India's incoming data law confers more power than ever to the State for surveillance, with little accountability.

This is a grave concern because the passing of the Data Bill is now inevitable.

Here's a breakdown of how this will happen. Thread.
1/n
internetfreedom.in/dataprotection…
India's State surveillance mechanism hinges on two facts:

1. The government and law enforcement administer a wide range of surveillance projects on citizens.

2. Several provisions under the law empower the State to engage in surveillance.

Now, let's look at data bill.
2/n
1. Under the Data Protection Bill, Clause 35 enables the Central Government to exempt, by order, ANY agency of the government from ANY provision of the Bill, in the interest of reasons such as national security. Remember - these provisions exist to protect your data.
3/n
2. As per the Right to Privacy judgement, anything that intrudes on your privacy must be justified on parameters of necessity and proportionality. Clause 35 replaces proportionality with *expediency*. This opens further doors for the State to justify intrusions of privacy.
4/n
3. When the State releases orders to exempt its agencies from provisions of the bill, they should be in writing and contain reasons. But these are not subject to review! In fact the State determines its own oversight mechanism in this matter, becoming a judge in its own case.
5/n
4. The State can exempt any of its agencies on very ambiguous grounds such as public order or prevention of incitement. For example, nothing would prevent the Centre from invoking grounds of security to exempt the entirety of the NPR from provisions of the Bill!
6/n
5. Under Clause 36, law enforcement agencies are exempt from provisions except the obligation to process your data fairly and reasonably, and to maintain security safeguards. But the Bill doesn't mandate that exemptions should be granted only when necessary and proportionate.
7/n
The Srikrishna Committee's report had warned that ‘the pillars of a data protection law should not be shaken by a vague and nebulous national security exemption’. The Bill does exactly what was feared by the Committee under Clause 35.
8/n
Our data protection law needs surveillance reforms! Exemptions to the State must be restricted, and surveillance by exempted agencies must be authorised by an Act of Parliament and judicial authority. An oversight structure must be made part of the architecture of the DPA.
9/n
Clause 35 can render your rights and protections under the Bill redundant. Mass surveillance is an egregious form of surveillance and is unsuitable in any democratic society. Thus, there needs to be an explicit ban on mass surveillance.

Share this summary on Clause 35!
10/n

• • •

Missing some Tweet in this thread? You can try to force a refresh
 

Keep Current with Internet Freedom Foundation (IFF)

Internet Freedom Foundation (IFF) Profile picture

Stay in touch and get notified when new unrolls are available from this author!

Read all threads

This Thread may be Removed Anytime!

PDF

Twitter may remove this content at anytime! Save it as PDF for later use!

Try unrolling a thread yourself!

how to unroll video
  1. Follow @ThreadReaderApp to mention us!

  2. From a Twitter thread mention us with a keyword "unroll"
@threadreaderapp unroll

Practice here first or read more on our help page!

More from @internetfreedom

26 May
#Fundraiser
We're completely public-funded, so your support sustains us as we try to safeguard your digital rights. We're hosting a fundraiser to grow the litigators digital rights network. Its aim is to expand our strategic litigation resources.
1/n
internetfreedom.in/fund-iffs-stra…
We want to be able to provide legal assistance to groups requesting for specific help, as we strategically engage with courts & other legal institutions to defend our fundamental rights. Through the fundraiser, we hope to cover the annual salary of 1 litigation team member.
2/n Image
Recent instances of our work include - providing legal assistance to @LiveLawIndia (on IT Rules), @FFFIndia (facing website blocking) & supporting journalist bodies in multiple rounds of litigation on internet blockade in Jammu & Kashmir, etc. See:
3/n
internetfreedom.in/legal
Read 5 tweets
26 May
In 2018, we sought transparency on the incoming Data Law. @Gov_Meity refused but the Information Commission directed them to revisit. MeitY reproduced the response CIC had rejected. We’ve now filed a complaint to ensure compliance & acquire information
1/n
internetfreedom.in/meity-response…
The Personal Data Protection Bill (2018) was widely criticised for a lack of diverse expertise in its drafting committee. We filed an RTI requesting copies of the comments the public provided to it and the details of how the committee operated. 2/n
epw.in/engage/article…
The MeitY refused disclosure, without even quoting any provision of the RTI Act! We filed an appeal. The First Appellate Authority sought exemption under S.8(1)(i) of the RTI Act, which states that cabinet papers are exempt from disclosure. Unconvinced, we approached the CIC. 3/n
Read 8 tweets
26 May
Initial Statement : As per news reports Whatsapp has filed a petition in the High Court of Delhi to challenge Rule 4(2) which is the traceability requirement. We still await & IFF lawyers will study the complete petition to indicate any future action. 1/n reuters.com/world/india/ex…
IFF works for the privacy of users. To fulfil its mandate we act as litigants when Whatsapp has undermined your privacy. Objecting to it’s change in terms before the Supreme Court. We have also conduced civic literacy against it’s 2021 changes. 2/n internetfreedom.in/explainer-what…
At the same time, end-to-end encryption in WhatsApp ensures the safety, privacy and security of messages in transmission. As per expert opinion traceability under the IT Rules does not fix any clear problem but will lead to undermining privacy. 3/n internetfreedom.in/iff-files-inde…
Read 4 tweets
24 May
🚨 SOS!

Tomorrow, May 25, is the deadline for significant social media intermediaries like FB, Twitter, and Instagram to comply with new obligations under the IT Rules. If you use social media, pay attention- here's how this will roll out.
1/n
internetfreedom.in/pound-the-alar…
On Feb 25, @GoI_MeitY and @MIB_India issued the contentious and undemocratic IT Rules, 2021. At least 6 writ petitions have been filed before 3 HCs challenging them. We provided legal assistance to @LiveLawIndia in their challenge before Kerala HC.
2/n
internetfreedom.in/intermediaries…
First, what is a social media intermediary?

SM platforms don't generate content - you do. They are simply intermediaries who host it. This distinction helps them avoid liability for your content.

Significant SMIs have >50 lakh users and more compliances than regular SMIs.
3/n
Read 10 tweets
23 May
Too many carbs are no longer not only bad for our health, but also cyber security. Today, the entire Domino’s DB has been exposed and is circulating widely. We are intentionally *not* linking to it since it exposes sensitive personal data. 1/n #SaveOurPrivacy
Such data breaches put you to immense risk. They create threat vectors for financial cyber crimes and also ID fraud. What makes this worse, is the seeming inaction and acknowledgment by data processors who we trust with out personal data. 2/n
Immediate government response is of considerable concern given that there is inaction by @IndianCERT & @GoI_MeitY despite regular and persistent requests by us investigate, provide guidance and lay out a framework for notifications to impacted victims. We urge them to act! 3/n
Read 6 tweets
22 May
IT Act 2000, Blocking Rules 2009, Art 19(1)(a), Art 19(2) - none of these allow @GoI_MeitY to request en masse removal of the phrase 'Indian Variant' OR prohibit Twitter's use of the manipulated media tag. We wrote to MeitY about this today. Thread.
1/n
internetfreedom.in/meity-asks-soc…
MeitY has issued two letters requesting
(a) all social media platforms to take down content referring to an Indian variant of COVID, and
(b) Twitter to remove the manipulated media tag on tweets by political leaders.
We have several concerns regarding this as outlined below.
2/n
Let's look at the letter on the Indian variant - neither Section 69A of the IT Act nor the 2009 Blocking Rules empower MeitY to request SM platforms for *en masse* content removal. This vague, overbroad request also violates Article 19(1)(a) i.e. freedom of speech, because...
3/n
Read 9 tweets

Did Thread Reader help you today?

Support us! We are indie developers!


This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3/month or $30/year) and get exclusive features!

Become Premium

Too expensive? Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal Become our Patreon

Thank you for your support!

Follow Us on Twitter!

:(