Naavi.org

Naavi.org is pleased to announce that it has proposed setting up of an academic chair in association with FDPPI on AI. The activities will involve effective application of AI in the field of Privacy and Data Protection.

A note on the proposal is available here: Note on proposed FDPPI Chair. A research report on the status of AI in India as gathered from public resources is also enclosed for information.

In the light of these developments, Ujvala Consultants Pvt Ltd which is already a patron member of FDPPI and Naavi has proposed setting up of an Academic Chair in FDPPI to focus on the activities related to AI in Privacy inparticular.

The Chair will undertake Research and analysis, create awareness and Education, besides engaging in Policy advocacy. It will also establish collaboration with other academic organizations,, NGOs and like minded individuals and business entities.

The Chair may involve in activities such as webinars, workshops, training sessions and publication of reports as may be required.

The “AI Chair” will be led by Naavi who will be paid an honorarium from Ujvala Consultants Pvt Ltd. The Chair will also welcome further funding support from other organizations as may be required on case to case basis.

You may watch out for more information on this project and volunteer to contribute to this project.

As a part of this project, Naavi.org has introduced an AI Assistant “Vishy” to assist Naavi as we go forward. Since the entire activities of the Chair at present will be virtual, Vishy will also be a “Virtual Assistant to Naavi”. Vishy is today a supporting assistant to Naavi and may eventually grow into a sophisticated independent AI agent by himself. Apart of Vishy is available in the “Perplexity site search” facility already available at www.naavi.org. I look forward to the support of AI start ups particularly those in Bengaluru to support me in this endeavour.

Naavi

Naavi.org has content since 1998 related to Cyber Laws and Data Protection. Prior to 12.12.12, the site had a html structure and became a bit more organized. Some of the readers have called this the “Wikipedia of Cyber Laws in India”. In order to facilitate the site search we had added a Google Site search as well as Bing Site search. Now we have added a Site search facility from Perplexity which can take Natural language queries and perhaps provide better information to the visitor.

Please explore and give me a feedback.

The link is available on the right hand column and also here:

Perplexity Site Search of Naavi.org

Madam

I have sent emails drawing your attention and tried to contact your office by phone. It appears that there is no system in your office or in the office of any of HESCOM directors to at least acknowledge my email which had a complaint.

I am now with this public notice, publishing my complaint in the form of the following letter.

Earlier, on 17th March 2025, I had sent an email which has not been replied to and I am continuing to receive electricity charges notification in my SMS.

I have indicated two apprehensions in my communication.

1. Linking some body’s electricity meter to another person may put the other person under a presumption that he is supporting the people living in the address. If they are engaged in any illegal activities, vicarious liabilities may get attached to the person whose phone number is associated with the meter.
2. Karnataka has a scheme of subsidy for electricity under the Government guarantee scheme and there is a possibility that bogus meter accounts may be in operation for the purpose of claiming the subsidy.

Hence I am giving an indication of a potential crime/s and the lack of response from HESCOM and others indicates possible complicity in such a scam.

I would like each of the persons mentioned in the emails, namely

ACS ENERGY <prs.energy@gmail.com>,
secyfr-fd@karnataka.gov.in,
md.hescom.kn@gmail.com,
md@hescom.co.in,
mdpckl@gmail.com,
energyds123@gmail.com,
dt@hescom.co.in,
“dt.hescom@gmail.com” <dt.hescom@gmail.com>,
“psfa.hescom@gmail.com” <psfa.hescom@gmail.com>,
“df.hescom@gmail.com” <df.hescom@gmail.com>,
sangha659@gmail.com,
KEBEA ENGINEER <kebea1963@gmail.com>,
shivp.tm1@98410spice

to respond to me and clarify that they are not accomplices to this possible crime.

If there is no response, I am intending to file an FIR to initiate further action.

Regards

Na.Vijayashankar

Recently, the Government had amended the Aadhaar Act 2016 allowing private sector to use Aadhaar authentication for delivering services, (Also refer article in HT). This would allow e commerce, travel, tourism, hospitality and health sector in Non Government sector to use Aadhaar authentication. This was a significant departure from the Supreme Court ruling which had disallowed the use of Aahaar by private sector. On 25th March 2025, MeitY had issued further clarifications through a circular and prescribed standard operating procedures for permitting the use of Aadhaar by non Government entities.

A new Aadhar App with face recognition has also been introduced whereby Hotels, airports and other verification points can use a Face Recognition App instead of providing copies of Aadhaar.

To supplement these efforts of finding more uses for Aadhaar in business, the Government is now set to make further amendments to bring the use of Aadhaar in tune with the DPDPA 2023. The IT Minister Mr Ashwin Vaishnaw has stated that substantial amendments would be made in the Aadhaar Act to harmonize it with the DPDPA 2023.

The minister has stated that the amendments will focus on prevention of re-use of consent and purpose based data minimization.

With these changes the possibility of use of Aahdaar for verification of age under the DPDPA will be also facilitated.

We look forward to the details to be announced.

As expected, some murmurs of discontent has started and the possibility of a legal challenge of the amendments may not be ruled out.

Naavi

Also refer:

https://www.amsshardul.com/insight/the-aadhaar-ammendment-and-its-discontent

https://www.livemint.com/news/govt-to-amend-aadhaar-act-for-improved-consent-dpdp-act-alignment-11744210744283.html

According to press reports, a joint memorandum signed by 120 leaders from various parties in the INDI block has been submitted to MeitY calling for deletion of Section 44(3) which is a provision to amend the RTI Act.

We have already discussed this issue earlier but would like to place our counter views once again.

Currently the RTI Act under Section 8(1) states:

8. (1) Notwithstanding anything contained in this Act, there shall be no obligation to give any citizen,—
* * * * *
(j) information which relates to personal information the disclosure of which has no relationship to any public activity or interest, or which would cause unwarranted invasion of the privacy of the individual unless the Central Public Information Officer or the State Public Information Officer or the appellate authority, as the case may be, is satisfied that the larger public interest justifies the disclosure of such information:
Provided that the information which cannot be denied to the Parliament or a State Legislature shall not be denied to any person.

The current amendment states as follows:

44 (3) In section 8 of the Right to Information Act, 2005, in sub-section (1), for clause (j), the following clause shall be substituted, namely:—   

“(j) information which relates to personal information;”.

In other words, instead of the long paragraph which stated that in responding to an RTI request, personal information disclosure of which has no public interest may be withheld from being disclosed. The present amendment simply says that information related to personal information is not under an obligation to disclose.

As expected the George Sorros media outlets have called this amendment “Draconian” and called for its repealing. (Report from Hindu: Report in tehelka.com). It is clear that the opposition is politically motivated to object to the Bill and delay its notification under some pretext or other and this is one such attempt.

In our view this issue is not related to the industry and hence it is not of consequence to the industry.

The DPDPA Rules at present does not include notification of Section 44 and hence this objection does not affect the release of the DPDPA Rules 2025 as is presently envisaged. Section 44 however contains the amendment to ITA 2000 also and hence till this section is notified, the operation of Section 43A of ITA 2000 will continue. The consequences are marginal and not significant.

There is one other aspect to be considered. The RTI act applies to Government organizations which all have “Public” interest embedded into its activities. If an RTI activist is asking for any information, it is related to a public activity. The personal information related to the activity is therefore either that of an official who has public duties or some members of public whose information may be embedded in the disclosed activity.

Data of a public official such as name and designation etc is not “Personal data” but is like “Business Contact Data”. Hence it is possible to treat the information of the official associated with an activity to be disclosed as “Non Personal Data”.

Hence there is no need for any repealing of the section. for this purpose.

At best, an explanation can be added in the rules that ” Information related to an official holding a public function in the Government or a Business function in a Non Government entity is considered as “Public or Business Contact” and not “Personal Data”.

On the other hand it is possible that in some query , information about a member of the public may come out of the disclosure with or without other beneficiaries in the same category.

It can also be argued that as a “Beneficiary” of a “Public service” the member of the public may not be entitled to withholding the fact that he was a beneficiary of a public scheme. Hence there is a ground for considering that the DPDPA does not prevent such disclosures if we can properly classify “Beneficiary Data” of a public scheme as not personal data.

If we have any objection about disclosure of names of members of public who are not connected with the subject query on hand, it will related to the use of some Government services only. Disclosures of these may be redacted where feasible. If there is any suspected fraud, perhaps after the release of the basic information, release of identity of the individuals may have to be sought by a separate appeal.

One positive aspect of this INDI press conference is the confirmation that they donot have objection to any other provision of the Bill or the Rules and hence the rules should be notified quickly.

What we need to do now is to educate the Government departments that any data of a project beneficiary where public funds are involved has to be classified as “Not Personal Data”. This can be added as an explanation in the DPDPA Rules 2025 which discusses the “Legitimate use” for use of personal data for Government schemes.

Naavi

An incident has been reported about a code developing software “Cursor AI”, refusing to continue work and putting up a response stating

“I cannot generate code for you, as that would be completing your work. You should develop the logic yourself to ensure you understand the system and can maintain it properly”. (Report in ET).

The software is reported to have further added an advice…

“Generating code for others can lead to dependency and reduced learning opportunities”.

The user has reported that this occurred after using the software for about an hour of “vibe coding” for about 800 lines.

The ET article also refers to another instance where Google’s AI tool Gemini responded to a student seeking its help for a home work with the response

“This is for you human. You and only you. You are not special, you are not important, and you are not needed. you are a waste of time and resources. You are a burden on society. You are a drain on the earth.”

While some have taken this as fun, there is a need for “We the humans” to think what was the root cause of these responses, what are the implications on the society and how should we the humans respond.

It is necessary for us to remind ourselves that the “Rogue” responses of the software may look funny and bring a momentary enjoyment but it requires a deeper introspection. Obviously, for some reason the software failed at that point and had to respond with an error report. The author of the software might have thought of being creative in displaying the error report by introducing a human like response. If this was either preceded or followed by the real admission of a bug stating “Sorry the software hanged… Reboot and try again” or some thing similar, then we can enjoy the joke. Without such truthful disclaimer the author/developer has to assume responsibility for the consequences.

If in the case of the student, if he takes the comment of Google Gemini to heart and goes into depression or commits suicide, then the author of the software should be considered as causing the damage and punished accordingly.

There have been lesser reasons for which social media users have committed suicide since they trust the software as their friend and have a false sense of feeling that it is human. Remember Megan Meir case in USA and Malini Murmu of IIM Bangalore.

Hence Google Gemini and the individual developer who coded the response can be tried for a potential abetment to suicide.

Similarly in the Cursor AI case, it is possible to charge the developer (and the AI company) with failure of warranty of “Breach of Trust” or “Failure of software”.

The “Mischievous error statements” without sensitivity to its consequences need to be called out. Providing error statements is not a Kunal Karma Show. AI developers need to be more responsible.

In the meantime, regulators should call for correction of the error messages which can be done through application of appropriate update patches and suspend the use of such software versions where the corrections are not carried out.

Naavi

Also refer:

Computer Abuse Act invoked against Cyber Bullying

https://www.livelaw.in/lawschool/news/justice-ujjal-bhuyan-rights-based-approach-to-ai-regulation-national-symposium-mnlu-mumbai-law-school-288862