India's incoming data laws need our serious attention NOW.
The Joint Parliamentary Committee is all set to table their comments within the next few days, & you deserve to know: What are its glaring issues? How can we make it better? 🧵 1/n #MonsoonSession internetfreedom.in/update-indias-…
Is India's incoming data law secure? Is it enough? Does it really protect you?
Now, the recommendations of the JPC will probably be considered, and the Bill itself may be passed. We're keeping our eyes peeled! But the story isn't over just yet.
Due to the cabinet reshuffle, multiple positions lie vacant in the JPC, including that of the chairperson! 3/n
Additionally, here's a scoop: the report may substantially expand the scope of the Bill to include non-personal data, a *major* missing component of the current Personal Data Protection Bill 2019! But, but, but... the framework may be unconstitutional. 4/n hindustantimes.com/india-news/cab…
Why?
1. Overbroad definitions! What is 'personal'? What is 'non-personal'? What's the relationship between the Bill and the framework? Does it protect your data privacy and security? (nope) 4/n
2. What is non-personal data? It's mostly just personal data that has been "anonymised", and the risk of *de-anonymisation* is high — given that today's internet makes true anonymity close to impossible. We must create strong safeguards against this risk. 5/n
3. Your data may be exploited... against your interests. Entities should *not* be given a free hand to collect your data and use it for their own interests, and they *must* prioritise YOUR consent. 6/n
That's why these issues must be resolved ASAP:
a. Fill up JPC vacancies! It's urgent, and the Speaker must focus on this.
b. Some suggestions will be accepted and some won't be. We deserve to know why. 7/n
c. Lastly, accepting the 'non-personal' data framework changes the incoming data law substantially, i.e A LOT.
As a democratic country, this can't be heaped on us. We need fresh consultations to inspect the multiple issues that may be thrown up by this integration. 8/n
At IFF, we're fully funded by the people of India. Help us advocate for your fundamental rights in a digital India!
As #Pegasus trends today, we move beyond sensationalism for truth. In 10 tweets, we verify each statement the IT Minister, Ashwini Vaishnaw, made before the Parliament today on the #PegasusProject row and surveillance revelations by media groups, including @thewire_in.
1/10 👇
On the number of individuals who were spied upon through #Pegasus.
For over 20 days, Muslim women in India were "auctioned" on a @github platform. But the Islamophobic, misogynist nightmare isn't over just yet, and the authorities can deal with it better. Here's how 🧵 1/n
In early July, the issue appeared in the public eye when multiple accounts posted screenshots of the application. It randomly assigned you a Muslim woman as the 'deal of the day'. To say that it was objectifying & demeaning would be an understatement. 2/n
As a result of the public outcry, @github removed the application, @NCWIndia took suo moto cognisance, and @DCWDelhi issued notice to the @DelhiPolice. The Cyber Cell of Delhi Police registered FIRs under S.354-A of the Indian Penal Code. 3/n
On July 18 '21, @thewire_in as part of the #PegasusProject revealed that 300+ verified Indian mobile numbers were targeted by Israeli spyware firm NSO (of #Pegasus fame), that supposedly sells only to verified government clients. 1/n
A leaked database (with over 40 Indian journalists' numbers) accessed by @FbdnStories + @amnesty led to this explosive claim, & forensic analysis confirmed that #Pegasus was used to target at least 10 Indian phones, which included @svaradarajan@paranjoygt@mkvenu1 & others.
2/n
The Govt. of India has responded to #PegasusProject inquiries on the alleged hacking, mentioning that any interception, monitoring or decryption carried out is done as per the due process of law.
However, this response is massively insufficient. 3/n
According to a July 15, 2021 report published by the @washingtonpost, an Israeli hacking-for-hire firm Candiru has helped government clients spy on more than 100 victims around the world including human rights activists and journalists.
According to a @citizenlab report, Candiru has helped governments in Israel and the Palestinian territories, Iran, Lebanon, Yemen, Spain, the United Kingdom, Turkey, Armenia and Singapore target dissidents & adversaries.
Candiru’s spyware can reportedly infect and monitor iPhones, Androids, Macs, PCs, and cloud accounts. There are existing concerns in India about the use of similar spyware (Pegasus) supplied by the Israeli firm NSO to target human rights defenders.
Guess what? 2 million accounts were banned by WhatsApp in 1 month.
Yes, you read that right. 2/n
Here's more: The government issued over 40,300 orders between July and December 2020. This affected over 62,754 Indian users in just 6 months, or an average of 10,000 Indian users every month. 3/n
Today, we look at India's new Health Data Management Policy. How well does it do on protecting the people's consent, data privacy and security? Is it inclusive, coercive, or too lenient with the private sector's access to your health data?🧵
First, some positives: the HDMP centres privacy, user autonomy, and explicit & informed consent as its guiding principle. It gives certain rights to users on their medical data, including the rights to determine if they want their data erased or accessed by certain entities.
2/n
But if you've had the #CovidVaccine - you'll notice a Unique Health ID number has been issued on the certificate without consent or any prior information. This is at odds with the consent framework the Health Data Management Policy claims to uphold. 3/n