Share this page!

Internet Freedom Foundation (IFF) Profile picture
Twitter logo
3 Apr, 12 tweets, 4 min read
Mega thread ✨

Are you confused about the Personal Data Protection Bill, and don't know where to start? We're on a mission to #StartFromScratch and break down components of the bill for your knowledge.

Follow this thread closely. Ready? Let's go!

1/n
 internetfreedom.in/startfromscrat…
In part 1 we discussed the need for a data protection bill in today's digital world. We provided historical context and hinted at some of the concerns that have been raised about it. In part 2 below, we discuss the bill's basic elements and provisions.
2/n
Let's begin with the basics - the most important definitions. Given the example that you're a Facebook user, you are called a "data principal". Facebook is the "data fiduciary", and the entity that processes your data for, say, advertising purposes is a "data processor".
3/n
Next we understand data categories. Most provisions deal with "personal data" because the bill doesn't apply to "anonymised" data.

(Clause 91, however, empowers the Central government to ask fiduciaries (like Facebook) and processors to provide anonymised data).

4/n
Now, who will enforce this law?
A "Data Protection Authority" will be the main regulator. Its will protect your interests and ensure compliance with the Act. For example, it can ask fiduciaries to provide any relevant info and issue directions which they must comply with.
5/n
What are YOUR rights?
Your personal data can't be processed without informed consent which is valid only if it is freely given, clearly expressed, and capable of being withdrawn. But consent is bypassed in case of unlawful activities, security, and search engines operation.
6/n
You have the right to obtain your personal data and a summary of activities performed on it, correct/complete/update it, receive it and transfer it to any fiduciary, restrict it if it is no longer necessary. Please refer to the blog post for more details on your rights.
7/n
Now in your interest, data fiduciaries (again, like social media platforms) have certain obligations imposed on them. Each data fiduciary must implement a privacy-by-design policy that explains how your privacy and data security is going to be ensured throughout processing.
8/n
Fiduciaries must make some info available to you, like categories of personal data generally collected, manner of collection, purposes for which personal data is processed, categories processed in exceptional situations, and the procedure for your exercise of your rights.
9/n
Fiduciaries and processors must implement security safeguards:
- De-identification, encryption, etc
- Steps to protect integrity of personal data
- Steps to prevent misuse/unauthorised access/destruction/etc of personal data
- Periodic reviews of their security safeguards
10/n
Lasly, the Bill provides for a variety of exemptions, many to the government. These are some of its most criticised sections, and rightly so. Take a look:
11/n
We hope this was helpful in furthering your understand of the Bill! In the next edition, we're going to do a deep dive into the many challenges of the bill, and how the movement for #DigitalRights in India can address them.

RT, like, share, and ask us questions!
12/n

• • •

Missing some Tweet in this thread? You can try to force a refresh
 

Keep Current with Internet Freedom Foundation (IFF)

Internet Freedom Foundation (IFF) Profile picture

Stay in touch and get notified when new unrolls are available from this author!

Read all threads

This Thread may be Removed Anytime!

PDF

Twitter may remove this content at anytime! Save it as PDF for later use!

Try unrolling a thread yourself!

how to unroll video
  1. Follow @ThreadReaderApp to mention us!

  2. From a Twitter thread mention us with a keyword "unroll"
@threadreaderapp unroll

Practice here first or read more on our help page!

More from @internetfreedom

Internet Freedom Foundation (IFF) Profile picture
2 Apr
In 2018 @GoI_MeitY refused to provide us with public consultation comments on the Data Protection Bill in response to our RTI request.

After 3 years of pursuing this, the Central Information Commission has held that MeitY's denial is grossly improper.
1/n
 internetfreedom.in/persist-transp…
The RTI reply stated that the comments were confidential, but the CPIO did not cite any provision under section 8 of the RTI Act, 2005 to support this. Thus, the refusal was without basis and illegal.
2/n
 indiankanoon.org/doc/758550/
So we filed an appeal before the First Appellate Authority.
The FAA replied that the information can’t be shared under section 8(1)(i) of the RTI Act.

But this section provides exemptions for cabinet papers, and doesn’t apply to our request!
3/n
 indiankanoon.org/doc/93879/
Read 6 tweets
Internet Freedom Foundation (IFF) Profile picture
1 Apr
Thread!
As election fever rises and #Kerala #TamilNadu and #WestBengal go to the polls, we're bringing you an analysis of manifestos of major parties on their commitments to tech innovation, digital rights, internet access, privacy and cybersecurity.
1/n
 internetfreedom.in/2021assemblyel…
Despite a rising number of young voters and Indian internet users, political parties have been slow to move on digital rights. Before the 2019 general election we drafted an agenda making an appeal across party lines to prioritize digital rights.
docs.google.com/document/d/1AX…
2/n
Following are our key learnings surrounding the promises made by political parties. We follow a model in which a “+” indicates a positive move, “-” a negative one, and “?” indicates one which does not present a clear foreseeable consequence or is ambiguous.
3/n
Read 10 tweets
Internet Freedom Foundation (IFF) Profile picture
31 Mar
#MobikwikDataLeak
We have written to @IndianCERT asking them to initiate an inquiry over the Mobikwik data breach under Sec. 70B(6) of the IT Act. We lay out 5 steps MobiKwik must take to alleviate the situation. Pls read and RT for public knowledge.
1/n
 internetfreedom.in/mobikwik-data-…
Over 8.2 TB of data of MobiKwik users has reportedly been put on sale over the dark web with an asking price of 1.5 Bitcoin (~ INR 65 Lakhs). The leak includes KYC, passport, address, email, phone number and aadhar card details of 10 Crore Indians.
indianexpress.com/article/techno…
2/n
MobiKwik's denial has been countered by independent researchers who indicate that a breach has occurred. MobiKwik also reportedly sought help from Amazon last month after they discovered that someone outside the organisation downloaded their S3 data.

3/n
Read 10 tweets
Internet Freedom Foundation (IFF) Profile picture
30 Mar
Thread: Facebook has announced a Human Rights Policy which will be applicable to all FB, WhatsApp, and Instagram users. We analyse this new policy in India's context, and call on FB to improve its practices openly and transparently for Indian users.
1/n
 internetfreedom.in/facebook-human…
FB outlines its commitment to the UN Guiding Principles on Businesses and Human Rights. Given that FB has been criticized for aiding human rights violations for years (scoring a mere 45/100 on the RDR index), the policy is too little, too late.
2/n
 rankingdigitalrights.org/index2020/
1. FB has committed to protecting privacy on WhatsApp, saying it won't give governments access to people’s data. The IT Rules, 2021 require traceability of information originators which may affect encryption so this is welcomed. But the Policy is insufficient on many fronts:
3/n
Read 10 tweets
Internet Freedom Foundation (IFF) Profile picture
28 Mar
Thread on COVID-19 surveillance:
On May 28, 2020, we filed an RTI request with @BECIL_India on their tender to procure a Personnel Tracking GPS Solution and a Covid–19 Patient Tracking Tool. These surveillance measures impinge on rights of privacy, autonomy, and dignity.
1/n
We did not receive a reply. Then on October 30, 2020 we filed a first appeal against them and still did not receive a reply. Our last step in the matter was to file a second appeal with the CIC on December 12, 2020.

In 2021, BECIL has finally replied to our first appeal.
2/n
They state that procurement for the two items has not been done till date. Further, they have also stated that since this project is still at the Expression of Interest stage, a cost-benefit analysis is not required.
3/n
Read 7 tweets
Internet Freedom Foundation (IFF) Profile picture
27 Mar
Breaking: Via an RTI filed with @MIB_India, we obtained 112 pages of complaints filed against Tandav. Sent 40 days before the IT Rules came into force, they triggered OTT censorship in India. Our policy analysis of grave implications on free speech.
1/n
 internetfreedom.in/tandav-case-st…
All of the complaints follow a template.
1. They've been filed majorly in Hindi and English.
2. Almost all were filed in the 3 day span of Jan 16 to Jan 18 2021.
3. Many include similar objections (even language) clustering around hurt religious sentiments.

Read one here:
2/n
After the complaints were filed, the creators apologized and removed controversial scenes, but multiple FIRs were filed against them.

People went on demanding that censorship and criminal penalties be imposed on OTT platforms. On Feb 25 2021, the government did exactly that.
3/n
Read 8 tweets

Did Thread Reader help you today?

Support us! We are indie developers!

This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3/month or $30/year) and get exclusive features!

Become Premium

Too expensive? Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal Become our Patreon

Thank you for your support!

Follow Us on Twitter!

Like this author's thread?

Get emails when @internetfreedom has new unrolls!

Check out other threads from @internetfreedom!

Read all threads by @internetfreedom