Naavi.org

It can only happen in India that Companies like Meta are in the forefront of challenging Government notifications such as the Intermediary Rules in Courts and they are the same entities who are also consulted for advise on how we frame rules.

In its continuing bid to placate the Big Tech before releasing the DPDPA draft Rules, MeitY held a discussion yesterday with select Big Tech Players like Meta to get their approval for the proposed DPDPA Rules.

The DPDPA rule that requires age verification and parental consent for those who are less than of 18 years of age is a rule that hurts FaceBook and it is trying to ensure that the rules are not stringent.

Several newspapers have carried a report today based on the meeting which states that a discussion took place on the method of determining the “Minority” status of the users in this meeting.

One such report is from Indian Express here.

Despite the presence of all the Tech Experts, the meeting has concluded that it is not possible to implement any solutions even based on tokens issued by UIDAI. Hence it is decided that we should leave it to Meta and Google to determine their own methods to declare that a person is not a minor.

It is surprising to think that UIDAI cannot tokenize the existing data related to Aadhaar into “Persons of above 18 years of age” and “Persons Below the age of 18” as of date and add “Name of Parent in case of Persons below 18 years of age”.

This decision means that the Meta-Google type of companies will device their own methods on how to determine whether a person is a minor, who is his parent and take consent as they deem fit. This will avoid the responsibility of the Government to suggest any solution and leave it to the Courts later to determine if the systems adopted by the industry is acceptable or not.

I hope that with this clearance from Meta and Google, the Government will at least now release the rules for public consultation and meet the 100 day commitment of Modi 3.0.

Naavi

In the new Indian Evidence Act which became effective from 1st July 2024, the earlier Section 65B of Indian Evidence act has been modified as Section 63.

This being an important section in the Act, Naavi has tried to place his perspective through this detailed video.

Your comments are welcome .

Naavi

There are a number of CERT-In auditors who are registered with CERT IN for different kinds of audits.

With the notification of DPDPA 2023 expected during this year, there will be new business opportunities that will open up for Audits in the DPDPA segment of the market.

In order to enable the CERT IN auditors to explore the new opportunities that may be coming up, FDPPI is planning a one day training program at Bangalore on the “Emerging Opportunities for CERT IN Auditors in DPDPA”.

Looking forward to your interest for finalizing the dates and venue. The tentative date is in August first week.

Naavi

The Data Protection Industry in India today is waiting for MeitY to start a discussion on the DPDPA Rules.

Currently there is one section of the market which is convinced that MeitY has shared its draft with a closed group of its trusted international Tech Companies like the Meta, Microsoft and Google through their agents in Delhi and is waiting for their approval. Such approvals can only come from USA, and hence delay is inevitable.

Earlier multiple versions like PDPB 2018, PDPB 2019 and DPA 2021 were rejected because there was no “Consensus” in the Big Tech and their agents in India.

Seeking consensus on DPDPA from this section of the industry is like seeking consensus for the Indian Opposition in the Parliament on any action of the Government. If we want progress, we have to have conviction, act in good faith and move on.

DPDPA is a law that affects organizations other than the Big Techies and hence there are many in the industry who are keen to know the mind of MeitY because the Rules can overnight impose “Potential Financial Risks” that have to be provided for in the books of account. Whether they comply or not, the CFOs will demand provision for potential losses and Insurance to cover the Risks.

Hence it is in the interest of the industry that the current state of uncertainty is cleared at the earliest and Rules are made for the benefit of the larger MSME section of the society rather than the handful of members of the BigTech Association.

For this purpose, the section of the industry who are today away from the policy making group in Delhi needs to be vocal and express their views strongly. An opportunity for such expression is being created by FDPPI by an Industry meet on July 27 at Bangalore which should not be missed by them.

The Current version that MeitY has circulated is not necessarily the ideal set of Rules. But we can take it as the best effort preparation and together help MeitY to improve upon it by participate in the July 27 event and forging a strong response.

This should help MeitY to reduce their dependence on the Big Tech and their agents who are bullies in their own right and want MeitY to be at their beck and call.

FDPPI is now giving a platform to this section of the industry to come together and rally behind FDPPI so that MeitY can be liberated from the shackles placed by the Big Tech.

Let Us meet on July 27 at Bangalore to discuss the “DPDPA Rules” and help MeitY to move ahead. Check out www.fdppi.in and register for your participation. If the industry does not raise your voice, there will be no opportunity to change the course of the Rules later.

Let us not be like the Voters who fall for the “Guarantee Bait” and later complain about raising taxes.

Naavi

The DPDPA 2023 was gazetted on August 11, 2023. However, the Government could not pass the rules and notify the Act before the elections and it is now scheduled for the 100 days agenda of the Modi 3.0 Government.

It is expected that the rules will first be released as “Draft” for eliciting the public response before being notified for effectiveness.

It is very important for all the industries to ensure that they study the rules and record their suggestions before the rules are notified. If they are complacent, it may be difficult to bring changes later.

So far it is the industry has been responsible for the delay in the introduction of the Data Protection laws by objecting to every move made by the Government to introduce the law out of fear of the unknown. We hope the resolve of the Government this time is strong and the notification will go as scheduled.

FDPPI therefore intends that the industry in different sectors study the rules assimilate its consequences and then provide it’s suggestions in time for the Government to accommodate as many views as feasible.

FDPPI therefore has organized a symposium in Bengaluru on 27th July 2024 to collate the voice of the different segments of the industry.

The Venue of the Conference is Suchitra Film Society Auditorium at : 36, 9th Main, B V Karanth Road, 9th Main Road, near Post Office, Banashankari Stage II, Banashankari, Bengaluru, Karnataka 560070.

The tentative program includes discussions in multiple panels as follows:

1. Panel 1: FDPPI: Introducing the observations of FDPPI
2. Panel 2: Health Sector: Impact of DPDPA Rules on Health Sector
3. Panel 3:Fintech: Impact of DPDPA Rules on Fintech Sector
4. Panel 4: Education: Impact of DPDPA Rules on Education Sector
5. Panel 5: Other Industries: Impact of DPDPA Rules on Digital marketing and Manufacturing Sector

The program is a hybrid program with speakers joining from all over India. The feedback received from the industry will be briefly discussed and collated for subsequent submission to MeitY.

Participation is by registration and physical participation is limited. Registration can be made here:

https://www.iletsolutions.com/fdppi_conference

Earlier Articles:

https://www.naavi.org/wp/expected-rules-under-dpdpa-2023/

https://www.naavi.org/wp/dpdpa-rules-the-data-protection-board-of-india/
https://www.naavi.org/wp/dpdpa-rules-consent-manager/
https://www.naavi.org/wp/dpdpa-rules-management-of-data-principals-rights/
https://www.naavi.org/wp/dpdpa-rules-the-significant-data-fiduciary/
https://www.naavi.org/wp/dpdpa-rules-which-provisions-will-become-effective-now/
https://www.naavi.org/wp/dpdpa-rules-publishing-the-business-contact-information-of-dpo/
https://www.naavi.org/wp/dpdpa-rules-data-breach-notification/
https://www.naavi.org/wp/dpdpa-rules-how-will-legacy-data-consent-be-handled/
https://www.naavi.org/wp/will-a-copy-of-draft-notice-be-part-of-the-rules/

Naavi

On June 28, 2024, there was a major Information Security Summit at Bengaluru lead by BSIDES Bengaluru.

Amongst the several things discussed during the conference was also a panel discussion on “Tactics for Combating Privacy Threats” in which the undersigned also particiapted.

During the panel discussion, Naavi highlighted that apart from the threats arising out of new technology being misused by Criminals which get reflected as “Information Security threats”, it is necessary to recognize the new genre of threats arising to an organization due to the emergence of Privacy and Data Protection laws.

One of the special features of this new genre of “Regulatory Non Compliance Risk” is that it may materialize even when there is no “Data Breach” and hence the risk management strategies need to be addressed differently from the exisitng practices.

Further, Naavi highlighted that it is necessary to recognize that management of “Privacy Threats” include management of a the limitations of the laws of pricacy and its conflict with security practices. An example was cited regarding a common response of organizations who refuse the identity of the sender of a message to a recipient when the message itself is an object of an offence such as a phishing email or a message.

Naavi also highlighted that there are limitations to the use of technology in automating compliance through technology artifacts which need to be recognized since “Legal Compliance” is not a “Binary Solution” and involves human interpretations.

Naavi believes that with the advent of DPDPA the obligations of organizations have taken a new dimension and it is necessary for them to identify new frameworks such as DGPSI to remain compliant.

The interaction with the audience was very engaging.

FDPPI took the opporutunity to congratulate the organizers and more particularly Ms Sujatha Yakasiri, the founder of BSIDES Bengaluru for the successful orgaization of the event.

Naavi