#DataProtectionTop10
Part 6 of our series on the Personal Data Protection Bill focuses on data localisation. What happens to the Internet's open nature? How does the Government decide which data is restricted? How is your privacy affected? A thread. 1/n internetfreedom.in/dataprotection…
There are two kinds of personal data with location restrictions:
a. sensitive
b. critical
As per Clause 33, when sensitive personal data is transferred outside India with explicit consent, a copy of such data shall continue to be stored in India. This is data mirroring.
2/n
However, critical personal data is strictly localised, and may be stored and processed only in India. It may be transferred only for prompt actions, or if the Central Govt. decides at its discretion that it doesn't affect State security and strategic interests (Clause 34). 3/n
The issue: 'critical personal data' isn't clearly defined. As per the Srikrishna Committee, it will include all kinds of data integral to the economy and State functioning. It may include health, transport, Govt. services, etc. even surpassing the scope of personal data. 4/n
Not only would this deter foreign companies from servicing India, it would disallow Indian start-ups from using foreign cloud storage services. This hampers innovation and for very overbroad concerns of 'foreign surveillance.' Ironically, domestic surveillance is our concern. 5/n
Further, data localisation in a few centres across India instead of scattering data storage globally leads to a greater risk of cyber attacks on this data. Just like putting all our eggs in one basket! 6/n script-ed.org/article/data-l…
We recommend that our data protection law should incorporate a protection framework, like Japan. India should abandon the data sovereignty approach, so as to ensure the free flow of data and protection of user rights. Read our blog post for detailed suggestions! 7/n
• • •
Missing some Tweet in this thread? You can try to
force a refresh
IT Act 2000, Blocking Rules 2009, Art 19(1)(a), Art 19(2) - none of these allow @GoI_MeitY to request en masse removal of the phrase 'Indian Variant' OR prohibit Twitter's use of the manipulated media tag. We wrote to MeitY about this today. Thread. 1/n internetfreedom.in/meity-asks-soc…
MeitY has issued two letters requesting
(a) all social media platforms to take down content referring to an Indian variant of COVID, and
(b) Twitter to remove the manipulated media tag on tweets by political leaders.
We have several concerns regarding this as outlined below.
2/n
Let's look at the letter on the Indian variant - neither Section 69A of the IT Act nor the 2009 Blocking Rules empower MeitY to request SM platforms for *en masse* content removal. This vague, overbroad request also violates Article 19(1)(a) i.e. freedom of speech, because...
3/n
We are filing RTIs seeking further information under which provision of law are such directions being issued by the Government of India. Further updates will follow.
Update : We have filed RTIs with the relevant government ministries. We will be monitoring @lumendatabase. Government censorship needs to be anchored in a legal power, that is exercised with transparency. To determine legality & safeguard public’s right to receive information.
Further: Our democratic system relies on a system of laws that are constitutionally consistent. Hence, it becomes vital as per the Hon’ble Supreme Court’s judgement in the Shreya Singhal case for directions by a Court or Government of India to be within prescribed jurisdiction.
RTI update: IFF has received a copy of the MoU between @AgriGoI and @MicrosoftIndia for a pilot project in 100 villages. It appears to propose that farmer’s data will be used for identity authentication and mentions a data sharing agreement. Thread! 1/n internetfreedom.in/revealed-minis…
The Agri Ministry signed an MoU with Microsoft for a pilot project in 100 villages in 6 states, so as "to develop farmer interface for smart and well-organized agriculture, including post-harvest management and distribution". See for background: 2/n
Our joint letter with 55 organisations to the Agri Minister emphasised concerns such as exploitation of farmers by procurers, reduced agency on the part of farmers, and inadequate land records. The MoU's analysis has laid these issues bare. 3/n internetfreedom.in/joint-letter-t…
In 2018, we filed six RTIs seeking the number of e-surveillance orders issued by the Home Ministry in 2016-18. The information was denied to us. Two years later, in response to our second appeal, the CIC has held that our request was improperly denied. 1/n internetfreedom.in/iff-keeps-push…
A meaningful discussion about surveillance is impossible without transparency surrounding government surveillance. If received, the RTI responses will support our litigation work and policy analyses on the issue. Here are the questions we asked: 2/n docs.google.com/document/d/1fu…
Though we clearly only asked for anonymised data, the CPIO at the MHA refused it to us citing exemptions under Section 8(1) of the RTI Act which include national security. The First Appellate Authority also rejected our appeal without explaining how harm could be caused.
3/n
Attention, Indian Internet! Recent reports state that the Telegraph Act is going to be updated to include #NetNeutrality considerations. While this is a welcome move, we wrote to @MoitOfficial highlighting issues to consider while drafting the bill. 1/n internetfreedom.in/telegraph-act-…
According to @TRAI, the all-India market share for broadband services is captured by 3 ISPs- Reliance Jio, Bharti Airtel & Vodafone Idea. This threatens the implementation of net neutrality, as powerful players may be less liable to account for our concerns.
2/n
#NetNeutrality implementation has suffered in India due to tensions among the government, civil society & ISPs, who've been trying to evade responsibility & pushing for 'soft touch regulation'. This is why arbitrary website blocking & lack of transparency continues illegally.
3/n
Today, at 11am, we have six appeals listed before the Chief Information Commissioner. These relate to 6 RTI applications we filed in 2018 seeking disclosure of data relating to interception, decryption and monitoring of electronic communication.
Why is this significant?
We want to know the scale of surveillance by the State on citizens. For this, we asked for statistics related to no. of orders issued under the IT Interception Rules.
We have not asked for info relating to the identity of the persons being monitored.
The CPIO, however, sought exemption under the following Sections of the IT Act:
8(1)(a) - Info affects National Security
8(1)(g) - Info endangers life of a person
8(1)(h) - Info impedes ongoing investigation
We filed an appeal against the CPIO’s refusal to provide information.