Naavi.org

Data Privacy Day is celebrated on 28th January by the international community to raise the awareness of Privacy. India is slowly adopting to the practice.

It is to celebrate this year’s Data Privacy Day that Naavi decided to release the book on “Personal Data Protection Act of India (PDPA2020)” in the E-Book format.

The book is now available on Amazon. It is in Kindle format. But a free Kindle reader is available for all PCs, Macs and Android/ioS Phones. The app can be downloaded from here

KINDLE FREE APP DOWNLOAD

There are a few questions raised from some persons why this book before the Act has been passed. I need to share my thoughts on this.

PDPA 2019 is presently in the form of a Bill which has been referred to a select committee of Parliamentarians for a final review. It is suggested that the review be completed before the last week of the budget session. The Committee has called for a final submission of views from the public within 3 weeks from 22.01.2020.

The stakeholders can send two copies of their comments and suggestions to Dr Ram Raj Rai, the Director of the JPC at the Lok Sabha Secretariat,(at Room No. G-014, Parliament House Annexe, New Delhi – 110001) or email them to jpc-datalaw@sansad.nic.in, or to the JPC chairperson Meenakshi Lekhi at mrs.mlekhi@sansad.nic.in.

It is necessary that the stakeholders understand the bill in detail before sending their suggestions and the debate takes place in a healthy manner without mis-interpretations from vested interests.

For the Companies it is better to start preparing for the emerging law. The professionals who have to start shouldering the responsibility as DPOs also need to start early.

Hence this book is being released in the E Book form quickly and the print version to follow.

The book is now available at Amazon and hopefully it will be of use for submitting the responses to the Government.

Any feedback would be welcome.

Naavi

It is a pleasure to announce that the first book on Personal Data Protection Act of India has been released through Kindle…Amazon.

Kindle version of this book is available at Rs 300/-

The Print version is available both through Notion Press the publisher through the link provided in the home page as well as the E Book page.

The book contains 28 chapters split in to two parts. Part A contains the Personal Data Protection Bill discussed section by section. Part B covers discussions on some key aspects of data protection.

Naavi had published the first book on Cyber Laws in India in December 1999 (Cyber Laws for Every Netizen in India) when the Information Technology Act was yet to be passed. The objective then was to make the details available for use by the Parliamentarians when they discuss the complex law.

A similar objective is behind release of this book on PDPA 2020. Additionally it is expected that the prospective Data Protection Officers in organizations and other professionals like the Advocates, the IT and IS professionals as well as the management professionals are expected to find it more than useful.

The table of content given below indicates the coverage.

Contents
About the Author
Table of Contents
Preface:
Fundamentals of Privacy and Data Protection
PART A:
Chapter I : Preamble, Statement of Objectives and Preliminary
Chapter II: Obligations of the Data Fiduciary
Chapter III : Grounds for processing personal data without consent
Chapter IV: Personal Data and Sensitive Data of Children
Chapter V: Rights of Data Principal
Chapter VI: Transparency and Accountability Measures
Chapter VII: Restrictions on Transfer of Personal Data outside India
Chapter VIII: Exemptions
Chapter IX: Data Protection Authority
Chapter X: Penalties and Compensation
Chapter XI: Appellate Tribunal
Chapter XII; Finance, Accounts and Audit
Chapter XIII: Offences
Chapter XIV: Miscellaneous
PART B 
Chapter XV: The exploding job opportunities for DPOs
Chapter XVI: Required qualities of a good DPO
Chapter XVII: Anonymization of Data
Chapter XVIII: Consent as an Instrument of Privacy Protection
Chapter XIX: Privacy in Public Space
Chapter XX: Conflict with other laws.
Chapter XXI: Towards being PDPA compliant
Chapter XXII Data Audit
Chapter XXIII: Data Trust Score
Chapter XXIV: Personal Data Protection Standard of India (PDPSI)
Chapter XXV: Technology Challenges and Tools of Data Protection
Chapter XXVI: Data Governance
Chapter XXVII: GDPR Vs PDPA
Chapter XXVIII: Naavi’s theory of data
Epilogue

As is usual with Naavi, the book is an expression of the years of experience in the field of Cyber Law and Data Protection and will contain his exclusive views some of which the regular readers of this website are aware.

Naavi has  been conducting web based course on PDPA during which also some of his views have been shared with the limited audience. This book will now be a guide for the DPOs.

As and when the bill is passed a supplement will be published to cover the changes that may occur between now and the passage of the Bill.

You can download Kindle for PC/Mac from here: 

Kindle for Android mobile can be downloaded from Playstore. Kindle for iPhone can be downloaded from the Apple store.

Naavi

P.S:Print version distribution has been affected because of lockdown. Will resume immediately thereafter.

When we look around and see the developments in India, we see a spurt of agitations and oppositions to the actions of the Government. When educated persons and successful professionals, professors in reputed universities, students of advanced legal studies all join chorus with opposition politicians and oppose legislation like CAA, Abrogation of Article 370, Triple Talaq etc., and the Media seems to endorse their opinion,  it appears as if there is an uprise against communalism in the country.

Similarly, when people and organizations oppose the Aadhaar, amendment to rules under Section 69 (ITA 2000), Intermediary Guidelines Notification, or UIDAI’s tender notification for self monitoring in the social media, and now the PDPA 2018 or PDPA 2019, it appears as if there is an uprise against an assault on democracy by the Government.

There is no doubt that the voice of opposition is strong, the gathering of people for CAA protests are impressive and there are some voices from the educated urban class also involved in such protests.  Whether it is Sadguru or Amit Shah these voices will raise in unison to condemn any attempt to support the views of the Government.

If those who support the Government try to hide their expressions for the fear of being defamed by the opposition, then the society may perceive that there are no body to support the Government views and hence what the opposition is saying must be true to some extent.

It is therefore time that such people need to boldly voice their views also. In this context, I would venture to place my views that most of the opposition is not an in principle opposition to either the CAA or Aadhaar or PDPA etc. They are all manifestations of the opposition to Mr Modi not even the BJP. By calling all these efforts as communal and anti Democratic, a narrative is being built that can hide the real intention of the people which is to hate Mr Modi and bring him down if possible.

Again if one wonders why there must be so much hate towards the man who seems to be dedicated to the welfare of the country, the truth stares in the face. The truth is  that the hate for Modi is not because  Mr Modi is fascist or communal but because he has taken to a fight against “Corruption”.  Whether it is demonetization or Linking of Aadhaar to different Government services or the CAA or NPR, the core of the opposition is that the corruption they are indulging in some times in the form of making money directly and some times creating a vote bank to get into power to make money.

The intense opposition to Aadhaar started when the Government made its intention clear to link Aadhaar to the Property ownership which could hurt the holders of benami property. The corrupt but intelligent politicians engaged the various NGOs who were themselves concerned that the money flow from abroad to manipulate the Indian political and religious developments would stop, to raise a more authentic looking opposition to the moves of the Government.  The opposition to Aadhaar, Data Localization in PDPA 2018, surveillance in PDPA 2019 etc are all manifestations of these mechanisations of the corrupt. Unfortunately some have fallen to the trap of this propaganda and taken up opposition to the various legislations under the guise of supporting Privacy or Freedom of Expression etc.

Even the CAA opposition is pure political corruption since the intention of those who oppose is to let illegal immigrants to become their vote banks.

Today, there is a very informative article in epw.in title “The politics of India’s Data Protection Ecosystem” that has traced the legislation of Personal Data Protection bill currently in the Parliament and highlights some of the key issues.

Not withstanding the valuable information that the article contains, the article in its conclusion says “Safeguards for surveillance have received a big blow” and prepares the ground for further debates with the Committee of MPs, which is presently deliberating on the final corrections on diluting the provisions of national security enshrined in the Bill.

While any discussion on improving the drafting of the bill has to be welcomed, we should ensure that the discussion  is held on a fair basis and the genuine interests of the “Security First” school of thought is not ignored. “Security First” principle is that for democracy to survive, first of all we should survive. If any opposition to the Bill is providing strength to the forces which try to destroy the country, we should recognize this before expressing our opposition.

During the struggle for independence, Mahatma Gandhi had several occasions when he suspended or threatened to suspend the agitation for freedom if the principle of non violence is violated. Similarly if the principle of national security is likley to be violated, we should not blindly support the opposition to the Government legislation that are basically meant for assisting the Anti national view point.

Let us therefore keep our eyes and ears open to discuss without forgetting that surveillance is part of good governance and refusing the Government to have some enabling power is like asking our police to use lathis against AK 47 wielding terrorists. We have made such mistakes in the past and we should not do it again.

We must understand that every law can be misused if the police or authorities have no integrity. In the previous Congress Government even the finance minister was subject to surveillance in his office. At that time also there was no law that was supportive of such surveillance. Mrs Indira Gandhi imposed emergency and suspended all Civil Rights misusing her powers. Such instances can only be corrected if we bring ethics into politics and prevent vote bank corruption.

The spirit of “Equality and Justice for all” which was enshrined in our constitution has long been forgotten and though people swear by the constitution to oppose surveillance, they forget that “Providing Security to all the Citizens” is a duty cast on the Government and it is the fundamental right of every citizen to ensure that the Government takes such measures as are required to provide safety to its citizens.

If this safety requires CCTV vigilance, or if it requires exemptions from obtaining consent before conducting intelligence activities , we should recognize that there has to be a legal enablement for the Government to do its duty. Any opposition to the surveillance aspects of the PDPA 2019 should be moderated in this context.

We should not expect the Government to secure our society with its hands tied behind its back with Privacy regulations that ignore the security interests.

Naavi

After the use of FASTag was made mandatory for toll payments, several service providers came up with a proposal to provide the FASTag stickers including some banks. When the original date for introduction was set as December 15,2019, there was a rush for the purchase of the tags and Banks fixed a price of around Rs 500/- for the issue of the stickers.

ICICI Bank was one such Bank which offered the FASTag sticker at a price of Rs 499.12. The service was provided through the website of ICICI Bank and hence customers of ICICI Bank presumed that it was one of the ancillary services offered by the Bank and opted for it.

However, in the case of the undersigned it has been a bad experience with ICICI Bank, where after registering for the service on November 20 2019, specifically for the vehicle owned by the undersigned, the Bank and/or its service provider failed to provide the sticker within the one week period promised or until now.

When a subsequent Banking ombudsman complaint was raised after waiting for one month, the Bank is providing an excuse that the documents uploaded did not match the registered details but has failed to specifically indicate what is the difference.

The Bank is unable to say X was the data uploaded and Y was the data registered and S does not match with Y.

Instead, the Bank has been sending repeated replies on the twitter handle @ICICIcares that a team has been assigned and they would reply. It appears that the reply is being generated automatically by a robot and no sensible and responsible human executive is aware what is the dispute raised.

This is how AI and Chat robots are being used in a manner that it defeats the very purpose for which they are sought to be used. Even the onsite help of ICICI Bank is managed by a chat bot which is not configured to understand the queries of this nature and does not even escalate failed queries to human supervision.

ICICI Bank has allocated a relationship manager with an e-mail address @icicibank.com which does not receive e-mails from senders with external e-mail addresses such as gmail.

Overall, the dispute resolution practice of ICICI Bank is a demonstration of how the AI technology should not be used.

I have now demanded the cancellation of the transaction and filed a complaint with the Banking ombudsman.

I now await and see how RBI’s Ombudsman  responds to the complaint.

In the meantime, I would like Mr Nitin Ghadkari to reflect how his decisions are causing many problems to people and his failure to take responsibility for proper implementation is reflecting as a failure of the Modi Government. It is important that individual ministers of the Modi Government need to take responsibility for their decisions to ensure that they donot become enemies from within to the Modi Government by their irresponsible handling of decisions that affect the common man.

In the meantime I would like to advise members of public to avoid using ICICI Bank services for FASTag not only because the system must be having some bugs but more so because their grievance handling system is unacceptable.

I would not be comfortable to ignore the registration made with one vendor and buy the tag again from another vendor as this may keep duplicate FASTag stickers in use for the same vehicle number and facilitate fraudsters to use the sticker with a duplicate number plate and commit frauds.

I am sure that Mr Nitin Ghadkari has not considered the Frauds that can be committed if a FASTag is duplicated. I am not sure if the FASTag readers in tools verify the tag details independently with the reading of the number plate and identify if there is a difference.

I would like the transport department to confirm if all the RFID readers in the tolls that accept the FASTag are synchronized with a number plate reading system and raise alarms in real time when there is a difference.

Naavi

The year 2000 was the year of the Cyber Law in India with the notification of the Information Technology Act 2000 (ITA 2000) in India.

Year 2009 saw ITA 2000 acquire a information security outlook with the amendments of 2008. That was when Section 43A, Section 72A, Section 67C, etc regarding data protection came into the law.

Now Year 2020 which was a special year marked for development by the late Dr Abdul Kalam, promises to be the year of Data Protection with the Personal Data Protection Act (PDPA) expected to be passed some time in February.

As the year 2019 comes to a close, it is good to take a glance at what has gone by in Naavi.org and its associated activities.

When 2019 started, the draft of PDPA 2018 was already available for discussion and two notifications of the Government namely the Intermediary guidelines and Section 69 notification were under intense debate.

The year started with Naavi unraveling the “Data Trust Score Model” as a suggested methodology to make a quantification of the compliance status of a data fiduciary under the proposed PDPA 2018. The system was explained over a series of articles.

Naavi also placed some suggestions regarding the intermediary guidelines  including a system of “Intermediary Dispute Resolution Policy” to be voluntarily adopted by the industry like the UDRP/INDRP schemes for domain name dispute resolution.

January 10 was also a historic day for the observers of Cyber Crime jurisprudence in the country as TDSAT upheld the earlier adjudication verdict in the case of S. Umashankar Vs ICICI Bank.

In February, Naavi launched the Personal Data Protection Standard of India (PDPSI) in a bid to develop a open standard for compliance of PDPA.

In the month of March, an important one day workshop was held in Chennai on Section 65B of Indian Evidence Act. The Foundation of Data Protection Professionals in India inaugurated its Chennai chapter and Naavi released the print version of his book “Section 65B of Indian Evidence Act clarified”

In the month of April, Naavi expanded his thoughts on the PDPSI through a series of articles all of which are consolidated under www.pdpsi.in Naavi also announced his book on Personal Data Protection Act as part of his training program on PDPA.

In May 2019, a renewed fight ensued on Bitcoin which continued through out the year and may continue into 2020 also as the bill on banning bitcoin may come to the fore in 2020.

June 2019 saw some attention focussed on Cyber Insurance  which continued with a couple of visits to NIA for lectures and interaction with the Insurance industry practitioners.

July 2019 saw the controversial Shafi Mohammed order of the Supreme Court  on Section 65B referred to a higher bench and the continuation of the fight against Bitcoin. The Aadhaar Amendment Act was also passed during this period.

August 2019 saw Naavi.org highlighting the  Trans union-CIBIL take over and flagged the possibility of irregularities. This was also the month when India integrated Kashmir with the abrogation of Article 370 of the constitution.

September 2019 saw  the  setting up of an expert committee on Data Governance and a discussion on Data Productivity vs Data Security, Data Governance law vs Data Protection law etc. This discussion will gain momentum perhaps some time in 2020 when the committee would submit its report. The month saw a new thought on Data being brought into discussion by Naavi in the form of “Atomic structure of data”.

October 2019 was the time when Naavi espoused a new thought “The New Theory of Data” in an attempt to bring more clarity to the concept of Data as seen by a technologist and a legal professional. Based on three hypotheses of “Additive value”, “reversible life cycle” and “Data is in the beholder’s eyes” Naavi is placing before the academic world a thought for discussion which should be useful in future to interpret the data protection regulations and guide it towards a form in which different stake holders can understand the issues with better clarity.

November 2019 saw the announcement of an online course on PDPA by Cyber Law College which is a an important development defining the future course of education in PDPA. FDPPI also participated in the certification process of such programs both for offline and online programs opening up a new era in the Data Protection domain in India.

Finally coming to December 2019, we saw a revised version of PDPA being presented in the Parliament and referred to a select committee. The version now available on www.pdpa2019.in was the basis of the course which Naavi has been conducting now.

Thus 2019 has been an eventful journey for Naavi and 2020 when PDPA may become a law could be even more eventful.

Let’s welcome 2020 with the hope that  prosperity will dawn on the country.

Naavi

A news report has been received that the National Power Training Institute, of the Ministry of power, Government of India is set to conduct a series of training programs ostensibly on “Block Chain”.

The Bitcoin community is going ga-ga about the development and headlined an article  “Indian Government’s Institute offers Block chain training in multiple cities”. 

Three programs have been scheduled according to the report on January 6-10 at Nangal, February 17-21 at Delhi and March 16-20 at Shivpuri.

The content of the program indicate sessions on Bitcoin and Mining with hands on sessions.

It is obvious that the promotion of “Block Chain” is a disguise to promote Bitcoin and in as much as Bitcoin and other Crypto currencies are considered the currency of the criminals and the Government is in the process of passing the bill for banning Crypto currencies and make it a criminal offence to conduct any transactions with crypto currencies, it is surprising and disappointing that an arm of the government of India should be devoting time and money on conducting such programs.

Conducting such programs for students and professors etc has no relation to the working of the power ministry and it is obvious that the resources of the power ministry are being diverted to this project because of the lobbyists from the Bitcoin community.

I have drawn the attention of the Minister of State in the Power ministry, the secretaries of Home and the IT and hope that this series of programs are cancelled forthwith.

Block chain may have some use cases in the power ministry but it is important to recognize that if Crypto currencies are made legal, India would be diverting a vast amount of power to the Bitcoin mining.

According to one estimate Bitcoin energy consumption presently is around TWh 45.165 and expected to reach around 73.12 TWh in 2020 which is comparable to a country like Austria. The carbon footprint at 34.73 Mt of Co2 is comparable to the carbon print of the entire country of Denmark and the e-waste generation at 9.62 kt comparable to the e-waste generation of Luxembourg.

Naavi.org has brought to the notice of the public several articles on bitcoin including he possible disastrous impact on the country.

I wish the Ministers and officials involved in the Ministry of Power, Home and IT wake up to the warnings and ensure that all training programs for promotion of Crypto currencies directly or indirectly indicated in the bitcoin.com article are stopped forthwith.

It would be better if the Home ministry and the IT ministry send out a suitable circular to other ministries to prevent such programs being conducted under the patronage of the Government.

Naavi