Centre for Internet and Society

Privacy Protection Bill (September 2013)

praskrishna — 2013-09-27T14:03:52Z

For more details visit https://cis-india.org/internet-governance/blog/privacy-protection-bill-september-2013.pdf

Privacy Perspectives on the 2012 -2013 Goa Beach Shack Policy

elonnai — 2012-10-25T10:23:50Z

CCTVs in India are increasingly being employed by private organizations and the government in India as a way to increase security and prevent/ deter crime from taking place. When the government mandates the use of CCTV’s for this purpose, it often does so by means of a blunt policy mandate, requiring the installation of CCTV systems, but without any further clarification as to who should oversee the use of the cameras, what bodies should have access to the records, how access should be granted or obtained, and how long the recordings should be retained.

The lack of clarity and specificity in these requirements, the fact that these technologies are used in public spaces to collect undefined categories and amounts of information, and the fact that the technology can cut through space – and does not distinguish between private and public and primarily captures information where it is directed to, give rise to privacy concerns and raises fundamental questions about the ways in which technologies can be used to effectively increase security while still protecting the rights of individuals and the promotion of business.

An example of a blanket CCTV installation requirement from the government is seen in the 2012-2013 Goa Beach Shack Policy.[1] This blog will examine the shack policy from a privacy perspective, and how identification requirements are evolving. The blog will explore different principles by which surveillance technologies like CCTVs can be employed in order to promote effectiveness and protect the rights of individuals.

To help understand the current status of the Shack Policy and the extent of CCTV use in Goa, I spoke with a number of shack owners, cyber café owners, the Ministry of Tourism, and the Police of Goa. In this blog I do not use any direct quotes and write only from the perspective of my personal observations.

Current Status of the Shack Policy

This year, for the 2012-2013 tourist season, the Department of Tourism of Goa is implementing the Beach Shack Policy for regulating the establishment and running of temporary shacks at beaches in Goa. The policy applies only to the licensing, construction, maintenance, and demolition of temporary shacks on beaches owned by the government. The policy lays out requirements that must be submitted by applicants for obtaining a license and requirements relating to the operation of the shacks including size, security, health and safety, and noise control. Shacks, huts, hotels, etc. built on private land do not come under the scope of the policy. The shacks can only be bars and restaurants that can run from November 1^st through May 31^st, after which they must be taken down until the next season. The licensing of these shacks is to enable local employment opportunities in Goa. This can be seen by the requirement in the policy that Shacks are to be granted to only one member of the family who is unemployed.[2] Currently, the Ministry of Tourism has almost completed the allotment of shack spaces on all beaches in Goa. The police will assist in the enforcement of the policy, but their exact role is in the process of being clarified. Before the 2012-2013 policy, shacks were regulated by annual beach shack policies, which are not available online, but can be accessed through an RTI request to the Department of Tourism. Resistance to the policy has been seen by some because of concerns that the shacks will take away business from local private owners, will block fishing boats, will cause trash and sewage problems, and create issues for free movement of people on the beach.

Inside the policy:

Application Requirements

To apply for a license for a temporary shack, every application must be turned in by hand and must be accompanied by a residence certificate in original issued by Village Panchayat Municipality, attested copy of ration card, four copies of a recent colored passport photos with name written on the back, attested copy of birth certificate/passport copy/Pan Card and any other information that the applicant desires to furnish, and affidavit. In addition individuals must provide their name, address, telephone number, name of the shack, name of the beach stretch, nationality, experience, and any other information they wishes to provide.[3] These requirements are not excessive and have been kept to what seems minimally necessary for providing a license, though the option for individuals to provide any additional information they wish – could be used to convey meaningful information or extraneous information to the government.

Operational Requirements

The policy has a number of operational requirements for shack owners as well. For example owners must clearly display a self identifying photograph on the shack[4] and they must agree to assist the Tourism Department and Police department in stopping any crime and violation of any law along the Beach.[5]

The policy also requires that any person handling food must take a course conducted by IHMCT, GTDC, or Porvorim,[6] shacks must also be made out of eco friendly material as much as possible and the use of cement is banned,[7] and the proper disposal of trash and waste water will be the responsibility of the shack owner.[8] Furthermore, foreigners working in the shacks must have a work visa,[9] and loud music is not allowed to be played after 10:30 p.m.[10]

As noted in the introduction, each shack must install a CCTV surveillance system that provides real-time footage with an internal looping system in a non-invasive form. [11] But I got to understand that the CCTV requirement will be slowly introduced and will not be implemented this year due to resistance from shack owners. When the requirement is implemented, hopefully different aspects around the use of CCTVs will be clarified including: the retention period for the recordings, access control to the recordings, the responsibilities of the shack owner, where the camera will be set up and where it needs to be directed to, etc.

Currently in Goa there are official requirements for CCTVs to be installed in Cyber Cafes under section 144 of the CrPc. This requirement only came into effect on October 1st 2012.[12]Some private hotels, huts, and restaurants run CCTV cameras for their own security purposes. When asked if CCTVs will also become mandatory for private areas, some said this will happen, while others said it would be difficult to implement.

Enforcement

The policy uses a number of measures to ensure enforcement. For examples, successful applicants must place a security deposit of 10,000 with Director of Tourism. If any term of the policy is violated, the deposited amount will be given to the Government Treasury and the individual is required to pay another Rs. 10,000 to continue operating.[13]The placement of deck beds on the beach without authorization will also be treated as an offense under the Goa Tourist Places (protection and maintenance) Act 2001 and will be punished with a term of imprisonment minimum three months, which may extend to 3 years, and a fine which may extend to Rs. 5,000 or both. All offenses under the Act are cognizable and non-refundable. [14] If the shack is not dismantled at the end of the season, the individual will have their application rejected for the next three years.[15] Shack owners will also be penalized of they are caught discriminating against who can and cannot enter into the shack.[16]

Interestingly, though CCTV cameras can be used to ‘catch’ a number of offenses, the offenses that are penalized under the Act do not seem to require the presence of a CCTV camera. Additionally, the policy is missing penalties for the tampering and misuse of these cameras and unauthorized access to recordings.

Other practices around security and identification in Goa

In 2011 Goa also issued a new ‘C’ form that must be filled out by foreigners entering hotels.[17]

The form requires twenty six categories of information to be filled out including: permanent address, next destination to be proceeded to, contact number in hotel, purpose of visit, whether employed in India, and where the foreigner arrived from. According to hotel owners, three copies of these records are made. Two are submitted to the police and one is kept with the hotel. The records kept with the hotel are often kept for an undefined time period. In 2011 the police also enforced a new practice where every shack, hut, hotel etc. must have an all night security guard to ensure security on the beach. It was noted that registration of migrant workers is now mandatory, and that non-registered or undocumented vendors are removed from working on the beaches.

Will the 2012 – 2013 Beach Shack Policy have new implications?

In its current form, especially taking into consideration that the CCTV requirement will not be implemented immediately, the 2012 – 2013 shack policy does not seem alarming from a privacy perspective. On the general policy, though the penalties, such as the possibility of three months in prison for having too many beach chairs, seems to be over-reaching, there are a number of positive requirements in the policy such as the use of eco-friendly material, noise control, and strict procedures for disposing of trash and sewage.

The privacy perspective could change when CCTVs are implemented. The amount of data that would be generated and the ambiguity around the employment of the cameras could raise a number of privacy concerns. Yet the fact that this part of the policy will only be implemented later down the road seems indicative of both the shack owners discomfort in using the technology, and perhaps the government’s recognition that a certain level of ground work needs to be done before CCTVs are made mandatory for every shack in the state. Hopefully before the requirement is implemented, the ground work will be set up either at a national level – in the form of a national privacy legislation, or at the state level – in the form of appropriate safeguards and procedures built into the policy.

At the macro level, and when examined in the context of the growing use of CCTVs by private owners, the implementation of the UID and NPR requirements in Goa, and the introduction of the new ‘C’ form for foreigners, the CCTV requirement found in the Shack Policy seems to part of a growing trend across the country where the government seems to seek to identify all individuals and their movements/actions for unclear and undefined purposes, and looks towards identification through the collection of personal information and use of technology as a means to solve security issues.

For example, Goa is not the only city to consider mandatory installation of CCTV’s. In Delhi, the Department of Tourism issued a similar requirement in a 2012 amendment to the “existing Guidelines for Classification/Reclassification of Hotels”. According to the amendment hotels applying for approval are required to provide documentation that security features including CCTV systems are in place.[18] Similarly, in 2011 the Delhi State Industrial and Infrastructure Development Corporation began implementing a plan to install CCTVs outside of government and private liquor shops, amounting to 550 shops in total. The goal was to use the CCTV cameras to catch individuals breaking the Excise Act on camera and use the recordings during trials. According to news coverage, the cameras are required to be capable of recording images 50 meters away and all data must be stored for a period of 30 days.[19]

The ambiguity that exists around the legal use of many of these security systems and technologies, including CCTV’s was recently highlighted in Report of the Group of Experts on Privacy headed by Justice A.P Shah.[20] The report noted that the use of CCTV cameras and more broadly the use of electronic recording devices in India is an area that needs regulation and privacy safeguards. The report describes how the nine proposed national privacy principles of notice, choice and consent, collection limitation, purpose limitation, access and correction, disclosure of information, security, and openness, could be applied and will be affected by the use of these technologies.[21]

Conclusion

In India and elsewhere, the police are faced on a daily basis with the challenge of preventing and responding to all types of crime, and from this perspective – any information, clue, or lead is helpful and necessary, and the potential usefulness of CCTVs in identifying criminals and to some extent deterring crime is clear. On the other hand when CCTVs are employed without safeguards and regulations it could result in infractions of privacy and rights or could simply move the crime away from the surveilled area to an unsurveilled area.

Finding a way to ensure that police have access to the information that they need and that crime is prevented, while at the same time ensuring that the rights of individuals are not compromised, and the private sectors ability to easily do business is not limited by unrealistic security requirements, is an important discussion that governments, policy makers, and the public should be having. The answer hopefully is not found in a binary game of all or nothing, surveillance or no surveillance – but instead is found through mechanisms and principles that apply to both security and privacy such as transparency, oversight, proportionality, and necessity. For example, practices around what access the police legally have via surveillance systems, retention practices, cost of implementing surveillance, and amount of surveillance undertaken each year could be made transparent to the public to ensure that the public is informed and aware of the basic information around these systems. Furthermore, clear oversight over surveillance systems including distinction between the responsibilities and liabilities can ensure that unreasonable requirements are not placed. Lastly any surveillance that is undertaken should be necessary and proportional to the crime or threat that it is being used to prevent or detect. These principles along with the defined National Privacy Principles could help measure what amount and what type of surveillance could be the most effective, and ensure that when surveillance is employed it is done in a way that also protects the rights of individuals and the private sector.

Notes
[1].Ministry of Tourism. Goa Government. 2012-2013 Beach Shack Policy. Available at: http://bit.ly/Xk18NH. Last accessed: October 24th 2012.
[2]. Id. Section 2.
[3]. Id. Application Requirements 1-8. Pg 1&2.
[4]. Section 33.
[5].A part of the affidavit
[6].Id. Section 4.
[7]. Id. Section 17.
[8].Id. Section 28.
[9]. Id. Section 35.
[10].Id. Section 37.
[11]. Id. Section 38.
[12]. Order No. 38/10/2006. Under Section 144 of the Code of Criminal Procedure, 1973. Available at: http:// www.goaprintingpress.gov.in/downloads/1213/1213-28-SIII-OG.pdf
[13]. Beach Shack Policy 2012 - 2013, Section 16.
[14]. Id. Section 18.
[15]. Id. Section 22.
[16]. Id. Section 32.
[17]. Arrival Report of Foreigner in Hotel.”Form C” . Available at: http://bit.ly/TbUO4S
[18]. Government of India. Ministry of Tourism. Amendment in the existing Guidelines for Classification / Reclassification of Hotels. June 28^th 2012. Available at: http://bit.ly/RXtgBg. Last Accessed: October 24th 2012.
[19]. Bajpaj, Ravi. CCTV shots to check drinking outside city liquor vends. The Indian Express reproduced on the website of dsidc. December 20^th 2011. Available at: http://bit.ly/VHwCzd. Last accessed: October 24th 2012.
[20]. GOI. Report of the Group of Experts on Privacy. October 2012. Available at: http://bit.ly/VqzKtr. Last accessed: October 24th 2012.
[21]. Id. pg. 61-62.

For more details visit https://cis-india.org/internet-governance/blog/privacy-perspectives-on-the-2012-2013-goa-beach-shack-policy

Privacy Newsletter April 2017

praskrishna — 2017-07-20T14:03:37Z

For more details visit https://cis-india.org/internet-governance/files/privacy-newsletter-april-2017.pdf

Privacy Meeting: Brussels – Bangalore

praskrishna — 2013-09-12T07:56:53Z

The Centre for Internet and Society, Bangalore welcomes you to a talk on privacy by Gertjan Boulet and Dariusz Kloza on August 14, 2013, 5.00 p.m. to 8.00 p.m.

Slides from the talk can be accessed here.

Draft Agenda

Time	Detail
17.00 17.15	Brief presentation of the Research Group on Law, Science, Technology and Society (LSTS) at the Vrije Universiteit Brussel (VUB), Belgium
17.15 18.15	Session on "new tools" to protect privacy and personal data. A case-study on (European) approach to privacy impact assessment This session will provide an overview to the main findings of the projects carried out by VUB-LSTS (predominantly) with regard to privacy impact assessments (PIA), starting with the EU co-funded PIAF (“A Privacy Impact Assessment Framework for data protection and privacy rights”; 2011-2012), which reviewed existing PIA frameworks worldwide, surveyed opinions of national data protection authorities (DPAs) on an optimal PIA policy and, finally, provided a set of recommendations for PIA policy-makers and practitioners. This session will be concluded by proposing adaptation of the so-called environmental democracy to the needs and reality of privacy. The points in this session will be contrasted with the experience of India.
18.15 18.45	Session on co-operation of data protection authorities "Improving Practical and Helpful cooperation between Data Protection Authorities", 2013-15. This session will provide a preliminary analysis of the (legal) factors that pose as obstacles to and/or encourage co-operation between DPAs worldwide in enforcing privacy and data protection laws. Such an analysis aims at creating a 'wish-list', i.e. at identifying what measures could be taken to reduce barriers and to further foster co-operation. This session will be concluded by discussing what DPAs' can learn about co-operation from European and international competition law. The points in this session will be contrasted with the experience of India.
18.45 19.00	Break
19.00 19.15	Small session on big data The focus of this session will be on the challenges posed to sovereignty by cross-border law enforcement access to big data. The Belgian Yahoo-case will be discussed as it is emblematic of a reality with broad national claims to access data in a trans-border context. Indian perspectives on this topic will be taken into account.
19.15 20.00	Open discussion

Materials

Wright, David, Kush Wadhwa, Paul De Hert, and Dariusz Kloza, A Privacy Impact Assessment Framework for Data Protection and Privacy Rights, 2011. http://piafproject.eu/ref/PIAF_D1_21_Sept2011Revlogo.pdf
Hosein, Gus, and Simon Davies, Empirical Research of Contextual Factors Affecting the Introduction of Privacy Impact Assessment Frameworks in the Member States of the European Union, 2012. http://piafproject.eu/ref/PIAF_deliverable_d2_final.pdf
De Hert, Paul, Dariusz Kloza, and David Wright, Recommendations for a Privacy Impact Assessment Framework for the European Union, 2012. http://piafproject.eu/ref/PIAF_D3_final.pdf
Kloza Dariusz, Moscibroda Anna, Boulet Gertjan, “Improving Co-operation Between Data Protection Authorities: First Lessons from Competition Law.” in Jusletter IT. Die Zeitschrift für IT und Recht, published by Weblaw AG. http://jusletter-it.weblaw.ch/issues/2013/20-Februar-2013/2128.html
Kloza Dariusz, “Public voice in privacy governance: lessons from environmental democracy”, in Erich Schweighofer (ed.), KnowRight 2012 conference proceedings [forthcoming].

Other resources

PHAEDRA project: http://www.phaedra-project.eu

PIAF project: http://piafproject.eu
PIAw@tch, the PIA observatory: http://piawatch.eu

The Speakers

Gertjan Boulet

Gertjan Boulet holds a joint LL.M/MPhil (2010) from Leuven University (Belgium) and Tilburg University (the Netherlands) where he successfully completed a Research Master of Laws programme focused on legal methods and interdisciplinary research. He started to work as a doctoral researcher at the Research Group on Law, Science, Technology and Society (LSTS) at the Vrije Universiteit Brussel in January 2013 for the EU-funded research project 'Improving Practical and Helpful cooperAtion bEtween Data PRotection Authorities' (PHAEDRA). Before, he was a freelance researcher at VUB, and became a member of the programming committee of the annual conference 'Computers, Privacy & Data Protection' (CPDP). Prior to joining the Vrije Universiteit Brussel, Gertjan worked for the Brussels Airport Company (2010) and the law firm DLA Piper (2011). He also completed internships at the Belgian Public Prosecutor (2007), the Constitutional Court of Belgium (2012) and the Belgian Privacy Commission (2013).

Gertjan Boulet

Dariusz Kloza

Dariusz (Darek) Kloza is a doctoral researcher at the Research Group on Law, Science, Technology, and Society (LSTS) and the Institute for European Studies (IES) at Vrije Universiteit Brussel (VUB). He holds both an LL.M. in Law and Technology (2010) from the Tilburg Institute for Law, Technology, and Society (TILT) at Tilburg University (with distinction) and a master degree in law from University of Białystok (2008). He was also an exchange student at University of Copenhagen (2007-2008). His research is focused on fundamental rights in the digital era (especially privacy and data protection), liability of intermediary service providers and private international law. His doctoral research focuses on positive procedural obligations for privacy and data protection from the European perspective.

He has been involved in researching privacy and data protection issues in a number of EU co-funded projects, such as PIAF (Privacy Impact Assessment Framework for data protection and privacy rights), PHAEDRA (Improving Practical and Helpful cooperAtion bEtween Data PRotection Authorities) and ADVISE (Advanced Video Surveillance archives search Engine for security applications). He has also contributed to the work of the European Commission’s Task Force for Smart Grids, aimed at ensuring high level of privacy and personal data protection in smart grids/metering.

Dariusz Kloza

For more details visit https://cis-india.org/internet-governance/events/privacy-meeting-brussels-bangalore

Privacy Meet

praskrishna — 2013-11-20T05:13:57Z

Bhairav Acharya was invited by Yahoo's Director of International Privacy, Laura Juanes Micas, to a dinner meeting on privacy at the Oberoi in New Delhi.

The meeting was attended by Justice A.P. Shah, Dr. Gulshan Rai, Dr. Kamlesh Bajaj and others. At this event, Bhairav spoke about the need to develop laws to regulate surveillance and personal data in India. Bhairav further spoke about both the commercial benefits that will accrue from data protection law as well as the national benefit from surveillance regulation and security law. Bhairav also spoke of the need to create a procedure that is just, fair and reasonable and, he highlighted the point that these laws would have to survive constitutional scrutiny by the Supreme Court of India. He also pointed out that meaningful protections lay in creating procedural law that allowed individuals the protection of natural justice and identified magistrates to authorise data collections and interceptions. He further made it clear that India's distinct security situation, both internal and external, warranted a robust surveillance framework that enables law enforcement and strengthens the criminal justice system in manner consistent with the rule of law.

Timings	Agenda
19.00 19.25	Handshakes and Introduction
19.25 19.30	Welcome Remarks by Laura Juanes Micas, Director – International Privacy, Yahoo Inc
19.30 19.35	Address by Manoj Joshi, Joint Secretary, Deptt of Personnel and Training
19.35 19.40	Address by Dr. Gulshan Rai, Director General, CERT-IN
19.40 19.45	Address by Dr. Kamlesh Bajaj, CEO – Data Security Council of India (DSCI)
19.45 19.50	Address by Bhairav Acharya, Legal Adviser, Centre for Internet and Society (CIS)
19.50 19.55	Address by Rajan Mathews, Director General, Cellular Operators Association of India (COAI)
19.55 20.00	Address by Justice A P Shah, Former Chief Justice, Delhi High Court and Chairman, Group of Experts
20.00 20.05	Address by Pavan Duggal, Advocate, Supreme Court
20.05 20.10	Address by Chinmayi Arun, Research Director – Centre for Communication Governance, National Law University - Delhi
20.10 20.15	Address by Prasanth Sugathan, Counsel, Software Freedom Law Centre (SFLC.IN)
20.15 20.20	Address by Dr. Subho Ray, President, Internet and Mobile Association of India (IAMAI)
20.20	Discussions (Along with Sit – Down Dinner)

For more details visit https://cis-india.org/news/privacy-meet-october-7-2013

Privacy Matters, Guwahati — Event Report

praskrishna — 2011-08-26T10:31:08Z

On June 23, a public seminar on “Privacy Matters” was held at the Don Bosco Institute in Karhulli, Guwahati. It was organised by IDRC, Society in Action Group, IDEA Chirang, an NGO initiative working with grassroots initiatives in Assam, Privacy India and CIS and was attended by RTI activists and grass roots NGO representatives from across the North Eastern region: Manipur, Arunachal Pradesh, Tripura, Nagaland, Assam and Sikkim. The event focused on the challenges and concerns of privacy in India.

Unfortunately many of the scheduled invitees had to drop out owing to developments on the Lokpal issue at the Centre, and simultaneously Guwahati was witnessing unrest following an agitation over land rights that left three persons dead.

Welcoming the participants, Prashant Iyengar, lead researcher for Privacy India, gave an introduction to the objectives of Privacy India, and briefed the gathering about the thematic “Privacy Matters” consultations previously held across the country in Kolkata, Bangalore and Ahmedabad. Mr. Iyengar also gave a background to issues that India is facing in concern with privacy, explaining the many contexts that privacy can be found in, and raising questions such as: Why is privacy important? How can it be maintained with the way technology is encroaching upon our lives? And how can we make privacy laws functional?

"Privacy objectives are to raise awareness, spark civil action and promote democratic dialogue around privacy challenges and violations in India. One of Privacy India’s goals is to build consensus towards the promulgation of a comprehensive privacy legislation in India through consultation with the public, legislators and the legal and academic community."

Prashant Iyengar, Privacy India.

Event Sessions

The structure of the event was one of open discussion, with presentations made by those who wanted to share. Throughout the day, the conversation fell into three main topics including: privacy and the RTI, privacy and the UID, and privacy and surveillance in the context of North East India.

Privacy and the RTI

Prashant Iyengar opened the discussion on privacy and the RTI by highlighting the tension between the need for transparency of the State, and the need to protect the privacy of public figures. For many participants privacy and transparency was a new concept that they had just started thinking about. Participant Rakesh (HRLN, Manipur) spoke on the shortcomings that he saw in the RTI Act noting that though the RTI brings some transparency to society, many citizens still do not understand the extent of their Right to Information as it is protected under the Act. Furthermore, the RTI Act is still not applied equally across the country, and the transparency that the RTI tries to achieve is still in very nascent stages. Lowang, a participant from Aru nachal Pradesh, shared the importance of drawing a line between privacy and transparency when it comes to information related to education and health. Anjuman Azra Begum, a research scholar working on indigenous people rights, noted the irony of the RTI as it is meant to bring transparency to the state, yet all ministers and MLA’s take an oath of secrecy, not transparency. Anjuman also spoke on the fact that the RTI often fails to protect the privacy of sensitive issues, such as sexual balance. She echoed Rakesh’s comment on the inaccessibility of the RTI, sharing that for a common person to exercise his/her rights is a very daunting task. Anthony Debbarmun, a human rights activist from Tripura noted that he felt that the North Eastern states are by and large seen as resource (land) by the centre and has shown no concern for citizens and their well-being. Government is seen as a dictator in this region, hence the question — Transparency for whom?, Privacy for Whom? The distinction between the transparency brought about by the RTI and individual privacy was also made. It was pointed out that the RTI is concerned with transparency of the State, but individual privacy is separate from this concept.

Personal Experiences Shared

Anjuman Azra Begum shared her sister’s experience with the RTI. Her sister had applied for a job in 2008. Their family filed an RTI for details of the procedure, but was denied details by the RTI officer, who said that furnishing details would violate the privacy of other candidates. This example raises questions about when it is appropriate for RTI officers to withhold information in the name of privacy, and what mechanisms can be put in place to ensure that the RTI does not use privacy as a way to deny information. Lowang also shared his experience with the RTI. He had filed an RTI asking for answer sheets because he doubted the appointment of police personnel. He was told that the cost in total would be Rs.2000, when in reality each sheet costs Rs.2 — the misconstruing of facts was another example of how RTI officials restrict access information indirectly. From these examples the concern about RTI officials using privacy as an excuse to deny information was brought to the surface. To highlight the problems with the current implementation of the RTI and the lack of basic knowledge of how to use the RTI Mhao Lotha from the DICE Foundation shared a personal experience of his friend who had filed an RTI against the fishery department, and the RTI official simply shouted at her. L. Rima told a similar story as Mhao Lotha. In her experience the RTI is good in theory, but in practice it has become a commercial platform, where officers pay money to applicants for RTI cases to be taken off.

From the discussion and the shared experiences it was clear that the RTI, although a strong law on paper, still faces many challenges in implementation that a privacy law could also face, and that the fact that if more privacy is brought into the RTI, it will become yet another way for the State to avoid disclosing information.

Questions to Consider

Can a privacy law be made to be functional in the same way that the RTI is functional?
In terms of the RTI who should have more privacy? Who should be more transparent? Can NGOs be held accountable under the RTI?
What mechanism should be established to enforce the balance between privacy and transparency?

Privacy and Security/Law Enforcement in the North East of India

Another important discussion held during the conference was the practices of law enforcement in the North East, security, and privacy. Because the North East is in a state of armed conflict several laws such as the Armed Forces Special Powers Act, Sedition Act and provisions in the IPC give immunity to security forces. This has led to gross violation of citizens’ privacy by law enforcement agencies — as the acts give large amounts

of power to law enforcement agencies with little or no accountability, and the acts are often misused. Furthermore, the security laws that exist in the North East explicitly prohibit access to individual personal information. For example, in the Assam Police Manual, which is followed by police in the North East — no papers can be given out to the public except to the investigation officer — this includes personal information such as medical records and post-mortem reports. Anjuman shared an example of how this rule violates individual privacy. In her example, a victim was not allowed access her own medical report, but her medical records were being circulated among police, doctors, and media. This example highlights how privacy and the right to information can go hand in hand as it was the victim’s right to access her own medical file, and at the same time getting access to her own medical file is an act of personal privacy protection.

Personal Experiences Shared

Participants shared how individual privacy is often violated by the army, as it is allowed to enter and search any space without warrant, if there is any type of “suspicion”. They also shared how phone tapping and random monitoring is a common practice by both the army and civil police. For example, one day the police recorded a conversation by Director of the Police, Wireless who was giving a lecture on how to lead an effective agitation. The transcript was handed to the high court and the director punished. Other examples include policemen frisking women in public, newspapers publishing police frisking women in public, and law enforcement agencies compelling pregnant women to give birth in open in front of people. The discussion surrounding privacy and security/law enforcement highlighted an important way in which privacy is violated in the North East. The unregulated action of law enforcement acts as a very real and dangerous way in which individual privacy is violated on a daily basis.

Questions to Consider

Can privacy legislation regulate the acts of law enforcement agencies?
Will privacy legislation be implemented differently in the North East because of the armed conflict?
Will a privacy law supersede other laws such as the AFSPA?

Privacy and the UID

During the conference the discussion also briefly focused on the UID and privacy. It was shared that there had yet to be UID consultations in the North East of India. The only information individuals had about the UID was that it was going to allow individuals to access BPL benefits more easily.

Questions around the UID included: why is the UID needed for citizens living within their own country? How will the UID impact and help families who send their children to gather rations from the ration shops? What is the connection between the UID and the expected privacy law? What is the connection between the UID and intelligence agencies? What would UID mean to people living in border areas?

Conclusion

Privacy as a Fundamental Right

In the closing discussion Prashant Iyengar shared different examples of privacy in Indian case law, and the various ways in which the Supreme Court has defined privacy as a right that is implicit in the right to life. The participants discussed what privacy means to them, and what they thought a right to privacy should entail. Among the points raised, it was brought up that privacy should be a right that is legally protected for sovereign individuals. The law should also include parameters and limitations in order to protect an individual’s autonomy. Furthermore, privacy should be understood and linked to the concept of human rights and individual rights. From the closing session, and the above sessions many themes and questions pertaining to privacy came out that will need to be addressed when considering the way forward for a privacy legislation including:

Property rights and privacy
Privacy rights of minorities
Privacy and the UID
Privacy and law enforcement agencies
Privacy as a fundamental right
The interplay of privacy law and traditional law

Download the Event Report here [PDF, 178 kb]

For more details visit https://cis-india.org/internet-governance/blog/privacy/privacy-guwahati-report

Privacy Matters — Conference Report

praskrishna — 2011-01-27T10:22:55Z

A one-day conference on Privacy Matters was held on Sunday, 23 January 2011 at the National University of Juridical Sciences (NUJS) Law School in Kolkata. This was the first of a series of eleven conferences on ‘privacy’ that Privacy India is scheduled to host in different Indian cities from January to June this year. Members of Parliament, Sri Manoj Bhattacharya from the Revolutionary Socialist Party (RSP) and Sri Nilotpal Basu from the Communist Party of India (Marxist) CPI (M) spoke in the conference. Students, the civil society and lawyers also participated in it.

Introduction

The conference was held to discuss elements of the privacy legislation that has been proposed to the Parliament of India, and the UID Bill and project. The conference focused on the tensions between privacy and society that exist in India today, and acted as a space for opinion sharing and discussion. Privacy India which was formed under the auspices of Privacy International, a UK based organization that works to protect the right of privacy around the world, the Centre for Internet and Society (CIS), an NGO based in Bangalore, and Society in Action Group (SAG), an NGO based in Delhi joined hands to host this event.

Rajan Gandhi, founder of SAG opened the conference with an explanation of the mandate of Privacy India, the objective of which is of raising awareness, sparking civil action and promoting democratic dialogue around privacy challenges and violations in India. One of Privacy India's goals is to build consensus towards the promulgation of comprehensive privacy legislation in India through consultations with the public, legislators and the legal and academic community.

Keynote

The keynote speech was delivered by Dr. Sudhir Krishnaswamy professor of law and governance. Dr. Krishnaswamy began by outlining the present situation of privacy in India. The right to privacy has been read into Sections 19 and 21 of the Constitution of India through case law, which has defined privacy — among other things — as the right to personal autonomy, the right against unreasonable search and seizure, and as a fundamental right that is critical to the person, but does not supersede public or national interest. Dr. Krishnaswamy also raised many intriguing questions including: what does privacy mean to India — is it linked to a person’s dignity and their honour? Or is it purely concerned with misappropriation of information, and further is privacy in India an issue of the individual or an issue of the family and the community? He also described the philosophical groundings of privacy as being in the right to dignity, the right to autonomy, and the misappropriation of information.

Privacy Challenges

The conference was spread into three sessions. In the first session Prashant Iyengar, head researcher of the project at Privacy India, spoke about the challenges that India specifically is facing in shaping a privacy legislation including: the need to balance the right to information/transparency and privacy, the need to create a definition of privacy that does not exclude lower classes and is not a negative right, but instead a positive right, and the problem of ubiquitous surveillance that is happening in society today. Elonnai Hickok, policy analyst at Privacy India, spoke specifically on wire tapping, and the Nira Radia tapes. In her presentation she first outlined other countries definitions of privacy which include: the right to be left alone, the protection from unauthorized searches, and the right to control information about oneself through consent. Using the case study of Nira Radia and Ratan Tata she spoke about the rising concern of wire tapping in the country as being indicative of a social change and relationship of the state and government. Elonnai also raised questions concerning whether privacy should be made inversely proportional to public figures, and if public interest will always supersede the private right of individuals.

UID and Privacy

The second session of the conference focused on the UID Bill and privacy. Presentations from NUJS student Amba Kak and Sai Vinod raised concerns about the UID project and privacy. Their presentation also compared and contrasted identity schemes of other countries with the UID. A few similarities that they found amongst all scheme were: the collection of data, the processing of data, and the storing of data. Deva Prasad from the National Law School of Bangalore presented on constitutional elements of the UID scheme ranging from loopholes in the Bill to connections that can be made when the UID Bill is placed in the larger picture. Sri Manoj Bhattacharya (MP) from RSP voiced his concerns of the UID, and emphasized that by giving an individual a number which acts as their fundamental identity which they use to function in society, the government in fact is eroding an individual’s actual identity, and that is an invasion of privacy. Sri Nilotpal Basu (MP) from CPI (M) spoke out strongly against the UID, voicing that his greatest concern with the UID is that it will be a way for corporate bodies to target individuals as consumers, and that privacy legislation could be used as a way for corporate bodies to hide from the public eye.

Conclusion

In the concluding session the floor was opened up to the public for questions and opinion sharing. Many participants shared what they believed needed to be included in privacy legislation, and what issues a privacy legislation needs to address. A few of these include: privacy rights and the media, privacy and the right to information, the privacy rights of minorities, and the privacy rights of the government. Also types of regulatory models for privacy were discussed. For instance, should privacy in India be represented and protected through a data protection law, or should privacy be seen as a fundamental right to privacy? Should privacy be represented through a broad framework, or through sector specific statutes? What should the redressal and enforcement mechanisms look like?

As seen from the presentations and the comments at the conference one thing which is clear is that privacy is an issue that concerns every person in India. Over the next six months Privacy India will be conducting ten more conferences in different Indian cities to engage the public in dialogues of privacy and raise awareness around the issues of privacy. The next workshop will be held on 5 February 2011 in Bangalore.

Download the conference summary here

For more details visit https://cis-india.org/internet-governance/blog/privacy/privacy-nujsconference-summary

Privacy Matters — Analyzing the Right to "Privacy Bill"

natasha — 2012-02-15T04:27:28Z

On January 21, 2012 a public conference “Privacy Matters” was held at the Indian Institute of Technology in Mumbai. It was the sixth conference organised in the series of regional consultations held as “Privacy Matters”. The present conference analyzed the Draft Privacy Bill and the participants discussed the challenges and concerns of privacy in India.

The conference was organized by Privacy India in partnership with the Centre for Internet & Society, International Development Research Centre, Indian Institute of Technology, Bombay, the Godrej Culture Lab and Tata Institute of Social Sciences. Participants included a wide range of stakeholders that included the civil society, NGO representatives, consumer activists, students, educators, local press, and advocates.

Comments to the Right to Privacy Bill

Welcome

Prashant Iyengar was the Lead Researcher with Privacy India, opened the conference with an explanation of Privacy India’s mandate to raise awareness, spark civil action and promote democratic dialogue around privacy challenges and violations in India. He summarized the five “Privacy Matters” series previously organised across India in Kolkata on January 23, 2011, in Bangalore on February 5, 2011, in Ahmedabad on March 26, 2011, in Guwahati on June 23, 2011 and in Chennai on August 6, 2011.

Keynote Address

Na. Vijayashankar (popularly known as Naavi), a Bangalore based e-business consultant, delivered the key note address on the quest of a good privacy law in India.

He described the essential features of good privacy legislation. In analyzing the Draft Privacy Bill’s definition of the right to privacy, he suggested it should be defined through the “right to personal liberty” rather than through what constitutes “infringements”. Mr. Vijayashankar went on to explain that the “privacy right” should be taken beyond “information protection” and defined as a “personal privacy or a sense of personal liberty without constraints by the society”. He explained the various classifications and levels of protection associated with the availability and disclosure of data. He expressed concerns regarding monitoring of data processors and suggested that data controllers have contractual agreements between data processors, so as to ensure an obligation of data security practices. He also called for the simplification and division of offences and suggested numerous reasons as to why the Cyber Appellate Tribunal would not be an ideal monitoring mechanism or authority. See Naavi's presenation here

Session I: Privacy and the Legal System

Dr. Sudhir Krishnaswamy, Assistant Professor at the National Law School of India

Dr. Krishnaswamy started off the presentation by questioning the normative assumptions the Draft Privacy Bill makes. He referred to the controversy of Newt Gingrich's second marriage, to question the range of moral interests that were involved. The Bill falls short in accounting for dignity in relation to privacy.

He described the Draft Privacy Bill as a reasonable advance, given where privacy laws were before. Although, he feels that it does fall short, in terms of a narrow position, on what privacy law should do. He also questioned if it satisfies constitutional standards. He stressed the importance of philosophical work around the Draft Privacy Bill considering that the nature of privacy is not neat and over-arching.

Privacy and the Constitutional Law

N S Nappinai, Advocate, High Court, Mumbai,

Nappinai spoke on the constitutional right to privacy. She explained the substantial development of Article 21 of the Constitution of India to include the ‘right to privacy’ with regards to its interpretation and application. She described the different shift of the application of the right to privacy in the West in comparison to India. The West has moved from the right to privacy pertaining to property to the right to privacy concerning personal rights, whereas India moved from personal rights to property rights. She outlined three aspects of privacy: dignity, liberty and property rights.

Ms. Nappinai dissected the Bill in its major components: interception, surveillance, method and manner of personal data, health information, collection, processing and use of personal data. Using these components, she questioned what precedence exists? What should be further protected or reversed? What lessons should legislators draw from?

Shortcomings of the Draft Right to Privacy Bill falls include:

The objects and reasons section in the Draft Privacy Bill declares the right to privacy to every citizen as well as delineates the collection and dissemination of data. Nappinai dismisses the need for this delineation on the grounds that data protection is an inherent part of the right to privacy, it is not exclusive.
Large focus on transmission of data. The provisions do not account for property rights pertaining to the right to privacy. Therefore, the ‘knock-and-enter’ rule, the ‘right to be left alone’ and the ‘right to happiness’ should be included.
Applicability of the Bill should extend to all persons as well as data residing within the territory. It would be self-defeating if it only includes citizens, considering that the Constitution extends to all persons within the territory.
The right to dignity is unaccounted for.

See Nappinai's presentation here

Session II: Privacy and Freedom of Expression

Apar Gupta, Advocate, Delhi

Apar Gupta is an advocate based in Delhi who specializes in IP and electronic commerce law, spoke predominantly on the interplay between privacy and freedom of expression. He used the example of an advocate tweeting about his criticism of a judges’ ruling, to illustrate how different realms of online anonymity enable freedom of speech. He went beyond the traditional realm of journalistic architecture such as television channels or newspapers and explained online community disclosure.

Mr. Gupta provided a practical example of Indian Kanoon, a popular online database of Indian court decisions. Because Indian Kanoon is linked to the Google search engine, many individuals involved in civil and criminal matters have requested Indian Kanoon to remove the court judgments, under privacy claims. This particularly occurs with individuals involved in matrimonial cases. However, as court judgment constitute public records India Kanoon only removes court judgments when requested by a court order.

He described the several ways legislators can define privacy and freedom of expression. Considering that the privacy of an individual may border upon freedom of speech and expression, he questioned whether or not privacy should override the right to freedom of speech and expression. In addition, Mr. Gupta discussed the debate on whether or not the Privacy Bill should override all existing provisions in other laws.

Additionally, he analyzed the provisions of the Draft Privacy Bill using three judgments. In these judgments, different entities sought of various forms of speech to be blocked under privacy claims. He spoke about the dangers of a statutory right for privacy that does not safeguard freedom of speech and expression. Considering that the privacy statute may allow for a form of civil action permitting private parties to approach courts to stop certain publications, he stressed the importance for legislators to ensure balanced privacy legislation inclusive of freedom of speech and expression.

Sexual Minorities and Privacy

Danish Sheikh, researcher at Alternative Law Forum

Danish examined the status of sexual minorities in the light of privacy framework in India. The tag of decriminalization has served to greatly alter the way institutions approach the question of privacy when it comes to sexual minorities. He used the Naz Foundation judgment as a chronological marker to map the developments in the right to privacy and sexual minorities over the years.

He outlined four key effects on the right to privacy due to the Naz Foundation judgment:

Prepared the understanding of privacy as a positive right and placed obligations on the state,
Discussed privacy as dealing with persons and not just places, it took into account decisional privacy as well as zonal privacy,
Connected privacy with dignity and the valuable worth of individuals, and
Included privacy on one’s autonomous identity.

He described various incidents that took place before the Naz Foundation judgment, pre-Naz, that altered the way we conceived of queer rights in general and privacy in particular, including the Lucknow incidents, transgender toilets, passport forms, the medical establishment and lesbian unions. Post-Naz, he described two incidents including the Allahabad Muslim University sting operation as well as the TV9 “Expose” that captured public imagination.

He concluded by asking: “What do these stories tell us about privacy?” The issues faced by the transgender community tell us that privacy doesn’t necessarily encompass a one-size-fits-all approach, and can raise as many questions as it answers. The issues faced by the Lucknow NGOs display the institutionalized disrespect for privacy and that has marginally more devastating consequences for the homosexual community by the spectre of outing. The issues faced by lesbian women evidence yet another need for breaching the public/private divide, demonstrating how the protection of the law might be welcome in the family sphere. Alternate sexual orientation and gender identity might bring the community under a common rubric, but distilling the components of that rubric is essential for engaging in any kind of useful understanding of the community and the kind of privacy violations it suffers – or engage with situations when the lack of privacy is empowering.

Session III: Privacy and National Security

Menaka Guruswamy, Advocate, Supreme Court of India

Menaka explored national security and its relationship to privacy. In her presentation, she compared the similar manner in which the courts approach national security and privacy issues. The courts feel national security and privacy issues are too complex to define, therefore, they take a case-by-case approach.

Ms. Guruswamy described three incidents that urged her to question national security and privacy. First, she was interested in the lack of regulation surrounding intelligence agencies and was involved in the introduction of the Regulations of Intelligence Agencies Bill as a private members bill. Second, national security litigation between the Salwa Judum judgment and the State of Chhattisgarh is an example of how national security triumphs constitutional rights and values. Third, privacy in the context of the impending litigation of Naz Foundation in the Supreme Court. She described the larger conversation of national security focus on values of equality and privacy. She discussed the following questions that serve in advancing certain conception of rights:

How do we posit privacy which necessarily, philosophically as well as judicially, is carved out as the right of an individual to be left alone?
What are the consequences when national security, which is posited as the rights of the nation, is in conflict with the right of the individual to be left alone?
Considering that constitutional rights are posited as a public facet of citizenship how does a right to privacy play in that context?

Privacy and UID

R. Ramakumar, professor at the Tata Institute of Social Sciences

Prof. Ramakumar spoke on UID, its collection of information and the threat to individual privacy. First, he provided a historical trajectory of national security that has led to increased identity card schemes. He described the concrete connection between UID and national security.

He briefed the gathering on the objectives of the UID project. He described several false claims as proposed by the UIDAI. He explicitly disproved the UIDAI claim that Aadhaar is voluntary. He did this by comparing various legislations associated with the National Population Registrar that had provisions mandating the inclusion of the UID number.

He went on to explain that the misplaced emphasis of technology to handle large populations remains unproven. He described two specific violations of privacy inherent in the UID system: convergence of information and consent. The UID database makes it possible for the linking or convergence of information across silos. In addition, consent is unaccounted for in the UID system. The UID enrollment form requires consent from a person to share their information. However, the software of the enrollment form automatically checks ‘yes’, therefore you are not asked. Even if you disagree, it automatically checks ‘yes’. Default consent raises the important question, “to what extent are we the owners of our information?” and “what are the privacy implications?”

Mr. Ramakumar was once asked, by Yashwant Sinha in a Parliamentary Standing Committee meeting, “Is the Western concept of privacy important in developing country like India?”. Using this question posed to him, he stressed the importance of privacy to be understood as a globally valued right, entitlement and freedom. He also referred to Amartya Sen’s work on individual freedoms.

Conclusion

During the daylong consultation numerous questions and themes relating to privacy were discussed:

How is the right to privacy defined?
How can the Draft Privacy Bill redefine the right to privacy?
How can reasonable deterrence mechanisms be included?
Does duplication of the right to privacy exists in different statutes?
Is the Cyber Appellate Tribunal an ideal monitoring mechanism or authority?
What are the circumstances under which authorized persons can exercise the Right of privacy invasion?
How can the Draft Privacy Bill account for the right to dignity?
How much information should the State be allowed to collect?
How can citizens become more informed about the use of their information and the privacy implications involved?
What would be the appropriate balance or trade-off between security and civil liberties?
What are the dangers with permitting the needs of national security to trump competing values?
What are the consequences for the homosexual community, when faced with institutionalized disregard for privacy?

For more details visit https://cis-india.org/internet-governance/privacy-matters-analyzing-the-right-to-privacy-bill

Privacy Matters — Analyzing the "Right to Privacy Bill"

Natasha Vaz — 2012-04-28T04:10:12Z

Privacy India in partnership with International Development Research Centre, Canada, Indian Institute of Technology, Bombay, the Godrej Culture Lab, Tata Institute of Social Sciences, Mumbai and the Centre for Internet and Society, Bangalore is organising "Privacy Matters", a public conference at IIT, Bombay on 21 January 2012.

The conference will focus on the questions and dilemmas posed by privacy in India today, with a concentration on the "Right to Privacy Bill". The right to privacy in India has been a neglected area of study and engagement. Although sectoral legislation deals with privacy issues, India does not as yet have a horizontal legislation that deals comprehensively with privacy across all contexts. The absence of a minimum guarantee of privacy is felt most heavily by marginalized communities, including HIV patients, children, women, sexuality minorities, prisoners, etc. — people who most need to know that sensitive information is protected.

Privacy India was established in 2010 with the objective of raising awareness, sparking civil action and promoting democratic dialogue around privacy challenges and violations in India. One of our goals is to build consensus towards the promulgation of comprehensive privacy legislation in India through consultations with the public, legislators and the legal and academic community.

The event will focus on discussing the challenges and concerns to privacy in India. We invite you to attend the meeting and contribute your views. Please confirm your participation by getting in touch with Natasha (natasha@cis-india.org). We sincerely hope that you will be able to attend and look forward to your participation.

Agenda

09:30- 10:00	Registration
10:00- 10:30	Welcome- Privacy in India Prashant Iyengar is a practicing lawyer and lead researcher for Privacy India. He will present who Privacy India is, and the objectives of Privacy India's research. His presentation will focus on discussing privacy in India.
10:30- 11:15	Key Note Address- Draft Privacy Bill Critique Na. Vijayashankar is an e-business consultant. He established the premier Cyber Law information portal in India. He is the founder secretary of Cyber Society of India, Founder Trustee of International Institue of Information Technology Law, and Founder Chairman of Digital Society Foundation. He will present a critique of the Draft Privacy Bill.
11:15- 11:30	Tea Break
11:30- 12:15	Session I Privacy and the Legal System Sudhir Krishnaswamy is an Assistant Professor at the National law School of India University and is currently writing a Doctoral Thesis at the Faculty of Law, Oxford University on ‘The Basic Structure Doctrine in Indian Constitutional Adjudication’. His presentation will look at the trajectory of privacy through the years from a legal perspective.
12:15- 13:00	Privacy and Constitutional Law N. Nappinai is an advocate who specializes in IP and technology laws. She is a founder member of Technology Law Forum (TLF). She has spearheaded and driven several initiatives of TLF with various organization including NASSCOM, FICCI, IMC etc., and has also conducted several workshops and training sessions for the Mumbai Police, Public Prosecutors & Industry verticals in Cyber Laws. Her presentation will define the scope of Article 21 under the Indian Constitution, which protects the right to privacy.
13:00- 13:15	Discussion
13:15- 14:00	Lunch Break
14:00- 14:45	Session II Privacy and Freedom of Expression Apar Gupta is an advocate who specializes in intellectual property, electronic commerce law and technology media and telecoms. He holds a master from Columbia Law School and has authored a Commentary on the Information Technology Act, 2000. His presentation will focus on the limits of a privacy right when it competes and conflicts with the freedom of speech and expression. He will examine certain provisions of the Draft Privacy Bill questioning how privacy arguments may be used to stifle debate or disclosure made in the public interest.
14:45- 15:30	Sexuality Minorities and Privacy Danish Sheikh graduated from Nalsar University of Law with a B.A., LL.B. (Hons.). Currently, he is a researcher at the Alternative Law Forum in Bangalore. He will examine the status of sexual minorities in the light of privacy framework in India. Culling out some real life examples based on various studies, media reports and judgments from the Supreme Court and the High Courts of Delhi and Allahabad, he will bring to light the privacy violations being committed by both individuals as we all state authorities.
15:30- 15:45	Discussion
15:45- 16:30	Session III Privacy and National Security Menaka Guruswamy practices law at the Supreme Court of India. She was a Rhodes Scholar at Oxford University, a Gammon Fellow at Harvard Law School, and a gold medalist from the National Law School of India and has law degrees from all three schools. Menaka has advised the United National Development Program and the United Nations Development Fund for Women. She will discuss the relationship between national security and privacy, from the perspective of surveillance by the state etc.
16:30- 17:15	Privacy and UID R. Ramkumar is a Professor at the Tata Institute of Social Sciences. He is advocate as well as a patent and trademark attorney. His presentation will focus on what standards of privacy are afforded within the UID system.
17:15- 17:30	Tea Break
17:30- 18:00	Discussion and Questions

	Organizers
	Privacy India Privacy India was established in 2010 with the objective of raising awareness, sparking civil action and promoting democratic dialogue around privacy challenges and violations in India. One of our goals is to build consensus towards the promulgation of comprehensive privacy legislation in India through consultations with the public, legislators and the legal and academic community.
	Privacy International (https://www.privacyinternational.org/) Privacy International’s mission is to defend the right to privacy across the world, and to fight surveillance and other intrusions into private life by governments and corporations. PI has been providing citizens and policy-makers with the tools and perspectives to enable them to hold to account those who threaten privacy since 1990. PI has active associates and networks in 46 countries.
	The International Development Research Centre (www.idrc.ca/) Canada’s International Development Research Centre (IDRC) is one of the world’s leading institutions in the generation and application of new knowledge to meet the challenges of international development. They help developing countries use science and technology to find practical, long-term solutions to the social, economic, and environmental problems they face.
	The Centre for Internet & Society (http://cis-india.org/) The Centre for Interenet & Society brings together a team of practitioners, theoreticians, researchers and artists to work on the emerging field of Internet and Society to critically engage with concerns of digital pluralism, public accountability and pedagogic practices, with particular emphasis on South-South dialogues and exchange.
	Partners
	The Godrej India Culture Lab (www.godrej.com) The Godrej India Culture Lab is an interdisciplinary space which aims to build knowledge networks and interpret the changes rapidly taking place in contemporary India by bringing together the best minds from global academia, business and the creative worlds working on different aspects of Indian society.
	IIT, Bombay (www.iitb.ac.in/) Established in 1958, IIT is recognised worldwide as a leader in the field of engineering education and research. It is reputed for the quality of its faculty and the outstanding calibre of students graduating from its undergraduate and postgraduate programmes. Over the years, there has been dynamic progress at IIT Bombay in all academic and research activities, and a parallel improvement in facilities and infrastructure, to keep it on par with the best institutions in the world.
	Tata Institute of Social Sciences (http://www.tiss.edu/) Tata Institute of Social Sciences (TISS) offers higher professional education in the field of human service and applied social science research. The institute has gone beyond the initial concern of social work education, since its inception in 1936, to consistently contribute to the promotion of sustainable, participatory development and social justice. Through its work, the Institute facilitates strong linkages between education, research, field action and policy advocacy.

Speakers

1. Apar Gupta

2. Danish Sheikh, Alternative Law Forum

3. NA Vijayashankar, E-Business Consultant, Founder Secretary of Cyber Society of India, Founder Trustee of International Institute of Information Technology Law, and Founder Chairman of Digital Society Foundation

4. N S Nappinai, Advocate and Founder Member of Technology Law Forum

5. Prashanth Iyengar, Assistant Professor & Assistant Director, Centre for Intellectual Property Rights Studies, Lead Researcher with Privacy India, Bangalore; Legal Aid Manager with Rural Development Institute, Hyderabad; Researcher & Lawyer with Alternative Law Forum

6. R. Ramkumar, Assistant Professor, School of Social Sciences, Tata Institute of Social Sciences

7. Shishir Jha, Project Lead at Creative Commons India and Associate Professor at Indian Institute of Technology, Bombay

8. Menaka Guruswamy, practices law at the Supreme Court of India.

9. Sudhir Krishnaswamy, is an Assistant Professor at the National law School of India University.

Download the invitation [PDF, 988 kb]

Download the event poster [PDF, 2155 kb]
IIT Bombay Map http://www.iitb.ac.in/campus/howto/howtoget.html

VIDEOS

For more details visit https://cis-india.org/internet-governance/right-to-privacy-bill-conference

Privacy Matters - A Public Conference in Ahmedabad

praskrishna — 2011-04-04T07:14:41Z

On behalf of Privacy India, and in partnership with the Research Foundation for Governance in India and Society in Action Group, the Centre for Internet and Society invites you to “Privacy Matters” a public conference focused on discussing the challenges and concerns to privacy in India. The event will be held at the Ahmedabad Management Association. We would be honored if you would attend the meeting and contribute your views.

The conference will focus on the questions and dilemmas posed by privacy in India today, with a concentration on security, national surveillance, prisoners rights and privacy. The right to privacy in India has been a neglected area of study and engagement. Although sectoral legislation deals with privacy issues, India does not as yet have a horizontal legislation that deals comprehensively with privacy across all contexts. The absence of a minimum guarantee of privacy is felt most heavily by marginalized communities, including HIV patients, children, women, sexuality minorities,prisoners, etc. – people who most need to know that sensitive information is protected. Privacy India was established in 2010 with the objective of raising awareness, sparking civil action and promoting democratic dialogue around privacy challenges and violations in India.

One of our goals is to build consensus towards the promulgation of a comprehensive privacy legislation in India through consultations with the public, legislators and the legal and academic community.

Please confirm your participation with:

elonnai@privacyindia.org, or
jsree.t@gmail.com

Agenda

Privacy Matters

March 26th 10:30 – 4:30 pm

Ahmedabad Management Association
Core-AMA Management House
Torrent-AMA Management Centre
ATIRA Campus, Dr. Vikram Sarabhai Marg
Ahmedabad 380 015, Gujarat, INDIA
Phone: +91-79-263086

Time	Session
10:00 to 10:30	Registration and Welcome Prashant Iyengar Prashant Iyengar is a practicing lawyer and lead researcher for Privacy India. He will present who Privacy India is, and the objectives of Privacy India's research. Lastly he will outline the present scenario of Privacy in India.
10:30 to 11:15	Keynote Address Usha Ramanathan Dr. Usha Ramanathan is an internationally recognized expert on law and poverty. Her research interests include human rights, displacement, torts and environment. Ms. Ramanathan will speak about the coerced decline of privacy. National security, corruption, pragmatism, and the emergence of technologies that often work to establish that privacy is an irrelevant notion. She will look at links not often made between privacy and personal security, between data bases and national security, and the centrality of dislodging privacy in projects of social control are, perhaps deliberate.
11:15 to 11:30	Tea break
11:30 to 1:00	Opinions on Privacy Justice J N Bhatt, Mr. Ajay Tomar, Renu Pokharna In this session key officials from Gujarat will share their experiences and opinions on privacy in the context of India. Speakers include: Justice J N Bhatt is the former Chief Justice of Gujarat and Bihar, and currently the head of the Gujarat State Law Commission. He has had ad successful career including having: joined the Office of the Government Pleader, at Jamnagar in 1976, worked as Central Government Counsel in special matter of Armed Forces and Labour Cases, and has authored more than 50 Articles on Jurisprudence, Constitution, International Law, A.D.R, Legal Aid and Lok Adalat and Judicial Reforms Renu Pokharna, a member of the Chief Minister's Office, State of Gujarat, has spent her career working towards the betterment of society, especially the poor and the hungry through policy and not charity. For example she is a part of the project “Gujarat Skill Development Mission”. The project tries to achieve convergence of skill training programs to make them more effective. Mr. Ajay Tomar is the chief of the Anti-Terrorism Squad in Gujarat. He has worked on cracking down on many cases involving national security and surveillance including the “Pepsi Bomber”.
1:00 to 2:00	Lunch Break
2:00 to 2:30	Privacy, Minority Identities, and Security Bobby Kuhnu Bobby Kuhnu is a lawyer, social activist, and writer. Mr. Kuhnu will examine the ideological underpinnings of the discourse on privacy and its bearings on socially marginalized identities particularly in the context of the Indian state and the constitutional right to privacy.
2:30 to 3:00	Privacy and National Security Mathew Thomas Mathew Thomas is a management consultant and activity leader for development centers. Mathew has held top positions in the Indian Army, and the Defense Research and Development Organization, where he headed the missile manufacturing facility. His presentation will focus on national security and privacy.
3:00 to 3:15	Tea Break
4:00 to 4:30	Open discussion and summary

Other Distinguished Participants

Justice Madhukar

Former Judge, Trial Courts, Gujarat

Kanan Divatia

Lawyer and Professor of Law, L A Shah Law College

Professor Amal Dhru

Visiting Professor, Indian Institute of Management, Ahmedabad

Madhusudan Agarwal

Founder, Ma'am movies

Gaurang Raval

Drishti Media

Rahul Chimanbhai Mehta

Independent Candidate, IIT Delhi Alumnus

Madhusudan Agarwal

Founder, Ma'am movies

For more details visit https://cis-india.org/events/privacy-matters-ahmedabad

Privacy Law Must Fit the Bill

sunil — 2013-09-12T06:25:35Z

The process of updating Indian privacy policy has gained momentum ever since the launch of the UID project and also the leak of the Radia tapes. The Department of Personnel and Training has lead the drafting of privacy bill for the last three years. This bill will ideally articulate privacy principles and establish the office of the privacy commissioner and most importantly have an over-riding effect over 50 odd existing laws, rules and policies with privacy implications.

The article was published in the Deccan Chronicle on September 9, 2013.

Given the harmonizing impact of the proposed privacy bill, we must ensure that rigorous debate and discussion happens before the bill is finalized otherwise there may be terrible consequences.

Here is a short list of what can possibly go wrong:

One, the privacy bill ignores the massive power asymmetry in Indian societies undermining the right to information – in other jurisdictions referred to as freedom of information and access to information. The power asymmetry is addressed via a public interest test. The right to privacy would be the same for everyone except when public interest is at stake. This enables protection of the right to privacy to be inversely proportionate to power and almost conversely the requirement of transparency to be directly proportionate to power. In other words, the poor would have greater privacy than a middle-class citizens who in turn would have greater privacy than political and economic elites. And transparency requirements would be greatest for economic and political elites and lower for middle-class citizens and lowest for the poor. If this is not properly addressed in the language of the bill – privacy activists would have undone the significant accomplishments of the right to information or transparency movement in India over the last decade.

Two, the privacy bill has chilling effect on free speech. This can happen either by denying the speaker privacy, or by affording those who are spoken about too much privacy. For the speaker - Know Your Customer (KYC) and data retention requirements for telecom and internet infrastructure necessary to participate in the networked public sphere can result in the death of anonymous and pseudonymous speech. Anonymous and pseudonymous speech must be protected as it is a necessary for good governance, free media, robust civil society, and vibrant art and culture in a democracy. For those spoken about - privacy is clearly required in certain cases to protect the victims of certain categories of crimes. However, the right to privacy could be abused by those occupying public office and those in public life to censor speech that is in the public interest. If for example a sport person does not publicly drink the aerated drink that he or she endorses in advertisements then the public has a right to know.

Three, the privacy bill has a limited scope. Jurisprudence in India derives the right to privacy from the right to life and liberty through several key judgments including Naz Foundation v. Govt. of NCT of Delhi decided by the Delhi High Court. The right to life and liberty or Article 21 unlike other constitutionally guaranteed fundamental rights does not distinguish between citizens and non-citizens. As a consequence the privacy bill must also protect residents, visitors and other persons who may never visit India, but whose personal information may travel to India as part of the global outsourcing phenomena. Also the obligations and safeguards under the privacy bill must equally apply to both the state and the private sector entities that could potentially infringe upon the individual's right to privacy. Different levels of protection may be afforded to citizens, residents, visitors and everybody else. Government and private sector data controllers may be subject to different regulations – for ex. an intelligence agency may not require 'consent' of the data subject to collect personal information and may only provide 'notice' after the investigation has cleared the suspect of all charges.

Four, the privacy bill is expected to fix poorly designed technology. There are two diametrically opposite definitions of projects like NATGRID, CMS and UID. The government definition is that all these systems will allow only for targeted interception and surveillance, however the majority of civil society believes that these system will be used for blanket surveillance. If these systems are indeed built in a manner that supports blanket surveillance then legal band-aid in the form of a new law or provision that prohibits blanket surveillance will be a complete failure. The principle of 'privacy by design' is the only way to address this. For ex. shutters of digital cameras are silent and this allows for a particular form of voyeurism called upskirt. Almost a decade ago, the Korean government enacted a law that requires camera and mobile phone manufacturers to ensure that audio recording of a mechanical shutter is played every time the camera function is used. It is also illegal for the user to circumvent or disable this feature. In this example, the principle of notice is hardwired within the technology itself. To remix Spiderman's motto – with great power comes great temptation. We know that a rogue NTRO official installed a spy camera in the office toilet to make recording female colleagues and most recently that NSA officers confessed to spying on their love interests. If the technology can be abused it will be abused. Therefore legal safeguards are a poor substitute for technological safeguards. We need both simultaneously.

Five, the bill does not require compliance with internationally accepted privacy principles including the ones discussed so far 'consent', 'notice' and 'privacy by design'. Apart from human rights considerations – the most important imperative to modernize India privacy laws is trade. We have a vibrant ITES, BPO and KPO sector which handles personal information of foreigners mostly from the North American and European continents. The Justice AP Shah committee in October 2012 identified privacy principle that required for India - notice, choice and consent, collection limitation, purpose limitation, access and correction, disclosure of information, security, openness and accountability. A privacy bill that does include all these principles will increase the regulatory compliance overhead for Indian enterprise with foreign clients and for multinationals operating in India. There is also the risk that privacy regulators in these jurisdictions will ban outsourcing to Indian firms because our privacy laws are not adequate by their standards.

To conclude, it is not sufficient for India to enact a privacy law it is essential that we get it right so that there are no unintended consequences on other equally important rights and dimensions of our democracy.

For more details visit https://cis-india.org/internet-governance/blog/deccan-chronicle-september-9-2013-sunil-abraham-privacy-law-must-fit-the-bill

Privacy Law in India: A Muddled Field - I

bhairav — 2014-05-05T06:17:06Z

The absence of a statute expressing the legislative will of a democracy to forge a common understanding of privacy is a matter of concern, says BHAIRAV ACHARYA in the first of a two part series.

The article was published in the Hoot on April 15, 2014.

Privacy evades definition and for this reason sits uneasily with law. The multiplicity of everyday privacy claims and transgressions by ordinary people, and the diversity of situations in which these occur, confuse any attempt to create a common meaning of privacy to inform law. Instead, privacy is negotiated contextually, and the circumstances that permit a privacy claim in one situation might form the basis for its transgression in another.

It is easy to understand privacy when it is claimed in relation to the body; it is beyond argument that every person has a right to privacy in relation to their bodies, especially intimate areas. It is also accepted that homes and private property secure to their owners a high degree of territorial privacy. But what of privacy from intrusive stares, or even from camera surveillance, when in a public place? Or of biometric privacy to protect against surreptitious fingerprint capturing or DNA collection from the things we touch and the places we visit every day? Or the privacy of a conversation in a restaurant from other patrons? Clearly, there are multiple meanings of privacy that are negotiated by individuals all the time.

Law has, where social custom has demanded, clothed some aspects of human activity with an expectation of privacy. In relation to bodily privacy, this is achieved by both ordinary common law without reference to privacy at all, such as the offences of battery and rape; and, by special criminal law that is premised on an expectation of privacy, such as the discredited offences regarding women’s modesty in sections 354 and 509 of the Indian Penal Code, 1860 (IPC), and the new offences of voyeurism and stalking contained in sections 354C and 354D of the IPC.

The law also privileges communications that are made through telephones, letters, and emails by regulating the manner of their interception in special circumstances. Conditional interception provisions with procedural safeguards – which, for several reasons, are flawed and ineffective – exist to protect the privacy of such communications in section 5(2) of the Indian Telegraph Act, 1885, section 26 of the Indian Post Office Act, 1898, and section 69 of the Information Technology Act, 2000.

Territorial privacy, which is afforded by possession of private property, is ordinarily protected by the broad offence of trespass – in India, these are the offences of criminal trespass, house trespass, and lurking house-trespass contained in sections 441 to 443 of the IPC – and house-breaking, which is akin to the offence of breaking and entering in other jurisdictions, in section 445 of the IPC.

Some measure of protection is provided to biometric information, such as fingerprints and DNA, by limiting their lawful collection by the state: sections 53, 53A, and 54 of the Code of Criminal Procedure, 1973 permit collections of biometric information from arrestees in certain circumstances; this is in addition to a colonial-era collection regime created by the Identification of Prisoners Act, 1920. However, nothing expressly prohibits the police or anybody else from non-consensually developing DNA profiles from human material that is routinely left behind by our bodies, for instance, saliva on restaurant cutlery or hair at the barbershop.

Physical surveillance, by which a person is visually monitored to invade locational privacy, is also inadequately regulated. Besides man-on-woman stalking, which was criminalised only one year ago, no effective measures exist to otherwise protect locational privacy. Indian courts regularly employ their injunctive power but have been loath to issue equitable remedies such as restraining orders to secure privacy. Police surveillance, which is usually covert, is an executive function that is practised with wide latitude under every state police statute and government-issued rules and regulations thereunder with little or no oversight. The risk of misuse of these powers is compounded by the increasingly widespread use of surveillance cameras sans regulation.

Other technologies too compromise privacy: GPS-enabled mobile phones offer precise locational information, presumably consensually; cell-tower tracking, almost always non-consensually, is ordered by Indian police without any procedurally built-in safeguards; radio frequency identification to locate vehicles is sought to be made mandatory; and, satellite-based surveillance is available to intelligence agencies, none of which are registered or regulated unlike in other liberal democracies.

No uniform privacy standard in law

None of these laws applies a uniform privacy standard nor are they measured against a commonly understood meaning of privacy. The lack of a statutory definition is not the issue; the lack of a statute that expresses the legislative will of a democracy to forge a common understanding of privacy to inform all kinds of human activity is the concern. Ironically, the impetus to draft a privacy law has come from abroad. Foreign senders of personal information – credit card data, home addresses, phone numbers, and the like – to India’s information technology and outsourcing industry demand institutionalised protection for their privacy.

Pressure from the European Union, which has the world’s strongest information privacy standards and with which India is currently negotiating a free trade agreement, to enact a data protection regime to address privacy has not gone unanswered. The Indian government – specifically, the Department of Personnel and Training, the same department that administers the Right to Information Act, 2005 – is currently drafting a privacy law to govern data protection and surveillance. At stake is the continued growth of India’s information technology and outsourcing sectors that receive significant amounts of European personal data for processing, which drives national exports and gross domestic product.

An inferred right

For its part, the Supreme Court has examined more than a few privacy claims to find, intermittently and unconvincingly, that there is a constitutional right to privacy, but the contours of this right remain vague. In 1962, the Supreme Court rejected the existence of a privacy right in Kharak Singh’s case which dealt with intrusive physical surveillance by the police.

The court was not unanimous; the majority of judges expressly rejected the notion of locational privacy while declaring that privacy was not a constituent of personal liberty, a lone dissenting judge found the opposite to be true and, furthermore, held that surveillance had a chilling effect on freedom. In 1975, in the Gobind case that presented substantially similar facts, the Supreme Court leaned towards, but held short of, recognising a right to privacy. It did find that privacy flowed from personal autonomy, which bears the influence of American jurisprudence, but subjected it to the interests of government; the latter prevailed.

However, in the PUCL case of 1997 that challenged inadequately regulated wiretaps, the Supreme Court declared that phone conversations were protected by a fundamental right to privacy that flowed from Article 21 of the Indian Constitution. To intrude upon this right, the court said, a law was necessary that is just, fair, and reasonable. If this principle were to be extended beyond communications privacy to, say, identity cards, the Aadhar project, which is being implemented without the sanction of an Act of Parliament, would be judicially stopped.

But what does “law” mean? Is it only the law of our Constitution and courts? What of the law that governed Indian societies before European colonisation brought the word ‘privacy’ to our legal system? Classical Hindu law – distinct from colonial and post-independence Hindu law – also recognises and enforces expectations of privacy in different contexts. It recognised the sanctity of the home and family, the autonomy of the community, and prescribed penalties for those who breached these norms. So, too, does Islamic law: all schools of Islamic jurisprudence – ‘fiqh’ – recognise privacy as an enforceable right.

Different words and concepts are used to secure this right, and these words have meanings and connotations of their own. But, the hermeneutics of privacy notwithstanding, this belies the common view that privacy is not an Indian value. Privacy may or may not be a cultural norm, but it has existed in India and South Asia in different forms for millennia.

Bhairav Acharya is a constitutional lawyer practising in the Supreme Court of India. He advises the Centre for Internet & Society, Bangalore, on privacy law and other constitutional issues.

For more details visit https://cis-india.org/internet-governance/blog/the-hoot-bhairav-acharya-april-15-2014-privacy-law-in-india-a-muddled-field-1

Privacy Issues with DRM

Jalaj Pandey — 2016-05-03T02:41:15Z

This post has been written by Jalaj Pandey interning at CIS. It elaborates upon the various privacy issues with the Digital Rights Management. The author talks about the various ways in which content producers use DRM as a tool to infringe the privacy of the end users.

Nehaa Chaudhari provided inputs and also edited the blog post. Click to download the File.

The ubiquity of internet in today's world has made content and information sharing an easy task. A certain media file can be shared and made public with hardly any technical obstacles. Issues like hacking, unauthorized copying and publication, unlicensed usage have become concerns for content producers, who have employed Digital Rights Management (hereafter DRM) measures to address some of them.

Several instances of the online privacy intrusion by the content producers have been recorded. In such a scenario the balancing the rights of the content producers and the end users becomes an important one. It is imperative to find a common ground to safeguard the interests of both the parties involved. In the recent past DRM has been receiving a lot of flak because of the privacy issues contented by the users.

In the most rudimentary form privacy can be explained as any information about an individual which he/she does not want to be made public. It is important to mention that this information is seen from the perspective of an ordinary reasonable person. The UN Declaration of Human Rights, 1948, defines privacy as a fundamental right of every human. The functioning of the DRM is based on restricting the usage or distribution of the content. Since this restriction is only possible after there is a formal identification of the end user, the content producers end up collecting information about the users. For example: a DRM for a music file might work in a manner where it can only be accessed by one computer from which the user accesses and registers for the first time. DRMs initially identify the IP addresses of the system and make the file functioning on only that IP address. In this way the producer ends up collecting information about the end user. Different DRM models take different ways to collect information of their user. While collecting IP addresses in one of them the other way is tracking the user information via download, browsing activities, subscription service, etc. The usage log of the users is generated and becomes a valuable asset to assess and predict the preferences of the users

Two contentions of privacy have been raised on the privacy issues of DRM -

a) What is the accountability of this process and

b) Whether it puts the content producers in a position where they can control the users.

The information collected is under the control of content producers, who mostly store this information in the form database. BEUC (European Consumer Organization) claimed that the DRM systems technologically enable content providers to monitor private consumption of content, create reports of consumption, and profile users.

The information is at the disposal of the content producers. An assessment of DRM applications under Canadian Privacy showed that the firms did not even recognise privacy issues of the customers as a priority. In fact the firms failed to provide the information that was stored in their databases. This gives an idea about the lack of transparency that exists in collecting the information about users. The question whether users are aware of what information is being collected and to what extent they are being tracked online remains unanswered. The CEN/ISSS (European Committee for Standardization/ Information Society Standardisation System) pointed out that DRMs have a large potential to transmit, generate personal information about users. It has also been characterized by unprecedented levels of monitoring by various content producers.

Further the principled level argumentation to this is on lines of collection of information without any authentication from the user herself/himself. It is essential that if any information is collected or saved by the producers it should only be after taking consent of the user. Surveillance and compelled disclosure of information about intellectual consumption threaten rights to personal integrity.

DRMs take away the anonymity of the consumption. Since the producers can practically monitor the content usage of the user, this has led to wide scale of price discrimination. This means that producers would monitor and assess the preferences of the user and subsequently raise the prices of that particular class of products. In the report of FIPR (Foundation of Information Policy and Research) it was found that Microsoft had been trying to implement their DRM systems in their products using a similar approach to gain a monopoly position as in their strategy of browser implementation.

The Sony BMG copy protection rootkit scandal in 2005 brought much criticism to DRM. It was found out that Sony BMG had introduced illegal and harmful copy protection measure in its CDs. The rootkit element of the software is used to hide virtually all traces of the copy protection software's presence on a PC, so that an ordinary computer user would have no way to find it. Further more than just the DRM part of it the software also made the user's system open to a number of malwares and created vulnerabilities in the system. Sony was eventually made to compensate consumer costs, etc on the same. However the question of whether the database in the hands of companies can be used in arbitrary manner was intensely discussed after this.

It is essential that an effective framework is brought into effect which caters to privacy interests of the users. Privacy is the basic human right and it is the onus of the State to protect and safeguard this right. It is essential that the State does not compromise and support mechanisms which promote the welfare of the content producers over the users. The balance of users and producers becomes all the more important in a developing country like ours. The lack the awareness and the knowledge coupled with increasing usage of internet can lead to the exploitation of many. It is essential that the States see through these problems and collectively find an all encompassing solution to it.

K. G. Coffman and A. M. Odlyzko, Growth of the Internet, AT&T Labs - Research, July 6, 2001, available at, ( www.dtc.umn.edu/~odlyzko//doc/oft.internet.growth.pdf) (hereinafter Growth).

The Daily Source, The Growing Impact of the Internet, April 4, 2016, available at (https://www.dailysource.org/about/impact).

Corryne Mcsherry, Adobe Spyware Reveals (Again) The Price Of DRM: Your Privacy And Security, Electronic Frontier Foundation, October 17, 2014, available at,

(https://www.eff.org/deeplinks/2014/10/adobe-spyware-reveals-again-price-drm-your-privacy-and-security).

Digital Rights Management: A failure in the developed world, a danger to the developing world, Electronic Frontier Foundation, March 23, 2005, available at,

(https://www.eff.org/wp/digital-rights-management-failure-developed-world-danger-developing-world).

R. Subramanya and Byung k. Yi, Digital Rights Management, available at, ( https://www.academia.edu/8054608/Digital_Rights_Management) (hereinafter Digital Rights Management).

Global internet liberty campaign, privacy and human rights, An International Survey of Privacy Laws and Practice, available at, (http://gilc.org/privacy/survey/intro.html).

Ann Cavoukian, Privacy and Digital Rights Management (DRM): An Oxymoron, Information and Privacy Commissioner Ontario, available at, ( https://www.ipc.on.ca/images/Resources/up-1drm.pdf ) (hereinafter Oxymoron)

Varian, H.R. (1985) 'Price discrimination and social welfare', American Economic Review, Vol. 75, available at, (http://www.economics-ejournal.org/economics/journalarticles/2007-1/references/Varian1985).

Privacy and Digital Rights Management,A position paper for the W3C workshop on Digital Rights Management, January 2001, available at, ( www.w3.org/2000/12/drm-ws/pp/hp-poorvi.html).

Growth supra note, 1.

Digital Rights Management supra note, 5.

Thierry Rayna, Privacy or piracy, why choose? Two solutions to the issues of digital rights management and the protection of personal information, Intellectual Property Management, Vol. X, No. Y, available at,

(www.inderscienceonline.com/doi/abs/10.1504/IJIPM.2008.021138).

Oxymoron supra note, 7.

BEUC, Consumentenbond, and CLCV at DRM Working Group 1 (2002), available at, (https://privacy.org.nz/assets/Files/4558510.pdf).

Natali Helberger and Kristo´f Ker´enyi and Bettina Krings, Digital Rights Management and Consumer Acceptability: A Multi-Disciplinary Discussion of Consumer Concerns and Expectations, available at (citeseerx.ist.psu.edu/showciting?cid=733532).

Knud Bohle, Indicare, Research into unfriendly DRM : A Review, December, 2004,available at, (citeseerx.ist.psu.edu/showciting?cid=733532) (hereinafter Indicare).

European Committee for Standardization/Information Society Standardisation System (CEN/ISSS) DRM Report, 2003.

Indicare supra note, 16.

News Release, "Forrester Technographics Finds Online Consumers Fearful of Privacy Violations" (October 27, 1999 available at, (www.forrester.com/ER/Press/Release/0,1769,177,FF.html).

Julia E. Cohen, Georgetown Law Faculty Publications, DRM and Privacy, January 2010, available at,

(https://www.academia.edu/2164013/DRM_and_Privacy).

Moe, W. and Fader, P. (2004) 'Dynamic conversion behavior at e-commerce sites', Management Science, Vol. 50, available at,

(https://www.researchgate.net/publication/227447618_Dynamic_Conversion_Behavior_at_E-Commerce_Sites).

Privacy or piracy supra note, 21.

Sismeiro, C. and Bucklin, R. (2004) 'Modeling purchase behavior at an e-commerce web site: a task completion approach', Journal of Marketing Research, available at, (citeseerx.ist.psu.edu/showciting?cid=906878).

Ross Anderson, Foundation of Information Policy and Research Consultation Response to DRM (2004), available at, (www. fipr.org/APIG_DRM_submission.pdf).

Otto Helweg, Sony, Rootkits and Digital Rights Management Gone Too Far, Oct, Oct. 31, 2014, available at (https://blogs.technet.microsoft.com/markrussinovich/2005/10/31).

Sony BMG Litigation Info, Electronic Frontier Foundation, available at, (https://www.eff.org/cases/sony-bmg-litigation-info).

For more details visit https://cis-india.org/internet-governance/blog/privacy-issues-with-drm

Privacy is not a unidimensional concept

amber — 2017-08-07T08:02:20Z

Right to privacy is important not only for our negotiations with the information age but also to counter the transgressions of a welfare state. A robust right to privacy is essential for all citizens in India to defend their individual autonomy in the face of invasive state actions purportedly for the public good. The ruling of this nine-judge bench will have far-reaching impact on the extent and scope of rights available to us all.

This article, written by Amber Sinha was published in the Economic Times on July 23, 2017.

In a disappointing case of judicial evasion by the apex court, it has taken over 600 days since a reference order passed in August 11, 2015, for this bench to be constituted. Over two days of arguments, the counsels for the petitioners have presented before the court why the right to privacy, despite not finding a mention in the Constitution of India, is a fundamental right essential to a person’s dignity and liberty, and must be read into not one but multiple articles of the Constitution. The government will make its arguments in the coming week.

One must wonder why we are debating the contours of the right to privacy, which 40 years of jurisprudence had lulled us into believing we already had. The answer to that can be found in a series of hearings in the Aadhaar case that began in 2012. Justice KS Puttaswamy, a former Karnataka High Court judge, filed a petition before the Supreme Court, questioning the validity of the Aadhaar project due its lack of legislative basis (since then the Aadhaar Act was passed in 2016) and its transgressions on our fundamental rights. Over time, a number of other petitions also made their way to the apex court, challenging different aspects of the Aadhaar project. Since then, five different interim orders by the Supreme Court have stated that no person should suffer because they do not have an Aadhaar number. Aadhaar, according to the court, could not be made mandatory to avail benefits and services from government schemes. Further, the court has limited the use of Aadhaar to specific schemes: LPG, PDS, MGNREGA, National Social Assistance Programme, the Pradhan Mantri Jan Dhan Yojna and EPFO.

The real spanner in the works in the progress of this case was the stand taken by Mukul Rohatgi, then attorney general of India who, in a hearing before the court in July 2015, stated that there is no constitutionally guaranteed right to privacy. His reliance was on two Supreme Court judgments in MP Sharma v Satish Chandra (1954) and Kharak Singh v State of Uttar Pradesh (1962): both cases, decided by eight- and six-judge benches respectively, denied the existence of a constitutional right to privacy. As the subsequent judgments which upheld the right to privacy were by smaller benches, Rohatgi claimed that MP Sharma and Kharak Singh still prevailed over them, until they were overruled by a larger bench.

The reference to a larger bench has since delayed the entire matter, even as a number of government schemes have made Aadhaar mandatory. This reading of privacy as a unidimensional concept by the courts is, with due respect, erroneous. Privacy, as a concept, includes within its scope, spatial, familial, informational and decisional aspects. We all have a legitimate expectation of privacy in our private spaces, such as our homes, and in our personal relationships. Similarly, we must be able to exercise some control over how personal data, like our financial information, are disseminated. Most importantly, privacy gives us the space to make autonomous choices and decisions without external interference. All these dimensions of privacy must stand as distinct rights. In MP Sharma, the court rejected a certain aspect of the right of privacy by refusing to acknowledge a right against search and seizure. This, in no way prevented the court, even in the form of a smaller bench, from ruling on any other aspects of privacy, including those that are relevant to the Aadhaar case.

The limited referral to this bench means that the court will have to rule on the status of privacy and its possible limitations in isolation, without even going into the details of the Aadhaar case (based on the nature of protection that this bench accords to privacy, the petitioners and defendants in the Aadhaar case will have to argue afresh on whether the project does impede on this most fundamental right). There are no facts of the case to ground the legal principles in, and defining the contours of a right can be a difficult exercise. The court must be wary of how any limits they put on the right may be used in future. Equally, it is important to articulate that any limitations on the right to privacy due to competing interests such as national security and public interest must be imposed only when necessary and always be proportionate.

It will not be enough for the court to merely state that we have a constitutional right to privacy. They would be well advised to cut through the muddle of existing privacy jurisprudence, and unequivocally establish the various facets of the right. Without that, we may not be able to withstand the modern dangers of surveillance, denial of bodily integrity and self-determination through forcible collection of information. The nine judges, in their collective wisdom, must not only ensure that we have a right to privacy, but also clearly articulate a robust reading of this right capable of withstanding the growing interferences with our autonomy.

For more details visit https://cis-india.org/internet-governance/privacy-is-not-a-unidimensional-concept

Privacy in the Social Networked World

praskrishna — 2012-12-04T16:19:51Z

The Asian Privacy Scholars Network 2nd International Conference was hosted by the Centre for Business Information Ethics, Meiji University, Tokyo, Japan, on behalf of the Asian Privacy Scholars Network, November 19 - 20, 2012. Elonnai Hickok is speaking at the event.

Monday, November 19, 2012

09:00—09:30	Registration and Welcome
09:30—10:30	Keynote Speaker: Pirongrong Ramasoota (Chulalongkorn University, Thailand) The Future of Privacy in the World's Largest Democracy
10:30—11:00	Break
11:00—12:30	Whon-Il Park (Kyung Hee University, Korea) How to Protect, or Utilize, Personal Visual Information in Korea Sinta Dewi Rosadi (University Padjadjaran, Indonesia) Constitutional Privacy Protection: The Indonesian Experience Takato Natsui (Meiji University, Japan) Censorship, Burying and Mental Health in Business Office
12:30—14:00	Lunch
14:00—15:00	Lilian Edwards (Strathclyde University, UK) International Implications of the Proposed Revision of the EU Data Protection Directive Graham Greenleaf (UNSW, Australia and Meiji University, Japan) 100 Data Privacy Laws: Their Significance and Origins
15:00—15:30	Break
15:30—16:30	Kiyoshi Murata/Yohko Orito (Meiji University/Ehime University, Japan) Japanese Youngsters' Social Attitude towards Privacy Ryoko Asai/Iordanis Kavathatzopoulos (Meiji University, Japan/Uppsala University, Sweden) The Paradoxical Nature of Privacy
18:00—20:00	Conference Banquet (Salon San, 23rd Floor, Liberty Tower, Meiji University)

Tuesday, November 20, 2012

09:00—09:45	Keynote Speaker: Roger Clarke (Xamax Consultancy, UNSW and ANU, Australia) Consumer-Oriented Social Media as Market Opportunity
09:45—10:00	Video Presentation from David Lyon (Queens University, Canada)
10:00—10:30	Break
10:30—12:00	Daniel Trottier (Uppsala University, Sweden) Social Networking Sites and Crowd-sourced Surveillance Colin Bennett (University of Victoria, Canada) Social Networking and Privacy Jurisdiction Andrew Adams (Meiji University, Japan) Facebook Code: SNS Platform Affordances and Privacy
12:00—13:00	Lunch
13:00—14:30	Elonnai Hickok (Centre for Internet and Society, India) Transparency and Privacy in India Fumio Shimpo (Keio University, Japan) Current Developments in Japanese Data Protection Policy Panel: Chen, Greenleaf, Hickok, Shimpo
14:30—15:00	Break
15:00—17:00	Ian Brown (University of Oxford, UK) Data Protection and Social Networking Services Shirley Williams (University of Reading, UK) Do Computer Science Scholars Consider Issues of Privacy when Studying Large Twitter Data Sets? Final Panel: Adams, Bennett, Brown, Clarke, Williams

Organisers

Prof Andrew A. Adams, Meiji University, Tokyo, Japan
Prof Kiyoshi Murata, Meiji University, Tokyo, Japan
Prof Graham Greenleaf, UNSW, Sydney, Australia
(JSPS Visiting Fellow, Meiji University Sep-Dec 2012)

Read the original here

For more details visit https://cis-india.org/news/privacy-in-social-networked-world

Centre for Internet and Society

Privacy Protection Bill (September 2013)

Privacy Perspectives on the 2012 -2013 Goa Beach Shack Policy

Current Status of the Shack Policy

Inside the policy:

Application Requirements

Operational Requirements

Enforcement

Other practices around security and identification in Goa

Will the 2012 – 2013 Beach Shack Policy have new implications?

Conclusion

Privacy Newsletter April 2017

Privacy Meeting: Brussels – Bangalore

Draft Agenda

Materials

Other resources

The Speakers

Gertjan Boulet

Dariusz Kloza

Privacy Meet

Privacy Matters, Guwahati — Event Report

Event Sessions

Privacy and the RTI

Privacy and Security/Law Enforcement in the North East of India

Privacy and the UID

Conclusion

Privacy as a Fundamental Right

Privacy Matters — Conference Report

Introduction

Keynote

Privacy Challenges

UID and Privacy

Conclusion

Privacy Matters — Analyzing the Right to "Privacy Bill"

Welcome

Keynote Address

Session I: Privacy and the Legal System

Privacy and the Constitutional Law

Session II: Privacy and Freedom of Expression

Sexual Minorities and Privacy

Session III: Privacy and National Security

Privacy and UID

Conclusion

Privacy Matters — Analyzing the "Right to Privacy Bill"

Agenda

Session I

Session II

Session III

Organizers

Partners

Speakers

Privacy Matters - A Public Conference in Ahmedabad

Agenda

Privacy Matters

March 26th 10:30 – 4:30 pm

Other Distinguished Participants

Privacy Law Must Fit the Bill

Privacy Law in India: A Muddled Field - I

No uniform privacy standard in law

An inferred right

Privacy Issues with DRM

Privacy is not a unidimensional concept

Privacy in the Social Networked World

Monday, November 19, 2012

Tuesday, November 20, 2012

Organisers