Naavi.org

I refer to the PIL filed in the Supreme Court recently with prayers for scrapping of the DPDPA 2023 as an act and DPDPA Rules.

The petitions are being filed by persons who claim to be representing public interest. However all the past activities of the persons filing the petition are connected to opposing some moves or the other of the Government.

We therefore take objection to them being considered as “Representatives of the Public”. The real public are often no where  in the litigations like these. The Government cannot be considered as the representative of the public in such cases since they are one of the parties who has drafted the law. Hence it is incorrect to leave the entire responsibility of representing the public with the Government.

Some times, the Government will only defend the process of law making and does not have commitment to the cause of the  law. It may enter into compromises with the petitioners either because the peitioner lawyers are more aggressive or because the Government lawyer may not be able to look at the issue from all angles.

Hence it is our desire that no PIL should be taken note of without giving an opportunity for the “Real Public” to particiapte.

In one of the recent cases related to Digital Arrest, Supreme Court had appointed an Amicus Curiae and asked any body who wanted to express views to send it to her/him .

Long time back (around the year 2001), Mumbai high court had taken note of an  article  in naavi.org (case was related to Cyber Cafe regulation and prevention of obscenity) as a public view and published it as part of the Court documents and invited views from public.

We feel that publications in www.naavi.org are to  be considered as public views and even without a formal intervention petition, should be considered as knoweldge to be  incorproated in the trial.

Supreme Court should insist that the Attorney General files an affidavit where he confirms that his views incorproate views published by experts in the field on the Internet which are considered relevant for the case.

While these are suggestions for the Supreme Court for future, at present Naavi has raised a petition under www.change.org with the title” I am the real public in India and I donot support scrapping of DPDPA and DPDPA Rules”

We may have many suggestions for resolution of the concerns of the petitioners without scrapping of the law and the rules. Our suggestions may also be directed towards the Government if required which the Government will not consider by its own.

Hence we shall through these columns  in www.naavi.org shall present our views meant to resolve the dispute in “Real Public Interest”.

We hope Supreme Court takes note of our articles here before considering the “Pseudo Public Interest representatives” who  may be present in the  Court  and carry out a high decible campaging with support of vested media interests.

We request readers to support the petition and follow the discussions in these pages which presently rests with the article “Whose Privacy are the Petitioners of DPDPA Challenge Brigade are protecting?“. This discussion will continue and more articles will be placed here for you to respond.

  The petition can be accessed here.

Naavi

(This is a continuation of the discussion on the seeking of scrapping of DPDPA and DPDPA rules by three petitioners in the Supreme Court)

The petitions filed in Supreme  Court against DPDPA 2023 mainly revolves around Section 44(3) and thee conflict with RTI Act. Petition of Mr Venkatesh Nayak restricts its prayer to the declaration of declaringSection 44(3) as Ultravires the Articles 14,19 and 21 of the Constitution.  Additionally it argues that Sections 17(1)(c),17(2) , 33(1) and 36 as well as Rule 23(2) as ultra-vires the constitution.

In this context let us see whose Personal data is at stake in an RTI application. Is it the personal data of the official who was involved in any of the decisions or Is it the personal data of the public whose personal data is sought to be disclosed in the reply.

We also should verify if there are already grounds in RTI act itself where the provision of information can be rejected even before invoking Section 44(3) of DPDPA 2023.

Let us look at the personal information involved of the official. The official is a public servant and once he is appointed for a public post, the information becomes a matter “Made public” and hence is not covered under Section 44(3) of the Act. This is a matter of interpretation of “Personal Data” which should exclude data that is made public as a “Business Contact”. The official’s name and designation is similar to “Business Contact” and hence is outside the scope of DPDPA.

However, the personal information of the beneficiaries of a Government project which is part of the information sought need to be considered as subject to Privacy Rights.

This can be anonymized before release in which case there is no violation of DPDPA.

Hence if the Government considers that no personal information is disclosed under Section 8(1)(j) other than in Anonymized form, the dispute would vanish.

This can be done through a reading down on both 8(1)(j) of RTI act and Sec 44(3) of DPDPA stating that disclosure of information of public during a RTI disclosure shall be consistent with the DPDPA under Section 7(d) and  17(2) (b) .

Under Section 17(2)(b) there is an additional restriction that says that the processing does not include making a decision that affects the data principal. Hence if the objective of the RTI activist is to stop any benefits under any scheme then the affected Data Principals have to be made parties to a legal request of their information and the department has to send notices to all the beneficiaries that a request has been made about their personal data. Since this would in most cases involve a disporportionate effort, the denial of information is justified under Section 8/9 of the RTI act itself.

In protecting the RTI of the activist, Judiciary cannot deny the Right to privacy of persons who are pawns in the dispute between the RTI activist and the Government.  If the petitioners are comfortable with Wection 9 of RTI act which enables disclosure of information which could result in infringement of Copyright, there is no logic why they should be excessively concerned about the amendment to 8(1)(j) which protects the information property rights of a data principal who is a beneficiary of a Government scheme.

What Section 44(3) has done is to remove the burden on the PIO to decide under Section 8(2) of RTI act that “public interest in disclosure outweighs the harm to the protected interests.”. This could however be a part of a judicial review and the RTI applicant who is denied information can proceed to challenge the demial in a Court of law.

If necessary, he can appeal on the decision to the CPIO and the State/Central Commission. Hence denial of any information under Section 44(3) amendment does not infringe any right fundamental or otherwise, linked to Article 14,19,21 or otherwise. It only diverts one stream of information which the PIO considers primafacie to infringe on the privacy of a citizen to a higher standard of scrutiny.

As indicated earlier, the above view does not apply to the identity of the officials who are discharging their duties in an official capacity.

If there is any information of the official beyond the identity which can be used for alleging corruption etc., then his own privacy rights should naturally be applicable along with the intention of the  RTI being treated as “llitigation”.

Hence the petition of Mr Venkatesh Nayak and others on Section 44(3) can be resolved with a clarification and reading down of the section that it does not apply to the disclosure of the names of the decision makers but only applies to the information of the public.

We shall discuss 17(1)(c), 17(2), 33(1) and 36 as well as Rule 23(2) separately in our subsequent articles.

We need to debate if we donot have our right to get DPDPA and DPDPA Rules retained in public interest as much as the few petitioners want it to be scrapped. The Supreme Court has to settle once for all how it can decide on the applications of a few advocates claiming to be representing public interest and not involve the larger public to express their objections. Who is representing the “Real Public Interest”  should be considered before entertaining the applications of the select few who always oppose the Government. If the background of the petitioners are checked, it would be clear that they only oppose the Government and it is not clear if their intentions are positive to the Country. The real public interest is therefore not represented by them as much as what Naavi or FDPPI represents.

I recall that in one of the old (around the year 2000) cases in Mumbai High Court on Cyber Cafe regulations, the Mumbai High Court had published an article of Naavi.org (at that time naavi.com) along  with some other information and had invited the public to send their views.  Without any intervention the Court had involved the “Real Public” to particiapte in the decision. Supreme Court should follow similar principles and should not allow the few petitioners to hijak the “Right to Represent the public”.

I am a member of the public and I donot consider the petitioners to be representing my View.

(Please send in your comments if any)

Naavi

CIO Prime has featured me as the most influential visionary leaders of the year.

Reflecting on the past in the light of this article I recall

1) First book on Cyber Laws in India in 1999 before the law was passed.

2). Creation of www.naavi.org (initially as naavi.com) as a Cyber Law Portal

3) Introduction of first Virtual education through Cyber Law College

4) Introduction of Cyber Law Courses in KLE Law College, SDM Law College, JSS Law College, BMS Law College, St joseph Law College as well as NLSUI, NALSAR

5) Introduction of Cyber Law for Engineers at PESIT, Bangalore

6) Handling the Cyber Evidence Archival Center and presentation of India’s first Section 65B certificate in the case of State of Tamil nadu Vs Suhas Katti

7) Handling of S. Umashankar Vs ICICI Bank case through adjudication, Cyber Appellate Tribunal, TDSAT and Madras High  Court through 14 years of litigation.

8) Formation of FDPPI

9) Creation of Certificate programs for Data Protection Professionals in 2019

10) Book on “Guardians of Privacy..”

11) Introduction of course on Data Protection at NALSAR

12) Introduction of Data Protection to management students in IIM Udaipur

13) Concept of Naavi’s Theory of Data

14) Introduction of DGPSI (Data Governance and Protection Standard of India)  as a framework for compliance of DPDPA

15) Concept of Data Valuation Standard of India

16) Introduction of DGPSI-AI as a framework for AI regulation

17) Introduction of DGPSI-GDPR taking the Made in India framework to the global scene

18) Introduction of DGPSI-DP to push for voluntary DPDPA Compliance by Data Processors

19) Receipt of the Dena Bank award of public excellence

20) Receipt of the Life time achievement award for Cyber Jurisprudence

21) Receipt of the life time achievement award for Privacy.

There would be many more achievements that could have been missed in the  above list.

Nothing gives me more satisfaction than creating DGPSI as a framework for Compliance which is blossoming into multiple dimensions such as DGPSI-AI, DGPSI-HR,DGPSI-DP, DGPSI-GDPR etc.

Hope the list expands further in the days to come.

There are two projects CEAC Drop Box and Online Dispute Resolution (ODR Global) which still hold huge promises yet to be realized.  Hope these dreams come true in the coming year along with a major initiative in DPDPA which should be unveiled shortly.

Reminded of the words of Nehru duing our independence ..”Miles to go before I sleep, Miles to go before I sleep”..

Naavi

(This is a continuation of the discussion on the seeking of scrapping of DPDPA and DPDPA rules by three petitioners in the Supreme Court)

The recent challenge mounted on DPDPA 2023 in the Supreme Court by a few PIL advocates relies heavily on the argument that Section 44(3) of the Act which amends Section 8(1)(j) of RTI Act 2005 fails the “proportionality test” that the need to protect “Privacy” restricts the “need to share information in public interest”.

However the petitions cumulatively pray that the entire DPDPA 2023 be scrapped and Entire DPDPA Rules 2023 be scrapped.

Where is proportionality in this prayer?

Had the petitioners come with a fair request, petitioners would have asked for a Reading down of Section 8(1)(j) of RTI Act read with Section 44(3) of DPDPA 2023.

The prayers leading to scrapping of the Act and the Rules is therefore “disproportionate” to the requirement even as suggested by the petitioners.

The fears of “Surveillance Regime” and “Blanket Ban on release of information required for public good” is a “Disproportionate Speculation” of the prediction of a catostrophe not supported by any valid reasons.

The expectation that the Parliament that had created the law under Section 8(1)(j) when there was no DPDPA 2023 should not review and revise the provision when a new law comes in is a “Disproportionate Expectation” that law makers do not have  the right to make course corrections to the law.

Hence the petitions and the prayer constitue disproportionate speculation of fear disproportionate expectation and disproportionate prayer”.

We trust that the Supreme Court first recognizes that the petitoners have not come with a clean hand and are seeking a disproportionae solution to an imaginary problem.

We shall demonstrate in the coming articles of how there can be acceptable solutions that will meet reasonable speculation and reasonable fear of misuse.

Naavi

The UIDAI has launched a new Aadhaar App which according to the Secretary of MeitY , can be used for age verification under DPDPA. Necessary amendments have been made to SWIK rules or the  Aadhaar authentication for goog governance  (Social welfare, Innovation, Knowldege) rules 2020 to enable private entities to provide service by using adhar authentication on secure basis.

This was expected and is a welcome move to resolve the difficulty of “Verifiable Consent” envisaged under DPDPA.

The new Aadhaar app is an official mobile application developed by UIDAI that enables digital, offline, and consent‑based Aadhaar verification. Unlike earlier apps, it allows users to verify their identity using Face Authentication or QR scanning without revealing their Aadhaar number. It offers features such as selective data sharing via QR codes, biometric lock/unlock, authentication history, and management of up to five family Aadhaar profiles. The app supports use cases like hotel check-ins, hospital visits, age verification, and gig worker verification

The new Aadhaar app offers several advantages over older verification methods.

• Eliminates the need for physical Aadhaar cards.
• Enhances privacy through masked and offline verification.
• Faster identity verification for daily services.
• Reduces risk of Aadhaar data misuse.
• Works even in low or no‑internet environments.
• Government‑backed and officially launched by UIDAI.
• Several personal information updates can be completed using the app without visiting an Aadhar kendra.

Naavi

Reference:

The Hindu

About the new App at cleartax

Whenever an electronic document is to be presented as evidence in a Cour of law, the ITA 2000 expected a certificate to be produced about the reliability of the document for admission purpose. Earlier it was through Section 65B of Indian Evidence Act.

Naavi was the first person in India to produce such a certificate in a court case starting with the Stte of Tamilnadu vs Suhaskatti case in 2004. Since then more than 125 such certificates have been produced by Naavi in different courts.  While Naavi has stopped providing such certificates now due to the inability to attend court hearings to verify the certificates, there are other associates who have been developed for the purpose in Bangalore.

After the replacement of Indian Evidence Act with  Bharatiya Sakshi Adhiniyam (BSA), the new section related to certification is Secion 63.

The MHA made some changes in the Section 65B certification requirements in the process.

Now a PIL has been filed in Chennai by Sri S.Balu, former Additional SP, on behalf of Cyber Society of India. Mr Balu who was in charge of the Chennai Cyber Crime Police Station and has worked on many Cyber Crime cases along with Naavi. The petition has been filed at the Madras High Court as a writ petition WP/0047513/2025 in the Court of Honourable Chief Justice  G.Arul Murugan. It will be taken up along with WP37423,27426,27880/2024 on a future date. (Not announced).

The petition has prayed for amendment to Section 63(4)(c) citing impracticality of certain provisions of the Section.

The respose of the Court would be interesting and we  shall follow the developments here.

Section 63(4) of BSA is reproduced here for reference

In any proceeding where it is desired to give a statement in evidence by virtue of this section, a certificate doing any of the following things shall be submitted along with the electronic record at each instance where it is being submitted for admission, namely:-

(a) identifying the electronic record containing the statement and describing the manner in which it was produced;

(b) giving such particulars of any device involved in the production of that electronic record as may be appropriate for the purpose of showing that the electronic record was produced by a computer or a communication device referred to in clauses (a) to (e) of sub-section (3);

(c) dealing with any of the matters to which the conditions mentioned in sub-section (2) relate, and

purporting to be signed by a person in charge of the computer or communication device or the management of the relevant activities (whichever is appropriate) and

an expert shall be evidence of any matter stated in the certificate; and

for the purposes of this sub-section it shall be sufficient for a matter to be stated to the best of the knowledge and belief of the person stating it in the certificate specified in the Schedule.

Naavi

Refer: Earlier article  Section 63 of Bharatiya Sakshya Adhiniyam