Naavi.org

Bengaluru Tech Summit 2020 (BTS 2020), was successfully conducted by the Karnataka Government on November 19, 20 and 21st. The summit was inaugurated by the honourable Prime Minister Mr Narendra Modi and several dignitaries from India and abroad were part of the proceedings.

The BTS 2020 had multiple tracks covering both IT and BT segments such as One Health, Innovation Corner and Knowledge Hub. The technical discussions covered Drones, Robotics , Cyber Security, Digital Learning, etc. Unfortunately despite Data Protection being an important area which affects both the IT and BT segments and India is in the verge of passing a data protection law, there were no specific coverage of data security in the program. Both the PM and the IT minister during their speeches made reference to Data Security and the forthcoming law underscoring the importance of the topic.

Recognizing this void and not let the Bengaluru Tech Summit go without a discussion on Data Protection, FDPPI stepped in with its own summit Indian Data Protection Summit 2020. holding two high powered panel discussions on each day covering different topics on the Data Protection such as the law in the pipeline, (PDPB 2019), the global laws such as GDPR, the professional opportunities emerging because of the new law , the challenges posed by the Schrems II judgement of he EUCJ, the innovative Data Trust Score system in the Indian law and FDPPI’s own innovation of the Personal Data Protection Standard of India.

Never in the history of India such an elaborate public webinar had been held on the subject available free for the participants.

IDPS was covered through Six panel discussions involving more than 25 professionals participating in panel discussions structured in the following sequence.

1. Recent Data Breach Incidents and PDPA of India
2. PDPA of India is not a clone of GDPR
3. The Challenge of being a DPO
4. The enigma of cross border data transfer
5. Data Trust Score the Indian innovation
6. A Unified Framework for Data Protection Implementation

It was interesting to note that the  battery of experienced Data Protection Professionals who participated in the program were all members of FDPPI.

Na.Vijayashankar, anchored the entire program and added his enlightening thoughts to the discussion.

The program was highly appreciated by the participants.

During the program, FDPPI also announced their programs which included

1. 1. Certification pf Data Protection Professionals
   2. Unified framework for multiple data protection law compliance-PDPSI (Personal Data Protection Standard of India)
   3. Launching of the Data Disputes Mediation and Arbitration Center on an Online platform
   4. Launching of an annual award for “Champion Data Protection Professional” along with “Champion Data Protection Team” and “Champion Data Protection Organization”.
   5. Launching of the Data Protection Journal of India as a quarterly journal from the next quarter

The IDPS will be repeated each year and is likely to become a flagship event in the field of Data Protection in India in the coming years.

Naavi

When Section 66A of ITA 2000/8 was scrapped, by the Supreme Court in 2015, most people hailed the decision of the Supreme Court as a torch bearer of “Freedom of Speech”.

Naavi.org had its reservations on the scrapping since it felt that the Supreme Court had come to a wrong decision by not distinguishing between “Publishing” and “Messaging”  and also for not reading down the section instead of scrapping it all together along with the provisions related to Spamming, Cyber Stalking, Cyber Bullying, Cyber extortion, Cyber harassment etc.

The Central Government has not since then come up with an alternative to Section 66A and only trying to work with tinkering of the Intermediary guidelines in a half hearted manner. Hence fake news and cyber defamation continue without appropriate controlling measures under ITA 2000.

The inability of the Central Government to come up with an alternative to Section 66A since 2015 when the judgement was pronounced has now lead to a situation where Kerala Government has come up with an Ordinance under the State Police Act which challenges both the Supreme Court as well as the Central Government’s powers and intentions to regulate the Cyber Space.

Section 90 of ITA 2000 states as follows:

Power of State Government to make rules

(1) The State Government may, by notification in the Official Gazette, make rules to carry out the provisions of this Act.

(2) In particular, and without prejudice to the generality of the foregoing power, such rules may provide for all or any of the following matters, namely

(a)the electronic form in which filing, issue, grant receipt or payment shall be effected under sub-section (1) of section 6;
(b)for matters specified in sub-section (2) of section 6;

(3) Every rule made by the State Government under this section shall be laid, as soon as may be after it is made, before each House of the State Legislature where it consists of two Houses, or where such Legislature consists of one House, before that House.

Since ITA 2000 was a central law, it was interpreted that under Section 90, States only have powers to frame rules for implementing the provisions of the law and not frame new laws by themselves.

However, under the argument that “Law and Order” is a state subject, some States made laws under their Police Act applicable to Cyber Cafes, Online Gaming etc. Now this trend has been extended to the Kerala Government’s Ordinance related to “Publishing of information in electronic form”.

Copy of the Kerala Ordinance

The Kerala Ordinance states as follows:

Amendment of Section 118 of Kerala Police At 2011 (8 of 2011)

In the principal act after Section 118, the following section shall be inserted namely:

118A: Punishment for making, expressing, publishing or disseminating any matter which is threatening, abusive, humiliating or defamatory:-

Whoever makes, expresses, publishes or disseminates

through any kind of mode of communication,

any matter or subject

for threatening, abusing, humiliating or defaming a person or class of persons,

knowing it to be false and

that causes injury to the mind, reputation, or property of such person or class of persons or any other person in whom they have interest

shall on conviction, be punished with imprisonment for a term which may extend to three years or with fine which may extend to ten thousand rupees or with both.

Presently it is being interpreted that this ordinance is applicable for publications in Twitter or FaceBook or other social media.  The LDF government has reportedly said that this amendment was done to ‘control cyberbullying’.

We can look at the impact of this ordinance under two assumptions.

Firstly, the ordinance uses the term “any kind of mode of communication”.  This does not specify that “Electronic Communication” is part of the ordinance. Since legal recognition to electronic document as equivalent to paper document was provided through ITA 2000 which is a central law and Section 90 of that law restricts the powers of the police to only issue rules for implementing the law as provided there in and not introduce a new penal section with imprisonment etc., it can be argued that the ordinance may not be applicable for electronic documents.

The legislative intent of the Police Act is also to be considered as restricted to the regulation of the police activity and ideally it should refrain from passing a law carrying punishments unless that is related to the prevention of carrying out of duties of the Police as envisaged under the Act.

For example if the defamation is of a “Police Officer” and aimed at preventing him from discharging his duties, then the Police Act could be considered as having jurisdiction to make regulations.

But infringing on a Central Law meant to provide legal recognition to electronic documents and regulate crimes associated with cyber crimes, should be considered as ultra-vires the Section 90 of ITA 2000.

It is however possible that this view may not be acceptable to the majority of legal professionals who may say that “Maintenance of Law and Order” includes regulating the Cyber Activities and hence the State Government has the power to make laws of this nature.

While we donot support this view, we can continue our discussion further presuming that this is the popular and acceptable legal position.

Under this assumption. “Any Mode of Communication” used in the ordinance may be considered as inclusive of electronic mode of communication and hence the social media comes into relevance.

The clarifications given by the politicians indicate that this law is not meant to regulate the “Media” and hence it may be used only to punish “Individual Citizens” who express themselves on platforms which are not considered as “Social Media”.

A doubt that comes to the mind here is, If Twitter is a Social Media and Kerala Government does not want to apply this law to Twitter, then a contributor to the social media called Twitter may claim to be a “Social Media Journalist” and his publication becomes “Social Media Journalism”. Hence politicians are assuring that they may not be targeted.

However, since no body believes the politicians this assurance has no meaning.

The next point to be noted is that this section will be applicable only for postings which are “Known  to be false”. If the person posting the message does not “Know” that it is false but believes that it is “True” or it is in fact “True”, then the section is not applicable.

This means that unless there is a prima facie evidence established by the Police that the information is “false and the person is aware that it is false”, there is no cause of action under this section.

The section requires “injury to the mind, reputation, or property of such person or class of persons or any other person in whom they have interest“.

It is not clear what is meant by “in whom they have interest”. Perhaps this could be interpreted that the person to be charged should have an intention to defame a person in whose defamation there must be some interest of the person.

If we presume that Kerala Government has the power to make laws covering Cyber defamation or Cyber bullying as was the scope of Section 66A of ITA 2000, then the amendment is a direct affront to the Supreme Court in the Shreya  Singhal judgement.

If the power of the Kerala Government to bring out this law for punishing  use of electronic documents as part of an expression of opinion as per the “Freedom of Speech” enshrined in the Constitution, then every State Government may make their own Section 66A and later every other section of Chapter XI of ITA 2000 and create their individual versions of ITA 2000.

This will lead to a chaotic situation and breaking the structure of the Union of India. Hence it has to be curbed at the very beginning itself.

In order to ensure that ITA 2000 remains the only law for regulating electronic documents, it is necessary for the Government to recognize that “Cyber Space” is a different jurisdiction which should not be considered as belonging to a “State”. It should be always at the Union Level . Hence Cyber Laws should belong to the Central Government. The implementation can be delegated to the local police but law making should remain with the Center.

As a further improvement, the implementing Police can also be made a “National Unit” and brought directly under the Union Government administration so that Cyber Police will be a national cadre. This will enable better expertise to be built up and resources to be shared.

If Cyber Laws are allowed to be created and implemented under local laws of the State or later under Municipalities etc., then movement of people within the country would be highly restricted since police in one state will start enforcing their writ in another state and people would not like to travel to a state at which any of their twitter posts may be found objectionable.

The way police in a state implement the law is best showcased by the Maharashtra Police under the Shivsena Government and no person will be safe in expressing any opinion which may remotely be objectionable to a politician in a rogue state.

The Kerala Ordinance should therefore be seen in this context of creating a highly objectionable precedent and hence should be scrapped forthwith.

Naavi

P.S: ” Responding to the adverse views about the Ordinance, the Chief Minister of Kerala has made an announcement that the provisions of the Ordinance will not be implemented. However, the ordinance needs to be withdrawn by the Governor officially or allowed to lapse.  However the principle of Cyber legislation to be in the central domain as a legislation of Cyber space needs to be pursued.”

The second day of IDPS 2020 was successfully concluded with two panel discussions namely one on Data Protection Officers and another on Cross Border Transfer of Data.

The  summit will conclude tomorrow with a discussion on Data Trust Score and PDPSI.

IDPS 2020, the three day Indian Data Protection Summit 2020 was successfully launched yesterday the 19th November 2020.

The IDPS 2020 is being held concurrently with BTS 2020 (Bengaluru Tech Summit) as a virtual summit on Zoom platform.

The program started at 2.oo pm with Naavi introducing the event along with the objectives of FDPPI .During his brief introduction Naavi highlighted the following projects of FDPPI.

1. 1. Certification Programs for “Certified Data Protection Professional-Module I,”, “Certified Data Protection Professional-Module G,”,  and the forthcoming modules of Technology, Audit and Behavioural Skills.
   2. Introduction of an Implementation Framework “PDPSI” or “Personal Data Protection Standard of India” as a unified framework for implementation of multiple data protection laws in an organization.
   3. Introduction of  “Online Data Disputes Mediation and Arbitration Center” (Online DDMAC) as a platform for resolving disputes related to the data disputes between individuals and organizations as well as one organization and the other.
   4. Institution of an Integrated award on an annual basis firstly for an individual as “Champion Data Protection Professional”  in India  along with a recognition for the “Champion Team” supporting the individual and the “Champion Organization” supporting the team.
   5. Introduction of a Quarterly journal “Data Protection Journal of India” to be a helping hand for knowledge dissemination within his organization.

Naavi’s talk was followed by two panel discussions.

The First Panel discussion  was on ” Recent Data Breach Incidents and PDPA of India” where experts Mr Sudarshan Mandyam, Ritesh Bhatia and Dr Mahendra Limaye discussed some of the recent data breach incidents in India and introduced the proposed Indian Personal Data Protection Act of India.

The Second panel discussion followed on the theme of “PDPA of India is not a Clone of GDPR” and further explored the proposed Indian Act in comparison with the GDPR.

The program was well received.

The IDPS will continue today with two more sessions first session starting at 11.00 am (90 minutes) and the second a 4.00 pm (90 minutes). These sessions will discuss “The Challenges of being a DPO” and “The Enigma of Cross Border Data Transfer).

Experts, Ms Bhimesh Karadi, Anil Chiplunkar, Satish Kumar Dwibhashi and Sameer Mathur will constitute the first panel and Rajesh Vishwanathan, Nagendra Javagal and S. P. Arya would  constitute the second panel.

We look forward to professionals attending today’s sessions in good number.

The session is free to attend and the link information is available here:

Naavi

P.S: In case you are attending the Bengaluru Tech Summit 2000, donot forget to visit our stall.

Participation is free. Join on the above meeting room on Zoom platform or watch on You Tube channel.

The complete program is as follows:

The speakers conducting panel discussions are as follows:

Naavi

Karnataka Government is conducting its flagship annual IT BT conference as a Virtual Conference this year. The conference is titled Bengaluru Summit 2020 (BTS 2020) and will be  held between 19th and 21 November. The theme of the summit is “Next Now”.

Honourable Prime Minister of India, Mr Narendra Modi would be inaugurating the Bengaluru Tech Summit 2020 set to open tomorrow.

FDPPI has taken a stall and interacting with the participants

The stall will display the activities of FDPPI and distribute material relevant to the activities.

Concurrently with the BTS 2020, FDPPI is also conducting Indian Data Protection Summit (IDPS 2020). This summit will also be virtual and will be available both on Zoom platform and on Youtube webcasting.

There will be six panel discussions covering different topics of interest.

Participation in the IDPS 2020 is free. Registrants on the FDPPI website has been sent the Zoom link. The sessions will be webcast on YouTube simultaneously.

The Link to Zoom sessions have already been distributed through the social media contacts of the members of FDPPI.

The webcast would be available in the Youtube Channel here:

https: www.youtube.com/naavi9 

The six sessions will be managed by experienced professionals and members of FDPPI.

Naavi would anchor the sessions.

The event is sponsored by Ujvala Consultants and Co-Sponsored by Redwood Learning and Sysman Computers.

CIO association of India is also supporting the event.

We wish public in large numbers attend the IDPS 2020 and make this event a success.

Naavi