Naavi.org

(Continued from the previous article)

P.S: This series of articles is an attempt to place some issues before the Government of India which promises to bring a new Data Protection Law that is futuristic, comprehensive and Perfect.

The honourable Minister of IT, Sri Ashwini Vaishnaw in an interview yesterday has indicated that

a) a new Telecom Bill will be introduced in the next 8-10 days to replace the archaic 1885 laws

b) Drafting of the bill to replace PDPB 2019 is practically complete and will be very soon uploaded for consultation and re-introduced in the Parliament in the budget session (February 2023)

c) Protection of online users will be covered in a new draft of the Information Technology Act with greater accountability among social media platforms for content that is being published.

It appears that both the revised Telecom Bill and Revised PDPB 2019 may be presented in draft from for public comments soon. Revised ITA 2000 is a more complicated exercise and the Government may immediately focus on getting a proper revised version of the Intermediary Guidelines that covers Digital Media.

In our attempt to design a New Data Protection Act (NDPAI) for discussion during the IDPS 2022 (Indian Data Protection Summit 2022) due in November 2022 based on the earlier statements of the MeitY, we had considered the possibility of a new law which combines the Governance and Security of Personal and Non Personal Data.

We had identified eight chapters in the law where chapters on Preliminary, Data Valuation Framework and Miscellaneous issues were common to both Personal and non personal data.

Chapter II was envisaged for creating the statutory law for recognizing the Right to Privacy in non digital environment so that the rest of the law could focus on “Information Privacy”

Chapters on Governance and Protection of Non Personal Data were meant to replace the ITA 2000.

We now await the new draft for Personal Data Protection which the minister has promised to produce soon. If the Government has to collect public comments and introduce it in February 2023, the  draft has to be released in October 2022.

We may continue our discussion and suggestions awaiting the draft and synch it with the draft when it is presented.

In this article we shall discuss the definition of the scope of the Act.

The scope of PDPB 2019 was defined under Section 2 and included 4 provisions. As per this section the Act would apply to

(a) the processing of personal data where such data has been collected, stored, disclosed, shared or otherwise processed within the territory of India;
(b) the processing of personal data by  any person  under Indian law;
(c) the processing of personal data by data fiduciaries or data processors not present within the territory of India, if such processing is—

(i) in connection with any business carried on in India, or any systematic activity of offering goods or services to data principals within the territory of India; or
(ii) in connection with any activity which involves profiling of data principals within the territory of India; and

(d) the processing of non-personal data including anonymised personal data.

The act was indicated as applicable to non personal data but only the following provisions could be attributed as applicable to processing of Non personal Data

i) Reporting of  data breach of non personal data to the data protection authority under this Act,

ii) Empowerment to direct any data fiduciary to share non personal anonymised data,

ITA 2000 on the other hand applied to all kinds of data and addressed issues of “Cyber Crimes” both with personal data and non personal data. Hence the scope of ITA 2000 was comprehensive and PDPB 2019 could only carve out some specific aspects of ITA 2000 (eg: Section 43A) and frame a separate law. The overlapping of ITA 2000 on PDPB 2019 and therefore the powers of the CERT IN over the DPAI became a difficult legal problem to sort out.

We may presume that the Government realized this conflict between ITA 2000 and PDPB 2019 and took the bold decision to withdraw the PDPB 2019 despite the embarrassment that the withdrawal caused to the country in the international circles.

Now it remains to be seen if the  Government vindicates its objective of withdrawal by framing a law which segregates the “Governance of Personal Data and Non personal Data” effectively between the new personal data protection act and new information technology act or under a combined act.

The “Protection  of Data” from unauthorized access, modification or access (CIA principle) applies both to personal data and non personal data and hence can be considered as a common requirement for both  personal data protection and non personal data protection. Additionally the data principals (owners of personal data) were recognized to have some “Rights” such as Right to Access, Right to Correction, Right to Portability, Right to Forget, Right not to be subjected to personal data processing without a legal basis, Right to withdraw consent, Right to Grievance redressal, Right to minimal collection, Right to minimal retention, Right to information about  processing before collection, (Notice).

Personal Data Protection recognized these “Rights” as an interpretation of the “Right to Privacy” extended in the form of “Information Privacy” where the “Ability to chose how the personal data of an individual could be collected and used is regulated. But ITA 2000 did not mention the “Right to Security of a Citizen” except through definition of “Cyber Crimes and Contraventions” and prescribing penalties. Each of the punishable offences or contraventions could be considered as a “Right of a Citizen against misuse of Non personal data” though the clarity was absent. Prevention of Cyber Crimes were looked at more as an obligation of the law enforcement duty of the Government rather than “Protection of the Right of Security of a Citizen of the Country”.

I feel that we now have an opportunity to define the “Duty of the Government” to provide Cyber Security by guaranteeing the “Right to Security” along with “Right of Privacy” in a single legislation.

In the NDPAI-Shape of Things to Come, we are therefore suggesting that “Rights” be defined of the Citizens of the Country in such a manner that any mis-use of personal or non personal data shall be protected. This obligation is only to the citizens of the country. Rights of “Other Residents of the country” including foreigners on transit for travel or employment must be defined separately and exclusions temporary or permanent must be added to illegal migrants, terrorists, convicted criminals and accused criminals subject to checks and balances as permitted in the constitution.

The current definition of “Scope” of the PDPB 2019 revolves around “Data” whether it is personal or non personal whether it is processed by an Indian organization or foreign organization and whether it is processed in India or outside India.

Even the GDPR defines the scope in terms of a mix of Material scope, Territorial scope and subject matter scope. In this mix, people forget the subject matter scope which says that the regulation is “relating to the protection of natural persons” . Everything else including the regulation of what is called “Personal Data” is incidental to the protection of the natural person.

In view of the lack of focus, we normally consider that the basic purpose of GDPR is to “Protect Personal Data” and derive many of our compliance requirements ignoring that the core objective of GDPR is to protect “Natural Persons” and the scope is limited by international jurisdiction to “Protection of Natural Persons who are the citizens of EU”. Extra territorial jurisdiction is only in “Hot pursuit” of the protection of the rights of the citizens.

GDPR does make reference to “Residents of EU” and try to protect them under GDPR. This is more an obligation in recognition of human rights on a global scale and not necessarily as a duty under the EU Constitution.

India can chose to also protect certain rights to legal residents of the country as a part of its global obligations. But instead of mixing up these rights with the rights of citizens, it is better to define it exclusively.

Hence we need the NDPAI to recognize

a) Rights of living natural persons who are recognized citizens of India 

b) Rights of living natural persons who are recognized citizens of a sovereign country recognized by India under authorized residence in the territory of India 

c) Rights of deceased natural persons who were recognized citizens of India

d) Rights of deceased natural persons who were recognized citizens of a sovereign country recognized by India under authorized residence in the territory of India

We therefore suggest consideration of defining the scope of the NDPAI with reference to protection of rights of natural persons on the basis of their citizenship and define the territorial scope, material scope etc with the core objective of protecting the rights of the Citizens. This would meet the constitutional obligation which the Supreme Court also highlighted in the Puttaswamy judgement. Definition of Rights in this context will automatically fix the scope of the law.

We may recognize that the term “Data Principal” in a personal data protection context may refer to persons with a right on a personal data set which includes “Guardians” of minors or Data Fiduciaries/Consent managers with contractual right to manage and monetize.

In the context of non personal data, data is owned by an organization or an individual and any mis-use affects another individual or an organization indirectly as a victim of cyber crime. The individual victim of a cyber crime always has an involvement of his personal identity being in some way compromised. Hence Cyber Crimes against individuals can always be considered as crimes under Personal Data Protection Act.

Since “Corporate entities” are not protected with a “Right of Privacy”, their right to protection is in the form of right to carry on business without disruption etc. The Non personal data protection act needs to protect such entities who are not “Natural Persons”.

Similarly deceased persons may not have all the rights of a Citizen and hence must be covered separately. So also are “Residents who are not Citizens” whose rights  are to be considered separately.

In the  case of Non personal data, we can define a term “Data Guardians” who are custodians of data and are the “Data Fiduciaries” in that context. In our earlier article on the roles, we discussed the role of a data fiduciary as “Data Manager” taking into account the possibility of profiling and monetization. May be the term “Data Guardian” is a better proposition which covers the Data Controller, Data Fiduciary, the Consent Manager and Data Processors.

Within this category of Data Guardian, different classes as “Personal Data Guardian” and “Non personal data guardian” can be identified.

In this approach we can define the applicability of the Data Protection regulation in terms of the end stake holder who is either a Data Principal or a Data Guardian and what rights of these stake holders are protected.

Data Principal is given protection of his Right to Privacy and the subordinate rights such as Right to access etc. Data Guardian has the obligation to meet the compliance requirements. Right to Security is applicable both to the Data Principal and the Data Guardian if they are citizens of India or established under the Indian law or otherwise carrying on activity in India as a resident.

We may therefore re-write the Section 2 of the PDPB 2019 appropriately.  The exact drafting of this “Scope Section” will be attempted in a follow up article.

Open for debate… Send your views. Those who are willing may contribute a video recording (not exceeding 5 minutes) on how do we define the scope of the New Data Protection Act of India, for being carried in IDPS 2022 (Expert View Section)

Naavi

P.S: These discussions are presently for a debate and is a work in progress awaiting more inputs for further refinement. It is understood that the Government may already have a draft and may completely ignore all these recommendations. However, it is considered that these suggestions will assist in the development of “Jurisprudence” in the field of Data Governance in India and hence these discussions will continue until the Government releases its own version for further debate. Other professionals who are interested in participating in this exercise and particularly the Research and Academic organizations are invited to participate. Since this exercise is too complex to institutionalize, it is being presented at this stage as only the thoughts of Naavi.  Views expressed here may be considered as personal views of Naavi and not that of FDPPI or any other organization that Naavi may be associated with. 

(Continued from the previous article)

P.S: This series of articles is an attempt to place some issues before the Government of India which promises to bring a new Data Protection Law that is futuristic, comprehensive and Perfect.

We have been discussing the need for Protection of Privacy Rights to be augmented to protection of Neuro Rights (The series of articles published in this site are also collated at www.neurorights.in).

So far the discussions have been related to the “Brain Computer interface” through electro magnetic radiation that would bring chemical changes in the brain cells leading to specified neuron activity.

The human brain is said to function with “Brain Waves” which are electro magnetic waves which function in a certain frequency range (or wave length range which is in inverse proportion to frequency) as below.

Externally there are radio waves, Cellular mobile waves and other frequency waves that we come across in the atmosphere. These waves are at a higher wavelength.

5G spectrum which we often hear are in the frequency range of 1GH to 6 GH. (One megahertz (MHz) equals 1,000,000 Hz. One gigahertz is equal to 1,000 megahertz (MHz) or 1,000,000,000 Hz or 10⁹ hertz. In wavelength terms, 1GH is approximately 0.299 metres).

We have heard that radiation from mobiles, mobile towers as well as microwave ovens do affect human brains.  Though human body system is tuned to receive certain signals and ignore certain signals the fact that “electro magnetic” is the nature of human brain activity and also the activity of other devices including computers.

The “Brain-Computer interfaces” involving electrodes fixed on top of human skull or chips inside the human skull have gone past animal experimental state and are in advanced state of adoption in our common life. Binaural beats used in music technology is an example on hand.

Current demand for Neuro Rights protection is based on the possibility of manipulation of human brain with implants and other external stimuli which are perceivable by human sensory organs.

Now a new requirement seems to be emerging with scientific developments which indicate the possibility of manipulation of human brain activity without implants and outside the human sensory organs. In other words certain waves which are not heard by our ears or seen by our eyes can be used to manipulate brain activity.

The Privacy concepts such as “Right of Free Choice”, “Expression through a written consent” etc loses meaning when some body can make a human think as per his wish. This is not in the realm of hypnotism or other known forms of psychology through external stimulation. This is a completely new method of intervention of human brain that escapes regulation in any of our known laws.

A serious thought is therefore required to discuss whether our proposed new data protection law should incorporate “Neuro Right Protection” . This will be a point of discussion that  may come up during the IDPS 2022.

In our suggestions we added “Neuro Privacy” as a category to be addressed by  this new law along with other three forms of privacy namely the Physical privacy (non interference in physical terms), Mental Privacy (Right to be mentally left alone) and Information privacy (Right to manage the use of personal information).

We defined neuro privacy as

(c) “Neuro Privacy” means the choice of an individual to determine to what extent the individual may share his neuro space with others

Perhaps for the purpose of the Act this would suffice. But when it comes to “Reasonable Security to Protect the Neuro Privacy” or “Neuro Privacy by default”, the rules need to address how the neuro intervention devices are regulated.

In one of the recent researches it is contended that “Micro waves” are being sent from drones in an US experimental site and the target population are experiencing mental harassment due to the experiment since they seem to be hearing things.  Patents are being claimed for “Microwave Voice to skull technology”.

This patent describes it as an

“invention relates to a hearing system for human beings in which high frequency electromagnetic energy is projected through the air to the head of a human being and the electromagnetic energy is modulated to create signals that can be discerned by the human being regardless of the hearing ability of the person.”

The patent applicant claims

” I have discovered that a pulsed signal on a radio frequency carrier of about 1,000 megahertz (1000 MHz) is effective in creating intelligible signals inside the head of a person if this electromagnetic (EM) energy is projected through the air to the head of the person”

Just as inputs to computer can be given in the form of key strokes or voice commands, in future, Brain-Computer interfaces may operate with sound waves instead of through  a remote computing device.

It is this sort of developments that need “Neuro Rights” to be defined now though we may need time on making rules to regulate the protection of Neuro Rights.

Psychiatrists seem to be ignoring the possibility of human brain activity manipulation through sound waves and dismissing the claims of some people in the alleged experimental area as a kind of neurosis.

Watch out for IDPS 2022 where we may take this discussion further… Provided there are speakers who can share their thoughts.

Naavi

Reference

Patents : Google Patent on Prevention of abuse which inter-alia provides information on other patents on the remote monitoring of human brains in China and elsewhere

News Report..Video below

Introduction	2. Preamble	3.Regulators
4. Chapterization	5. Privacy Definition	6. Clarifications-Binary
7. Clarifications-Privacy	8. Definitions-Data	9. Definitions-Roles
10. Exemptions-Privacy	11. Advertising	12. Dropping of Central Regulatory authority
13. Regulation of Monetization of Data	14. Automated means ..	15.Prevention of Data Laundering-Policybazaar data breach
16. Should neurorights be recognized?	17. Types of Consents	18.Cross Border REstrictions on Transfer

FDPPI is an organization of the data protection professionals and by the data protection professionals. The organization is supported by the aggregation of activities of its members.  For practical reasons some members are designated as “Supporting Members” so that they act as divisions of FDPPI for generation of revenue through their activities. But all other members are like flesh and blood of the organization. If they are active, FDPPI is active.

This concept extends to the conduct of IDPS 2022 the flagship event of FDPPI. We would like to make this event the flagship event of the Data Protection Community in India of which FDPPI is a part.

The event is being conducted as a 3 day virtual event between 11th, 12th and 13th November 2022 between 2.00 pm and 8.00 pm (IST) or 8.30 am GMT to 2.30 pm GMT.

During this time and day, the event would be live. During these 18 hours we can accommodate perhaps 6-8 keynotes and another 6-8 panel discussions.  This  means that we can listen to around 30 -35 speakers and share their thoughts with the audience.

The canvas of discussion is “Privacy and Data Protection” and the theme is “Shape of Things to Come”. We therefore need to discuss the current laws in India and elsewhere, the technology of protecting Privacy and data, the Governance of Data for protection and monetization and many other related issues.

We are fully aware that the number of available speakers and the amount of knowledge they can contribute are much more than what we can present in 3 days. We cannot accommodate them all despite our best intentions.

We are also aware that this is a dilemma that is faced by every organizer of such programs world over. There are too many deserving speakers who ought to be heard. But either the organizers cannot reach out to them or the speakers are not available at the required time and place for the event. This often results in losing an opportunity to hear the experts and some times disappointing speakers who are eager to share their knowledge.

FDPPI therefore has opened it’s doors for speaking opportunities during the IDPS 2022 to the community so that IDPS 2022 is to be an event of the Data Protection Professionals by the data protection professionals and for the data protection professionals.

We therefore invite data protection professionals who would like to contribute their thoughts to the “Shape of things to come” in the domain of Privacy and Data Protection in the IDPS 2022 to send us recorded video clips preferably of less than 5 minutes. These recorded videos would be broadcast on the IDPS 2022 platform during the time 6.00 am (IST) to 12.00 noon (IST). This will ensure that the content would be available for the US-Australia time zone as an extension of the live sessions which are more suitable for the India-Gulf-EU time zones.

The video may be kindly recorded if possible with the background setting of the image provided above. Naavi would be available for checking the topic of discussion as well as for a participative recording of the views as a conversation if it is preferred.

The end objective of this exercise is to ensure that IDPS 2022 becomes an event of the community of data protection professionals.

We hope that we will also be able to show case the professionals who would otherwise miss participation in the event. For the upcoming speakers this is an opportunity to be present on this platform.

I request all professionals to make this concept a success.

Naavi

A Discussion has ensued on the regulatory structure for online gaming in India. Today’s news paper reports suggest that a confidential report has been submitted by a Government panel on regulation of online games such as Dream11, Rummy circle etc.

The focus appears to be the games which have become casinos with a large part of speculation and chance  built into the winning. As against this, “Skill games” including say the online chess playing arena will continue to represent another end of the spectrum of online games where “Skills” are more prominent than “Chance”.

The driving force for the regulation seems to be the “Taxing” of income of the game operators under GST.

The regulation will try to therefore consider how “Chance” based games donot turn into “Online betting centers and casinos”.

Mixed with these games for money, are the games like the “Blue Whale” which create social issues in the community and also have to be regulated.

To make the issue complicated, we also have the emerging “Meta Verse” where “Gaming” evolves into a more immersive interaction.

The “Crypto Currency” system where a hashing challenge determines the winner of a Bitcoin/Crypto currency is also a “Game of Chance” since there is no skill is involved in the winning.

If the idea is to charge GST, it will be essential to “Value” the winnings in the form of “Loyalty coupons”, “Coins”, “Cryptos” etc and the regulation will be incomplete without such data valuation.

Most games also appear as “Mobile Apps” and may involve malicious apps that may steal data or commit frauds of other kind.

Some games are harmful by being addictive and some are educative (cross word puzzles, hangmen)  or brain stimulating (sudoku, memory games).

In some instances game rewards are issued as loyalty points that can be used as currency within the game. If they cannot be converted into legacy currency or tradeable crypto currency, the rewards live within the gaming system. But if they can be encashed to legacy currency then there are other issues such as taxation, gambling etc. Many games have a monetization plan where external legacy currency can be used for buying game currency. This mixes up legacy currency with game currency and problems arising thereof need to be recognized.

In view of the above, “Gaming Regulation” does not end with  just an appointment  of a “regulator” but has serious implications on every aspect of Cyber Crime law and Data Protection Law.

In order to ensure that the regulation addresses only such concerns of the society that needs to be regulated, there is a need to clearly define and segregate different types of gaming so that appropriate regulation may be imposed.

The definition of “Online Gaming” used in the  Online gaming (regulation) bill 2022 which  was introduced in April 2022 on which the panel must have deliberated and issued a confidential report on 31st August 2022 states as under

“Online Gaming” means games played on any electronics device including Personal Computers, Mobile Phones, Tablets and other devices;

This is a generic definition and does not address the issues that arise regarding how an online Chess game is distinguished from a Blue Whale game or a Dream11 or Rummy circle or a Crypto Currency mining game.

The bill tries to create a regulator (Online gaming commission) and issue licenses to gaming servers so that others who donot have license can be declared illegal. (Section 5 of the Bill).

It exempts hosting and other backend services provided from India for those who operate gaming outside India  and protects the interests of such service providers.

The offences may be recognized as cognizable and also invoked by the intervention of the regulator.

The challenging part of the legislation is section 19 which overrides other legislations by stating

“The provisions of this Act, shall be in addition to and not in derogation of the
provisions of any other law for the time being in force and, in case of any inconsistency, the provisions of this Act shall have effect to the extent of such inconsistency. “

This requires an interplay of this  legislation with ITA 2000 and also the IPC.

Details of regulation are left to the rules.

The most important part of this legislation would be

1. Segregating different types of gaming such as Educative, Fun, monetary, harmfully addictive, etc
2. Ensuring that “Crypto Currency mining” come within the definition of “Chance based gaming” requiring a license.
3. Ensuring that game only rewards donot get converted into legacy currencies.

A detailed debate is therefore required before this regulation comes into existence.

(Let us discuss this further. I invite comments)

Naavi

Reference:

The Online Gaming (regulation) Bill 2022

Singapore introduces online gaming regulation

Shortcomings of online gaming bill

Government panel calls for regulatory body, new law for online gaming

Functionality and Security are two dimensions of any software that needs to be balanced through regulation. Internet and E Mails were created with a purpose of effective communication and hence functionality was the prime concern in the design of protocols such as TCP-IP or SMTP.

With the growing use of Internet and E Mail for business, the need for Security in these protocols has become critical. Hence the current systems need augmentation for security considerations.

One of the problems which is confronting the internet society is the problem of “Phishing” where unauthorized and  impersonated e-mails are used for commission of frauds.  This must be addressed if we want to improve the trust in Internet communication.

Preventing misuse of E Mails requires two aspects namely authentication of the origin of the E Mail and prevention of modification of the E Mail content in transit.

These two security controls are addressed through “Digital Signature” and “Encryption”.

India has adopted a PKI based system based on a central regulatory authority namely the CCA (Controller of Certifying Authorities) granting licenses for Certifying Authorities who in turn control the Digital Certificate issue system.  The Digital Certificate issue/Signature  system consists of the use of accredited hashing algorithms and public-private encryption along with the creation of the key pairs, embedding them in tokens etc.

These Certifying authorities also provide the “revocation” and “Verification of Non-revocation” of digital certificates to ensure that the community can use the system with assurance.

The popular e-mail systems like G-Mail however are not designed for the use of the digital signature system and users need client side applications to use digital signatures for authentication or encryption.

When a single pair of public-private key is used both for authentication and encryption of content, a problem is likely to arise when crime investigators require access to encrypted content through the exercise of powers under Section 69 of ITA 2000. Sharing of the private key under this circumstance will need an issue of a new digital certificate for further use of the subscriber.

Presently the solution to this problem is to issue two key pairs with one set being used for authentication and another set used for encryption so that when required or as a certificate issue protocol, the private key for encryption can be escrowed with the regulatory authority.

While the digital certificate issuers have enabled such “Dual Key” system, the end user applications are still not fully equipped to use such dual key systems.

In the meantime, to overcome the shortfalls in the current e-mail communication where the content can be intercepted and altered  in transit through some forms of man-in-the-middle attack , an attempt is being made to create new Secure E Mail systems.

The undersigned came across one such system recently which is worth sharing here.

A Dubai based company with a development center in Bangalore has created an E Mail system which is considered as a “Blockchain” based application which can be used by enterprises for secure E-Mails within an enterprise eco-system.

The essence of the system is that the E Mail is encrypted with the public key of the recipients and hence remains encrypted in transit and storage. This requires the users to be on boarded on to the systems and issued digital certificates and the key pair of public and private keys.

If security in transit is the only concern the digital certificates can be issued by a system even if it is not belonging to the “Licensed Certifying Authorities”. If “Authentication” is also a requirement, it may be necessary for the enterprise to integrate this e-mail system with a local certification server as a sub agency of a licensed certifying authority.

One interesting feature of this system is that apart  from bringing all employees of an organization into the system so that e-mails between them can be encrypted, the organization can also on-board outsiders to the extent of their interaction with the enterprise just like the ‘Boxbe’ kind of systems which try to maintain an approved guest list for persons to receive the emails.

While it is difficult to impose the “Registration of Guest” before the email is allowed entry to the recipient’s inbox, in a personal communication, it may be possible in an enterprise communication particularly between Banks and its customers or E Commerce companies and its customers.

If all Banks start using such systems, then Bank frauds using “Phishing” can be eliminated since all Bank to customer e-mails will then be handled only through the dedicated e-mail system with encryption. This could mean that the Bank may have to create e-mail space for all its customers but the volume of data transmitted will be restricted only to the Bank-Customer communication and not others.

Presently Banks do provide for in-app communication either through the mobile app or after logging into the internet banking. But the use of the designated e-mail could be a more convenient option.

If “One Designated email for one customer ID” can be extended by every bank, then even the UPI IDs can perhaps be integrated with this special e-mail ID and there could be better security in the overall process.

The system can perhaps be used even by the Government so that communication between Government servants can be encrypted.

At present the system is good for enterprise e-mail systems and may be some integrator can create a “Regulated Anonymised E Mail System” where privacy is ensured subject to the law enforcement rights. Such a system could be a replacement of the “Proton Mail” which could be non compliant with the recent CERT-In guidelines and can only function as a “Not Legal” service.

“Regulated Anonymity” was a  system suggested more than a decade back by Naavi when the concept of BlockChain or even Privacy as we know today did not exist. Perhaps the system can be tweaked to meet the current requirements through this new system created by the Bangalore company.

I urge companies to explore this solution (request for contact if required) of “Secure Enterprise E Mail” that could be one of the use cases for Block Chain technology.

(Comments welcome)

Naavi

FDPPI is conducting IDPS 2022 which is a flagship event of FDPPI and an apex national event. During the three day virtual event that is taking place this year between November 11-13, about 30-40 speakers would be taking part.

We are aware that there are many more experts in the domain not all of whom can be identified by us and invited for the program. In fact FDPPI has over 200 members each of whom are decorated professionals and could contribute to the society with their knowledge. But we cannot accommodate all of them as speakers in this prestigious event.

However, we now have an alternative. We would like to collect both text and video messages from experts around the world and publish it as pre-recorded videos or messages during the IDPS 2022.

We therefore invite experts to contribute text or video messages by email  if they have a view on Privacy and Data Protection or related areas.