MeitY issues notice on “User Name” for WhatsApp..

On July 1, Meity issued a notice to WhatsApp to hold back its proposal to introduce a new feature of providing an option to the users to register a user name. In the back end WhatsApp will have the mobile number but it will not be displayed. Similar notices have also been issued o Telegram and Signal according to the Hindu report.

The move will raise a backlash from “Privacy” activists who want the feature to “Hide” and send messages. Naavi.org is in support of this move as it is fully aware of the possible ways by which it can be misused to commit anti national activities besides cyber crimes. Meta itself will be a company which can support anti national activities and cannot be trusted.

At the same time, we have to however point out that Naavi.org has earlier brought to the public notice that changes are required in similar use cases in domain name registration and email registration. Today domain name registrar provide a facility to “Privacy Protect” the registrant’s details. The E-Mail Providers like G Mail provide proxy originating IP address and allow any name to be used for display. There are also proton mail type of service providers who thrive  by providing identity cover in the name of Privacy.

We also have objection to the Current systems of SMS and E Mail also provide a facility for “No Reply” emails which is an open invitation for “Spam”.  The TRAI has tried to introduce restrictions on the marketing messages but does not prevent “No-Reply” ads which is legally an unsustainable way of communication. Many times Banks and other organizations use this for sending a “Notice” with no “reply” option, making this a “Spam”.

Unless a principled stand is taken by the Government on all these aspects, the action against WhatsApp appear to be a selective action.

We therefore request  the Government to simultaneously take action as follows.

  1. Display any preferred user name in the WhatsApp account provided it is accompanied by the phone number . Example “Naavi<……4943>”
  2. Similarly all Emails must mandatorily provide the mobile number as part of its display.
  3. “No-Reply”  communication should be prohibited in all e-communications
  4. Privacy Protection under Domain Name registration should be stopped since any domain name registration should be considered as “Publication for non personal reasons”

Naavi

Also refer: Theory of Regulated Anonymity

Posted in Privacy | Leave a comment

DPDPA Challenge for Banks

We are now 314 days away from the full implementation of DPDPA 2023. From 13th May 2027, Banks like all other organizations will be facing the prospect of the  inquiries from DPB on customer grievances related to “Data Access”, “Data Deletion”, “Processing without Permission” etc.

FDPPI has been providing assistance to organizations to be compliant with DPDPA by developing specific compliance framework under the umbrella of “DGPSI” or Data Governance and Protection Standard of India, Recently the DGPSI-Hospitals, a framework for hospitals was released and is now under Public discussion.

One of the key issues in the Banking segment  is that personal data is collected and used at hundreds of branches while the data may sit in a central server and the DPO may be stationed in the head office without adequate oversight over the branch activities.

Additionally, use of data processors and AI has also increased and needs to be factored in.  Many of the Banks also have exposure to RTI act and POSH act which also cannot be neglected.

RBI has its own regulations on cross border data transfer, data retention and AI usage.

Many of the Banks have been notified under Section 70 of ITA 2000 introducing separate obligations of information security.

Most Banks have hundreds of processes covering multiple products, services.

Hence compliance in a Banking environment is complicated and requires special attention.

Hopefully DGPSI-Banks try to address as many concerns as possible in the Banking sector so that before 13th May 2027, Banks can make substantial progress in the implementation of DPDPA.

Watch out for more discussions on this website while the framework takes shape.

Naavi

Posted in Privacy | Leave a comment

DGPSI-Hospital framework for Public Discussion

FDPPI has developed a DPDPA Compliance framework for hospitals named “DGPSI-Hospital”.

A public consultation will be held virtually next week to discuss the framework with interested persons in the public.

Watch out for the announcement of the time. and link.

Naavi

Posted in Privacy | Leave a comment

Independent Auditor is the new profession being unveiled by FDPPI: Do not miss to attend

REGISTER HERE: 

(Registration fee: Rs 500/-: May be paid here: )

Posted in Privacy | Leave a comment

Madhya Pradesh Proposes new rules for Electronic Evidence

Madhya Pradesh Government has proposed a new Electronic Evidence Rules to make handling of electronic evidence for presentation to the Court easier. The rule is said to have been developed in consultation with MP High Court. It is pending approval and notification by the State.

According to MP Additional Chief Secretary (Home) Sanjay Shukla, the draft rules have been received by the government and are currently under examination. It is reported that similar initiatives are being pursued in several states following the Centre’s recommendations. If approved, Madhya Pradesh could emerge as the country’s first state to formally implement such a framework.

One of the benefits indicated is that mobile phones need not be submitted by people for presenting evidence. The evidence will be uploaded on an application  and will be treated as “Original Evidence”. Upload facility will be provided through E Seva Centers.

It is not clear if with the inclusion of E Seva Centers in the loop, this rule will dilute the  integrity of the evidence and enable manipulation. It is also debatable if this should have been done with an amendment to BSA Section 63 instead of the notification of a rule.

In our view there was no need for depositing the Mobile even now since Mobile is only a container of evidence and not the electronic evidence. This distinction has not been  appreciated by many and perhaps including MP High Court. What Section 63 requires is a faithful copying by a certifier whose integrity is impeachable. If the certifier makes any false certification, he would be liable for perjury.

Second misconception is that an “Expert” is the “Notified Digital Evidence Examiner”. In our view it is not necessary.

We also have some reservation on the power of the State Government to make an amendment of this type. It could have been better addressed by an amendment of BSA 2023 itself.

Integrity of the APP being developed by NIC and the E Seva Centers would be now part of the E Evidence System. How they will  they hold up to pressures of evidence manipulation is another challenge to be addressed.

Let us see how this develops. (Copy of the draft is not available so far)

Refer the article here: at Bhaskarenglish.in

 

Comments are welcome.

Naavi

Also Refer:

Dainik Bhaskar 

Request for Guidelines (Writ by Sidharth Luthra) ..at Supreme Court

 

Posted in Privacy | Leave a comment

Posted in Privacy | Leave a comment