Data Protection

#PrivacyofThePeople - ASHA Workers and Employee Surveillance

In our new series #PrivacyofThePeople, we will look at the impact of the Personal Data Protection Bill, 2019 on different sections of society. In this post, we discuss how the Bill affects workplace surveillance at large through the ASHA workers’ recent fight for digital privacy and detail .

Our recommendations to protect Indians against data breaches

In view of the rise in data breaches, we write to MEITY with recommendations to prevent data breaches and provide redressal against them.

#DataProtectionTop10: Protecting whistleblowers, digital security researchers, and vulnerability testers

In Part 10 of the #DataProtectionTop10 series, we discuss the need for protection of whistleblowers, digital security researchers, and vulnerability testers. We recommend that the Bill make suitable amendments to provide clear provisions detailing such protections.

#DataProtectionTop10: Some holes that need to be plugged

In Part 9 of the #DataProtectionTop10, we analyse some miscellaneous provisions in the PDPB and recommend that the Bill acknowledge a natural person as the owner of her data, provide sound provisions for facilitating the transition to the new regime, and give the RTI Act precedence over the Bill.

#DataProtectionTop10: On the Importance of a Strong, Transparent, and Independent Data Protection Authority

We analyse the provisions in the Personal Data Protection Bill, 2019 which relate to the Data Protection Authority of India (DPA) and its independence, transparency, and constitution. We recommend that it not be bound by the Central Government's orders.

Cybersec Charcha: Understanding the booming ransomware industry

In the second edition of Cybersec Charcha, we are taking a deep dive into understanding the unregulated ransomware industry, what a ransomware attack means and the consequences it can have.

Despite CIC’s observation that MeitY's response to us was “grossly improper," MeitY issues the same response again #SaveOurPrivacy

CIC directed the CPIO to re-visit our original RTI and provide a revised reply and info, if (comments on consultation on PDPB). However, the CPIO simply cited the same exemption under S.8 of the RTI Act that she had provided before the CIC.

#DataProtectionTop10: State Security and Surveillance

In Part 7 of the #DataProtectionTop 10 series, we discuss the provisions in the Bill which enable the State to engage in large scale surveillance. Blanket exemptions without a sound oversight and review mechanism raise concerns. Thus, we recommend that a chapter on surveillance reforms be inserted.

#DataProtectionTop10: Data Localisation

In part 6 of the #DataProtectionTop10 series, we look at the restrictions imposed by the PDPB on the transfer of personal data outside India. We recommend that the Bill explicitly define critical personal data and not impose undue restrictions that affect the open nature of the internet.

#DataProtectionTop10: Voluntary Social Media Verification

In Part 5 of the #DataProtectionTop10 series, we analyse the various issues with the inclusion of social media intermediaries under the Personal Data Protection Bill, 2019, and the provision for voluntary verification of user accounts. We recommend that the relevant clauses be removed.