For a long time, there has been a set of vested interests in India who have been opposing the “Data Localization” concept. They succeeded in diluting PDPB 2018 to PDPB 2019/DPA2021 and removed the need for a copy of non sensitive personal data being retained in India.

One of the arguments that Naavi.org had placed is the potential positive impact of the data localization on the business of creating new data centres and data centre professionals.

The argument based on the law enforcement needs was easy to understand but the objections raised in the form of “No facilities exist in India”, “There is a shortage of professionals” etc continue to make rounds in the sponsored media.

However, it appears that the trend is slowly changing and now we are seeing a series of stories which try to highlight the economic benefits in the Data Center domain though  it is yet to be linked to the DPA 2021 as an expected benefit.

Today’s article in economic times titled “Infra status to data centers may spur Rs 700-720 billion investments over 5-10 years”

Money Control reports “How Data centres could spur a wave of investments  in infrastructure”that the demand for data centres will spur the growth in real estate as well as power sectors.

Mint in its article “Data Centre boom to spur talent race” says,.. “India’s data centre boom is expected to generate thousands of jobs and fuel a race for talent in the years ahead, in a repeat of the talent hunt now playing out in the country’s information technologies services sector”.

The sudden spurt of the many articles indicate that a powerful sponsor has joined the race of data centres in India which has woken up all the journalists to write about data centres.

Is it the Jio? or Google? or Microsoft? or Tatas?…. or a new entity?… We should know soon.

But it appears that the resistance to data localization in DPA 2021 is likely to now decrease since one part of the industry would significantly benefit from the Act.

Naavi

For a long time, WhatsApp and its supporters argued that technically it is not possible to track the origination of messages. When the Government introduced the provision as a notification under ITA 2000, technology experts in India endorsed the claim of WhatsApp.

Naavi.org time and again called out for firm action against such pseudo techies who wanted to oppose regulations in support of security. Some of the articles that discussed this are

Court has to nip this foreign media revolt against the Indian Government in the bud

WhatsApp petition deserves to be rejected at admission stage itself.

But recently, it appears that WhatsApp has agreed to make the necessary changes to enable identification of the origin of a message.

The above article in Zeenews suggests that WhatsApp has now agreed to introduce a message ID in the form of a unique hash which will travel with the message when it is forwarded.

This will go a long way in reducing the misuse of WhatsApp for spreading fake news.

Techies who once supported the views of WhatsApp need to eat their  words and change their attitude to oppose all security measures suggested by the Government and spread internet anarchy.

Naavi

Mark Zuckerberg and Elon Musk are both individuals who are targeting the future for their  business expansion. If they are present it is clear that they have identified some big potential. Neuro Technology is one area where both are now trying to explore.

Mark Zuckerberg has progressed from Face Book to Meta and this is an intermediary step towards technologies that merge with neuro Technologies. Elon Musk’s firm Neurolink is already planning human clinical trials for some of its “Brain Chip”.  We can expect that both IBM and Google would also be already drawing up their own plans on how to extend their business to the “Human Mind space”.

Elon Musk’s Neuro Link co-founded in 2016 has reportedly successfully implan ted artificial intelligence microchips in the brains of a monkey and pig and is now planning to run tests on humans. (Details of the experiment  on the  monkey is available here)

Neuro Link trial demonstrates the effectiveness of the deep brain implanted chip which is charged wirelessly and is able to pick neuro signals from the brain, process it in the external computer and feedback the learnings to improve the ability of the subject to “Think of some thing and make the computer react”.

The Meta project of using an external device to provide immersive experience through the visual presentation is also supplemented with the devices which can move the hands and legs entirely through mental thoughts.

These developments indicate that the need to regulate the use of neuro technology is more evident than ever before. While the traditionalists are still harping on Cambridge Analytica and its impact on the US Elections, the alleged privacy violation of Cambridge Analytica pales into insignificance when we consider the developments that are happening in Neuro science.

 “Neuro Rights” to be codified into a law is therefore a current concern and India needs to address this as soon as possible.

Naavi

For a long time many are arguing that there is a power behind chanting of Mantras. Though the mention  of  “Mantras” immediately invokes a religious feeling and triggers a “Flight Response” in some individuals, everybody will agree if we say “Music” has an impact on human brain.

The principle that these thoughts represent that “Auditory Impulses” of a certain kind can interact with the human neural system. This could a positive effect that can calm the brain from a stressed situation or even excite the brain. The “War Drums” and “War trumpet” was perhaps designed to trigger an excited response from the soldiers while the “Om” Chanting or Gayatri Mantra chanting could be a de-stressing and creation of positive brain energies.

Neuro science is discussing the effect of “Binaural Beats” and its effect on sleep, therapy, meditation etc.

The concept of “Binaural Beats” is that when two tones of slightly different frequencies are played on separate ears simultaneously (say through head phones), the human brain perceives the creation of a new third tone whose frequency is equivalent to the difference between the two tones played.

For example, if a person hears a tone of 410Hz and 420 Hz in different ears, he would be hearing a binaural beat with a  frequency of 10 Hz.

Such effect is also seen in visual perception when an Optical Illusion” is created in a image consisting of a series of bright and dark spaces.

Binaural beats are said to provide many benefits in meditation, lowering of stress etc. It is said that in order to produce a binaural beat, the two tones sounded in the ears must both have frequencies below 1,500 Hz with a difference of no greater than 40 Hz between them.

The effects of the binaural beat will depend on its frequency and the corresponding brain wave. For example, a natural beat with a frequency between 4 and 7 Hz is more likely to align with theta brain waves, promoting sleep and relaxation.

Probably this alignment of the beat with the brain waves is behind the addiction of our youngsters to headphones.

There is however a need to research if the binaural beats have any harmful effect also.

In the context of “Neuro Rights”, we can infer that if there is a phenomenon of “Binaural Beats” and certain music can create modification of brain waves as a result, it is a subject matter of Neuro Rights regulation.

Naavi

All privacy laws from GDPR to DPA 2021 define “Personal Information” (PI) and a need to “Protect Personal Information”.

In defining PI, the popular definition is that any information “about” a living human constitutes PI and should be subject to some regulation such as valid consent for processing etc.

Additionally, most laws also  define “Creating a Profile” constitutes a “Data Processing activity” that needs consent and the generated “Profile” is also part of the “Personal Information” which the data principal has a right  to control. The right of data portability extends to not only information provided by the data principal to the data fiduciary during the collection process but also to the profile created by the data fiduciary.

The Cambridge Analytica dispute was centred around the use of personal information to create a political profile for the purpose of targeted advertising.  Recently, I came across an article arguing that “We should stop automatic profiling of people”. Though this was in the context of an organized data processing activity, the article triggered some thoughts to indicate that this principle that “Profile” is part of personal information and is protected under privacy laws as an asset of the data principal requires a larger debate.

I am aware that this is a contrarian thought and is presented for the purpose of academic debate. It is not to be construed as an interpretation of the data protection law which by popular interpretation considers “Profile” is part of the personal data and needs to be protected by consent or legitimate interest. It is also subject to the right of portability and right to forget irrespective of the intellectual property rights associated with the creation of the profile, though the principles of anonymisation may be used for profiling of a group of people without violating the principles of privacy.

“Imaging a profile” is a fundamental and natural reaction of the human brain as a stimuli to any observation. This is part of the “Fight or Flight” response triggered in the human system.  The first step in this fight or flight response is to understand  the behaviour of people in a particular situation which  includes “Profiling” whether it is correct or incorrect. If the inference creates a more than threshold danger perception, it would trigger an action potential for fight or flight. Otherwise it is recorded for further processing. When the behaviour gets repeated next time, the brain may interpret that this person habitually of a particular behavioural trait and if it is not considered desirable, the brain triggers a “Mild fight or flight response”.

Thus “Drawing Inference” from any observation is a natural human trait and if it is absent we call a person un-intelligent or even an idiot.

The same tendency when carried out by a software is considered as “Profiling”. In this case the inference may lead to targeted advertising the same way human inference of a person as friendly leads to opening up a conversation.

Considering that this “Inference” is a natural human trait therefore, banning it through the privacy law is an unnatural inhibition on the human tendency and is unlikely to be effective.

On the other hand any misuse of information causing a harm to the individual whether through profiling or not can be considered as a “Civic Wrong” and be subjected to punishment.

We need to therefore debate whether “Profiling per-se” is bad in law or “Misuse of Profile alone is bad in law”.

It is therefore sufficient if privacy laws distinguish “Profiling per-se” and “Use of Profile” and not consider “Profiling per-se” as a “Violation of Privacy Right per-se” while the mis-use of profile can continue to be considered as a punishable act.

Comments are welcome.

Naavi

In a highly laudable move, the TRAI has mooted an idea that Caller IDs as linked to KYC information should be displayed when a person receives the calls on a phone device.

In effect this would substitute the True Caller service where True caller displays the popular ID of the caller as it gathers from different members over a time.

The True caller system was useful to avoid spam calls but was not accurate. It could lead to caller ID not being available for new SIM registrations. It could also be wrongly tagged either positively or negatively if a few persons could act in tandem. The True Caller system was also a Privacy Nightmare since it collected third party information for which there was no privacy consent.

On the other hand, MSPs already have KYC data for all Indian subscribers and if this data base  is linked to the incoming number display system, the receiver of the call could see both the incoming number  as well as the registered name.

Some refinements may however be required where by the disabling of caller ID display should be prevented and a secondary user name should be available to the user so that owner of multiple numbers could designate the secondary user’s name to be displayed. For example if the head of the family wants the Phone/SIM to be used by his wife, children or other family members , the caller ID may be allowed to be displayed with the primary name fed from the MSP data base while the secondary name may be a variable at the discretion of the user.

The verifiability of the caller ID will go a long way in preventing Vishing frauds particularly when OTP is collected by fraudsters by impersonated calls. Hence the measure would substantially help the Bankers in avoiding the Phishing Risk particularly after the introduction of the limited liability system.

It was surprising that RBI never thought of such a provision from its own concerns since this is likely to make even the OTP system more robust and avoid the SIM cloning frauds.

The Data Protection Law as is envisaged today and the provisions under the Intermediary guidelines under ITA 2000 has suggested that the option of “Verifiability” has to be provided to all Indian subscribers of messaging services and once verified, the verified name has to be displayed along with the message.

The TRAI has pre-empted the move for MSPs and we hope this does not remain a suggestion only on paper but is introduced shortly. We should expect that the Telecom giants will oppose the move and cite Privacy Concerns. However, there is no privacy issue here since it is the duty of the caller to identify himself with the called. It is the right of the called to know who is calling before he picks up the call since “Call” is a “Transaction between two parties and both have to consent to talking”.

As a logical step, TRAI has to extend this provision to G-Mail and other email service providers so that phishing over e-mail is also prevented.

Further, MeitY should extend this to all domain name registrars and ensure that the identity of domain name owners is made available on demand since fraudulent websites hide the identity of the registrants and escape the reach of law.

Once again, Congratulations to TRAI for the initiative. Kindly carry it through to implementation.

The move should be welcomed by all genuine business houses since they would like to interact with their customers on an identified basis. Today Banks are unable to have telephonic conversation with their customers since the moment a person says “I am calling from ……Bank”, we disconnect. Genuine business calls therefore are missed. Even when we need to call a friend, we have to take care to send him a message first that  “I will call you shortly” and call only thereafter. These inconveniences are prevented by this measure.

Naavi