Naavi.org

[Indian Economy being killed for the sake of Crypto Currency survival]

According to earlier reports, the Crypto Bill was expected to be discussed by the Cabinet on 15th/16th December 2021.  So far there is no information and it appears that, the Bill was taken out of the agenda under the pretext that it requires further improvements.

It is clear that the Ministry of Finance is not interested in the Bill and hence they are unlikely to declare completion of the work. There will be one excuse after another to postpone the presentation of the Bill until the Government surrenders to the digital black money.

We refer to the report in Moneycontrol.com which provides some information on the developments.

It is also stated that the scope of the bill will be expanded to include regulation of Non Fungible Crypto tokens. (NFTs) This will further assist conversion of white money into black money and create value out of thin air.

Even if by a provision of law use of “Crypto” as “Currency” would be prohibited, once the concept of Crypto as an asset is permitted, there will be ways of tokenizing the crypto asset which is used as an exchange medium. The investments which are today in the stock markets will shift substantially to Crypto assets. This will also give a boost to creating representative Crypto tokens which may be traded. SEBI is known to have already been compromised on the Crypto issue and the attempt to remove RBI from the control is only to ensure that the only opposition to Crypto is eliminated.

If Crypto is allowed as an asset and traded then it will be not long before we have tokenized assets replacing the stocks or Commodities in the market. Instead of buying L& T shares, we can create a Virtual L&T and trade its parts.  These crypto L & T bits need not be backed by any revenue or income and still they will command a premium since there will be an artificial scarcity created through the algorithm.

We are presently hearing of Virtual Taj Mahal as a tradeable asset. Tomorrow there may be a virtual Ayodhya, Virtual Kashi, or Virtual Mathura or a Virtual Kashmir. Imagine the potential of Virtual Kashmir which can be sold and made into a tokenized currency to get global money to fund terrorists.

It would also not be unthinkable to see creation of even a “Virtual Modi” or “Virtual Sachin” or “Virtual Amitabh” as a tokenized asset.

If for example, a logarithmically controlled limited version of “Virtual Modi Crypto Asset” is created and say there will be only 100o original replicas which can be issued as an ICO in a competitive bid with a base price of USD 1 million, then it will surely be bought by some investors. Subsequently they may be resold in smaller units. 1000 original Virtual Modi Cryptos can each be divided into a Million Modi Crypto bits and we will have 1 billion Modi Crypto asset bits to be traded. They can be traded in the stock markets for thousands of rupees/dollars like the Bitcoins of today. They will be bought both by Modi Bhakts and Modi haters for different reasons.

These thoughts may look crazy for the time being but these will certainly happen in the days to come if private Cryptos are given even a small legal opening. (Similar concepts are already available in Virtual Cricket games). Fraudsters and Scamsters will therefore have a field day if Crypto Currencies and NFTs are made legit investments.

It appears that India may win against the Pakistani Terrorists and even the Chinese might but it cannot win the war against Black money. The Crypto currencies and the NFTs are the weapons with which the economic invaders will humble the legit economic systems in India in the days to come.

If we want to protect the country’s economy from going to dogs, we need to say no to all forms of Cryptos and particularly the Private Crypto assets/currencies.

We pray that  Lord Kashi Vishwanatha give courage to Mr Narendra Modi to take on his most powerful enemy namely Black Money in India.

I request Mrs Nirmala Sitharaman to raise above the fear of the unknown and kill Cryptos once and for all. Let India be the global leader in destroying the Crypto currency world. Kindly not be misguided by vested interests who talk of Block Chain as an inevitable technology to sustain the argument for Crypto Currencies. The two can be separated and we can kill Crypto assets without killing the Block Chain technology.

Even the need for official currency is only a cover for keeping the concept of Crypto Currency alive. It makes no economic sense to have an official Crypto currency replace the current virtual currency system we have .

I hope the Cabinet members of Mr Modi’s cabinet show their political willingness to take on the Crypto currencies.

Otherwise we will have only one conclusion that even Mr Modi was powerless against the digital black money and reconcile in anguish Et tu Modi?

Naavi

Also see: NDTV report

The copy of the Bill tabled in the Parliament for Data Protection Act 2021 is now available in its official version.

Kindly check DPA2021  for details.

Naavi

According to information floating around, the Data Protection Bill 2021 which is the next version of PDPB 2019 as modified by the JPC-1 under Mrs Meenakshi Lekhi and JPC-2 under Mr P P Chaudhary is likely to be presented in the Parliament today. It will be taken up for further discussions based on the time allocated.

A tentative copy of the modified bill is available at www.dpa2021.in

Some Comments have already been presented in this website in the last few days. These are available below.

PDPA 2021: The Data Protection Officer is now in an elevated professional status

PDPA 2021: The nature of Data as an Asset and nomination facility

PDPA 2021: Regulating the human perceptions

PDPA 2021: Definition of Harm to include psychological manipulation

PDPA 2021: Should Big Data and Data Analytics industry be worried?

Yet another bill which may be presented in the Parliament today is the Crypto Bill which also is the revised version compared to the 2019 version.

In the event the Crypto Bill is presented, there is an expectation that a large number of people will disinvest their Bitcoin holdings and the money will flow to the Indian Stock Markets which should see a boom. For the last few days some media sources have been building up the hype that the Bill is likely to be postponed and hence the stock market was seeing a flight of capital for investments crypto currencies. This trend could reverse immediately if the Bill is presented.

Let us hope both the bills would be presented today to the Parliament so that they can at least move to the next stage before they are passed.

Naavi

IMF has given a clear warning that if Crypto currencies are recognized as legal tender, there would be a macro economic instability.

Read here

Also here

Some of the comments made by IMF are:

1. 1. Consumer protection risks remain substantial given limited or inadequate disclosure and oversight. For example, more than 16,000 tokens have been listed in various exchanges and around 9,000 exist today, while the rest have disappeared in some form.
   2. Many of them have no volumes or the developers have walked away from the project.
   3.  Some were likely created solely for speculation purposes or even outright fraud.
   4. The (pseudo) anonymity of crypto assets also creates data gaps for regulators and can open unwanted doors for money laundering, as well as terrorist financing.
   5. Although authorities may be able to trace illicit transactions, they may not be able to identify the parties to such transactions
   6. Threats to fiscal policy could also intensify, given the potential for crypto assets to facilitate tax evasion.
   7. A migration of crypto “mining” activity out of China to other emerging market and developing economies can have an important impact on domestic energy use—especially in countries that rely on more C0₂-intensive forms of energy, as well as those that subsidize energy costs—given the large amount of energy needed for mining activities.

It does not require rocket science to understand that if an anonymous form of currency comes into existence in the form of Bitcoin like Cryptos or the Crypto Assets such as Virtual Tokenized assets, the impact on the economy would be devastating and chaotic.

The Cryptos will definitely be attractive for all tax evaders, criminals, terrorists who are all in a majority in the world today. Honest tax payer is in a minority world over. Politicians who make rules are the primary corrupt persons who want continuation of the Digital Black currencies and Bureaucrats want find it comfortable for taking bribes.

In such a scenario, the hesitancy of the Indian Government to take on the banning of private cryptos is understandable though regrettable. What is a tragedy however is that even Mr Narendra Modi is not able to take a decision probably because the majority of people around him are in favour of Cryptos.

The recent hacking of Mr Modi’s twitter account to promote Bitcoins is not surprising since a majority of persons associated with Bitcoins are criminals and expert hackers. They will continue to undertake their Cyber Terror attacks such as these to show off their strengths.

If we are not buckling under the terror attacks in Kashmir, we should not buckle under the Bitcoin sponsored attacks also.

According to today’s press reports, the presentation of the Bill in the Parliament  is likely to be delayed. I hope this is only a wishful thinking of the industry. But we need to keep our fingers crossed and wait to see whether the Government has the courage to take on digital black money or not.

Naavi

Naavi had published the book on “Personal Data Protection Act of India (PDPA 2020) which was based on the version of the bill presented in the Parliament as PDPB 2019.

Now the Government has made changes and is in the process of introducing a new version of the Bill during the next few days. Following this we will have an idea on whether it will be passed as such or will be debated in the next budget session.

A new version of the book will therefore be due in the month of March 2022 based hopefully on the new version of the Act.

In order not to discourage readers who would continue to buy the current version of the book as is available on Notion Press or Amazon or Flipkart, we want to provide this offer on a contingent basis of a new version of the book being made available later in the year 2022.

1. 1. This offer would be available only for buyers of the current version of the book after 1st December 2021.
   2. A Discount of 50% on the published price of the new book would be made available on the basis of evidence of purchase of the current version on or after 1st December 2021 until the sale of this book is withdrawn and replaced with the new version.
   3. This offer would be available during the first month of release of the new version and lapse there after.

For those of you who have bought this book earlier to 1st December, some benefit as would be appropriate would be made available. Kindly await for the announcement.

Naavi

One of the interesting new propositions in the PDPB 2021 as compared to PDPB 2019 is the professional status of the Data Protection Officer.

In all data protection laws, there is a requirement that  data controllers/Fiduciaries who handle large number of  personal data or who handle sensitive personal information should designate a special official  called the “Data Protection Officer” (DPO) who can be accountable for compliance.

The DPO has to have sufficient knowledge of the data protection law to guide the organization besides having adequate knowledge of security aspects to understand terms like DPIA, Privacy by Design, Data Trust Score etc. Most laws expect the DPO to be also capable of dealing with data subject relationships and also the relationship with the regulators as a single point contact in the company.

While dealing with the regulators, it is not simply a relationship of reporting a data breach. The law expects that the DPO within the company to be an extended arm of the Data Protection authority (DPA).

When a data breach occurs, one of the key decisions to be taken is to report the breach to the DPA and in some cases to the data principals. But when the data breach is first discovered or when there is a suspected data breach, the company may be concerned about the reputation damage to itself with the disclosure of the breach and  would like to avoid disclosure if possible. On the other hand the DPO is expected to look at the harm from the perspective of the data subject/data principal and take a view accordingly. In such situations there could be a serious conflict situation of the DPO role with the company itself.

In certain circumstances, there could be a lapse by an influential internal employee who would like the suspected breach to be ignored and prevent the DPO from reporting it either within the organization or to the DPA. In such cases the DPO is required to possess a high degree of interpersonal skills to ensure that he fulfils his duty to the DPA/Data Principal even at the cost of displeasing some body within the organization.

These situations open up a discussion on the exclusive skills that the DPO needs to posess and determining the credentials required for a person to be appointed as a DPO.

One of the additional requirements that a DPO needs to possess to meet such requirements is a high degree of “Interpersonal Skills”. This is a behavioural skill normally possessed by the HR persons. Another skill is the grievance redressal skills normally available with the legal professional. Successful leaders are born with such skills or have such skills developed over time through experience and learning.

Hence when a new DPO needs to be appointed, the organization has to scout for the right skills. If the company tries to find a short cut and designate a CTO,  CISO, CCO or CRO as also a DPO, then there could be a conflict with other duties as well as  there may be a serious deficiency of “aptitude”.

For example, typically the CISOs are technical experts and perfectionists. Their expertise is focussed on technology. They may not necessarily good in man management. The HR executive or a Marketing person may on the other hand be a good man manager and communication manager but weak in technology. Most of these may not be well versed in the subject of law. Hence  it is not always easy to find an internal candidate to fit the DPO role.

Yet another problem in promoting one of the existing members into the DPO position is the seniority at which they can be fixed. The legal officer may be the best person for the job but the current functional level of even the Chief Legal Officer may be at a level below that of a CISO or a CTO in a tech company. The DPO position may however be a level above CISO and not necessarily below the CISO/CTO.

In GDPR, the law suggests…

a) The Organization shall ensure that the data protection officer is involved, properly and in a timely manner, in all issues which relate to the protection of personal data.

b) The organization shall support the data protection officer in performing the tasks  by providing resources necessary to carry out those tasks and access to personal data and processing operations, and to maintain his or her expert knowledge.

c) The organization shall ensure that the data protection officer does not receive any instructions regarding the exercise of those tasks and he or she shall not be dismissed or penalised by the controller or the processor for performing his tasks.

d) The data protection officer shall directly report to the highest management level of the controller or the processor.

The above requirements indicate that  the DPO must be a senior person if he is an employee. GDPR however allows an external consultant to be designated as a DPO which could avoid the conflict arising out of the seniority of the CISO/CTO in the organization who needs to accept suggestions from the DPO.

In the Indian law (PDPB 2021), Section 26 states that the DPO shall be a

“…. a key managerial personnel in relation to a company or such other employee of equivalent capacity in case of other entities, as the case may be, possessing such qualifications and experience as may be prescribed  …”

The explanation to the section mentions that

“Key managerial personnel” means—

(i) the Chief Executive Officer or the managing director or the manager;
(ii) the company secretary;
(iii) the whole-time director;
(iv) the Chief Financial Officer; or
(v) such other personnel as may be prescribed.

The Indian law also prescribes that the DPO should be in India and it appears that the person has to be an employee.

A careful examination of the above indicates that the DPO can be the Managing Director or the Company Secretary or a Whole time Director or a CFO. We need to await the regulatory guidelines to understand how the DPA interprets this explanation and whether the law presumes that there is no conflict with DPO roles for the CFO or the Company Secretary and the roles such as CISO are not mentioned because there is a perceived conflict.

Even where an external consultant is appointed by a company for his expertise, it will be necessary for an internal employee to be designated as a DPO and such internal employee has to be a key management personnel.

Because of this provision, it is clear that the law expects the DPO to be a fairly senior person and could even be at the level of the whole-time director.

Additionally, under Section 85 (PDPB2021), if an offence is attributable to the negligence of an official then he may be held liable for criminal punishment.

The position of the DPO is therefore more onerous than that of the CISO and hence it would be inevitable that he is designated at the CxO level with remuneration that matches the responsibility.

It would be interesting therefore to observe how the Indian companies develop their internal employees to fill up this role or bring outsiders at the senior level which could cause some heart burns within the organisation.

It is therefore advisable for CISOs and CTO to quickly gear up their skills and be ready to bid for the position of the DPO. From our experience of GDPR, DPA s may consider providing common designations such as Compliance Officer cum DPO or CISO cum DPO as creating conflicts.

The mention of the “Company Secretary” in the list of key management personnel is interesting since Company Secretaries have the experience of holding a “Fiduciary” relationship where they have to safeguard the interests of share holders and be the whistle-blowers if there are violations of Corporate Governance principles. The “Statutory Auditors” who come from the community of Chartered accountants also are trained to be independent in their views and express qualifications in the audit reports if they find any non compliance issues. The CFOs come from the same community of Chartered Accountants and hence at least a few of them retain the independent attitude to be able to handle the fiduciary responsibilities that a DPO is expected to handle. Perhaps it is the reason why a CFO has been mentioned in the example of key personnel.

However, the CFO and the CEO will have their own business related conflicts with the duties related to the DPO and hence conflicts may continue to be there. A Company Secretary is better placed amongst these executives to be a DPO though in Tech Companies, the Company Secretary may not be a key position at present and elevating him to the level of DPO  may ruffle some feathers.

The best solution is therefore to appoint an exclusive person to the DPO position who could be a whole time director or Independent Director of the Company.

It is a challenge that Boards of potential “Significant Data Fiduciaries” need to sort out these issues quickly and be ready for the passage of PDPB 2021.

(Comments welcome)

Naavi

Other articles on DPA 2021

14. PDPA 2021: Concept of Discovery Consent

13. JPC Recommendations on SWIFT Alternative: Out of scope and Disruptive of Global Economic System

12. JPC recommendation on Children Data

11. JPC recommends DPA to watch on Incident Register

10. JPC comments beyond the Amendments-2: Implementation Schedule

9. JPC comments beyond the Amendments-1-Priority of law

8. Clarifications from the JPC Chairman on DPA 2021

7. Anonymisation is like Encryption with a destroyed decryption key 

6. PDPA 2021: The data breach notification regarding Non Personal Data

5. PDPA 2021: The Data Protection Officer is now in an elevated professional status

4. PDPA 2021: The nature of Data as an Asset and nomination facility

3. PDPA 2021: Regulating the human perceptions

2. PDPA 2021: Definition of Harm to include psychological manipulation

1. PDPA 2021: Should Big Data and Data Analytics industry be worried?