Our latest in the #PrivacyOfThePeople series is out now, and this time we've focused on digital lending apps (both 'legal' and 'illegal') — the information they collect, the lack of regulation, and how the PDP Bill comes into the picture.
After the pandemic began, illegal digital lending apps started offering unsecured loans to desperate borrowers. Interest rates (60-100%) and tenures (7-10 days) varied widely — no KYC. Extensive data was collected from phones & borrowers were harassed. 2/5 restofworld.org/2021/debt-and-…
Although digital lending apps fill a genuine market gap by offering credit to borrowers traditionally left out by financial institutions due to a lack of formal credit history, this may come at the expense of privacy and consumer welfare in India.
Some issues 👇🏽 3/5
So does the PDP Bill stand up to these challenges? Here's what it does 👇🏽
➡️ Recognises automated decision-making, but doesn’t provide adequate safeguards against its harms.
➡️ Does not entitle you to be informed about automated decision-making, seek explanations, or object. 4/5
In order to maintain user privacy and further true financial inclusion here, we must:
- Strengthen user data rights
- Mandate fair & transparent decision-making processes
- Enact strong regulations to oversee the digital credit market.
#Tripura police has asked Twitter for personal details, like IP and linked phone numbers of multiple users — including lawyers & reporters — under a flimsy excuse: 'potential to flare up communal tension'.
Here's why this is patently illegal. Thread 👇🏽 1/n internetfreedom.in/iff-questions-…
Information sought: browsing logs, IP addresses from which the users had logged on, mobile numbers (including verified numbers added for security reasons), and accounts that users had linked into their Twitter account.
2/n
This notice is patently illegal as Section 91 of the CrPC does not empower police authorities to block online content, but only enables the production of a document necessary for investigation or inquiry. The power to block online content only exists u/s69A of the IT Act. 3/n
After massive furore and backlash, the first FIR in the incident was registered — 6th July '21. On 8th July, @NCWIndia and the DCW also took suo motu cognizance, while the @DelhiPolice registered another FIR. 3/6
By now, you must have seen the horrifying videos of @hydcitypolice unlocking people’s phones and searching their chats for keywords like ‘ganja’ and ‘weed’.
We’ve assisted @digitaldutta in sending a legal notice to the #Hyderabad Police Commissioner. 1/n
News report videos by @TheSiasatDaily showed police officials in Hyderabad stopping pedestrians, motorcycle/autorickshaw drivers and riders. They appeared to be taking their phones and going through them. 2/n
👉🏾 5 teams deployed
👉🏾 Police checking phones for keywords - ‘ganja’, ‘weed’ and ‘stuff’
👉🏾 Any phone with these words being sent to the police station
👉🏾 Checking for over a month from 6am to 2am everyday 3/n thenewsminute.com/article/hydera…
As the frequency of data breaches increases, the threat to your data becomes more real every day — even if you've done your threat modelling & implemented digital security hygiene.
First things first, confirm the breach and don't fall for rumours on Twitter! Verify the news from 3-4 trusted sources.
Beware of scammers moonlighting as company reps & try to gather more information. Speak to the company via official channels if you have to! #databreach 2/n
Next: Change your passwords if your credentials were leaked. Password tips:
➡️ DO NOT repeat the same passwords everywhere
➡️ DO NOT include Personally Identifiable Information (like birthdates, parents' names etc) — this will make them easy to crack.
➡️ DO enable 2FA! 3/n
EXPLAINED: The RBI's #AccountAggregator framework that went live on 2 Sept '21! This new change was heralded as "transformative" to the financial ecosystem.
But does its revolutionary potential stand the test? Follow this thread ⬇️ 1/5 #SaveOurPrivacy
This framework tries to make #financialdata more accessible between banks or other "Financial Information Providers" and entities requesting that data (like credit platforms) called "Financial Information Users" with the consent of the user.
Here's how it works ⬇️ 2/5
#AccountAggregator supporters say this is a step towards a secure, efficient, & connected financial ecosystem — reducing costs + frauds while prioritising user consent.
But critics say that security issues exist, while the role of RBI in regulating AAs has been questioned. 3/5
BIG NEWS: The Supreme Court of India has constituted a technical committee to investigate the allegations of #Pegasus use against Indian citizens. 1/14
It is to enquire and investigate whether the #Pegasus spyware was acquired by any Government; whether it was used on phones/devices of Indians to access stored data, eavesdrop, intercept information; and/or for any other purpose. 2/n
The Committee can also make recommendations regarding new laws around #surveillance to secure the right to #privacy as well as about establishment of a mechanism for citizens to raise grievances grievances if they fear they are under illegal surveillance. 3/n