Tuesday, December 10, 2019

India proposes new rules to access its citizens’ data

India has proposed groundbreaking new rules that would require companies to garner consent from citizens in the country before collecting and processing their personal data. But at the same time, the new rules also state that companies will have to hand over “non-personal” data of their users to the government, and New Delhi will also hold the power to collect any data of its citizens without consent, thereby bypassing the laws applicable to everyone else, to serve sovereignty and larger public interest.

The new rules, proposed in “Personal Data Protection Bill 2019,” a copy of which leaked on Tuesday, will permit New Delhi to “exempt any agency of government from application of Act in the interest of sovereignty and integrity of India, the security of the state, friendly relations with foreign states, public order.”

If the bill passes, and it is expected to be discussed in the parliament in the coming weeks, select laws drafted more than a decade ago would remain unchanged.

Another proposed rule would permit New Delhi the power to ask any “data fiduciary or data processor” to hand over “anonymized” non-personal data — or “other non-personal data” — for the purpose of better governance.

New Delhi’s new bill — which was passed by the Union Cabinet in India last week, but has yet to be formally shared with the public — could create new challenges for Google, Facebook, Twitter, TikTok and other companies that are already facing some regulatory heat in the nation.

India conceptualized this bill two years ago and in the years since, it has undergone significant changes. A draft of the bill, which was formally made public last year, had stated that the Indian government must not have the ability to collect or process personal data of its citizens, unless a lawful procedure was followed.

Ambiguity over who the Indian government considers an “intermediary” or a “social media” platform, or a “social media intermediaries” are yet to be fully resolved, however. In the latest version, the bill appears to not include payment services, internet service providers, search engines, online encyclopedias, email services and online storage services as “social media intermediaries.”

One of the proposed rules, that is directly aimed at Facebook, Twitter, and any other social media company that enables “interaction between two or more users” requires them to give their users an option to verify their identity and then publicly have such status displayed on their profile — similar to the blue tick that Facebook and Twitter reserve for celebrities and other accounts of public interest.

Last week news outlet Reuters reported portions of the bill, citing unnamed sources. The report claimed that India was proposing the voluntary identity-verification requirement to curb the spread of false information.

As social media companies grapple with the spread of false information, that have caused at least 30 deaths in India, the Narendra Modi-led government, a big consumer itself of social media platforms, has sought to take measures to address several issues.

Over the last two years, the Indian government has asked WhatsApp, which has amassed more than 400 million users in India, to “bring traceability” to its platform in a move that would allow the authority to identify the people who are spreading the information.

WhatsApp has insisted that such a move would require breaking encryption, which would compromise the privacy and security that more than a billion people globally enjoy on the platform.

The bill has not specifically cited government’s desires to contain false information for this proposal, however. Instead the bill insists that this would bring more “transparency and accountability.”

Some critics have expressed concerns over the proposed rules. Udbhav Tiwari, a public policy advisor at Mozilla, said New Delhi’s bill would “represent new, significant threats to Indians’ privacy. If Indians are to be truly protected, it is urgent that parliament reviews and addresses these dangerous provisions before they become law.”



from TechCrunch https://ift.tt/35c5VII

No comments:

Post a Comment