Guardians Of Privacy …Book

During the Sociawood congregation in Hyderabad on 17th December 2023, Naavi’s book…Guardians of Privacy was officially made public with the initial copies being given away to some of the dignitaries.

The book has discussions on

  1. Privacy , Emergence of the concept in India and DPDPA 2023, useful for those who want to study DPDPA 2023 as the law of data protection in India
  2. Concept of Data and Data Protection for Business Managers and the emerging BIS standard for Data Governance
  3. The “Data Audit” under ISO 2700, ISO 27701 and the unique DGPSI, Digital Governance and Protection Standard of India.

More on this would be presented in due course.

Naavi

Posted in Cyber Law | Leave a comment

Aadhaar Based Consent for Minors…Will it be in conflict with the Supreme Court ruling?

It appears that the delay in the announcement of rules under DPDPA2023 is partly due to the hesitancy of the Government to take the lead in defining the rules but depend on the BigTech to tell how they are to be regulated.

It appears that the Government is holding closed door discussions with the industry an euphemism for the Big Tech lobby before finalizing the rules.

As per this report in Indian Express Government is likely to adopt an Aadhaar based age determination system to identify minors and the need for parental consent. However this may have a conflict with the Supreme Court decision which restricted the sharing of the Aadhaar information with private sector.

The proposed regulation of using Aadhaar may require both the aadhaar of the minor and their parent/s to be shared with the private sector.

We need to wait how the rules will overcome this conflict.

It may be easier to use “Consent Managers” as the gate keepers for minor’s data and regulate the Consent Manager in accordance with the Supreme Court regulation.

We may however caution that it is inappropriate for the Government to depend on the industry for advice on the implementation of DPDPA 2023 knowing fully well that the industry would only look at their self interest first.

Industry will be happy to be permitted to collect Aadhaar information of every user so that they can identify who is a minor and who is not so that they can thereafter decide who has to give consent.

It may be possible to make this a “Voluntary” proposal from the user but is fraught with risks of complete aadhaar data base being officially coming to be disclosed to the private sector data fiduciaries.

Instead, developing a Consent Manager who could use Virtual Aadhaar and provide Minor Consent mandatorily through such consent managers would be a more meaningful proposition.

Naavi

Posted in Cyber Law | Leave a comment

Life-Time Achievement award for Privacy Received

In a glittering function at T-Hub, Knowledge City, Hyderabad, EndNow Foundation of Hyderabad presented a “Life-Time Achievement Award for Contribution to Privacy” to Naavi.

Mr Suman Talwar the well known Cine Artist gave away the award.

Mr Anil Rachamalla, the founder of End Now Foundation was present during the occasion along with several other dignitaries.

The Occasion was celebrated as an event of the “Sociawood” as an industry of Social Media contributors, a term similar to Hollywood, Bollywood, Kollywood, Sandalwood, Tollywood etc. Several Social Media Influencers with millions of followers were also honoured on the occasion.

At a time India is discussing the Data Protection Act, the Information Technology Act, Artificial Intelligence, Deep Fake issues, Social Media Influencers need to ensure that they follow ethical and legal principles to ensure that their contributions to the society are beneficial.

Naavi.org has been advocating responsible behaviour for bloggers and had even recommended a “Self Regulation for Cyber Law Compliant Bloggers” in the past. A similar movement to develop a “Cyber Law Compliant” Social Media Influencers is required at present.

Naavi

Also see: Lifetime achievement award for Cyber Jurisprudence

Posted in Cyber Law | Leave a comment

Social Media Influencers Summit at Hyderabad

End Now Foundation, Hyderabad is presenting an unique event in Hyderabad on 17th December 2023 bringing together Social Media Influencers in a summit which is first of its kind in India.

The following video may give a glimpse of what is being planned.

The event is expected to be graced by the Tollywood Star Mr Chiranjeevi .

During the event, organizers are intending to recognize some of the Social Media Influencers for their contribution in different areas.

Naavi.org wishes all the success for this event.

Naavi would be present during the event.

Naavi entered Internet some time around 1984-85 when Internet was considered an “Information Super Highway”. Internet as an interactive medium was limited to “E-Mails” and Message Boards. As Message Boards developed into Groups, the second dimension of Internet as a “Social Media” gathered momentum. With the advent of FaceBook and Twitter and later the WhatsApp, and YouTube, today’s youngsters are initiated to Digital Society more as participants of the Social Media rather than seekers of information.

At the same time the development of AI has transformed the Social Media from a human led platform to an AI led platform introducing an element of manipulation which is only growing by the day.

In order to retain the benefits of the Social Media as a positive influence on the society, it is necessary for all of us to remember the original motto of Naavi.org namely “Let Us Build a Responsible Cyber Society”. Today it is the responsibility of Social Media influencers to build a Responsible Social Media.

Retaining “Trust” in the media is essential for the relevance of the Social Media in the coming days. This requires that the slow poisoning of the content on the Internet by fake media contributors need to be curbed and called out by the more responsible elements of the Social Media society. As in the physical society, “Bad Influencers” even in small numbers can spoil the reputation of the society even of “Good Influencers” and hence Good Influencers should ensure that fake and bad content is marked and removed to the extent possible. Otherwise the future search engines, Machine Learning models will pick up bad and wrong content and magnify them to an extent that an unreal social community would be developed.

We therefore need to develop a “Trust Seal” for ” Honest Social Media Influencers” so that “Ethical Social Media Influencers” develop as a community within the community where quality of information dissemination and usefulness to the society becomes the criteria for determining success than mere numbers.

We need to therefore develop a criteria for prescribing a self regulation of ethical standards, monitor them by a committee of leaders and develop a demonstrable visual symbol of “Trusted Social Media Influencer”.

Hopefully, this first summit of Social Media Influencers adopt a “Declaration” to create the “Trusted Social Media Influencer Seal” with three essential ingredients, Be truthful, Do Good to society and Prevent harm to the society.

Those who are self regulated and contribute to the good of the society may develop as a new subset of Social Media Influencers who are ethical and may be called the “White Social Media Influencers” who will preserve the respect and usefulness of the social media.

The Government of India has already mandated that Social Media Contributors can insist on their identity being verified and displayed on their content. This seal of Trust will be a higher level of identity to which all Social Media Influencers should aspire for.

Let us discuss this further….

Naavi

Posted in Cyber Law | Leave a comment

Guardians of Data and Guardians of Privacy

(This article is written in the light of my participation in a panel discussion titled “Guardians of Data-Navigating the future with India’s Data Privacy Bill” in the upcoming Cloud Security Alliance conference in Bengaluru on December 13, 2023 and the publication of my book Guardians of Privacy- A comprehensive handbook on DPDPA 2023 and DGPSI)

The professional community that guards data includes those who primarily occupy the position of CISOs in organizations. Quality Managers, CTOs do assist the CISOs in discharging their duties as “Guardians of Data”. The goal of a “Guardian of Data” is the preservation of the confidentiality, integrity and availability of data. In pursuance of this objective, the data guardians are required to treat all data equally.

However with the advent of DPDPA 2023, the Guardians of Data need to sharpen their focus to identify what kind of data they are guarding and whether it includes “Personal Data”. If so, the guardians of data have to also consider an additional responsibility to be “Guardians of Privacy” of such data principals whose personal data is being guarded.

The requirements of “Privacy” are dependent on the relevant laws applicable which requires a “Classification of Personal Data” on the basis of the jurisdiction of law to which it is exposed. The security safeguards to be applied to personal data could differ from what is applicable to non-personal data. Since the IS professionals may not have adequate exposure to data protection law and may have a conflict with the protection of “Privacy” of an external person, laws often demand that personal data protection has to be entrusted to a person with a specific designation of DPO and further that a CISO may not hold the joint designation as DPO. This means that “Guardians of Data” and “Guardians of Privacy” need to be different in an organization. The Guardians of data probably hold designations such as DPO or CPO.

Law also specifies that DPO should be probably reporting to the Board while no such legal mandate exists for the operating level of a CISO. As a result the DPO stands a shade ahead of CISO in the Corporate hierarchy and the “Guardians of Data” look at “Guardians of Privacy” as as an aspirational destination.

The segregation of responsibilities between the CISO and DPO start with “Classification” of data, first as personal and non personal. The Non Personal Data needs to be guarded under the CIA principle while the Personal Data has to be guarded under CIA+Privacy principles. The responsibilities of DPO are therefore wider though the stock of data to be managed may be lesser.

One of the tough challenges before the management is to ensure that the CISO and the DPO maintain a harmonious relationship without a turf war between them.

DGPSI (Data Governance and Protection Standard of India) assists this development of harmonious relationship between the CISO and DPO besides taking into consideration of a futuristic conflict that may arise with the Chief Data Officer (CDO) who may have his own claims to decision making related to Data.

The frameworks such as ISO 27001 which guide the Guardians of Data are insufficient for the requirement of the Guardians of Privacy. At present there is only one guideline that can be used by these Guardians of Privacy in India which is DGPSI. Even the ISO 27701 falls short of the requirements of Indian DPOs since their principal target is DPDPA 2023 compliance.

Professionals need to first accept that being in compliance with GDPR is not compliance with DPDPA 2023 and hence a certification for ISO 27701 (2019 or any modified) is not Certification for compliance of DPDP 2023.

On the other hand Compliance Certification under DGPSI can be an assurance for compliance of DPDPA 2023, ITA 2023 and the BIS Draft standard for Data Privacy.

Naavi


Explore how a Guardian of Data can transform himself as Guardian of Privacy. To add this additional repertoire to your portfolio and enhance career prospects, Guardians of data may read the accompanying book and/or undergo the DGPSI lead auditor course.

For those who are attending the CSA conference, a special discount of 20% would be available. If interested, obtain the discount code by contacting naavi.

Naavi

Posted in Cyber Law | Leave a comment

Digital Media .. is no longer the fourth estate

The democratic society has long believed that “Journalism” is a noble profession and “Media” is an important part of the democratic society. As a result “Freedom of Press” was considered an important principle and was equated to “Freedom of Speech” as a fundamental right. Unfortunately, in the recent decades, Media has given up its status as a purveyor of neutral information and become a mouth piece of some ideology. If we recall the earlier Akashavani news of 9.00 pm and compare it with the prime time TV debates of today, the difference is clear.

The earlier radio news and thereafter the DD News was not as dramatic as today’s TV debates but it did give some information on what was happening in India. Even BBC was a highly respected media that gave out news from across the world. During the emergency days, Indian news lost its credibility and forced Indians to start distrusting the Government media . That was the time when we were relying on the BBC more than Indian news. Though Indira Gandhi left the scene, the trust of the Government media did not fully come back.

When the new media with Internet came in, it was a breath of fresh air that brought news directly from the public. Every Internet user became a potential reporter and the message boards became the alternative to PTI news feed. Once the platforms enabling P2P broadcast developed, the era of Citizen journalist was born.

Had this development been used properly, we would have seen a golden era of news directly from the market like the breaking news reporting of the Osama Bin Capture on the Twitter. Unfortunately the greed of people spoiled the market once again and P2P reporting became a ground for commercial broadcasting of views more than news.

While news papers like Times of India became advertorial publications, respected publications like Hindu became ideological publications. Either way they lost credibility. In the meantime Arnab Goswami introduced a new kind of journalism where TV debates became useless pieces of shouting of different spokespersons of political parties. Today all TV debates have spokespersons who donot discuss on issues but only put up one biased view over another.

A time has come where viewers are happy to go back to the uninteresting DD news than view the cacophony on the TV screen. Wisdom indicates that the TV channels will soon realize this and try to find a better presentation.

As a result of these developments, today there is no “Media” as it originally existed. TV Channels are just platforms where different political parties present their views. Even when some neutral experts are present in the debate, they hardly get opportunity to speak and anchors are happy to let political big mouths to shout at each other.

If AI based news aggregators are picking up content from these channels, then their outputs will also be as biased and unreliable as the TV news. The Google results and the ChatGPT outputs will get poisoned over time due to the asymmetric dumping of biased information to the Internet.

I am trying to recall these developments to indicate that “Digital Media” of today does not have the characteristics of the so called “Fourth Estate” and has lost the logic for claiming rights such as “Freedom of Expression” or “Freedom of Speech”.

The activists who are crying that the new Broadcasting Bill proposed would be a recipe for censorship should remember that today’s digital media and OTT platforms donot represent “Media” and hence donot deserve or need protection like the olden day publications including the Old Hindu or Old Indian Express.

Today digital media is always biased either with commercial interests or with ideological issues. We either have advertisement dictated content or Soros dictated content. Hence the regulation of licensing and regulation of content is essential.

The Broadcasting Bill actually tries to provide opportunity for “Self Regulation”, “Transparency through Content Rating Publication” etc. If properly used, genuine publications can regain respect of the community and the status as “Neutral” purveyors of news. If the pseudo news agencies like Wire.com or Scroll.in etc are worried that the Bill can lead to censorship then they have to blame themselves for the state of affairs.

When the Government proposed fake news control, it was this media which refused to support. Now when deepfake is getting published, it is the same media which is unable to stop the menace. With the critical Indian elections of 2024 around the corner, the need for preventing misuse of digital media is paramount to protect democracy in India.

Hence the Broadcasting Bill has a reason to be there and should be there before the next election. The Government has been complacent and delayed most of the reforms which were due thinking that they have all the time to act and have suddenly found that time is now running out. It would therefore be difficult to get the Broadcasting Bill passed before we get into elections.

Even if the Bill is passed, there is a distinct possibility that Supreme Court will hold it back as it is another institution that has lost its neutrality in the political disputes. India is today ruled by the Supreme Court which defines its own Constitution and interprets the Indian Constitution the way it wants. With a judiciary where Judges appoint Judges and Judges interpret the Basic Structure of Constitution, the “Voice of Citizens” has been rendered impotent in our current Governance system.

While we need a balance between the powers of the Judiciary, Media, Legislature and Executive, currently the Judiciary has a disproportionate power and is unwilling to reform itself but dictates reformation in every other sphere.

Just as major changes in the legislative reforms requires approval of two thirds majority of the joint session of Parliament, the Constitutional interpretations of basic structure should be made possible only with two thirds majority of all the Supreme Court judges and not 3 out of 5 judges in a bench or 7 out of 13 in the bench where 6 judges donot agree with the other 7.

We therefore foresee that the Broadcasting Bill if passed will soon be referred to a constitutional bench of the Supreme Court and will not be operative in the immediate future.

With both the Judiciary and the Media failing in their respective responsibilities to uphold the democratic traditions, the future of democracy in India is firmly in the hands of citizens who can keep themselves free from the corruptive influences of freebies circulated by one section of politicians.

It is time for the public therefore to Awake, Arise and Stop not till the reign of corruption in various forms including corrupt political practices, morally corrupt Judicial system and Financially corrupt Journalism are eliminated.

Naavi

Posted in Cyber Law | Leave a comment