentally alter the nature of India’s criminal justice system, which currently does not contain specific provisions for post-conviction testing rights. However, courts may re-try cases in certain narrow cases when fresh evidence is brought forth that has a nexus to the evidence upon which the person was convicted and if it can be proved that the fresh evidence was not earlier adduced due to bias. Any other fresh evidence that may be uncovered cannot prompt a new trial. Clause 45 is implicated by Article 20(2) of the Constitution of India and by section 300 of the CrPC. The principle of autrefois acquit that informs section 300 of the CrPC specifically deals with exceptions to the rule against double jeopardy that permit re-trials. [See, for instance, Sangeeta Mahendrabhai Patel (2012) 7 SCC 721].

For more details visit https://cis-india.org/internet-governance/blog/re-the-human-dna-profiling-bill-2012

Religious pluralism and freedom of expression in India, Europe and other countries

praskrishna — 2013-11-08T05:54:06Z

The Venice-Delhi Seminars are Reset-Dialogues on Civilizations project, in cooperation with the Jamia Millia Islamia, Seminar and the India Habitat Centre is organizing this event from October 10 to 12, 2013. Chinmayi Arun will be speaking at this event.

Click to read the full details published by Reset DOC on October 10, 2013.

This year, the Rome-based international association Reset-Dialogues on Civilizations will continue promoting dialogue between cultures and the culture of dialogue, reciprocal awareness between East and West and valorising the cultural, religious and political differences in a globalized world.

The schedule for autumn 2013 is as follows; the next Venice-Delhi Seminars will take place from October 10 to 12 in Delhi with the participation of the Indian magazine Seminar, and Jamia Millia Islamia, the Islamic University of Delhi and the India Habitat Centre. After the first meeting in the Indian capital in October 2010 on the subject “Minorities and Pluralism” (see Seminar 621, 2011) and a second meeting in Venice at the Giorgio Cini Foundation from October 18 to 20, 2012, dedicated to “Cultural differences in times of economic turbulence. Social tensions, cultural conflicts and policies of integration in Europe and India”, the Venice-Delhi Seminars have become a regular event, with one being held in Venice and the next in Delhi.

Pluralism

The project’s general framework is religious and cultural pluralism, seen through the perspective analysis of social and political processes and exchanges between East and West. Every encounter is an opportunity to deepen political, social and economic trends that run through society, like India’s and, increasingly, European society, where cultural, ethnic and political differences coexist and interact. Each meeting consists of five sessions lasting three days and papers presented by by experts and academics from all over the world attending roundtable discussions dedicated to the analysis of policies relating to minorities and the global challenge of the multi-ethnic composition of our societies.

The proceedings and more articles from our 2012 edition in Venice, Italy, are published in the September 2013 issue of Seminar magazine. You can visit its website here: www.india-seminar.com

10-12 October 2013 – Third Venice-Delhi Seminars
Coexistence and mutual respect, rights to be protected, freedom of speech and freedom of worship, blasphemy, the ethics of responsibility

The third Venice-Delhi Seminars will take place from October 10 to 12, 2013 in Delhi and will be dedicated to three days of study on the subject “Religious Pluralism and Freedom of Expression in India and Europe: Coexistence and Mutual Respect, Rights to Protect, Freedom of Speech and Freedom of Worship, Blasphemy, Ethics of Responsibility”. The objective of this second round of the “Plural Future” project will be to critically examine the growing tension between the democratic need to protect differences and the right to freedom of expression and the vital need for modern democracies to guarantee peaceful coexistence between majorities and minorities, as well as freedom of worship in conditions of cultural and religious pluralism protected from the extremist excesses of demands based on ethnicity and identity. We will therefore also analyze the public visibility of radical and extremist tendencies from the United States to Europe, to Muslim-majority countries and India.

Analysis will take place from a perspective paying particular attention to the manner in which this wave of violent opposition to dialogue and cultural differences challenges liberal democratic order, tested by a new need to implement rights and respect of minorities. Specific importance will be attributed to conditions experienced by Muslim and Christian minorities. The subject of respect between communities and the rights of minorities will be analyzed also in the European context. European, Indian and American scholars will attend.

Particular attention will paid to the media in this 2013 edition, and its role in portraying cultural and religious differences as well as its capacity to encourage or prevent the development of peaceful co-existence and an acceptance of differences in conditions of cultural, religious and ethnic pluralism.

The Reset-Dialogues on Civilizations project has been organised also so as to involve a large number of students, graduates and doctoral students.

For more details visit https://cis-india.org/news/resetdoc-october-10-2013-religious-pluralism-and-freedom-of-expression-in-india-europe-other-countries

Google survey: 37% of urban Indian voters are online

praskrishna — 2013-11-07T10:41:46Z

Almost four out of every 10 urban voters (or 37%) in India are online, just a little less than the number (42%) that are undecided about whom they will vote for in the 2014 general elections, according to a survey by Google India and research agency TNS released on Tuesday.

This article by Anuja and Moulishree Srivastava was published in Livemint on October 8, 2013. Sunil Abraham is quoted.

To be sure, the two sets needn’t necessarily be mutually exclusive.

The Google-TNS survey said the biggest consideration for online urban voters is the political party (36%), followed by candidates (35%) with party leadership coming in a distant third at 17%. Only 11% of those surveyed said they would vote for a party based on its prime ministerial candidate.

The Election Commission estimates the total number of voters to be 725 million. According to provisional census data, out of India’s 1.21 billion population, 833 million live in rural India and 377 million in urban areas, Mint reported on 7 September.

Using the same proportions, the number of urban voters is around 225 million. And the number of those online, around 83 million.

However, there is no certainty that all these voters can be reached through digital media and be influenced to cast their votes for a party or a candidate. First-time voters, estimated from census data and adjusting for the fact that the survey was conducted in 2011, account for 149.36 million of the electorate.

The main opposition Bharatiya Janata Party (BJP) has already declared Gujarat chief minister Narendra Modi as its prime ministerial candidate.

While 45% of those surveyed said they would want to see more information on the Internet to help them make up their minds, 65% said they do not share their political views online.

According to Rajan Anandan, vice-president and managing director of Google India, while in the beginning of this year there were 150 million Internet users in the country, it is set to reach 200 million mark by year end.

The main opposition Bharatiya Janata Party (BJP) has already declared Gujarat chief minister Narendra Modi as its prime ministerial candidate.

While 45% of those surveyed said they would want to see more information on the Internet to help them make up their minds, 65% said they do not share their political views online.

	The main opposition Bharatiya Janata Party (BJP) has already declared Gujarat chief minister Narendra Modi as its prime ministerial candidate. While 45% of those surveyed said they would want to see more information on the Internet to help them make up their minds, 65% said they do not share their political views online. According to Rajan Anandan, vice-president and managing director of Google India, while in the beginning of this year there were 150 million Internet users in the country, it is set to reach 200 million mark by year end.

The main opposition Bharatiya Janata Party (BJP) has already declared Gujarat chief minister Narendra Modi as its prime ministerial candidate.

While 45% of those surveyed said they would want to see more information on the Internet to help them make up their minds, 65% said they do not share their political views online.

According to Rajan Anandan, vice-president and managing director of Google India, while in the beginning of this year there were 150 million Internet users in the country, it is set to reach 200 million mark by year end.

Modi remains the most Google-searched politician in India, and Congress vice-president Rahul Gandhi is second on the list. The BJP is the most searched political party, followed by the Congress.

The survey was carried out between March and September this year, covering 65 constituencies, 59 cities and 7,042 respondents—all registered voters who use the Internet.

Also on Tuesday, the Internet and Mobile Association of India (IAMAI) released a report showing that increasing spending on social media campaigns can swing 3%–4% of votes in 24 states where Internet usage is sizeable. Social media marketing can play a decisive role as a swing over 1% can change the outcome of elections, it claimed.

The number of social media users in urban India is set to reach 86 million in October this year, and 91 million by the end of this year, according to IAMAI. Political experts are, however, sceptical about the impact of the Internet and social media on the general elections next year. “There would be a little impact but to say that there would be a major effect of it would be a little difficult,” Abhay Kumar Dubey, a political analyst and fellow at the Centre for Study of Developing Societies, a Delhi-based think tank, said.

“We have seen social media’s impact as a mobilizing instrument for agitational purposes but it cannot be said whether it can play a role in voting preference.” Sunil Abraham, executive director of Centre for Internet and Society (CIS), too was sceptical about the impact of Internet usage on elections.

“Urban voters who are online make a small percentage of the voter base. It is not clear whether the sample size of the study was big enough to draw any significant conclusions. So far we have been told that the young urban voter does not always vote and he or she prioritizes a weekend getaway over participating in the general elections,” he said.

Abraham also said that the younger voting population does not vote according to any one trend. “Young people online are a representative subset of the general population divided across political preferences and ideologies. There is no evidence that they will vote as a block and will be extremely susceptible to social media based propaganda,” he added.

For more details visit https://cis-india.org/news/livemint-october-8-2013-anuja-moulishree-srivastava-google-survey-indian-voters-online

Privacy Meet

praskrishna — 2013-11-20T05:13:57Z

Bhairav Acharya was invited by Yahoo's Director of International Privacy, Laura Juanes Micas, to a dinner meeting on privacy at the Oberoi in New Delhi.

The meeting was attended by Justice A.P. Shah, Dr. Gulshan Rai, Dr. Kamlesh Bajaj and others. At this event, Bhairav spoke about the need to develop laws to regulate surveillance and personal data in India. Bhairav further spoke about both the commercial benefits that will accrue from data protection law as well as the national benefit from surveillance regulation and security law. Bhairav also spoke of the need to create a procedure that is just, fair and reasonable and, he highlighted the point that these laws would have to survive constitutional scrutiny by the Supreme Court of India. He also pointed out that meaningful protections lay in creating procedural law that allowed individuals the protection of natural justice and identified magistrates to authorise data collections and interceptions. He further made it clear that India's distinct security situation, both internal and external, warranted a robust surveillance framework that enables law enforcement and strengthens the criminal justice system in manner consistent with the rule of law.

Timings	Agenda
19.00 19.25	Handshakes and Introduction
19.25 19.30	Welcome Remarks by Laura Juanes Micas, Director – International Privacy, Yahoo Inc
19.30 19.35	Address by Manoj Joshi, Joint Secretary, Deptt of Personnel and Training
19.35 19.40	Address by Dr. Gulshan Rai, Director General, CERT-IN
19.40 19.45	Address by Dr. Kamlesh Bajaj, CEO – Data Security Council of India (DSCI)
19.45 19.50	Address by Bhairav Acharya, Legal Adviser, Centre for Internet and Society (CIS)
19.50 19.55	Address by Rajan Mathews, Director General, Cellular Operators Association of India (COAI)
19.55 20.00	Address by Justice A P Shah, Former Chief Justice, Delhi High Court and Chairman, Group of Experts
20.00 20.05	Address by Pavan Duggal, Advocate, Supreme Court
20.05 20.10	Address by Chinmayi Arun, Research Director – Centre for Communication Governance, National Law University - Delhi
20.10 20.15	Address by Prasanth Sugathan, Counsel, Software Freedom Law Centre (SFLC.IN)
20.15 20.20	Address by Dr. Subho Ray, President, Internet and Mobile Association of India (IAMAI)
20.20	Discussions (Along with Sit – Down Dinner)

For more details visit https://cis-india.org/news/privacy-meet-october-7-2013

Decline in web freedom steepest in India: Report

praskrishna — 2013-10-24T03:50:51Z

In a report on the state of internet in 60 countries, Freedom House, a US-based organization, said that in 2013 India saw the "most significant year-on-year decline" in terms of the web freedom.

The article by Javed Anwer was published in the Times of India on October 3, 2013. Sunil Abraham is quoted.

The report said that that the internet in India was "partly free". This is the same status that India had in 2012. But the country's score is now 47 points (higher means more censorship) in 2013 compared to 39 in 2012. The 8-point fall is the steepest Freedom House found among all 60 countries that the group surveyed. Freedom House said it recorded 5-point fall in Brazil, Venezuela and the US.

Despite mass surveillance revealed by Edward Snowden, a former contractor for National Security Agency in the US, Freedom House calls the web in the country "free".

The Freedom House report said that in 2013 India "suffered from deliberate interruptions of mobile and internet service to limit unrest, excessive blocks on content during rioting in northeastern states, and an uptick in the filing of criminal charges against ordinary users for posts of social media sites".

In 2013, India's commitment to the web freedom has not only been worse than developed countries but has also been inferior to countries like Malawi, Tunisia and Mexico.

In the case of India, Freedom House particularly singles out Central Monitoring System, which Indian government is putting in place to regulate and monitor the web usage within the country. "Surveillance (under CMS) requires no judicial oversight. While some of this activity might be justifiable, the lack of transparency surrounding the system, which was never reviewed by Parliament, is concerning," it notes in the report. "The system's potential for abuse is also disquieting, as is its inadequate legal framework.

The report cites the case of the girl who was arrested for liking a Facebook post in Maharashtra, blocking of some Twitter accounts belonging to Indian users, overly broad court directives that have resulted in blocking of websites and a general lack of transparency in how Indian government blocks or filters content reach a conclusion that Indians now have less freedom on how they use the web.

Sunil Abraham, director at Bangalore-based Centre for Internet and Society, says that Freedom House reports are not very accurate because they don't factor in censorship by copyright holders. But he agreed with its basic premise that in India conditions for web users are getting more difficult.

"The report is absolutely right in pointing out that censorship and surveillance in India is increasing. Despite protests from many quarters, it is a real pity that the government is not taking steps to amend the IT act and has joined other nation states in the global race to the bottom of the internet freedom," said Abraham.

Anja Kovacs, founder of Delhi-based Internet Democracy Project, agrees. "I have some issues with Freedom House reports due to how they are prepared and their methodologies. But yes I can say that last year has been very eventful and difficult," said. "But at the same time, there has also been a lot of push back from web users and activists. There have been conversations around the issue of web censorship, which is good."

Globally, the web surveillance is on the rise. "Broad surveillance, new laws controlling web content, and growing arrests of social-media users drove a worldwide decline in internet freedom in the past year," noted Freedom House.

Overall, 34 out of 60 countries part of the report saw a decline in the web freedom. "Vietnam and Ethiopia continued on a worsening cycle of repression; Venezuela stepped up censorship during presidential elections; and three democracies—India, the United States, and Brazil—saw troubling declines," noted the report.

Iceland and Estonia topped the list of countries with the greatest degree of internet freedom. China, Cuba, and Iran were found to be the most repressive countries.

For more details visit https://cis-india.org/news/times-of-india-october-3-2013-javed-anwer-decline-in-web-freedom-steepest-in-india

An Analysis of the Cases Filed under Section 46 of the Information Technology Act, 2000 for Adjudication in the State of Maharashtra

bhairav — 2013-10-01T15:29:46Z

This is a brief review of some of the cases related to privacy filed under section 46 of the Information Technology Act, 2000 ("the Act") seeking adjudication for alleged contraventions of the Act in the State of Maharashtra.

Background

Section 46 of the Act grants the Central Government the power to appoint an adjudicating officer to hold an enquiry to adjudge, upon complaints being filed before that adjudicating officer, contraventions of the Act. The adjudicating officer may be of the Central Government or of the State Government [see section 46(1) of the Act], must have field experience with information technology and law [see section 46(3) of the Act] and exercises jurisdiction over claims for damages up to `5,00,00,000 [see section 46(1A) of the Act]. For the purpose of adjudication, the officer is vested with certain powers of a civil court [see section 46(5) of the Act] and must follow basic principles of natural justice while conducting adjudications [see section 46(2) of the Act]. Hence, the adjudicating officer appointed under section 46 is a quasi-judicial authority.

In addition, the quasi-judicial adjudicating officer may impose penalties, thereby vesting him with some of the powers of a criminal court [see section 46(2) of the Act], and award compensation, the quantum of which is to be determined after taking into account factors including unfair advantage, loss and repeat offences [see section 47 of the Act]. The adjudicating officer may impose penalties for any of the offences described in section 43, section 44 and section 45 of the Act; and, further, may award compensation for losses suffered as a result of contraventions of section 43 and section 43A. The text of these sections is reproduced in the Schedule below. Further law as to the appointment of the adjudicating officer and the procedure attendant on all adjudications was made by Information Technology (Qualification and Experience of Adjudicating Officers and the Manner of Holding Enquiry) Rules, 2003.[1]

It is clear that the adjudicating officer is vested with significant judicial powers, including the power to enforce certain criminal penalties, and is an important quasi-judicial authority.

Excursus

At the outset, it is important to understand the distinction between compensation and damages. Compensation is a sum of money awarded by a civil court, before or along with the primary decree, to indemnify a person for injury or loss. It is usually awarded to a person who has a suffered a monetary loss as a result of the acts or omissions of another party. Its quantification is usually guided by principles of equity. [See Shantilal Mangaldas AIR 1969 SC 634 and Ranbir Kumar Arora AIR 1983 P&H 431]. On the hand, damages are punitive and, in addition to restoring an indemnitee to wholeness, may be imposed to deter an offender, punish exemplary offences, and recover consequential losses, amongst other objectives. Damages that are punitive, while not judicially popular in India, are usually imposed by a criminal court in common law jurisdictions. They are distinct from civil and equitable actions. [See the seminal case of The Owners of the Steamship Mediana [1900] AC 113 (HL)].

Unfortunately, section 46 of the Act uses the terms “damage”, “injury” and “compensation” interchangeably without regard for the long and rich jurisprudence that finds them to be different concepts.

The Cases related to Privacy

In the State of Maharashtra, there have been a total of 47 cases filed under section 46 of the Act. Of these, 33 cases have been disposed of by the Adjudicating Officer and 14 are currently pending disposal. [2] At least three of these cases before the Adjudicating Officer deal with issues related to privacy of communications and personal data. They are:

Case Title	Forum	Date
Vinod Kaushik v. Madhvika Joshi	Shri Rajesh Aggarwal Adjudicating Officer, ex-officio Secretary, IT Government of Maharashtra	10.10.2011
Amit D. Patwardhan v. Rud India Chains	Shri Rajesh Aggarwal Adjudicating Officer, ex-officio Secretary, IT Government of Maharashtra	15.04.2013
Nirmalkumar Bagherwal v. Minal Bagherwal	Shri Rajesh Aggarwal Adjudicating Officer, ex-officio Secretary, IT Government of Maharashtra	26.08.2013

In all three cases the Adjudicating Officer was called upon to determine and penalise unauthorised access to personal data of the complainants. In the Vinod Kaushik case, the complainants’ emails and chat sessions were accessed, copied and made available to the police for legal proceedings without the permission of the complainants. In the Amit Patwardhan and Nirmalkumar Bagherwal cases, the complainants’ financial information in the form of bank account statements were obtained from their respective banks without their consent and used against them in legal proceedings.

The Vinod Kaushik complaint was filed in 2010 for privacy violations committed between 2008 and 2009. The complaint was made against the complainant’s daughter-in-law – the respondent, who was estranged from her husband, the complainant’s son. The respondent had, independent of the proceedings before the Adjudicating Officer, instituted criminal proceedings alleging cruelty and dowry-related harassment against her estranged husband and the complainant. To support some of the claims made in the criminal proceedings, the respondent accessed the email accounts of her estranged husband and the complainant and printed copies of certain communications, both emails and chat transcripts. The complaint to the Adjudicating Officer was made in relation to these emails and chat transcripts that were obtained without the consent and knowledge of the complainant and his son. On 09.08.2010, the then Adjudicating Officer dismissed the complaint after finding that, owing to the marriage between the respondent and the complainant’s son, there was a relation of mutual trust between them that resulted in the complainant and his son consensually sharing their email account passwords with the respondent. This ruling was appealed to the Cyber Appellate Tribunal ("CyAT") which, in a decision of 29.06.2011, found irregularities in the complainant’s son’s privity to the proceedings and remanded the complaint to the Adjudicating Officer for re-adjudication. The re-adjudication, which was conducted by Shri Rajesh Aggarwal as Adjudicating Officer, resulted in a final order of 10.10.2011 ("the final order") that is the subject of this analysis. The final order found that the respondent had violated the privacy of the complainant and his son by her unauthorised access of their email accounts and sharing of their private communications. However, the Adjudicating Officer found that the intent of the unauthorised access – to obtain evidence to support a criminal proceeding – was mitigatory and hence ordered the respondent to pay only a small token amount in compensation, not to the complainants but instead to the State Treasury. The Delhi High Court, which was moved in appeal because the CyAT was non-functional, upheld the final order in its decision of 27.01.2012.

The Amit Patwardhan complaint was filed against the complainant’s ex-employer – the respondent, for illegally obtaining copies of the complainant’s bank account statement. The complainant had left the employ of the respondent to work with a competing business company but not before colluding with the competing business company and diverting the respondent’s customers to them. For redress, the respondent filed suit for a decree of compensation and lead the complainant’s bank statements in evidence to prove unlawful gratification. Since the bank statements were obtained electronically by the respondent without the complainant’s consent, the jurisdiction of the Adjudicating Officer was invoked. In his order of 15.04.2013, Shri Rajesh Aggarwal, the Adjudicating Officer, found that the respondent had, by unlawfully obtaining the complainant’s bank account statements which constitute sensitive personal data, violated the complainant’s privacy. The Adjudicating Officer astutely applied the equitable doctrine of clean hands to deny compensation to the complainant; however, because the complainant’s bank was not a party to the complaint, the Adjudicating Officer was unable to make a ruling on the lack of action by the bank to protect the sensitive personal data of its depositors.

The Nirmalkumar Bagherwal complaint bears a few similarities to the preceding two cases. Like the Vinod Kaushik matter, the issue concerned the manner in which a wife, estranged but still legally married, accessed electronic records of personal data of the complainants; and, like the Amit Patwardhan matter, the object of the privacy violation was the bank account statements of the complainants that constitute sensitive personal data. The respondent was the estranged wife of one of the complainants who, along with his complainant father, managed the third complainant company. To support her claim for maintenance from the complainant and his family in an independent legal proceeding, the respondent obtained certain bank account statements of the complainants without their consent and, possibly, with the collusion of the respondent bank. After reviewing relevant law from the European Union and the United States, and observant of relevant sectoral regulations applicable in India including the relevant Master Circular of the Reserve Bank of India, and further noting preceding consumer case law on the subject, the Adjudicating Officer issued an order on 26.08.2013. The order found that the complainant’s right to privacy was violated by both the respondents but, while determining the quantum of compensation, distinguished between the respondents in respect of the degree of liability; the respondent wife was ordered to pay a token compensation amount while the respondent bank was ordered to pay higher compensation to each of the three complainants individually.

The high quality of each of the three orders bears specific mention. Despite the superb quality of the judgments of the Indian higher judiciary in the decades after independence, the overall quality of judgment-writing appears to have declined. [3] In the last decade, several Indian judges have called for higher standards of judgment writing from their fellow judges. [4] In this background, it is notable that Shri Rajesh Aggarwal, despite not being a member of the judiciary, has delivered well-reasoned, articulate and clear orders that are cognisant of legal issues and also easily understandable to a non-legal reader.

In each of these cases, the Adjudicating Officer has successfully navigated around the fact that none of the primary parties were interacting and transacting at arm’s length. In the Vinod Kaushik and Nirmalkumar Bagherwal matters, the primary parties were estranged but still legally married partners and in the Amit Patwardhan matter the parties were in an employer-employee relationship. The first Adjudicating Officer in the Vinod Kaushik matter failed, in his order of 09.08.2010, to appreciate that the individual communications of individual persons were privileged by an expectation of privacy, regardless of their relationship. Hence, despite acknowledging that the marital partners in that matter were in conflict with each other, and despite being told by one party that the other party’s access to those private communications was made without consent, the Adjudicating Officer allowed his non-judicial opinion of marriage to influence his order. This mistake was corrected when the matter was remanded for re-adjudication. In the re-adjudication, the new Adjudicating Officer correctly noted that the respondent wife could have chosen to approach the police or a court to follow the proper investigative procedure for accessing emails and other private communications of another person and that her unauthorised use of the complainant’s passwords amounted to a violation of their privacy.

Popular conceptions of different types of relationships may affect the (quasi) judicial imagination of privacy. In comparison to the Vinod Kaushik matter, the Nirmalkumar Bagherwal and Amit Patwardhan matters both dealt with unauthorised access to bank account statements, by a wife and by an ex-employer respectively. In any event, the same Adjudicating Officer presided over all three matters and correctly found that the facts in all three matters admitted to contraventions of the privacy of the complainants. The conjecture as to whether the first Adjudicating Officer in the Vinod Kaushik matter would have applied the same standard of family unity to unauthorised access of bank account statements by an estranged wife who was seeking maintenance remains untested. However, the reliance placed on the decision of the Delhi State Consumer Protection Commission in the matter of Rupa Mahajan Pahwa, [5] where the Commission found that unauthorised access to a bank pass book by an estranged husband violated the privacy of the wife, would suggest that judges clothe financial information with a standard of privacy higher than that given to emails.

Emails are a form of electronic communication. The PUCL case (Supreme Court of India, 1996)[6] while it did not explicitly deal with the standard of protection accorded to emails, held that personal communications were protected by an individual right to privacy that emanated from the protection of personal liberty guaranteed under Article 21 of the Constitution of India. Following the Maneka Gandhi case (Supreme Court of India, 1978)[7]

it is settled that persons may be deprived of their personal liberty only by a just, fair and reasonable procedure established by law. As a result, interceptions of private communications that are protected by Article 21 may only be conducted in pursuance of such a procedure. This procedure exists in the form of the Information Technology (Procedure and Safeguards for Interception, Monitoring and Decryption of Information) Rules, 2009 that came into effect on 27 October 2009 ("the Interception Rules"). The Interception Rules set out a regime for accessing private emails in certain conditions. The powers and procedure of Section 91 of the Code of Criminal Procedure ("CrPC") may also apply to obtain data at rest, such as emails stored in an inbox or sent-mail folder.

Finally, the orders of the Adjudicating Officer reveal a well-reasoned and progressive understanding of the law and principles relating to the quantification of compensation. By choosing to impose larger amounts of compensation on the bank that violated the privacy of the complainant in the Nirmalkumar Bagherwal matter, the Adjudicating Officer has indicated that the institutions that hold sensitive personal data, such as financial information, are subject to a higher duty of care in relation of it. But, most importantly, the act of imposing monetary compensation of privacy violations is a step forward because, for the first time in India, it recognises that privacy violations are civil wrongs or injuries that demand compensation.

[1]. These Rules were issued vide GSR 220(E), dated 17 March 2003 and published in the Gazette of India, Extraordinary, Part II, Section 3(i). These Rules can be accessed here – http://it.maharashtra.gov.in/PDF/Qual_ExpAdjudicatingOfficer_Manner_of_Holding_Enquiry_Rules.PDF (visited on 30 September 2013).

[2]. These cases and statistics may be viewed here – http://it.maharashtra.gov.in/1089/IT-Act-Judgements (visited on 30 September 2013).

[3]. See generally, Upendra Baxi “"The Fair Name of Justice": The Memorable Voyage of Chief Justice Chandrachud” in A Chandrachud Reader (Justice V. S. Deshpande ed., Delhi: Documentation Centre etc., 1985) and, Rajeev Dhavan, "Judging the Judges" in Judges and the Judicial Power: Essays in Honour of Justice V. R. Krishna Iyer (Rajeev Dhavan and Salman Khurshid eds., London: Sweet & Maxwell, 1985).

[4]. See generally, Justice B.G .Harindranath, Art of Writing Judgments (Bangalore: Karnataka Judicial Academy, 2004); Justice T .S. Sivagnanam, The Salient Features of the Art of Writing Orders and Judgments (Chennai: Tamil Nadu State Judicial Academy, 2010); and, Justice Sunil Ambwani, “Writing Judgments: Comparative Models” Presentation at the National Judicial Academy, Bhopal (2006) available here – http://districtcourtallahabad.up.nic.in/articles/writing%20judgment.pdf (visited on 29 Sep 2013).

[5]. Appeal No. FA-2008/659 of the Delhi State Consumer Protection Commission, decided on 16 October 2008.

[6]. (1997) 1 SCC 301.

[7]. (1978) 1 SCC 248.

For more details visit https://cis-india.org/internet-governance/blog/analysis-of-cases-filed-under-sec-48-it-act-for-adjudication-maharashtra

September 2013 Bulletin

praskrishna — 2013-10-24T06:48:33Z

Our newsletter for the month of September 2013 can be accessed below.

The Centre for Internet and Society (CIS) welcomes you to the ninth issue of its newsletter for the year 2013. During this month we signed an MoU with the Goa University to enhance digital literacy in Konkani language, submitted a report on Inclusive Disaster and Emergency Management for persons with disabilities to the National Disaster Management Authority, published an updated version of the Privacy Protection Bill, 2013 based on feedback collected from the Privacy Round Table held on August 24, and published an analysis of the Crucifixion Protests in Paraguay. Further, updates on our upcoming events and media coverage are brought in this newsletter.

Our policies on Ethical Research Guidelines, Non-Discrimination and Equal Opportunities, Privacy, Terms of Website Use, and Travel can be accessed here.

Accessibility

As part of our project on creating a national resource kit of state-wise laws, policies and programmes on issues relating to persons with disabilities in India with the Hans Foundation, we bring you a new draft chapter on the union territory of Andaman and Nicobar. With this we have completed compilation of draft chapters for 21 states and 4 union territories. Feedback and comments are invited from readers for this chapter:

National Resource Kit Chapter

The Andaman and Nicobar Chapter (by CLPR, September 30, 2013).

Reports

Inclusive Disaster and Emergency Management for Persons with Disabilities (by Deepti Samant Raja and Nirmita Narasimhan, September 17, 2013). It was submitted to the National Disaster Management Authority of India (NDMA) on September 17 for their action.
The ICT Opportunity for a Disability-Inclusive Development Framework (by leading international organisations such as G3ict, ITU, Microsoft, UNESCO, et.al.) was released on September 24. CIS gave its inputs to this report.

Access to Knowledge and Openness

The Access to Knowledge team at CIS is working on expanding the Indic language Wikipedia in partnership with the Wikimedia Foundation . As part this project, we held seven Wikipedia workshops. Our project on Pervasive Technologies examines the relationship between production of pervasive technologies and intellectual property and we have produced a column in EuroScientist as part of our efforts of promoting openness including open government data, open standards, open access, and free/libre/open source software:

Open Access
Column

Open Access: An Opportunity for Scientists around the Globe (by Subbiah Arunachalam, Euro Scientist, September 25, 2013).

Blog Entries

e - DIRAP Google+ Hangout: Open Government (by Christine Apikul, September 18, 2013).
The Indian Council of Agricultural Research Adopts an Open Access Policy (by Nehaa Chaudhari, September 30, 2013).

Wikipedia
Wikipedians from various communities can request for outreach programmes, technical bugs, logistics-merchandize and media, public relations and communications here.

Announcements

CIS Signs MoU with Goa University: The A2K team at CIS has signed an MoU with the Goa University to digitize the “Konkani Vishwakosh” under the Creative Commons license and build a digital knowledge partnership to enhance digital literacy in Konkani language. See here for more details.

Konkani Vishwakosh Digitization Project: The Centre for Internet and Society in collaboration with the University of Goa invites you to a two-month project on digitization of Konkani Vishwakosh. Please send in your applications by October 5, 2013.

Video

Wikipedians Speak: Piotr Konieczny: This episode brings you a conversation with Piotr Konieczny, a veteran Wikipedian from Poland. He has contributed to over 514 DYK articles on Wikipedia.

Columns and Blog Entries

Recap on Konkani Wikipedia Workshop (by Subhashish Panigrahi, Startup Goa Blog, September 9, 2013).
ଅବସର ପରର ଦ୍ବିତୀୟ ଜୀବନ, ଅବସର ପରେ ସକ୍ରିୟ ଭାବେ ଓଡ଼ିଆ ଉଇକିପିଡ଼ିଆରେ ଲେଖାଲେଖି ଜାରୀ ରଖିଥିବା ଜଣେ ଡାକ୍ତରଙ୍କ ସ‌ହ ଭାବାଲୋଚନା (by Subhashish Panigrahi, Odiapua, September 10, 2013).
Selection of Programme Officer — Pilot Projects, CIS-A2K (by Nitika Tandon, September 10, 2013).
Wikipedia reaches Classrooms in Hyderabad (by Syed Muzammiluddin, September 20, 2013).

Events Organised

A Kannada Wikipedia Workshop in Mysore (University of Mysore, August 6, 2013): This is a report of the workshop conducted last month. Dr. Pavanaja conducted the workshop.
Wikipedia Introductory Workshop (Department of Computer Science and Technology, University of Goa, September 28, 2013). Nitika Tandon conducted this workshop. The details will be posted soon.
Train the Trainer — Four-day long Residential Training Workshop in Bangalore (organised by CIS-A2K, Bangalore, October 3 – 6, 2013).

Events Co-organised

Digital Resources in Telugu: A Workshop for Research Scholars (co-organised by CIS-A2K and the English and Foreign Languages University, Hyderabad, September 13, 2013). T. Vishnu Vardhan participated in this event.
Re-releasing Konkani Vishwakosh & Building Konkani Wikipedia (organised by CIS-A2K and the University of Goa, Conference Hall, Goa University, Taleigao, September 26, 2013).
Wikipedia Introductory Workshop (co-organised by CIS-A2K and wikipedians John Noronha and Supriya Kankumbikar, September 27, 2013). Nitika Tandon participated in this workshop.
Odisha: Wikipedia workshop at IIMC, Dhenkanal (co-organised by CIS-A2K and Odia Wikimedia community, September 30, 2013). Subhashish Panigrahi coordinated the entire event along with members of Odia Wikipedia, Dr Subas Chandra Rout, Mrutyunjaya Kar and Sasanka Sekhar Das. This was covered by Odisha Diary (http://bit.ly/1bna9zd), and eOdisha Samachar (http://bit.ly/1aNJvv4).

Events Participated In

Workshop on e-Content Development (organised by Centre for Staff Training and Development, Dr. B.R. Ambedkar Open University, Hyderabad, September 4 – 6, 2013). Vishnu Vardhan gave a guest lecture on Open Source to Open Knowledge, Building Knowledge Bases and Platforms via Mass Collaboration on the Internet, e-Content in Indian languages – History, Challenges and Opportunities, Wikipedia Users to Wikipedia Authors – Exploring Wikipedia as an OER Tool, and e-Content, e-Student, e-Faculty – Reimagining classroom in the digital Age.
Kannada Wikipedia Workshop (organised by Department of Journalism and Mass Communication, SDM College, Ujire, September 15, 2013). Dr. U.B.Pavanaja participated in this workshop.
Konkani Wikipedia Workshop (organised by St. Aloysius College, AIMIT, St Aloysius College (Autonomous), Beeri, Mangalore, September 13, 2013). Dr. U.B. Pavanaja participated in this.

Media Coverage

'Help Konkani Wikipedia come out of incubation' (Deccan Herald, September 13, 2013): The article talks about the relative lack of content in Konkani Wikipedia. “To get it out of incubation, many should write Konkani articles for Wikipedia,” Dr. Pavanaja was quoted as having said.
Konkani Vishwakosh relaunch tomorrow (The Hindu, September 26, 2013). A coverage of the re-release of the Konkani encyclopaedia under Creative Commons license.
Goa university re-releasing Konkani encyclopaedia on Sept 26 (The Times of India, September 24, 2013): Goa University and CIS-A2K re-released the four volume 3632 page Konkani Vishwakosh (encyclopaedia) in Goa.
Goa University announces plan to upload Konkani encyclopedia on Wikipedia (Navhind Times, September 27, 2013).
Konkani Wikipedia from Goa University in 6 months (The Times of India, September 27, 2013): Goa University becomes the first varsity in India to allow data produced and copyrighted by an Indian university to be used by internet users. Professors, students and anyone with expertise or love for Konkani can come forward to help with the project for which training will be provided, says Vishnu Vardhan.
Konkani Wikipedia in the making (by Prakash Kamat, The Hindu, September 29, 2013): Goa University re-launched a four-volume Konkani encyclopaedia and will upload it on Wikipedia. The process will be completed in six months times, says Vishnu Vardhan.
For the love of Konkani: Preserving Goa's official language (by Joanna Lobo, DNA, September 29, 2013): Konkani has 24 lakh speakers as per the Census Department of India 2001 but online documentation is limited. CIS-A2K wants to strengthen the Konkani Wikipedia, says Nitika Tandon.
Goa University to make available online Konkani Wikipedia, within 6 months (by Jagran Josh, September 30, 2013).
Goa University Partners CIS India to Build Konkani Wikipedia (by Apurva Chaudhary, Medianama, September 30, 2013).

Access to Knowledge (Copyright and Pervasive Technologies)

The Access to Knowledge programme addresses the harms caused to consumers, developing countries, human rights, and creativity/innovation from excessive regimes of copyright, patents, and other such monopolistic rights over knowledge:

Event Participated In

The Law and Economics of Copyright Users Rights (organised by the American University Washington College of Law, Massachusetts Ave., NW, Washington DC, September 26, 2013). Sunil Abraham presented the Pervasive Technologies project.

Internet Governance

We are doing a project on conducting research on surveillance and freedom of expression (SAFEGUARDS) with Privacy International and IDRC. So far we have organised six privacy round tables and drafted the Privacy (Protection) Bill. This month we bring you the latest version of the Privacy (Protection) Bill and an analysis of the six privacy round tables. We are also doing a project on mapping cyber security actors in South Asia and South East Asia with the Citizen Lab, Munk School of Global Affairs, University of Toronto and IDRC. We did an interview with Lawrence Liang on privacy and free speech:

SAFEGUARDS Project
Bill

Privacy (Protection) Bill, 2013: Updated Third Draft (by Bhairav Acharya, September 30, 2013): CIS has been researching privacy in India since 2010 with the objective of raising public awareness around privacy, completing in depth research, and driving a privacy legislation in India. As part of this work, we drafted the Privacy (Protection) Bill, 2013. This is the latest version with changes based on feedback from the Privacy Round Table held on August 24.

Event Reports

A Privacy Meeting with the Federal Trade Commission (co-organised by CIS and the Federal Trade Commission, Imperial Hotel, Janpath, New Delhi, September 20, 2013). Elonnai Hickok participated in this meeting.
The National Privacy Roundtable Meetings (by Bhairav Acharya, September 19, 2013). Bhairav provides an analysis of the six round table meetings held in the cities of New Delhi, Bangalore, Chennai, Mumbai, and Kolkata.

Interview

An Interview with Suresh Ramasubramanian (by Elonnai Hickok, September 6, 2013): Suresh Ramasubramanian from IBM speaks about cyber security and issues in the cloud.

Articles and Blog Entries

India: Privacy in Peril (by Bhairav Acharya, Frontline, July 12, 2013). The article was published in Frontline in July but was mirrored only recently on our website.
Privacy Law Must Fit the Bill (by Sunil Abraham, Deccan Chronicle, September 9, 2013).
Transparency Reports — A Glance on What Google and Facebook Tell about Government Data Requests (by Prachi Arya, September 12, 2013).
The National Cyber Security Policy: Not a Real Policy (by Bhairav Acharya, Observer Research Foundation's Cyber Security Monitor Vol. I, Issue.1, August 2013).
The Central Monitoring System: Some Questions to be Raised in Parliament (by Bhairav Acharya, September 19, 2013).
CIS and International Coalition Calls upon Governments to Protect Privacy (by Elonnai Hickok, September 25, 2013).
An Analysis of the Cases Filed under Section 46 of the Information Technology Act, 2000 for Adjudication in the State of Maharashtra (by Bhairav Acharya, September 30, 2013): This is a brief review of some of the cases related to privacy filed under section 46 of the Information Technology Act, 2000 seeking adjudication for alleged contraventions of the Act in the State of Maharashtra.

Media Coverage

Gmail ban looms for Indian gov't workers (by Beatrice Thomas, Arabian Business.com, September 1, 2013): The article says that government would ban Gmail for official communication in light of cyber spying by the US. Sunil Abraham agrees with the ban.
Indien: Regierung will Nutzung von US-Mailprovidern in Verwaltungen verbieten (Netzpolitik, September 3, 2013). Sunil Abraham was quoted in this German newspaper.
A dangerous trend: social media adds fire to Muzaffarnagar clashes (by Zia Haq, The Hindustan Times, September 9, 2013). The article speaks about censorship in wake of publication of malicious content. In such cases the government has a legitimate reason to censor speech, says Sunil Abraham.
Three Years Later, IPaidABribe.com Pays Off (by Jessica McKenzie, TechPresident, September 23, 2013): The article talks about IPaidABribe.com, an online portal focusing on civic engagement and improving governance. But the real problem in India is “high ticket bribes...at the top of the pyramid,” Sunil Abraham was quoted as having said.
Indian biometric ID plan faces court hurdle (by John Ribeiro, Computer World, September 25, 2013): The article talks about Aadhar (India’s biometric system). The Aadhaar number now allows different agencies including private organizations to collect and exchange data between them, says Pranesh Prakash.

Upcoming Event

Privacy Round Table, New Delhi (co-organised by FICCI, DSCI and CIS, FICCI Federation House, Tansen Marg, New Delhi, October 19, 2013).

Event Organised

Public Law and Jurisprudential Issues of Privacy (CIS, Bangalore, September 27, 2013): Abhayraj Naik, a graduate from the National Law School of India University, Bangalore, and the Yale Law School gave a talk on public law and jurisprudential issues related to privacy.

Events Participated In

Young Scholar Tutorials (organised by Communication Policy Research South, September 3-4, 2013). Nehaa Chaudhari participated in this event.
Privacy and Surveillance in India (organised by the Centre for Culture, Media and Governance, Jamia Millia Islamia, New Delhi, September 18, 2013). Sunil Abraham gave a talk.
Syllabus: “Policy and regulation conducive to rapid ICT sector growth in Myanmar: An introductory course” (organised by LIRNEasia in collaboration with Myanmar ICT Development Organization, and with support from the Open Society Foundation and the International Development Research Centre of Canada, September 28 – October 5, 2013). Sunil Abraham is supporting Prof. Samarajiva on the last optional day of this course in Yangon.
Congress on Privacy and Surveillance (organised by Swiss Federal Institute of Technology, Lausanne, September 30, 2013). Maria Xynou participated in this event.

Cyber Security Project
Video Interview

Part 10: Interview with Lawrence Liang (September 10, 2013): In the ecology of online communication it is crucial for us to look at right to privacy and right to free speech as inseparable.

Forthcoming Events

11th India Knowledge Summit 2013 (organised by ASSOCHAM India, Hotel Shangri-La, New Delhi, October 14-15, 2013). CIS is one of the organisations supporting this event.
CYFY 2013: India Conference on Cyber Security and Cyber Governance (organised by Observer Research Foundation and the Federation of Indian Chambers of Commerce and Industry, Oberoi Hotel, New Delhi, October 14-15, 2013). Sunil Abraham will participate in this event as a speaker.

Knowledge Repository on Internet Access
CIS in partnership with the Ford Foundation is executing a project to create a knowledge repository on Internet and society. This repository will comprise content targeted primarily at civil society with a view to enabling their informed participation in the Indian Internet and ICT policy space. The repository is available at www.internet-institute.in.

Modules

International Telecommunication Union (by Snehashish Ghosh and Anirudh Sridhar, September 30, 2013).
Internet Corporation for Assigned Names and Numbers (ICANN) (by Snehashish Ghosh and Anirudh Sridhar, September 30, 2013).

Telecom

Shyam Ponappa, a Distinguished Fellow at CIS is a regular columnist with the Business Standard. The articles published on his blog Organizing India Blogspot is mirrored on our website:

Newspaper Column

Regrouping for Growth - Interest Rates – III (originally published in the Business Standard on September 4, 2013 and mirrored in Organizing India Blogspot on September 6, 2013).

Digital Natives

Digital Natives with a Cause? examines the changing landscape of social change and political participation in light of the role that young people play through digital and Internet technologies, in emerging information societies. Consolidating knowledge from Asia, Africa and Latin America, it builds a global network of knowledge partners who critically engage with discourse on youth, technology and social change, and look at alternative practices and ideas in the Global South:
Event Report

Bangalore + Sustainability Summit (organized by Ashoka India, Green Lungi and IDEX, September 21, 2013, CIS, Bangalore): Denisse Albornoz has summarised the happenings in this report.

Media Coverage

Youths brainstorm at social summit (The Times of India, September 21, 2013): A coverage of the Bangalore + Sustainability Summit hosted at CIS.

Blog Entry + Video

Revealing Protesters on the Fringe: Crucifixion Protest in Paraguay (by Denisse Albornoz, September 20, 2013): Denisse provides an analysis of the crucifix protest in Paraguay in the light of Nishant Shah’s piece: Whose Change is it Anyway?.

Digital Humanities

CIS is building research clusters in the field of Digital Humanities. The Digital will be used as a way of unpacking the debates in humanities and social sciences and look at the new frameworks, concepts and ideas that emerge in our engagement with the digital. The clusters aim to produce and document new conversations and debates that shape the contours of Digital Humanities in Asia:

Interview

Thinking Digital Beyond Tools: Interview with Dr. Nishant Shah (by Noopur Raval, HASTAC, September 10, 2013): Nishant speaks about his interest in digital studies, the future of humanities, and his HASTAC experience.

Event Participated In

Reclaim Open Learning Symposium (organized by the Digital Media and Learning Research Hub, University of California Humanities Research Institute, UC Irvine, September 26-27, 2013): Nishant Shah participated in this event as a panelist.

About CIS
The Centre for Internet and Society is a non-profit research organization that works on policy issues relating to freedom of expression, privacy, accessibility for persons with disabilities, access to knowledge and IPR reform, and openness (including open government, FOSS, open standards, etc.), and engages in academic research on digital natives and digital humanities.

Follow us elsewhere

Twitter: https://twitter.com/CISA2K

Facebook group: https://www.facebook.com/cisa2k

Visit us at: https://meta.wikimedia.org/wiki/India_Access_To_Knowledge

E-mail: a2k@cis-india.org

Support Us
Please help us defend consumer / citizen rights on the Internet! Write a cheque in favour of ‘The Centre for Internet and Society’ and mail it to us at No. 194, 2nd ‘C’ Cross, Domlur, 2nd Stage, Bengaluru – 5600 71.

Request for Collaboration:
We invite researchers, practitioners, and theoreticians, both organisationally and as individuals, to collaboratively engage with Internet and society and improve our understanding of this new field. To discuss the research collaborations, write to Sunil Abraham, Executive Director, at sunil@cis-india.org or Nishant Shah, Director – Research, at nishant@cis-india.org. To discuss collaborations on Indic language wikipedia, write to T. Vishnu Vardhan, Programme Director, A2K, at vishnu@cis-india.org

CIS is grateful to its donors, Wikimedia Foundation, Ford Foundation, Privacy International, UK, Hans Foundation and the Kusuma Trust which was founded by Anurag Dikshit and Soma Pujari, philanthropists of Indian origin, for its core funding and support for most of its projects.

For more details visit https://cis-india.org/about/newsletters/september-2013-bulletin

A Privacy Meeting with the Federal Trade Commission in New Delhi

elonnai — 2013-10-03T10:25:33Z

On September 20, the Centre for Internet and Society held a roundtable meeting with Betsy Broder, Counsel for International Consumer Protection, and Sarah Schroeder, Attorney, Bureau of Consumer Protection, Federal Trade Commission (FTC), United States. The meeting took place at the Imperial, Janpath, New Delhi and discussed both the U.S framework to privacy and potential frameworks and challenges to privacy in India.

As a note, thoughts shared during the meeting represented personal perspectives, and did not constitute the official position of the Federal Trade Commission.

When explaining the U.S regulatory framework for privacy the FTC attorneys highlighted that the United States does not have comprehensive privacy legislation, like in Europe, but instead has sectoral laws that address different aspects of privacy. For example, the Fair Credit Reporting Act maintains confidentiality of consumer credit report information, the Gramm Leach Bliley Act imposes privacy and security requirements for financial institutions, HIPAA applies to patient health information, and the Children’s Online Privacy Protection Act prevents the collection and posting of personal information from minors. It was discussed that the sectoral model followed by the United States allows for a nuanced balance to be struck between privacy protection and the market. It was noted, however, that some have critiqued the U.S. regulatory framework for lacking clear principles that apply to the commercial world and lay out strong privacy protections for the individual. In light of this, the White House is developing a Privacy Bill of Rights.

The Federal Trade Commission is an independent agency in the United States Government with responsibility for enforcing both consumer protection and competition laws. It is composed of five commissioners, and a staff of roughly 1,000, which includes attorneys and economists. The FTC is primarily a law enforcement agency, but also undertakes policy development through workshops and reports, Consumer education is another key function of the agency.

On the consumer protection side, Congress has directed the FTC to enforce the Federal Trade Commission Act, as well as some more specific statutes, such as those that protect consumers from unwanted telemarketing laws, and the protection of children on line. Its main objectives are to protect consumer interests, and prevent fraud and unfair and deceptive business practices. The FTC carries out its privacy work through its consumer protection mission.

When understanding the FTC’s role in relation to privacy, it is important to understand that the FTC’s jurisdiction applies only to certain industries as defined by Congress. Thus, for example, the FTC does not have jurisdiction over banks or telecommunications.

The most critical part of the FTC’s activities is its law enforcement function. The FTC can investigate an organization if the staff believes that the entity may be involved in conduct that contravenes the FTC Act’s prohibition on unfair or deceptive practices, or another specific privacy law. The FTC has brought a number of privacy-related cases against major companies including Facebook, Google, ChoicePoint, and Twitter. Many of these cases address new challenges brought about by rapidly changing technologies.

The vast majority of the FTC’s actions have been settled with consent judgments. When the statute that the FTC enforces allows for the imposition of a civil penalty, the FTC sets the penalty at a level that ensures that it is fair and provides a deterrent, but will not impose a hardship on the company. As a civil enforcement agency, the FTC cannot seek criminal sanctions. While enforcement is the cornerstone of the FTC’s approach to privacy, the agency also supports self-regulation, where appropriate. In this system the FTC does not pre-approve an organization’s practices or define principles that all companies should abide by as it is felt that every organization is unique and has different needs and abilities, and assigning specific technical standards may stifle innovation.

In the meeting it was also discussed how US privacy laws may apply to overseas companies where they are providing services for US consumers or working on behalf of US companies. For example, under the Gramm Leach Bliley Act the FTC has created the Safeguards Rule, which speaks to how financial data by financial institutions must be handled and protected. This Rule applies to companies overseas if the company is performing work for US companies or US consumers. In other words, a US company cannot avoid compliance by outsourcing its work to an off shore organization. Discussions during the meeting also focused on consent and the key role that context, accessibility, and timing play in ensuring individuals have the ability to provide informed consent. Some of the attendees suggested that this practice could be greatly improved in India. For example, currently in India there are companies that only provide consumers access to the company privacy policy after an individual has consented and signed up to the service. When asked about the challenges to privacy that exist in India, many shared that, culturally, there is a different understanding of privacy in India than in many western countries.

Other thoughts included that the Indian government is currently imagining privacy regulation as being either fluid and purely self regulatory or being enforced through strict legal provisions. Instead, the government needs to begin to expand the possibilities for a regulatory framework for privacy in India in such a way that allows for strong legal enforcement, and flexible standards. The right to be forgotten was also discussed and it was mentioned that California has proposed a law that will allow individuals to request deletion of information.

For more details visit https://cis-india.org/internet-governance/blog/privacy-meeting-with-ftc-new-delhi

Privacy (Protection) Bill, 2013: Updated Third Draft

bhairav — 2013-10-01T12:25:43Z

The Centre for Internet and Society has been researching privacy in India since 2010 with the objective of raising public awareness around privacy, completing in depth research, and driving a privacy legislation in India. As part of this work, we drafted the Privacy (Protection) Bill, 2013.

This research is being undertaken as part of the 'SAFEGUARDS' project that CIS is doing with Privacy International and IDRC. The following is the latest version with changes based on the Round Table held on August 24:

[Preamble]

CHAPTER I

Preliminary

1. Short title, extent and commencement. – (1) This Act may be called the Privacy (Protection) Act, 2013.

(2) It extends to the whole of India.

(3) It shall come into force on such date as the Central Government may, by notification in the Official Gazette, appoint.

2. Definitions. – In this Act and in any rules made thereunder, unless the context otherwise requires, –

(a) “anonymise” means, in relation to personal data, the removal of all data that may, whether directly or indirectly in conjunction with any other data, be used to identify the data subject;

(b) “appropriate government” means, in relation the Central Government or a Union Territory Administration, the Central Government; in relation a State Government, that State Government; and, in relation to a public authority which is established, constituted, owned, controlled or substantially financed by funds provided directly or indirectly –

(i) by the Central Government or a Union Territory Administration, the Central Government;

(ii) by a State Government, that State Government;

(c) “authorised officer” means an officer, not below the rank of a Gazetted Officer, of an All India Service or a Central Civil Service, as the case may be, who is empowered by the Central Government, by notification in the Official Gazette, to intercept a communication of another person or carry out surveillance of another person under this Act;

(d) “biometric data” means any data relating to the physical, physiological or behavioural characteristics of a person which allow their unique identification including, but not restricted to, facial images, finger prints, hand prints, foot prints, iris recognition, hand writing, typing dynamics, gait analysis and speech recognition;

(e) “Chairperson” and “Member” mean the Chairperson and Member appointed under sub-section (1) of section 17;

(f) “collect”, with its grammatical variations and cognate expressions, means, in relation to personal data, any action or activity that results in a data controller obtaining, or coming into the possession or control of, any personal data of a data subject;

(g) “communication” means a word or words, spoken, written or indicated, in any form, manner or language, encrypted or unencrypted, meaningful or otherwise, and includes visual representations of words, ideas, symbols and images, whether transmitted or not transmitted and, if transmitted, irrespective of the medium of transmission;

(h) “competent organisation” means an organisation or public authority listed in the Schedule;

(i) “data controller” means a person who, either alone or jointly or in concert with other persons, determines the purposes for which and the manner in which any personal data is processed;

(j) “data processor” means any person who processes any personal data on behalf of a data controller;

(k) “Data Protection Authority” means the Data Protection Authority constituted under sub-section (1) of section 17;

(l) “data subject” means a person who is the subject of personal data;

(m) “deoxyribonucleic acid data” means all data, of whatever type, concerning the characteristics of a person that are inherited or acquired during early prenatal development;

(n) “destroy”, with its grammatical variations and cognate expressions, means, in relation to personal data, to cease the existence of, by deletion, erasure or otherwise, any personal data;

(o) “disclose”, with its grammatical variations and cognate expressions, means, in relation to personal data, any action or activity that results in a person who is not the data subject coming into the possession or control of that personal data;

(p) “intelligence organisation” means an intelligence organisation under the Intelligence Organisations (Restriction of Rights) Act, 1985 (58 of 1985);

(q) “interception” or “intercept” means any activity intended to capture, read, listen to or understand the communication of a person;

(r) “personal data” means any data which relates to a natural person if that person can, whether directly or indirectly in conjunction with any other data, be identified from it and includes sensitive personal data;

(s) “prescribed” means prescribed by rules made under this Act;

(t) “process”, with its grammatical variations and cognate expressions, means, in relation to personal data, any action or operation which is performed upon personal data, whether or not by automated means including, but not restricted to, organisation, structuring, adaptation, modification, retrieval, consultation, use, alignment or destruction;

(u) “receive”, with its grammatical variations and cognate expressions, means, in relation to personal data, to come into the possession or control of any personal data;

(v) “sensitive personal data” means personal data as to the data subject’s –

(i) biometric data;

(ii) deoxyribonucleic acid data;

(iii) sexual preferences and practices;

(iv) medical history and health;

(v) political affiliation;

(vi) commission, or alleged commission, of any offence;

(vii) ethnicity, religion, race or caste; and

(viii) financial and credit information.

(w) “store”, with its grammatical variations and cognate expressions, means, in relation to personal data, to retain, in any form or manner and for any purpose or reason, any personal data;

(x) “surveillance” means any activity intended to watch, monitor, record or collect, or to enhance the ability to watch, record or collect, any images, signals, data, movement, behaviour or actions, of a person, a group of persons, a place or an object, for the purpose of obtaining information of a person;

and all other expressions used herein shall have the meanings ascribed to them under the General Clauses Act, 1897 (10 of 1897) or the Code of Criminal Procedure, 1973 (2 of 1974), as the case may be.

CHAPTER II

Regulation of Personal Data

3. Regulation of personal data. – Notwithstanding anything contained in any other law for time being in force, no person shall collect, store, process, disclose or otherwise handle any personal data of another person except in accordance with the provisions of this Act and any rules made thereunder.

4. Exemption. – Nothing in this Act shall apply to the collection, storage, processing or disclosure of personal data for personal or domestic use.

CHAPTER III

Protection of Personal Data

5. Regulation of collection of personal data. – (1) No personal data of a data subject shall be collected except in conformity with section 6 and section 7.

(2) No personal data of a data subject may be collected under this Act unless it is necessary for the achievement of a purpose of the person seeking its collection.

(3) Subject to section 6 and section 7, no personal data may be collected under this Act prior to the data subject being given notice, in such and form and manner as may be prescribed, of the collection.

6. Collection of personal data with prior informed consent. – (1) Subject to sub-section (2), a person seeking to collect personal data under this section shall, prior to its collection, obtain the consent of the data subject.

(2) Prior to a collection of personal data under this section, the person seeking its collection shall inform the data subject of the following details in respect of his personal data, namely: –

(a) when it will be collected;

(b) its content and nature;

(d) the manner in which it may be accessed, checked and modified;

(e) the security practices, privacy policies and other policies, if any, to which it will be subject;

(f) the conditions and manner of its disclosure; and

(g) the procedure for recourse in case of any grievance in relation to it.

(3) Consent to the collection of personal data under this section may be obtained from the data subject in any manner or medium but shall not be obtained as a result of a threat, duress or coercion:

Provided that the data subject may, at any time after his consent to the collection of personal data has been obtained, withdraw the consent for any reason whatsoever and all personal data collected following the original grant of consent shall be destroyed forthwith:

Provided that the person who collected the personal data in respect of which consent is subsequently withdrawn may, if the personal data is necessary for the delivery of any good or the provision of any service, not deliver that good or deny that service to the data subject who withdrew his grant of consent.

7. Collection of personal data without prior consent. – Personal data may be collected without the prior consent of the data subject if it is –

(a) necessary for the provision of an emergency medical service to the data subject;

(b) required for the establishment of the identity of the data subject and the collection is authorised by a law in this regard;

(d) necessary to prevent, investigate or prosecute a cognisable offence.

8. Regulation of storage of personal data. – (1) No person shall store any personal data for a period longer than is necessary to achieve the purpose for which it was collected or received, or, if that purpose is achieved or ceases to exist for any reason, for any period following such achievement or cessation.

(2) Save as provided in sub-section (3), any personal data collected or received in relation to the achievement of a purpose shall, if that purpose is achieved or ceases to exist for any reason, be destroyed forthwith.

(3) Notwithstanding anything contained in this section, any personal data may be stored for a period longer than is necessary to achieve the purpose for which it was collected or received, or, if that purpose has been achieved or ceases to exist for any reason, for any period following such achievement or cessation, if –

(a) the data subject grants his consent to such storage prior to the purpose for which it was collected or received being achieved or ceasing to exist;

(b) it is adduced for an evidentiary purpose in a legal proceeding; or

Provided that only that amount of personal data that is necessary to achieve the purpose of storage under this sub-section shall be stored and any personal data that is not required to be stored for such purpose shall be destroyed forthwith:

Provided further that any personal data stored under this sub-section shall, to the extent possible, be anonymised.

9. Regulation of processing of personal data. – (1) No person shall process any personal data that is not necessary for the achievement of the purpose for which it was collected or received.

(2) Save as provided in sub-section (3), no personal data shall be processed for any purpose other than the purpose for which it was collected or received.

(3) Notwithstanding anything contained in this section, any personal data may be processed for a purpose other than the purpose for which it was collected or received if –

(a) the data subject grants his consent to the processing and only that amount of personal data that is necessary to achieve the other purpose is processed;

(b) it is necessary to perform a contractual duty to the data subject;

(d) it necessary to prevent, investigate or prosecute a cognisable offence.

10. Transfer of personal data for processing. – (1) Subject to the provisions of this section, personal data that has been collected in conformity with this Act may be transferred by a data controller to a data processor, whether located in India or otherwise, if the transfer is pursuant to an agreement that explicitly binds the data processor to same or stronger measures in respect of the storage, processing, destruction, disclosure and other handling of the personal data as are contained in this Act.

(2) No data processor shall process any personal data transferred under this section except to achieve the purpose for which it was collected.

(3) A data controller that transfers personal data under this section shall remain liable to the data subject for the actions of the data processor.

11. Security of personal data and duty of confidentiality. – (1) No person shall collect, receive, store, process or otherwise handle any personal data without implementing measures, including, but not restricted to, technological, physical and administrative measures, adequate to secure its confidentiality, secrecy, integrity and safety, including from theft, loss, damage or destruction.

(2) Data controllers and data processors shall be subject to a duty of confidentiality and secrecy in respect of personal data in their possession or control.

(3) Without prejudice to the provisions of this section, a data controller or data processor shall, if the confidentiality, secrecy, integrity or safety of personal data in its possession or control is violated by theft, loss, damage or destruction, or as a result of any disclosure contrary to the provisions of this Act, or for any other reason whatsoever, notify the data subject, in such form and manner as may be prescribed, forthwith.

12. Regulation of disclosure of personal data. – Subject to section 10, section 13 and section 14, no person shall disclose, or otherwise cause any other person to receive, the content or nature of any personal data that has been collected in conformity with this Act.

13. Disclosure of personal data with prior informed consent. – (1) Subject to sub-section (2), a data controller or data processor seeking to disclose personal data under this section shall, prior to its disclosure, obtain the consent of the data subject.

(2) Prior to a disclosure of personal data under this section, the data controller or data processor, as the case may be, seeking to disclose the personal data, shall inform the data subject of the following details in respect of his personal data, namely: –

(a) when it will be disclosed;

(b) the purpose of its disclosure;

(d) the procedure for recourse in case of any grievance in relation to it.

14. Disclosure of personal data without prior consent. – (1) Subject to sub-section (2), personal data may be disclosed without the prior consent of the data subject if it is necessary –

(a) to prevent a reasonable threat to national security, defence or public order; or

(b) to prevent, investigate or prosecute a cognisable offence.

(2) No data controller or data processor shall disclose any personal data unless it has received an order in writing from a police officer not below the rank of [___] in such form and manner as may be prescribed:

Provided that an order for the disclosure of personal data made under this sub-section shall not require the disclosure of any personal data that is not necessary to achieve the purpose for which the disclosure is sought:

Provided further that the data subject shall be notified, in such form and manner as may be prescribed, of the disclosure of his personal data, including details of its content and nature, and the identity of the police officer who ordered its disclosure, forthwith.

15. Quality and accuracy of personal data. – (1) Each data controller and data processor shall, to the extent possible, ensure that the personal data in its possession or control, is accurate and, where necessary, is kept up to date.

(2) No data controller or data processor shall deny a data subject whose personal data is in its possession or control the opportunity to review his personal data and, where necessary, rectify anything that is inaccurate or not up to date.

(3) A data subject may, if he finds personal data in the possession or control of a data controller or data processor that is not necessary to achieve the purpose for which it was collected, received or stored, demand its destruction, and the data controller shall destroy, or cause the destruction of, the personal data forthwith.

16. Special provisions for sensitive personal data. – Notwithstanding anything contained in this Act and the provisions of any other law for the time being in force –

(a) no person shall store sensitive personal data for a period longer than is necessary to achieve the purpose for which it was collected or received, or, if that purpose has been achieved or ceases to exist for any reason, for any period following such achievement or cessation;

(b) no person shall process sensitive personal data for a purpose other than the purpose for which it was collected or received;

(c) no person shall disclose sensitive personal data to another person, or otherwise cause any other person to come into the possession or control of, the content or nature of any sensitive personal data, including any other details in respect thereof.

CHAPTER IV

The Data Protection Authority

17. Constitution of the Data Protection Authority. – (1) The Central Government shall, by notification, constitute, with effect from such date as may be specified therein, a body to be called the Data Protection Authority consisting of a Chairperson and not more than four other Members, to exercise the jurisdiction and powers and discharge the functions and duties conferred or imposed upon it by or under this Act.

(2) The Chairperson shall be a person who has been a Judge of the Supreme Court:

Provided that the appointment of the Chairperson shall be made only after consultation with the Chief Justice of India.

(3) Each Member shall be a person of ability, integrity and standing who has a special knowledge of, and professional experience of not less than ten years in privacy law and policy.

18. Term of office, conditions of service, etc. of Chairperson and Members. – (1) Before appointing any person as the Chairperson or Member, the Central Government shall satisfy itself that the person does not, and will not, have any such financial or other interest as is likely to affect prejudicially his functions as such Chairperson or Member.

(2) The Chairperson and every Member shall hold office for such period, not exceeding five years, as may be specified in the order of his appointment, but shall be eligible for reappointment:

Provided that no person shall hold office as the Chairperson or Member after he has attained the age of sixty-seven years.

(3) Notwithstanding anything contained in sub-section (2), the Chairperson or any Member may –

(a) by writing under his hand resign his office at any time;

(b) be removed from office in accordance with the provisions of section 19 of this Act.

(4) A vacancy caused by the resignation or removal of the Chairperson or Member under sub-section (3) shall be filled by fresh appointment.

(5) In the event of the occurrence of a vacancy in the office of the Chairperson, such one of the Members as the Central Government may, by notification, authorise in this behalf, shall act as the Chairperson till the date on which a new Chairperson, appointed in accordance with the provisions of this Act, to fill such vacancy, enters upon his office.

(6) When the Chairperson is unable to discharge his functions owing to absence, illness or any other cause, such one of the Members as the Chairperson may authorise in writing in this behalf shall discharge the functions of the Chairperson, till the date on which the Chairperson resumes his duties.

(7) The salaries and allowances payable to and the other terms and conditions of service of the Chairperson and Members shall be such as may be prescribed:

Provided that neither the salary and allowances nor the other terms and conditions of service of the Chairperson and any member shall be varied to his disadvantage after his appointment.

19. Removal of Chairperson and Members from office in certain circumstances. – The Central Government may remove from office the Chairperson or any Member, who –

(a) is adjudged an insolvent; or

(b) engages during his term of office in any paid employment outside the duties of his office; or

(d) is of unsound mind and stands so declared by a competent court; or

(e) is convicted for an offence which in the opinion of the President involves moral turpitude; or

(f) has acquired such financial or other interest as is likely to affect prejudicially his functions as a Chairperson or Member, or

(g) has so abused his position as to render his continuance in offence prejudicial to the public interest.

20. Functions of the Data Protection Authority. – (1) The Chairperson may inquire, suo moto or on a petition presented to it by any person or by someone acting on his behalf, in respect of any matter connected with the collection, storage, processing, disclosure or other handling of any personal data and give such directions or pass such orders as are necessary for reasons to be recorded in writing.

(2) Without prejudice to the generality of the foregoing provision, the Data Protection Authority shall perform all or any of the following functions, namely –

(a) review the safeguards provided by or under this Act and other law for the time being in force for the protection of personal data and recommend measures for their effective implementation;

(b) review any measures taken by any entity for the protection of personal data and take such further action is it deems fit;

(c) review any action, policy or procedure of any entity to ensure compliance with this Act and any rules made hereunder;

(d) formulate, in consultation with experts, norms for the effective protection of personal data;

(e) promote awareness and knowledge of personal data protection through any means necessary;

(f) undertake and promote research in the field of protection of personal data;

(g) encourage the efforts of non-governmental organisations and institutions working in the field of personal data protection;

(h) publish periodic reports concerning the incidence of collection, processing, storage, disclosure and other handling of personal data;

(i) such other functions as it may consider necessary for the protection of personal data.

(3) Subject to the provisions of any rules prescribed in this behalf by the Central Government, the Data Protection Authority shall have the power to review any decision, judgement, decree or order made by it.

(4) In the exercise of its functions under this Act, the Data Protection Authority shall give such directions or pass such orders as are necessary for reasons to be recorded in writing.

(5) The Data Protection Authority may, in its own name, sue or be sued.

21. Secretary, officers and other employees of the Data Protection Authority. – (1) The Central Government shall appoint a Secretary to the Data Protection Authority to exercise and perform, under the control of the Chairperson such powers and duties as may be prescribed or as may be specified by the Chairperson.

(2) The Central Government may provide the Data Protection Authority with such other officers and employees as may be necessary for the efficient performance of the functions of the Data Protection Authority.

(3) The salaries and allowances payable to and the conditions of service of the Secretary and other officers and employees of the Data Protection Authority shall be such as may be prescribed.

22. Salaries, etc. be defrayed out of the Consolidated Fund of India. – The salaries and allowances payable to the Chairperson and Members and the administrative expenses, including salaries, allowances and pension, payable to or in respect of the officers and other employees of the of the Data Protection Authority shall be defrayed out of the Consolidated Fund of India.

23. Vacancies, etc. not to invalidate proceedings of the Data Protection Authority. – No act or proceeding of the Data Protection Authority shall be questioned on the ground merely of the existence of any vacancy or defect in the constitution of the Data Protection Authority or any defect in the appointment of a person acting as the Chairperson or Member.

24. Chairperson, Members and employees of the Data Protection Authority to be public servants. – The Chairperson and Members and other employees of the Data Protection Authority shall be deemed to be public servants within the meaning of section 21 of the Indian Penal Code, 1860 (45 of 1860).

25. Location of the office of the Data Protection Authority. – The offices of the Data Protection Authority shall be in [___] or any other location as directed by the Chairperson in consultation with the Central Government.

26. Procedure to be followed by the Data Protection Authority. – (1) Subject to the provisions of this Act, the Data Protection Authority shall have powers to regulate –

(a) the procedure and conduct of its business;

(b) the delegation to one or more Members of such powers or functions as the Chairperson may specify.

(2) In particular and without prejudice to the generality of the foregoing provisions, the powers of the Data Protection Authority shall include the power to determine the extent to which persons interested or claiming to be interested in the subject-matter of any proceeding before it may be allowed to be present or to be heard, either by themselves or by their representatives or to cross-examine witnesses or otherwise take part in the proceedings:

Provided that any such procedure as may be prescribed or followed shall be guided by the principles of natural justice.

27. Power relating to inquiries. – (1) The Data Protection Authority shall, for the purposes of any inquiry or for any other purpose under this Act, have the same powers as vested in a civil court under the Code of Civil Procedure, 1908 (5 of 1908), while trying suits in respect of the following matters, namely –

(a) the summoning and enforcing the attendance of any person from any part of India and examining him on oath;

(b) the discovery and production of any document or other material object producible as evidence;

(d) the requisitioning of any public record from any court or office;

(e) the issuing of any commission for the examination of witnesses; and,

(f) any other matter which may be prescribed.

(2) The Data Protection Authority shall have power to require any person, subject to any privilege which may be claimed by that person under any law for the time being in force, to furnish information on such points or matters as, in the opinion of the Data Protection Authority, may be useful for, or relevant to, the subject matter of an inquiry and any person so required shall be deemed to be legally bound to furnish such information within the meaning of section 176 and section 177 of the Indian Penal Code, 1860 (45 of 1860).

(3) The Data Protection Authority or any other officer, not below the rank of a Gazetted Officer, specially authorised in this behalf by the Data Protection Authority may enter any building or place where the Data Protection Authority has reason to believe that any document relating to the subject matter of the inquiry may be found, and may seize any such document or take extracts or copies therefrom subject to the provisions of section 100 of the Code of Criminal Procedure, 1973 (2 of 1974), in so far as it may be applicable.

(4) The Data Protection Authority shall be deemed to be a civil court and when any offence as is described in section 175, section 178, section 179, section 180 or section 228 of the Indian Penal Code, 1860 (45 of 1860) is committed in the view or presence of the Data Protection Authority, the Data Protection Authority may, after recording the facts constituting the offence and the statement of the accused as provided for in the Code of Criminal Procedure, 1973 (2 of 1974), forward the case to a Magistrate having jurisdiction to try the same and the Magistrate to whom any such case is forwarded shall proceed to hear the complaint against the accused as if the case had been forwarded to him under section 346 of the Code of Criminal Procedure, 1973 (2 of 1974).

28. Decisions of the Data Protection Authority. – (1) The decisions of the Data Protection Authority shall be binding.

(2) In its decisions, the Data Protection Authority has the power to –

(a) require an entity to take such steps as may be necessary to secure compliance with the provisions of this Act;

(b) require an entity to compensate any person for any loss or detriment suffered;

29. Proceedings before the Data Protection Authority to be judicial proceedings. – The Data Protection Authority shall be deemed to be a civil court for the purposes of section 195 and Chapter XXVI of the Code of Criminal Procedure, 1973 (2 of 1974), and every proceeding before the Data Protection Authority shall be deemed to be a judicial proceeding within the meaning of section 193 and section 228 and for the purposes of section 196 of the Indian Penal Code, 1860 (45 of 1860).

CHAPTER V

Regulation by Data Controllers and Data Processors

30. Co-regulation by Data Controllers and the Data Protection Authority. – (1) The Data Protection Authority may, in consultation with data controllers, formulate codes of conduct for the collection, storage, processing, disclosure or other handling of any personal data.

(2) No code of conduct formulated under sub-section (1) shall be binding on a data controller unless –

(a) it has received the written approval of the Data Protection Authority; and

(b) it has received the approval, by signature of a director or authorised signatory, of the data controller.

31. Co-regulation without prejudice to other remedies. – Any code of conduct formulated under this chapter shall be without prejudice to the jurisdiction, powers and functions of the Data Protection Authority.

32. Self-regulation by data controllers. – (1) The Data Protection Authority may encourage data controllers and data processors to formulate professional codes of conduct to establish rules for the collection, storage, processing, disclosure or other handling of any personal data.

(2) No code of conduct formulated under sub-section (1) shall be effective unless it is registered, in such form and manner as may be prescribed, by the Data Protection Authority.

(3) The Data Protection Authority shall, for reasons to be recorded in writing, not register any code of conduct formulated under sub-section (1) that is not adequate to protect personal data.

CHAPTER IV

Surveillance and Interception of Communications

33. Surveillance and interception of communication to be warranted. – Notwithstanding anything contained in any other law for the time being in force, no –

(i) surveillance shall be carried out, and no person shall order any surveillance of another person;

(ii) communication shall be intercepted, and no person shall order the interception of any communication of another person; save in execution of a warrant issued under section 36, or an order made under section 38, of this Act.

34. Application for issuance of warrant. – (1) Any authorised officer seeking to carry out any surveillance or intercept any communication of another person shall prefer an application for issuance of a warrant to the Magistrate.

(2) The application for issuance of the warrant shall be in the form and manner prescribed in the Schedule and shall state the purpose for which the warrant is sought.

(3) The application for issuance of the warrant shall be accompanied by –

(i) a report by the authorised officer of the suspicious conduct of the person in respect of whom the warrant is sought, and all supporting material thereof;

(ii) an affidavit of the authorised officer, or a declaration under his hand and seal, that the contents of the report and application are true to the best of his knowledge, information and belief, and that the warrant shall be executed only for the purpose stated in the application and shall not be misused or abused in any manner including to interfere in the privacy of any person;

(iii) details of all warrants previously issued in respect of the person in respect of whom the warrant is sought, if any.

35. Considerations prior to the issuance of warrant. – (1) No warrant shall issue unless the requirements of section 34 and this section have been met.

(2) The Magistrate shall consider the application made under section 34 and shall satisfy himself that the information contained therein sets out –

(i) a reasonable threat to national security, defence or public order; or

(ii) a cognisable offence, the prevention, investigation or prosecution of which is necessary in the public interest.

(3) The Magistrate shall satisfy himself that all other lawful means to acquire the information that is sought by the execution of the warrant have been exhausted.

(4) The Magistrate shall verify the identity of the authorised officer and shall satisfy himself that the application for issuance of the warrant is authentic.

36. Issue of warrant. – (1) Subject to section 34 and section 35, the Magistrate may issue a warrant for surveillance or interception of communication, or both of them.

(2) The Magistrate may issue the warrant in Chambers.

37. Magistrate may reject application for issuance of warrant. – If the Magistrate is not satisfied that the requirements of section 34 and section 35 have been met, he may, for reasons to be recorded in writing, –

(i) refuse to issue the warrant and dispose of the application;

(ii) return the application to the authorised officer without disposing of it;

(iii) pass any order that he thinks fit.

38. Order by Home Secretary in emergent circumstances. – (1) Notwithstanding anything contained in section 35, if the Home Secretary of the appropriate government is satisfied that a grave threat to national security, defence or public order exists, he may, for reasons to be recorded in writing, order any surveillance or interception of communication.

(2) An authorised officer seeking an order for surveillance or interception of communication under this section shall prefer an application to the Home Secretary in the form and manner prescribed in the Schedule and accompanied by the documents required under sub-section (3) of section 34.

(3) No order for surveillance or interception of communication made by the Home Secretary under this section shall be valid upon the expiry of a period of seven days from the date of the order.

(4) Before the expiry of a period of seven days from the date of an order for surveillance or interception of communication made under this section, the authorised officer who applied for the order shall place the application before the Magistrate for confirmation.

39. Duration of warrant or order. – (1) The warrant or order for surveillance or interception of communication shall specify the period of its validity and, upon its expiry, all surveillance and interception of communication, as the case may be, carried out in relation to that warrant or order shall cease forthwith:

Provided that no warrant or order shall be valid upon the expiry of a period of sixty days from the date of its issue.

(2) A warrant issued under section 36, or an order issued under section 38, for surveillance or interception of communication, or both of them, may be renewed by a Magistrate if he is satisfied that the requirements of sub-section (2) of section 35 continue to exist.

40. Duty to inform the person concerned. – Subject to sub-section (2), before the expiry of a period of sixty days from the conclusion of any surveillance or interception of communication carried out under this Act, the authorised officer who carried out the surveillance or interception of communication shall, in writing in such form and manner as may be prescribed, notify, with reference to the warrant of the Magistrate, and, if applicable, the order of the Home Secretary, each person in respect of whom the warrant or order was issued, of the fact of such surveillance or interception and duration thereof.

(2) The Magistrate may, on an application made by an authorised officer in such form and manner as may be prescribed, if he is satisfied that the notification under sub-section (1) would –

(a) present a reasonable threat to national security, defence or public order, or

(b) adversely affect the prevention, investigation or prosecution of a cognisable offence,

for reasons to be recorded in writing addressed to the authorised officer, order that the person in respect of whom the warrant or order of surveillance or interception of communication was issued, not be notified of the fact of such interception or the duration thereof:

41. Security and duty of confidentiality and secrecy. – (1) No person shall carry out any surveillance or intercept any communication of another person without implementing measures, including, but not restricted to, technological, physical and administrative measures, to secure the confidentiality and secrecy of all information obtained as a result of the surveillance or interception of communication, as the case may be, including from theft, loss or unauthorised disclosure.

(2) Any person who carries out any surveillance or interception of any communication, or who obtains any information, including personal data, as a result of surveillance or interception of communication, shall be subject to a duty of confidentiality and secrecy in respect of it.

(3) Every competent organisation shall, before the expiry of a period of one hundred days from the enactment of this Act, designate as many officers as it deems fit as Privacy Officers who shall be administratively responsible for all interceptions of communications carried out by that competent organisation.

42. Disclosure of information. – (1) Save as provided in this section, no person shall disclose to any other person, or otherwise cause any other person to come into the knowledge or possession of, the content or nature of any information, including personal data, obtained as a result of any surveillance or interception carried out under this Act.

(2) Notwithstanding anything contained in this section, if the disclosure of any information, including personal data, obtained as a result of any surveillance or interception of any communication is necessary to –

(a) prevent a reasonable threat to national security, defence or public order, or

(b) prevent, investigate or prosecute a cognisable offence,

an authorised officer may disclose the information, including personal data, to any authorised officer of any other competent organisation.

CHAPTER VI

Offences and penalties

43. Punishment for offences related to personal data. – (1) Whoever, except in conformity with the provisions of this Act, collects, receives, stores, processes or otherwise handles any personal data shall be punishable with imprisonment for a term which may extend to [___] years and may also be liable to fine which may extend to [___] rupees.

(2) Whoever attempts to commit any offence under sub section (1) shall be punishable with the punishment provided for such offence under that sub-section.

(3) Whoever, except in conformity with the provisions of this Act, collects, receives, stores, processes or otherwise handles any sensitive personal data shall be punishable with imprisonment for a term which may extend to [increased for sensitive personal data] years and and may also be liable to fine which may extend to [___] rupees.

(4) Whoever attempts to commit any offence under sub section (3) shall be punishable with the punishment provided for such offence under that sub-section.

44. Abetment and repeat offenders. – (1) Whoever abets any offence punishable under this Act shall, if the act abetted is committed in consequence of the abetment, be punishable with the punishment provided for that offence.

(2) Whoever, having been convicted of an offence under any provision of this Act is again convicted of an offence under the same provision, shall be punishable, for the second and for each subsequent offence, with double the penalty provided for that offence.

45. Offences by companies. – (1) Where an offence under this Act has been committed by a company, every person who, at the time of the offence was committed, was in charge of, and was responsible to, the company for the conduct of the business of the company, as well as the company shall be deemed to be guilty of the offence and shall be liable to be proceeded against and punished accordingly:

Provided that nothing contained in this sub-section shall render any such person liable to any punishment, if he proves that the offence was committed without his knowledge or that he had exercised all due diligence to prevent the commission of such offence.

(2) Notwithstanding anything contained in sub-section (1), where any offence under this Act has been committed by a company and it is proved that the offence has been committed with the consent or connivance of, or is attributable to any neglect on the part of any director, manager, secretary or other officer of the company, such director, manager, secretary or other officer shall be deemed to be guilty of that offence, and shall be liable to be proceeded against and punished accordingly.

46. Cognisance. – Notwithstanding anything contained in the Code of Criminal Procedure, 1973 (2 of 1974), the offences under section 43, section 44 and section 45 shall be cognisable and non-bailable.

47. General penalty. – Whoever, in any case in which a penalty is not expressly provided by this Act, fails to comply with any notice or order issued under any provisions thereof, or otherwise contravenes any of the provisions of this Act, shall be punishable with fine which may extend to [___] rupees, and, in the case of a continuing failure or contravention, with an additional fine which may extend to [___] rupees for every day after the first during which he has persisted in such failure or contravention.

48. Punishment to be without prejudice to any other action. – The award of punishment for an offence under this Act shall be without prejudice to any other action which has been or which may be taken under this Act with respect to such contravention.

CHAPTER VII

Miscellaneous

49. Power to make rules. – (1) The Central Government may, by notification in the Official Gazette, make rules to carry out the provisions of this Act.

(2) In particular, and without prejudice to the generality of the foregoing power, such rules may provide for –

[__]

(3) Every rule made under this section shall be laid, as soon as may be after it is made, before each House of Parliament while it is in session for a period of thirty days which may be comprised in one session or in two successive sessions and if before the expiry of the session in which it is so laid or the session immediately following, both Houses agree in making any modification in the rule, or both Houses agree that the rule should not be made, the rule shall thereafter have effect only in such modified form or be of no effect, as the case may be, so however, that any such modification or annulment shall be without prejudice to the validity of anything previously done under that rule.

50. Bar of jurisdiction. – (1) On and from the appointed day, no court or authority shall have, or be entitled to exercise, any jurisdiction, powers or authority (except the Supreme Court and a High Court exercising powers under Article 32, Article 226 and Article 227 of the Constitution) in relation to matters specified in this Act.

(2) No order passed under this Act shall be appealable except as provided therein and no civil court shall have jurisdiction in respect of any matter which the Data Protection Authority is empowered by, or under, this Act to determine and no injunction shall be granted by any court or other authority in respect of any action taken or to be taken in pursuance of any power conferred by or under this Act.

51. Protection of action taken in good faith. – No suit or other legal proceeding shall lie against the Central Government, State Government, Data Protection Authority, Chairperson, Member or any person acting under the direction either of the Central Government, State Government, Data Protection Authority, Chairperson or Member in respect of anything which is in good faith done or intended to be done in pursuance of this Act or of any rules or any order made thereunder.

52. Power to remove difficulties. – (1) If any difficulty arises in giving effect to the provisions of this Act, the Central Government may, by order, published in the Official Gazette, make such provisions, not inconsistent with the provisions of this Act, as appears to it to be necessary or expedient for removing the difficulty:

Provided that no such order shall be made under this section after the expiry of a period of three years from the commencement of this Act.

(2) Every order made under this section shall be laid, as soon as may be after it is made, before each House of Parliament.

53. Act to have overriding effect. – The provisions of this Act shall have effect notwithstanding anything inconsistent therewith contained in any other law for the time being in force.

For more details visit https://cis-india.org/internet-governance/blog/privacy-protection-bill-2013-updated-third-draft

Privacy Round Table, New Delhi (October 2013)

praskrishna — 2013-09-28T02:52:26Z

The Centre for Internet and Society (CIS), Federation of Indian Chambers of Commerce and Industry (FICCI), and DSCI cordially invite you to a "Privacy Round Table" at the FICCI Federation House in Tansen Marg on October 19, 2013.

Click the below links to:

Download the event brochure
Download the latest version of the Draft Privacy Bill

Jacob Kohnstamm, Data Protection Authority, Netherlands and Chairman of the Article 29 Working Party, Chantel Bernier, Assistant Privacy Commissioner, Canada, and Christopher Graham, Information Commissioner, UK will make presentations:

Agenda

Time	Detail
10:00 10:30	Introduction and summary of previous Roundtables
10:30 11:00	“Data Protection in the European Union” Mr. Jacob Kohnstamm, Data Protection Authority, Netherlands and Chairman of the Article 29 Working Party
11:00 11:15	Tea
11:15 12:15	Regulatory Frameworks and Jurisdiction a. Co-Regulation vs. Self Regulation vs. Statutory Regulation b. Applicability of regulatory framework to domestic processing vs. multiple/international jurisdictions
12:15 12:45	“An Overview of the Canadian Privacy Regime” Ms. Chantal Bernier, Assistant Privacy Commissioner, Canada
12:15 13:30	The Privacy Commissioner a. Composition of the Office of the Privacy Commissioner (officers, funding, organizational structure) b. Powers of the Privacy Commissioner (investigation, audit, privacy impact assessment etc) c. Functions of the Office of the Privacy Commissioner
13:30 14:30	Lunch
14:30 15:30	Rights of the individual and exceptions to the right to privacy a. Rights of the individual including: notice, access, deletion etc. b. Exceptions to the right to privacy: national security, public order, public interest, prevention and detection of crime etc.
15:30 16:00	“An overview of the Privacy Regime in the UK” Mr. Christopher Graham, Information Commissioner, UK
16:00 16:15	Tea
16:15 17:00	Defining and protecting personal data and personal sensitive data a. Definitions and distinctions between personal data vs personal sensitive data b. Levels of protection for personal data vs. personal sensitive data c. Penalty and remedy for breach of personal data vs. personal sensitive data
17:00 18:00	Penalty and Redress a. Forms and extent of penalty: fine, public notice, shut down of services etc. b. Forms of redress for the individual c. Enforcement of penalty and redress

The Speakers

Jacob Kohnstamm	Before his appointment as Chairman of the Dutch Data Protection Authority in 2004, Jacob Kohnstamm was active in Dutch politics as member of the Lower House of the Dutch Parliament, as State Secretary for Internal Affairs and as member of the Senate of the Dutch Parliament (between 1981 and 2004). Before that, he worked as a lawyer in Amsterdam. Since February 2010, Jacob Kohnstamm is Chairman of the Art. 29 Working Party of European Data Protection Authorities. Since November 2011, Jacob Kohnstamm is also Chairman of the Executive Committee of the International Conference of Data Protection and Privacy Commissioners.
Chantal Bernier	Chantal Bernier was appointed Assistant Privacy Commissioner of Canada in December 2008. Ms. Bernier started her career in the federal government as a lawyer in the Department of Justice, Canada. She went on to hold a directorship at the Privy Council Office before being appointed Assistant Deputy Minister at Indian and Northern Affairs Canada, and later on at Public Safety Canada. She holds a Bachelor of Civil Law from the University of Sherbrooke and a Masters in Public International Law from the London School of Economics and Political Science.
Christopher Graham	Christopher Graham became UK Information Commissioner in June 2009, with responsibility for overseeing the Freedom of Information Act and Data Protection Act regimes — upholding information rights in the public interest, promoting openness by public bodies and data privacy for individuals. He is the Vice Chair of the Article 29 Working Party of the European Data Protection Authorities. Christopher was the director general of the Advertising Standards Authority (ASA) from April 2000 to June 2009. From 2003-5, he was chairman of the European Advertising Standards Alliance (EASA), the federation of advertising self-regulatory bodies across the EU Single Market. Prior to joining the ASA, Christopher was for three years Secretary of the BBC. Christopher first joined the broadcaster as a news trainee in 1973. He was a Current Affairs Producer for BBC Radio and TV before becoming Managing Editor of News Programmes for TV and Radio.

Confirmations and RSVP

Please send your email confirmations for attending the Delhi Privacy Round Table on October 19, 2013, to Elonnai Hickok (elonnai@cis-india.org)

For more details visit https://cis-india.org/internet-governance/events/privacy-round-table-delhi-october-19-2013

11th India Knowledge Summit 2013

praskrishna — 2013-09-26T07:15:29Z

The Associated Chambers of Commerce and Industry in India (ASSOCHAM) is organizing the 11th Knowledge Summit 2013 in Hotel Shangri-La, New Delhi on October 14 and 15, 2013. The Centre for Internet and Society is supporting this event.

Click to read the original published by ASSOCHAM here , read the tentative agenda here and the event brochure here.

The lack of a national-level doctrine has created an environment where we are entirely reactive in our cyber posture. Indeed, battlefield transcends physical borders and boundaries. The power of a nation-state is not required to inflict widespread damage to critical infrastructure systems; a single malicious actor can wreak havoc. The starkest difference, however, is that today both the private sector and individual citizens have unprecedented access to a myriad of infrastructure systems that can provide entry into sensitive systems – yet they are largely unaware of, and unaccountable for, their responsibilities in defending them.

As cyber networks rapidly transition from a mere utility to the undercurrent of our entire societal infrastructure, this reliance becomes a vulnerability. The modern Cyber Era demands a national-level doctrine that can be adopted by government agencies, armed forces, private sector organizations and individual citizens alike to establish a collective sense of purpose for our Cyber Security.

The Chamber is providing a forum to bring executive leaders, policymakers and academia together with the scientists and practitioners that intimately understand cyber technology to collaborate and begin a debate about the complex issues.

The time has come when we should consider not only the military impact of the new cyber world, but also what role cyber defense will hold in shaping the future of our country’s economy, education, foreign affairs policies and critical infrastructure initiatives. Only then can our government, industry, and private citizens align under common goals to shape a safe and prosperous future.

ASSOCHAM India's Apex Chamber for Commerce & Industry was set up in 1920. Today the Chamber is proud to have more than 450,000 Companies as it's esteemed Member which includes many of the big global technology companies.

ASSOCHAM is privileged to be a Member of the “Cyber Regulation Advisory Committee” set up by Ministry of Communications and IT, and the Joint Working Group (JWG) on Cyber Security set up by the National Security Council Secretariat, Government of India.

The ASSOCHAM’s flagship program the Annual INDIA KNOWLEDGE SUMMIT, organized since 1999 has been Addressed in the past by Noble Laureates, as the Distinguished ‘Key Note Speaker’ including – Dr. Craig Venter, Sir Harry Kroto, Prof. Aaron Ciechanover, Dr. Raj Reddy, Dr. A P J Abdul Kalam, Dr. Kirsty Duncan, Prof. John A Pickett to name a few.

This year the 11th INDIA KNOWLEDGE SUMMIT is being organized from 14-15 October, 2013 in Hotel Shangri-La, New Delhi.

The Theme for this year’s Summit is “Cyber Era - Securing the Future”.

Registration Fees:

International Delegates: $ 200/- for both days
Indian Delegates: Rs. 5,000/- per day
Students: Rs. 2,000/- per day
The Delegate Registration Fee include:
Tea & Coffee
Copy of Background Paper /
Copy of Workshop Study Material

For more details please contact:

Ajay Sharma, Senior Director, M: 9899188488 , eMail: ajay.sharma@assocham.com
Varun Aggarwal, Joint Director, M: 9910613815 , eMail: varun.aggarwal@assocham.com
Himanshu Rewaria, Executive, M: 9654251077 , eMail: himanshu.rewaria@assocham.com
Sahil Goswami Executive, M: 9871962311 , eMail: sahil.goswami@assocham.com

Corporate Office
The Associated Chambers of Commerce and Industry of India
ASSOCHAM Corporate Office, 5, Sardar Patel Marg
Chanakyapuri, New Delhi – 110021
Phone: 46550555 (Hunting Line)
Fax: 01123017008/9

Email: assocham@nic.in

For more details visit https://cis-india.org/news/eleventh-india-knowledge-summit-2013

We are anonymous, we are legion

The quest for genuine clout on the internet

Propaganda fallacy

Fragmentation in a Democracy : The Role of Social Movements and the Media

Agenda

Concerns Regarding DNA Law

Background

Primary Issues

Purpose of DNA Profiling

Procedural Integrity

Conditions of Collection

Retention of DNA

DNA Laboratories

The India Privacy Monitor Map

Re: The Human DNA Profiling Bill, 2012

Religious pluralism and freedom of expression in India, Europe and other countries

Google survey: 37% of urban Indian voters are online

Privacy Meet

Decline in web freedom steepest in India: Report

An Analysis of the Cases Filed under Section 46 of the Information Technology Act, 2000 for Adjudication in the State of Maharashtra

Background

Excursus

The Cases related to Privacy

September 2013 Bulletin

Accessibility

Access to Knowledge and Openness

Access to Knowledge (Copyright and Pervasive Technologies)

Internet Governance

Telecom

Digital Natives

Digital Humanities

A Privacy Meeting with the Federal Trade Commission in New Delhi

Privacy (Protection) Bill, 2013: Updated Third Draft

Privacy Round Table, New Delhi (October 2013)

Agenda

The Speakers

Jacob Kohnstamm

Chantal Bernier

Christopher Graham

Confirmations and RSVP

11th India Knowledge Summit 2013