Dominos, UpStox, MobiKwik, Facebook, Air India - India's deluge of data breaches shows no sign of stopping.

Today, we want to explain to you why our legal system is not equipped to deal with this situation, and what needs to change.
The rising data breaches in India threaten your safety. Not only do they make your personal information available for anyone on the internet for nefarious uses, their economic impact is tremendous. One IBM study shows that the average breach in India costs Rs 14 crore.
As per the Constitution, IT Act, and common law, data fiduciaries (i.e. companies like Dominos and MobiKwik) who face breaches have a legal obligation to ensure that the personal data in their custody - like your name and address - is safeguarded.

But what's the reality? ->
a. There is no actual legal obligation on such companies to notify you in case a data breach occurs.

While Air India did send across a notification to its customers, MobiKwik chose not to engage at all.

(India needs to consider a Communicate-Comply-Investigate process.)

b. The IT Act provides compensation for negligent handling of *sensitive* data.

But this only includes your passwords, finances, sexual orientation, medical records, and biometrics.

There is no such redressal if your name, email, address or passport details are breached!
c. When breaches take place, proper investigations are not conducted to enable you to claim compensation under the IT Act.

In recent times, @IndianCERT only issued an advisory to Facebook for its breach. W.r.t. other breaches, it is unclear if CERT-IN took any steps.
d. The redressal mechanism is inadequate.

MEITY appoints officers in each state to determine violations under the IT Act. But in cases where data in the custody of the Government is breached (e.g. Air India), there are questions over the independence of these officers.
So what does this mean? There is always a high and consistent possibility of violation of law by data fiduciaries in whose custody data was breached. And the existing legal regime has several lacunae that can be exploited. You, the user, are primarily affected by this.
There are several solutions that can be easily and tangibly implemented to protect your rights. We wrote to @IndianCERT in March and April about them and we've written to @GoI_MeitY @IndianCERT @airindiain with our recommendations and analysis again today.
We have affixed recommendations by @Banbreach in reference to the Air India breach, and are thankful to Mr Kar for providing his insights.

Security researchers, reach us on and for further assistance!
Our team is working hard to make sure that India's data protection regime centers YOU and your rights.

To do this, we need your help. Support IFF today!

• • •

Missing some Tweet in this thread? You can try to force a refresh

Keep Current with Internet Freedom Foundation (IFF)

Internet Freedom Foundation (IFF) Profile picture

Stay in touch and get notified when new unrolls are available from this author!

Read all threads

This Thread may be Removed Anytime!


Twitter may remove this content at anytime! Save it as PDF for later use!

Try unrolling a thread yourself!

how to unroll video
  1. Follow @ThreadReaderApp to mention us!

  2. From a Twitter thread mention us with a keyword "unroll"
@threadreaderapp unroll

Practice here first or read more on our help page!

More from @internetfreedom

10 Jun
Just in: Renowned musician and activist @tmkrishna challenged the IT Rules before the Madras High Court. IFF filed a writ petition on his behalf.

Today, the court has issued notice and given the government 3 weeks to file its counter affidavit.
The new, unconstitutional IT Rules seek to increase government regulation over social media, OTT, and digital news platforms. They have been challenged before other High Courts including Kerala HC where we represented @LiveLawIndia in their petition.
TM Krishna's petition challenges the IT Rules on 5 major grounds: they violate the fundamental rights to freedom of speech, to practice any profession, and to privacy. They are arbitrary and suffer from excessive delegation, and are ultra vires the IT Act, 2000.
Read 6 tweets
27 May
We have been at it on the #ITRules

So a master thread if you really want to understand it in depth.

Right before they were to be released we got advance copy of the draft and dissected it first. We cautioned how they are just plain terrible. 1/n…
That very day on Feb. 25 the #ITrules were notified *sigh*. There were some minor tweaks which made them worse! We use these words carefully, these rules are undemocratic & unconstitutional. They erode you free speech and privacy. How? Click below. 2/n…
Many people are talking about WhatsApp’s case but the first sector which took #ITRules to court were digital news publishers like @LiveLawIndia. Why? It put them directly under the control of the Ministry for I&B. We assisted in a court challenge! 3/n…
Read 6 tweets
27 May
When asked who funds us and whom we represent, our answer is easy - "the people of India!" Become an IFF member to join us in safeguarding online freedoms resisting surveillance to secure YOUR digital rights. Sign up for our membership and amplify:
Our salaries depend on your donations. We also acquire tech support, work on policy interventions and strategic litigation, and promote digital literacy with public funding. Contribute to the ongoing strategic litigation fundraiser here:
We rely on the support of our members who donate to us on a monthly basis, as our members are the core of our work ethos and funding culture. Our membership tiers start as low as Rs.100 up to Rs.2000 per month. As we sustain your digital rights, 300 members sustain our work!
Read 5 tweets
27 May
We're back with the 2nd edition of Cybersec Charcha! We are taking a deep-dive into the booming and unregulated ransomware industry. We explore what a ransomware attack means and the dangerous, real-world consequences these attacks continue to have.
Ransomware attacks typically infect the computer with malicious software, often downloaded by clicking on untrustworthy links on the internet. Users are locked out of their systems, with the demand that a ransom be paid for restoration of functions.
The ransom can be as hefty as 5 million USD (75 bitcoin), which Colonial Pipeline, an oil transport company, paid to the 'DarkSide' ransomware group. They hacked the company's business networks around May, leading to fuel supply disruptions in the US.
Read 6 tweets
26 May
IFF and @AshaKisanSwaraj are hosting a webinar "Understanding the Government's Digital Push in Agriculture". We'll be analysing the #AgriStack and the impact of privacy erosion on farmers’ lives. Join us at 3 pm on 28th May, Friday!
The Government has begun increasing digitisation in agriculture. The thrust seems to be to develop #AgriStack, a platform which has data about farmers integrated from various sources. In this webinar, we seek to better understand what exactly the implications might be.
Our exciting line of speakers includes @drvandanashiva @Ajayvirjakhar @farmernomadic @FarmerMehra @logic and experts from @WGWLO1 @Krishak_Samaj among others! The event is estimated to take 2.5 hours, and it will be translated into Hindi as well.
Read 5 tweets
26 May
We're completely public-funded, so your support sustains us as we try to safeguard your digital rights. We're hosting a fundraiser to grow the litigators digital rights network. Its aim is to expand our strategic litigation resources.
We want to be able to provide legal assistance to groups requesting for specific help, as we strategically engage with courts & other legal institutions to defend our fundamental rights. Through the fundraiser, we hope to cover the annual salary of 1 litigation team member.
Recent instances of our work include - providing legal assistance to @LiveLawIndia (on IT Rules), @FFFIndia (facing website blocking) & supporting journalist bodies in multiple rounds of litigation on internet blockade in Jammu & Kashmir, etc. See:
Read 5 tweets

Did Thread Reader help you today?

Support us! We are indie developers!

This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3/month or $30/year) and get exclusive features!

Become Premium

Too expensive? Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal Become our Patreon

Thank you for your support!

Follow Us on Twitter!