Delaying the inevitable: Implementation of CERT-In’s Cybersecurity Directions gets a piecemeal extension

CERT-In has extended the timeline for partial enforcement of Cyber Security Directions dated April 28, 2022. The timeline for enforcement of the directions by MSMEs and enforcement of Direction 5 (a) and (f) by entities mentioned in Direction 5 is September 25, 2022.

Consultation paper on Media Ownership: TRAI-ing to do too much

tl;dr The Telecom Regulatory Authority of India (“TRAI”) released a consultation paper on “Issues relating to Media Ownership” on April 12, 2022. Highlighting that media pluralism is antithetical to the phenomenon of concentration of media ownership, the paper sought views on the need and method of regulation of cross-media

A comparison of state-level data policies

This blog post aims to compare and contrast the data policy for seven Indian states, namely, Punjab, Odisha, Karnataka, Tamil Nadu, Sikkim, Telangana and Chandigarh. Through this post, we attempt to analyse these policies through a lens of data protection and privacy.

Second time’s not the charm: Health Data Management Policy misses the mark again

IFF wrote to the National Health Authority (NHA) as part of the consultation conducted for the Ayushman Bharat Digital Mission’s Draft Health Data Management Policy (“Draft policy"). Through our comments, we highlight legal, socio-economic and implementation issues.

CERT-In Directions on Cybersecurity: An Explainer

On April 28, 2022, CERT-In issued directions aimed at strengthening India's cybersecurity. Issued without public consultations, these directions raise concerns related to state sponsored surveillance and data retention beyond need or purpose. We thus call on CERT-In to recall these directions.

Budget Session 2022: A Digital Rights Review

In the recently concluded Budget Session, we saw several key issues being taken up as part of the budget deliberations in both the Houses. In this post, we take a look at these disruptions and analyse how the Parliament fared with respect to digital rights.

Explainer: Bharat Financial Inclusion Limited Loan 'glitch'

Bharat Financial Inclusion Limited recently admitted to disbursing 84,000 loans without customer consent owing to a ‘technical glitch’. Though the bank took some steps upon the receipt of the complaints, there is little regulatory oversight and acknowledgement of these instances in general.

A flawed idea of InDEA!

IFF submitted comments in the ongoing consultation for India Digital Ecosystem Architecture (InDEA) 2.0 released by the MeitY in January 2022. Our core approach is towards ensuring that the rollout of the architecture happens in a manner that safeguards the rights of the user.

Summary of India Digital Ecosystem Architecture (InDEA) 2.0

In this post, we have presented a non-opinionated summary of MeitY's InDEA 2.0 paper, focussing on the data-rights-centric parts of the document. Through this summary, we hope to better inform public awareness and increase public participation on the issue.

Comments to the TRAI for the, "Consultation Paper on Regulatory Framework for Promoting Data Economy Through Establishment of Data Centres, Content Delivery Networks, and Interconnect Exchanges"

IFF responded to TRAI’s consultation paper which sought the establishment of Data Centres, Content Delivery Networks, and Interconnect Exchanges. We submitted our comments as obvious issues of innovation that serve users, net neutrality and data protection emerge for consideration.