Alabania appoints AI Chatbot as a Minister!

In a surprising move, a Government seems to have taken Governance to ridiculous lengths by appointing an AI Chatbot as a Minsiter.

In the past we  have seen a humanoid robot being given citizenship of a country and another humanoid robot appointed as CEO of a MNC.

Now  we may see more bizarre events of AI becoming ministers in Government.

Interesting but disturbing developments.  Hope these AI devices donot start “Hallucinating”.

According to the Prime minister,

“Diella” will oversee and allocate all public tenders that the government assigns to private firms. “[It] is the first member of government who is not physically present, but virtually created by artificial intelligence,” She will help make Albania “a country where public procurement is 100% corruption-free.”

Also see: Project Syndicate

 

Naavi

Posted in Privacy | Leave a comment

More Systems declared as Section 70B protected systems

In the recent gazette notifications, Government of India has added two Airport terminals namely Delhi International Airports Ltd   and GMR Hyderabad International Airports as part of “Protected Systems” under section 70B of ITA 2000.

Additionally following entities have also been declared Protected systems in different categories.

1.Bandhan Bank 

2.Jammu and Kashmir Bank

3.South Indian Bank

4.Tamilnadu Mercantile Bank Ltd

5.Punjab and Sindh Bank

6.Government of India e Market place

The implications of this declaration for the organizations is that they are now under direct control of CERT IN for their information security management. Their IS policy needs to be approved by CERT In and a representative of CERT In should in in the IS Governance committee.

For the employees and public it is necessary to consider that any “Attempt” to access such systems outside the permitted mode will be considered as a cognizable offence with an imprisonment of 7 years.

Being declared a “Protected System” is not a feather in the cap of the institutions. It is more an admission that they cannot be relied upon to handle their Cyber Security and needs close supervision.

In a way it indicates that their IS management system is “Sick” and needs oversight from a National security agency. It is surprising to see small Banks like Bandhan Bank in this list.

Naavi

Posted in Privacy | Leave a comment

Eminent Panels : IDPS 2025: Chennai:27th September 2025

The IDPS 2025 (Indian Data Protection Summit 2025) of FDPPI being conducted in Chennai on 27th September 2025 will consist of five different panel discussions namely

1.Global and Indian Legal Landscape
2.Sectoral & Operational Challenges
3.Technology & Tools for Compliance
4.Sectoral Self-Regulation & Governance
5.Looking Ahead: From Awareness to Action

During these five sessions the entire landscape of DPDPA and the Challenges faced by organizations especially with the advent of AI would be discussed by different professionals.

The program will be inaugurated with a keynote speech from Sri H Shankar, MD, Chennai Petroleum Corporation Ltd

A glimpse of the speakers  in different panels are shown below.

We look forward to wide participation from the industry.

REGISTRATION OF DELEGATES is open .

Naavi

Posted in Privacy | Leave a comment

Section 43A of ITA 2000 replaced by DPDPA.. Makes Karnataka caste Survey an offence

Section 43A of ITA 2000 had imposed “Reasonable Security Practices” on any organization handling “Sensitive Personal Data”. Simultaneously Section 43 created a civil liability for unauthorized “Diminishing of the value of information inside a computer resource”, or “Unauthorized access, modification or denial of service” etc. along with invoking Section 66 if there was malicious intention.

With the impending notification of DPDPA, Section 43A will be replaced by the new law with 44 sections. Simultaneously, the Reasonable Security practices under the notification of 11th April 2011 will be replaced by Sections 4-10 of Chapter II read along with rest of the 37 sections.

This means that DPDPA is not a new law. It is an extension of ITA 2000. Currently while we wait for the  rules to be notified, DPDPA is the “Legislative Intention” and therefore “Due Diligence” and “Reasonable Security” under ITA 2000.

Any violation of DPDPA therefore can be considered as a violation of ITA 2000 and civil and criminal proceedings can be raised under ITA 2000.

This interpretation applies even to the powers of the Government as per ITA 2000 and DPDPA which is critical to determine the legal and constitutional validity of the Karnataka caste Survey undertaken by the Government which is under the scrutiny of the High Court.

It is not clear if the advocates challenging the survey have raised the deliberate violation of the proposed  DPDPA (or Section 43A of ITA 2000) have raised this issue nor the High Court will Suo moto consider this impending law.

The hurry with which the Karnataka Government indicates a malicious design to push through the  survey before MeitY releases the notification. However, the DPDPA being an extension of ITA 2000 means that the notification is subject to the “Powers of the State Government” under Section 90 ITA 2000. While I leave it to the eminent advocates representing the casein the Court to develop a detailed argument, I urge the High Court not to rush with its judgement without giving an opportunity to the general public to implead and represent their case.

I therefore request the Court to order a stay on the survey and invite objections to be filed by the public who may not be today represented by the advocates challenging the case now.

If not, High Court should entertain an immediate review petition based on the powers of the Government under the two acts ITA 2000 and DPDPA since the data is meant to be  digitized and used.

The powers of the State Government under ITA 2000 are restricted to implementation of the provisions of ITA 2000 and not to initiate processing of sensitive personal data outside the objectives of ITA 2000. Under DPDPA, the State Government or any of the instrumentalities of the Government require a “Notification” to claim exemption of consent. In the absence of appropriate powers, the collection and processing of sensitive personal data that too of those who are not beneficiaries of the schemes of the Backward Class Commission is ultra-vires the two Acts. It amounts to “Unauthorized” “Access” to “Information” and equal to “Hacking”.

The Backward class commission, its executives and the enumerators will be liable under Section 66 of ITA 2000 for forcefully collecting sensitive personal information meant to be digitized and analysed.

This has to be brought to the notice of the High Court before it takes a decision today.

Naavi

 

Posted in Privacy | Leave a comment

IDPS 2025 at Chennai on September 27

The second leg of IDPS 2025 will take place at Chennai on 27th September 2025 at MMA auditorium in Thousand Lights. It will be a day long program from 9.30 am to 4.30 pm.

Yesterday on 22nd, a Masterclass on DPDPA and the impact of AI was held by Naavi virtually to set the stage for the event.

The program during the event on 27th, will be as follows and consist of a Key Note from Mr H Shankar, MD of Chennai Petroleum Corporation Ltd and four Panel discussions are expected to take place as follows.

PS: Minor changes in the program may be made as required.

Invite participation of Chennai Professionals in large numbers.

Register  here today.

Posted in Privacy | Leave a comment

Introduce Cross Border Data Transfer Restrictions along with duty on data exports

The irrational and abnormal increase in Visa cost to USA has generated a stock market crash in India. The market has perceived that the profitability of Indian companies would be adversely affected due to the increased VISA expense assuming that it is always absorbed by the Indian companies.

We need to get a disclosure from every tech company doing business in USA and sending their employees to work in USA to quantify the VISA related expenses and how their contracts have been structured.

It is unfortunate that most of these  tech companies built their business model with a dependency on “Serving” the US companies and did not try to develop indigenous capabilities in areas such as the Operating systems development or even Social Media services. Most of our big companies were happy with “Manpower supply” rather than product development. Otherwise like manufacturing companies who are able to take advantage of the GST reduction to boost their local sales affected by the US tariff, they also could have switched to Indian markets.

India currently have one weapon in the form of DPDPA and we all know that all big Tech companies  including Microsoft and Google have been collecting personal data far beyond the requirements of their service. Microsoft is even siphoning off all documents created by us using Office and Google has its own collection mechanism. Meta is way ahead of others in permission less personal data collection.

But the lack of substitute services is making it difficult for Indian consumers to switch over. When KOO was being promoted as an alternative to Twitter, Naavi.org had urged Mr Narendra Modi and the Ministers to switch over from Twitter to KOO. But the power of “Swadeshi” in digital/social media was not appreciated by even Mr Modi who has now given a call to the manufacturing sector and consumers of physical products to turn Swadeshi.

It is time now to turn our attention in building indigenous digital facilities so that consumers can switch to swadeshi digital products. Companies like Infosys, TCS etc have enough talent to build the Indian digital infrastructure if they are prepared to shun their “Videshi Vyamoh”.

Government needs to introduce a strict Data Localization under DPDPA and ITA 2000 applicable to both personal and non-personal data. Where time is to be given, India should impose “Withholding tax or Export Duty” for data transferred out of India and give the option to all IT companies both Indian and others to either pay the withholding tax or localize the data in India.

Government should encourage setting up of “Gift City” kind of special zones where the tax structure can be made like a “Free Trade Zone”. I urge Mr Chandrababu Naidu to set up one such zone in Andhra so that industries exiting from Karnataka can switch to Amaravati.

We are aware that Russia has created a “Digital Iron  Dome” so that no data goes out of the country except under the control of the Government. We need to set up a similar “Digital Data Funnel” to ensure that the Export Duty Collection can be efficient.

We are aware that China has  developed its own OS and Social Media platforms. India needs to do the same. In the immediate  future we should adopt OS systems like ZORIN  and Office substitutes like Libre office or  Apache Openoffice  or OnlyOffice.

Ordinary consumers may require some handholding to switch over  to these systems and the integration service may be  provided by the Indian Companies. If Infosys and TCS are not interested, other startups can provide these services. I am sure that the companies like OLA (Refer article Kudos to OLA..for standing up on Principles)  can be encouraged to take up responsibility of accelerating the transition. There are already companies who have substitutes for WhatsApp. I am sure JIO can develop a substitute for FaceBook, Instagram and WhatsApp if encouraged.

I was disappointed that in yesterday’s national address, Mr Modi  did not address the correction measures required for the Digital Industry which will be affected by the VISA fee hike just like tariff on manufacturing companies.

We need MeitY to develop a policy separately to counter the VISA effect on Indian Tech Companies. NASSCOM today is a pawn in the hands of the US based Tech Companies. We need to first have a Indigenised NASSCOM to take care of interests of Indian companies. Either NASSCOM should transform itself or a separate association of Indian IT Companies need to be  developed.

Can we see some initiatives from MeitY in this regard?

Naavi

Posted in Privacy | Leave a comment