Tag: privacy

Data security is one of the most overwhelming errands for itself and info-sec experts. Every year, organizations of all sizes spend a sizable part of their IT security financial plans safeguarding their associations from programmers’ goal of accessing information through beast force, taking advantage of weaknesses, or social designing. All through this guide are joined that will assist you with more deeply studying the difficulties connected with getting touchy information, guaranteeing consistency with government and industry commands, and keeping up with client security. Alongside the difficulties, you’ll track down guidance on the most proficient method to tackle them.

Aarogya Setu is a versatile application created by the Government of India which interfaces the different fundamental wellbeing administrations with individuals of India. The application is assuming a critical part in our consolidated battle against COVID-19 and presently, has developed as the National Health application to serve individuals of India excellently. The application has concocted an instinctive User Interface and extensive highlights like ABHA (Health ID) creation, disclosure, and connecting of wellbeing records to empower longitudinal computerized wellbeing records, Simplified Consent Management for sharing these records, and a Seamless Search element to find Nearby Hospitals, Labs and Blood Banks.

Aarogya Setu, a COVID-19 following Indian application created by the National Informatics Center under the Ministry of Electronics and Information Technology, was sent off on 2 April 2020. This application is intended to monitor every one of its clients whether they are experiencing the Corona infection illness or have been in ongoing contact with any such individual. The application targets expanding the drives of the Government of India, especially the Health Department in proactively contacting and educating the clients regarding the application concerning the dangers, practices to stay away from them, and significant warnings relating to the regulation of COVID-19. It likewise interfaces fundamental well-being administrations with the resident to battle against COVID-19.

On 14 April, Prime Minister Narendra Modi addressed the entire country to download the App. This App utilizes the telephone’s Bluetooth and GPS framework to keep a record of the well-being status, everything being equal. These records are put away till the client tests positive or pronounces side effects through a self-evaluation study by the application. The information gathered by the application is extensively partitioned into 4 areas segment information (name, portable number, age, orientation, and so forth), contact information (like the general distance between people), self-evaluation information (client’s reaction to the review by Aarogya Setu) and area information (geological area of contact with different clients), altogether known as reaction information.

WORKING ON THE APP

After introducing the application, it gets going with requesting verification joined by the client’s versatile number, trailed by security and protection notice about subtleties which the application will gather. The application demands admittance to the gadget’s Bluetooth and GPS and afterward start the self-evaluation review for certain extremely fundamental inquiries like name, age, orientation, country, side effect agenda (for hack, fever, diabetes, lung sickness, coronary illness, and so on), nations went in most recent 30 days and expert subtleties (medical services laborers/conveyance labor force/police/policing/drug specialist/supermarket specialist/drug specialist/industry laborers). Then, at that point, the dashboard of the application includes the gamble level box illuminating whether the individual is under okay or high gamble class.

DATA COLLECTED AND MANNER OF COLLECTION

(a) When you register on the App, the accompanying data is gathered from you and put away safely on a server worked and oversaw by the Government of India (Server) – (I) name; (ii) telephone number; (iii) age; (iv) sex; (v) calling; and (vi) nations visited over the most recent 30 days. This data will be put away on the Server and a special computerized id (DiD) will be pushed to your App. The DiD will from that point be utilized to distinguish you in all resulting App-related exchanges and will be related to any information or data transferred from the App to the Server. At enrollment, your area subtleties are likewise caught and transferred to the Server.

(b) When two enlisted clients come surprisingly close to one another, their Apps will consequently trade DiDs and record the time and GPS area at which the contact occurred. The data that is gathered from your App will be safely put away on the cell phone of the other enrolled client and won’t be opened by such another client. On the occasion such other enrolled client tests positive for COVID-19, this data will be safely transferred from his/her cell phone and put away on the Server.

(c) Each time you complete a self-evaluation test the App will gather your area information and transfer it alongside the consequences of your self-appraisal and your DiD to the Server.

(d) The App constantly gathers your area information and stores safely on your cell phone, a record of the relative multitude of spots you have been at brief stretches. This data might be transferred to the Server alongside your DiD, (i) assuming you test positive for COVID-19; or potentially (ii) assuming your self-proclaimed side effects demonstrate that you are probably going to be tainted with COVID-19.

(e) If you have tried positive for COVID-19 or on the other hand assume a high probability of you is being tainted, you have the choice to press the Report button on the App which will permit you to either demand a test or report that you have tried positive for COVID-19. The back-end server investigates the bluetooth contacts transferred by enrolled clients who have tried positive for COVID-19. Assuming you have interacted with such people, in light of the contacts transferred from their cell phones your gamble level will be fittingly refreshed. At your only choice, you can likewise get more refined contact following outcomes by squeezing the Report button/Upload information button and consenting to transfer contact information from your cell phone to the Server. On such occasion the information gathered under Clauses 1(b) and (d) and safely put away on your gadget will be transferred to the Server with your assent. At the point when you press the Report button/Upload information button or potentially consent to transfer your information to refine contact following outcomes, the information gathered under Clauses 1(b) and (d) and safely put away on your gadget will be transferred to the Server with your assent.

(f) The App will gather the name, age, orientation, telephone number, address, and ID Proof data of the client, with the end goal of enrollment for COVID-19 inoculation. The enlistment for COVID-19 immunization is discretionary and the information will be gathered with the client’s assent, assuming the client selects enrollment with Coronavirus inoculation through Aarogyasetu App.

(g) The App will work with the confirmation of the User character through the Aadhaar Number of the client with the end goal of enlistment for COVID-19 immunization. The Aadhaar number will not be put away by Aarogyasetu App.

(h) The App will work with the download and reserving of COVID-19 immunization endorsement and COVID-19 inoculation enrollment slip/receipt, through verification of the recipient’s versatile number and recipient ID. For working with this download, the application will require media access consent on the client’s gadget.

CONVENTION BY GOVERNMENT

The convention for the COVID-19 following application was given by the Ministry of Electronics and Information resting rules for sharing the information of Aarogya Setu clients with government organizations and outsiders also. This then brought about the discussion of the protection of the information shared on the application. As indicated by the convention, the reaction information might be shared where it is “stringently important to figure out or carry out suitable wellbeing reaction straightforwardly”.

The information might reach the application’s designer i.e., National Informatics Center, Health Ministry, branches of state/UT/neighborhood government, National Disaster Management Authority, general wellbeing organizations of focus, and state and nearby bodies. The convention additionally sets out that the information been shared will stay for 180 days and afterward naturally erased after the period. This convention will be in force just for a half year from the date of issue.

BARRIERS FOR ADOPTION

For Aarogya Setu to be powerful, the application should be introduced on however many telephones as would be prudent, and clients should routinely refresh their wellbeing status so local area communications can be delineated. The improvement group expressed that no less than half of the populace ought to in a perfect world have the application introduced on their telephones, however, this edge might differ among metropolitan and provincial regions. The tele-thickness in India is extremely slanted in the metropolitan regions when contrasted with the country’s hinterlands. In this way, while it very well may be simpler to raise a ruckus around town limits in huge metropolitan urban communities, it will be undeniably more challenging to guarantee inclusion in provincial regions subsequently reducing the viability of the application in recognizing cases in the medium term as the pandemic spread expansions in country regions.

The Karnataka high court has likewise limited the Center and the National Informatics Center from sharing information of clients who got through the application without their agreement because of a request documented by protection dissident Anivar Aravind.

“At first sight, we hold that there is no educated assent regarding clients of Aarogya Setu application taken for sharing of reaction information as given in the Aarogya Setu Data Access and Knowledge Sharing Protocol, 2020, as there is no reference to the expressed convention in the terms of purpose and security strategy accessible on the application,” a division seat of Chief Justice Abhay Sreenivas Oka and Justice Viswajith Shetty said.

The court, notwithstanding, declined to remain the utilization of the application or utilization of information of the clients previously gathered through it. During the pendency of the request, the solicitor had looked for a heading from the court to limit the Center from continuing with the application and with the information gathered, in any way, whether the assortment of information from the individuals from people, in general, is expressed to be deliberate or compulsory.

PRIVACY ISSUES

The Aarogya Setu application is like the contact following application created by Google and Apple and depends on Bluetooth innovation. In any case, not at all like Apple and Google, it additionally gathers GPS area information. Once introduced, the application first gathers the accompanying segment information from clients: name, orientation, age, calling, travel history and phone number. These subtleties are then hashed to a special gadget ID and transferred to a focal information base. Regardless, the server will be on Amazon Web Services and then, at that point, moved to a NIC server. The application requires Bluetooth and GPS to be turned on constantly and takes administrator access to the Bluetooth settings. Administrator access to gadgets is a security risk as the application can take a lot of information than required.

At the point when two gadgets come into nearness, they trade these IDs with one another. Specialists call attention to the fact that the application utilizes pseudo-static ID rather than the more security safeguarding dynamic pseudo ID similar to Singapore’s contact following application. The area and Bluetooth gadget communication records are put away locally on the telephone, however, when a client begins enlisting side effects of COVID-19, the framework will transfer this information to the local server. Their gadget cooperations are then followed and outlined to show bunches or on the other hand assuming that there are COVID-19 positive patients close by. Authorities say that 15,000 individuals’ area and Bluetooth information has been transferred to the local server.

Additionally, there is no regulation insight regarding the insurance of the web-based protection of Indians, making the clients of the Aarogya Setu application acknowledge the security strategy given by the public authority. There ought to be more straightforwardness in regards to the internal working of the application, particularly when it is advanced by the public authority itself and requests individual subtleties of the resident of the country.

CONCLUSION

The pandemic is a general well-being crisis and individual privileges should be tempered with public reason and everyone’s benefit. Notwithstanding, the Indian government will in general view residents’ information as a characteristic asset to be taken advantage of and adapted. It turns out to be more critical than Aarogya Setu fix its concerns of prohibition for viable wellbeing observing as opposed to building more capabilities. There is a requirement for the public authority to show the viability of the application to fabricate trust among residents and bleeding edge well-being laborers.

REFERENCES

1. Aarogya Setu: Conflicts, https://www.orfonline.org/expert-speak/aarogya-setu-app-many-conflicts-67442/ ( last accessed on 17 July, 2022).
2. Data Governance Policy and the Road Ahead, https://www.barandbench.com/columns/data-governance-policy-and-the-road-ahead ( last accessed on 17 July, 2022).
3. Aarogya Setu and Data Privacy, https://thewire.in/law/karnataka-high-court-aarogya-setu-data-privacy ( last accessed on 17 July, 2022).

This article is written by Arpita Kaushal, a student of UILS, PUSSGRC , HOSHIARPUR.

INTRODUCTION

As far as the general public is concerned, a celebrity is a person who has achieved a level of renown and recognition in society that makes him or her clearly identifiable. It might be related to the appreciation and honour for some type of success by a huge group of people in a country like India. This can also be interpreted in a business sense: if a person’s reputation is utilised to promote a product, that person will be considered a celebrity in the sense of publicity under the ‘direct commercial exploitation of identity test.

This is the current issue in the media which the IP law regime attempts to defend. Despite the facts, though celebrity rights are protected under IP law, this today becomes an important area in the field of media owing to the facts

• Celebrity interaction with media is frequent.
• Media is used as one of the means to exploit different rights of celebrity.[1]

Celebrities are seen as a source of honour by many people. In a democratic country, people take it as a prize for accomplishment which the sportsmen and artists earn with their talent. People elect Politicians. Celebrity is conferred by the general public. The media dictates what the public sees. However, the public’s choice as consumers and electors ultimately conveys celebrity. There is also a type of celebrity that is largely uninvolved. It is given to princes and princesses via birth or marriage. Others gain fame as a result of their unintentional involvement in newsworthy occurrences.

The rights exploited by media are

• Moral Rights– the personality of an individual signifies his way how people will identify him and where he stands in the society. By forming a personality one sets an expectation in everyone’s eyes and in this way, he is believed to behave in the society. Every person possesses different talent and accordingly this contributes to the society effectively. The property of a person simply shows the extended version of his personality and the contribution of the person towards the society shows how extended is personality is.
• Privacy rights– Celebrities are quite popular in the society and people personalize them to be their friends and curiosity arises which makes people want to know more about the personal lives of the celebrities. The curiosity arouses the people wanting to know from the personal affairs celebrities are having to what clothes they wear, the places the celebrities visit. There is no exchange of information as these celebrities don’t know the public. So celebrities control their personal information as not controlling their private life may lead to situations of humiliation, embarrassment.

One of the most well-known judicial rulings was issued in the case of Barber vs. Times Inc, in which a photographer photographed Dorthy Barber giving birth to a baby boy during her pregnancy. Ms Barber had filed an invasion of privacy lawsuit against Time Inc. for entering her hospital room without permission and photographing her despite her protesting against it. Mr. barber was successful in the suit and was awarded damages of 3000$. It is the duty of the media, that when it publishes any private matters of celebrities it should give accurate information. In this case, the media was found liable for the damages. Where media publishes truthful information, it is not liable to pay for any damages.

From the above case, we can say that remedies are available to celebrities either in the form of ‘right to privacy’ action or in the form of the fundamental right of ‘right to privacy as part of Article 21 of the Indian Constitution.

PUBLICITY/MERCHANDISING RIGHTS

By Publicity right we mean any right to prevent unauthorized and commercial use of the name and fame of an individual. To claim this right, one needs to set up a form of merchandise, basically, an act that is intended to promote the sale/popularity of a commodity. If someone uses the fame of a celebrity to promote his products that would be termed as unfair trade practices.

In the Sourav Ganguly vs tata tea ltd case, when the cricketer had returned after scoring spending centuries was disturbed when he got to know that the company Tata tea ltd where he used to work as manager has been promoting that whoever will purchase 1 kg of tea, he would get the chance to congratulate the cricketer via a postcard, which can be found in each tea packet. In this case, the company was in an attempt to increase the sale of its products in the market of India where everyone knew Sourav Ganguly. The court ruled in the favor of Sourav, considering the fame and popularity are his intellectual property

We can say the law with regard to the publicity rights of celebrities is still not fairly developed.

RIGHT TO PUBLICITY

By right to publicity, we mean a celebrity holds a limited(exclusive) right to all the profit earned if one misuses his fame and popularity for commercial purposes. This right is different from the right to privacy and also an ‘adversely portrayal of one’s personality.

 In other words, we mean the moral rights of the celebrity over their personality.

In the same example, Sedley LJ opined that harm to an individual’s reputation (or invasion of privacy) is not regarded as a type of financial or economic loss. The plaintiff would lose in this scenario because their reputation would be less valuable as a commodity to be exploited through licensing and assignment. As a result, the publicity right is concerned with intangible or non-physical harm and intangible property ownership. As opposed to a right against injury, it is in the form of a proprietary right with an individual.

The importance of recognizing this right to favour the celebrity is to secure them a form of Intellectual property that is meant to protect them against any harm but the main motive is that they can secure financial benefits they can gain by using the property. This is usually justified as compensation or incentive for the claimant’s efforts in developing the intellectual property. Apart from that, the right is significant since it can be assigned and licensed to media players for financial gain an advantage.

WHY CELEBRITY RIGHTS ARE IMPORTANT?

In the age of the internet and other more advanced forms of communication, the theory of celebrity rights has become more relevant and a topic of debate. People in the country are interacting with the media in ways they have never done before. Because the media has become more fast-paced, the image of a celebrity can be used for publicity which causes an invasion of privacy. For example, in the Julia Roberts case which was a recent judgement by the WIPO Complaint and Arbitration Centre), the defendant operated a website called Julia Roberts.Com and in order to sell his item, he used the same website to run an online auction programme. Julia Roberts stated that the defendant utilized her notoriety to promote his auction on the Internet since the public would be curious to learn more about the celebrity and would visit the website from all over the world, making his auctions popular all over the world in a short period of time.

The fact that components of such rights are recognized demonstrates why they are vital. According to Leggatt LJ, ” Another crucial element to think about at the same time is the concept of privacy. People take advantage of the fact that superstars draw a lot of attention because they are traffic magnets. The public’s curiosity may thus lead to a situation in which the ‘paparazzi’ make it difficult for such superstars to go out in public in a regular manner. Although there is a right to get information in our country, this cannot be construed as the goal of the law to intrude into topics that such people do not want to be discussed in public.

We can say in the present age it is important to protect celebrity rights.

Even while Indian law has not progressed to the point where celebrity rights are recognized as a separate right, the court’s remarks suggest that they may do so in the future.

ENDNOTES

1. Celebrity Rights – Is It Important in India? – Intellectual Property – India (mondaq.com)
2. Celebrity Rights in India (legalserviceindia.com)

This article is written by Vidushi Joshi student at UPES, Dehradun

INTRODUCTION

We can see the continuous usage of the term “non-personal data” (aka NPD) in the article. Hence, the definition of the term should be known. According to a report submitted by PRS Legislative Research, “non-personal” data can be referred to as “any data which is not personal data (data pertaining to characteristics, traits or attributes of identity, which can be used to identify an individual) is categorised as non-personal data”[1]. Such data does not possess any kind of information that would lead to the identification of a person. NPD can be any sort of data, for example, it might be something that is not all related to an individual, or it can be personal data that had been anonymised later[2]. Discussions regarding the protection of “non-personal data” began very late. This article deals primarily with “non-personal data” and the reasons to protect them. The importance of “non-personal data” had also been mentioned in this article.

IMPORTANCE OF “NON-PERSONAL DATA”

“Non-personal data” has significant importance. These uses can be political, economic, or security-related. The key to expanding India’s economic opportunities is to strike the right balance between effective information privacy, security, and development[3]. Today’s world is very much technology-oriented. Hence, it can be concluded that in near future almost everything will be data-based. In such a situation, “non-personal data” would come to great use.

TYPES OF “NON-PERSONAL DATA”

NPD can be divided into sub categories like “public non-personal data”, “community non-personal data”, “private non-personal data”. “Public non-personal data” is referred to those data which is obtained by a government or governmental agencies during public-funded works. Anonymised data from land records, vehicle license data, and so on are examples. “Private non-personal data” are obtained from private sources (just like the name suggests), and the “community non-personal data” are obtained from community of natural persons[4]. Examples of private NPD include data/insights derived through the use of algorithms, and data sources collected by municipal authorities, other database systems, and so on are examples of community NPD. In the year 2019, an expert committee[5] was constituted in order to address the issues related to “non-personal data”. The abovementioned divisions have been made by the committee itself.

WHY DOES “NON-PERSONAL DATA” NEED PROTECTION

Although technically, no private information can be disclosed under “non-personal data”, there are some matters of concern. Often there is an overlap between personal and “non-personal data”[6], and this overlap is quite inevitable at times. The importance and vulnerability of data cannot be overstated. The time for data governance has arrived, just as the “Internet and cloud computing” had become accepted parts of doing business in the past. While customers’ personal data is protected by a lot of privacy laws around the world, “non-personal data” (NPD) is totally untapped. “Non-personal data” has financial value, which should be capitalised on by Indian businesses. These data can also be used to improve governance. For example, traffic patterns compiled by commercial vehicles can aid in better traffic control. This proves how important regulation of NPD can be.

INDIA’S LATEST FRAMEWORK ON “NON-PERSONAL DATA”

An expert committee is known as the “Gopalakrishnan committee” was formed by “Ministry of Electronics and Information Technology”, in the year 2020 in July. The main objective of this committee was to study and address the issues regarding “non-personal data”.

The following observations were made by this expert committee: “NPD should be regulated to enable a data-sharing framework to tap the economic, social, and public value of such data, and to address concerns of harm arising from the use of such data.”

The abovementioned expert committee had also suggested that the PDP or the “Personal Data Protection Bill” should be amended. According to the committee, the rules regarding NPD should be scraped off from this bill and should be incorporated under a separate one. This was recommended in order to avoid any kind of overlaps.

As per Amar Patnaik, a member of the “Joint Parliamentary Committee” (JPC) on “Personal Data Protection” (PDP), rules to regulate non-personal data are essential, but at the same time, the Indian market should be given chances to grow. JPC has come up with some recommendations regarding the PDP Bill 2019. These recommendations would be discussed in the Parliament in the approaching winter session[7]. One of the major recommendations had been that the term “personal” should be removed, and both personal data, as well as NPD, should be regulated using the same regulator.

CONCLUSION

It can be concluded that it is extremely important to safeguard the “non-personal data”. At the very least, the NPD landscape in India is perplexing. There is little clarity about how “non-personal data” regulations and regulators would interact with personal data regulations and regulators. This article has also talked about how important NPD can be. It holds economic, as well as security-related importance. Unlike personal data, NPD hardly had any kind of regulations, hence, a solid set is absolutely necessary. Artificial intelligence has become a major thing these days. Therefore, it can be accomplished that NPD needs to be regulated largely. Proper full-fledged regulation of non-personal data in India has a long way to go.

ENDNOTES

1.  “Non-Personal Data Governance Framework”, https://prsindia.org/policy/report-summaries/non-personal-data-governance-framework.
2.  “India: Revamped framework proposed for non-personal data regulation”, [January 2021], https://www.dataguidance.com/opinion/india-revamped-framework-proposed-non-personal-data
3. Piyush Sharma, “Non-personal data: Unlocking value for public good”, [July 27, 2020], https://www.fortuneindia.com/opinion/non-personal-data-unlocking-value-for-public-good/104665.
4. Supra note 1.
5. Tanmay Mohanty, “India: Non-Personal Data Governance Framework”, [September 16, 2020], https://www.mondaq.com/india/privacy-protection/985574/non-personal-data-governance-framework.
6. Vidushi Marda, “Non-personal data: the case of the Indian Data Protection Bill, definitions and assumptions”, [October 15, 220], https://www.adalovelaceinstitute.org/blog/non-personal-data-indian-data-protection-bill/.
7. Sreenidhi Srinivasan and Anirudh Rastogi, “Why non-personal, what’s critical … & snooping? JPC report on data protection raises questions for privacy, business & regulation”, [November 26, 2021], https://timesofindia.indiatimes.com/blogs/toi-edit-page/why-non-personal-whats-critical-snooping-jpc-report-on-data-protection-raises-questions-for-privacy-business-regulation/.

This article is written by Aaratrika Bal student at National Law University Odisha