Tag: right to privacy

–Report by Avinash Pandey

The Information Technology Act and The Information Technology Guidelines and Digital Media Ethics Code, 2021 allow the Indian Government to take down certain online activities that they seem might be against National Security or against the general public. The Indian government had already issued numerous warnings to Twitter about the tweets and Twitter accounts that were spreading hatred and to be terminated immediately. Even though twitter had moved its regulation and ability for people to tweet about certain controversial things but the Government had been questioning and making Twitter delete tweets some of which were not even racial or against national security.

Twitter was also challenged in May 2021 when it categorized the tweet of a BJP representative as manipulative in nature, even though Twitter has been under fire for most of the last year. However, they are not the only company that had to change to continue the business in India, WhatsApp with over 540 Million active users in India was also directed to change their existing policies which they later challenged by saying that if they work according to the regulations of the government the data of the users will be easily traceable against the existing laws.

Twitter took to the Karnataka High Court challenging the claims by the Indian Government and the threats that the Government had passed against the chief compliance officer that an arrest warrant will be released against him if Twitter does not comply with the regulations of the Act. Speaking about the topic the Junior Minister of Information Technology said that everyone has the right to go to court and everyone can enjoy Judicial review but it is important to note that the contention is unambiguous to the Indian Legal System. The government wanted Twitter to set up an Indian representative as grievance management for the removal of certain tweets and this was challenged by Twitter saying that it might create bias.

This demand by the government arose because of a video not taken down by Twitter showing communal violence. The situation between the Indian Government and Twitter has been hostile as the newly introduced laws are making Twitter and other social media applications hold on to users’ personal information. Twitter was requested to remove all the posts criticizing the farmers’ bill and any post relating to the farmer’s protest which they had duly done but it sparked a lot of criticism stating that the government is using social media platforms to shut down the voices.

Twitter in the transparency report that they had filed with the suit in the Karnataka High Court displayed that from January 2021 to June 2021 India had been ranked amongst the top 5 countries that had demanded the removal of criticizing tweets. There were 5000 legal demands from countries including Japan, Russia, Turkey, South Korea and India out of which 12% came from India itself. A Twitter spokesperson recently stated that the removal of tweets and
other controversial topics are done in private so the general public does not have a say in this but the people who knew about the issue had already given out their opinion on Twitter itself by stating that the removal of criticism for government policies will impact the free expression for the people online.

The experts have highly criticized the number of legal documents for censorship that the Indian government had to send and they have also stated that the current government is trying to silence the criticism that they get on social media even though the political party in power has refrained and denied all the claims against them. It can be clearly seen from all the documents submitted that only the tweets criticizing the government are being removed. Even though Twitter stated that the laws that are made by the government will infringe the right to freedom of speech and expression of the general public. Not taking any of this into consideration, the central government basically stated that the company should take accountability rather than challenging the Indian technology act and should work on how
the laws have advised them to. Specifically speaking about the current issue they further said that we had given numerous chances for Twitter to reflect upon their steps but almost every time they have fallen short of it.

Introduction

Spyware has always been a murky subject in terms of spying between governments. Spyware has been viewed as a critical component since it is thought critically to monitor and identify individuals who may be involved in illegal or terrorist activities. On the other hand, it is hugely controversial because, while ostensibly targeting criminal activity, such organizations or businesses may attack civil citizens or protestors in any region. This is an important point to remember since such meddling might result in a cyberwar or cyberattack, which could affect the political system of a country like Estonia. The Pegasus case has served as a forewarning of forthcoming cybersecurity concerns and the legislation that is required to address them.

Facts

• NSO group technologies is an Israeli firm that specializes in the investigation. This firm developed the spyware known as ‘Pegasus.’ It is a commercial company that monitors terrorists, drug traffickers, and other criminals, supporting government intelligence and law enforcement in overcoming encryption and technical hurdles.
• WhatsApp, which is owned by Facebook Inc., filed a lawsuit against NSO Group Technologies in California court on October 29th, 2019.
• According to WhatsApp, the malware ‘Pegasus’ deployed by the corporation compromised the phone systems of 1,400 users from all over the world. Users included civil society members, journalists, and Human Rights defenders from nearly twenty nations, according to the report.
• Because NSO Group was unable to respond or attend in court, the court issued a notice of default.
• It was claimed that the corporation used computer infrastructure and remote monitoring to insert spyware into customers’ devices via WhatsApp, causing a dangerous code to establish a connection between the users and the company without the consumers’ knowledge.
• NSO groups claimed that they were not properly served with notice of the action in a timely manner, in violation of international law.
• According to WhatsApp, multiple attempts were made to serve the notification on the firm.
• On March 6, 2020, NSO filed an application with a California court to have the previous decision overturned because the notice was not served on time, which is a violation of The Hague Convention due to WhatsApp’s incomplete service.
• NSO filed a separate case against WhatsApp in Israel on November 26th, stating that Facebook had disabled their private accounts. Facebook responded by stating that they had done so for security concerns.

Argument and Decision

NSO stated that the petitioner had breached international law by failing to provide legal notice of the action filed in a California court of law. They further claimed that they were just targeting the customer’s database provided to them and that they had no intention of targeting WhatsApp users. Furthermore, they asserted that the company’s customers are foreign sovereigns and that as a private agent for such users and of a foreign state, they are entitled to immunity under US law. It was also maintained that because they were acting as a supplier and were following the orders of their customers or the government, they could not be held accountable. WhatsApp contended that the NSO’s action was purposeful and intended to spy on those involved in social causes or other civil society members. It requested a permanent order from the court to prevent NSO from interfering with WhatsApp and Facebook’s computer systems. It claimed that NSO had broken the California Comprehensive Computer Data Access and Fraud Act and had trespassed on WhatsApp’s premises without permission. The District Court of California ruled in favor of WhatsApp in July 2020, and the litigation will move forward.

What is Pegasus

NSO, an Israeli cyber arms outfit, developed spyware to track a user’s mobile device. A link is provided to the user or targeted person in this spyware, and as soon as the targeted person opens the link, malware is injected into the device, allowing surveillance of the target. A new version of the same is said to be more powerful and destructive, and it doesn’t even need the user’s help. This spyware was produced by the organization to keep an eye on terrorists and
other criminals. To carry out such actions, the NSO collaborates with other governments and law enforcement agencies.

Effects

The charges stated by WhatsApp in its court application are extremely serious. According to WhatsApp, once this malware has been downloaded to a user’s smartphone, it can access emails, SMSs, passwords, location, network information, browser history, and device settings. The Citizen Lab claims that in addition to contact lists and emails, it has access to the device’s camera and microphone, allowing it to record all calls and messages. Pegasus has also allegedly used WhatsApp’s video and voice call functions, allowing the spyware to infiltrate the smartphone without the user’s knowledge.

Indian Laws governing Spyware Attacks

In India, the Pegasus case served as a wake-up call. Many Indian activists and civil society members were allegedly spied on by this spyware, according to WhatsApp. This calls into doubt India’s data protection and privacy laws. The ‘Right to Privacy’ was recognized as a fundamental right in the case of Justice Puttaswamy v. Union of India, and like any other fundamental right, it is subject to some limitations. There are four tests that can be utilized in privacy cases, according to Justice Chelameshwar:
Under Article 14, arbitrary state action may be subject to a reasonableness inquiry. The verdict makes it apparent that privacy, as a basic right, is a private aspect of citizens’ lives that must be preserved as a right under Article 21, which guarantees the right to life and personal liberty. Even when certain limits are imposed for the sake of public order or national security, people’s fundamental rights should not be violated. The Pegasus case demonstrated how spyware can compromise a user’s privacy and personal information. As a result, it is critical to analyze and implement a solid data privacy policy.

Conclusion

Spyware incidents like Pegasus represent the beginning of a new era of digital warfare. Such situations are likely to become more common as technology advances. It is critical that there are strict rules in place in the event of foreign unauthorised access to devices and spyware control limitations. The Pegasus case also emphasized the necessity for spyware regulation, as the goal of targeting users who are criminals or suspicion of criminal activity might extend to spying on persons like activists and protestors, threatening democracy and individual privacy in the long run.

References–
1. The Pegasus case and the laws concerning spyware in India – iPleaders

This article is written by Vidushi Joshi student at UPES, Dehradun.

INTRODUCTION

We can see the continuous usage of the term “non-personal data” (aka NPD) in the article. Hence, the definition of the term should be known. According to a report submitted by PRS Legislative Research, “non-personal” data can be referred to as “any data which is not personal data (data pertaining to characteristics, traits or attributes of identity, which can be used to identify an individual) is categorised as non-personal data”[1]. Such data does not possess any kind of information that would lead to the identification of a person. NPD can be any sort of data, for example, it might be something that is not all related to an individual, or it can be personal data that had been anonymised later[2]. Discussions regarding the protection of “non-personal data” began very late. This article deals primarily with “non-personal data” and the reasons to protect them. The importance of “non-personal data” had also been mentioned in this article.

IMPORTANCE OF “NON-PERSONAL DATA”

“Non-personal data” has significant importance. These uses can be political, economic, or security-related. The key to expanding India’s economic opportunities is to strike the right balance between effective information privacy, security, and development[3]. Today’s world is very much technology-oriented. Hence, it can be concluded that in near future almost everything will be data-based. In such a situation, “non-personal data” would come to great use.

TYPES OF “NON-PERSONAL DATA”

NPD can be divided into sub categories like “public non-personal data”, “community non-personal data”, “private non-personal data”. “Public non-personal data” is referred to those data which is obtained by a government or governmental agencies during public-funded works. Anonymised data from land records, vehicle license data, and so on are examples. “Private non-personal data” are obtained from private sources (just like the name suggests), and the “community non-personal data” are obtained from community of natural persons[4]. Examples of private NPD include data/insights derived through the use of algorithms, and data sources collected by municipal authorities, other database systems, and so on are examples of community NPD. In the year 2019, an expert committee[5] was constituted in order to address the issues related to “non-personal data”. The abovementioned divisions have been made by the committee itself.

WHY DOES “NON-PERSONAL DATA” NEED PROTECTION

Although technically, no private information can be disclosed under “non-personal data”, there are some matters of concern. Often there is an overlap between personal and “non-personal data”[6], and this overlap is quite inevitable at times. The importance and vulnerability of data cannot be overstated. The time for data governance has arrived, just as the “Internet and cloud computing” had become accepted parts of doing business in the past. While customers’ personal data is protected by a lot of privacy laws around the world, “non-personal data” (NPD) is totally untapped. “Non-personal data” has financial value, which should be capitalised on by Indian businesses. These data can also be used to improve governance. For example, traffic patterns compiled by commercial vehicles can aid in better traffic control. This proves how important regulation of NPD can be.

INDIA’S LATEST FRAMEWORK ON “NON-PERSONAL DATA”

An expert committee is known as the “Gopalakrishnan committee” was formed by “Ministry of Electronics and Information Technology”, in the year 2020 in July. The main objective of this committee was to study and address the issues regarding “non-personal data”.

The following observations were made by this expert committee: “NPD should be regulated to enable a data-sharing framework to tap the economic, social, and public value of such data, and to address concerns of harm arising from the use of such data.”

The abovementioned expert committee had also suggested that the PDP or the “Personal Data Protection Bill” should be amended. According to the committee, the rules regarding NPD should be scraped off from this bill and should be incorporated under a separate one. This was recommended in order to avoid any kind of overlaps.

As per Amar Patnaik, a member of the “Joint Parliamentary Committee” (JPC) on “Personal Data Protection” (PDP), rules to regulate non-personal data are essential, but at the same time, the Indian market should be given chances to grow. JPC has come up with some recommendations regarding the PDP Bill 2019. These recommendations would be discussed in the Parliament in the approaching winter session[7]. One of the major recommendations had been that the term “personal” should be removed, and both personal data, as well as NPD, should be regulated using the same regulator.

CONCLUSION

It can be concluded that it is extremely important to safeguard the “non-personal data”. At the very least, the NPD landscape in India is perplexing. There is little clarity about how “non-personal data” regulations and regulators would interact with personal data regulations and regulators. This article has also talked about how important NPD can be. It holds economic, as well as security-related importance. Unlike personal data, NPD hardly had any kind of regulations, hence, a solid set is absolutely necessary. Artificial intelligence has become a major thing these days. Therefore, it can be accomplished that NPD needs to be regulated largely. Proper full-fledged regulation of non-personal data in India has a long way to go.

ENDNOTES

1.  “Non-Personal Data Governance Framework”, https://prsindia.org/policy/report-summaries/non-personal-data-governance-framework.
2.  “India: Revamped framework proposed for non-personal data regulation”, [January 2021], https://www.dataguidance.com/opinion/india-revamped-framework-proposed-non-personal-data
3. Piyush Sharma, “Non-personal data: Unlocking value for public good”, [July 27, 2020], https://www.fortuneindia.com/opinion/non-personal-data-unlocking-value-for-public-good/104665.
4. Supra note 1.
5. Tanmay Mohanty, “India: Non-Personal Data Governance Framework”, [September 16, 2020], https://www.mondaq.com/india/privacy-protection/985574/non-personal-data-governance-framework.
6. Vidushi Marda, “Non-personal data: the case of the Indian Data Protection Bill, definitions and assumptions”, [October 15, 220], https://www.adalovelaceinstitute.org/blog/non-personal-data-indian-data-protection-bill/.
7. Sreenidhi Srinivasan and Anirudh Rastogi, “Why non-personal, what’s critical … & snooping? JPC report on data protection raises questions for privacy, business & regulation”, [November 26, 2021], https://timesofindia.indiatimes.com/blogs/toi-edit-page/why-non-personal-whats-critical-snooping-jpc-report-on-data-protection-raises-questions-for-privacy-business-regulation/.

This article is written by Aaratrika Bal student at National Law University Odisha

WhatsApp, has come up with a new update in it’s Terms of Policy which changes the privacy policy of the app. The update makes a distinction between private and business messages. The update has raised several eyes amongst the people with the privacy of the app being the prime issue, however the change in the policy clearly states that the conversation within friends and family is safe whereas it is clarified in certain business set-ups the conversation can be read by Facebook and even be used for certain marketing purposes. Nevertheless, people are still looking for alternatives and many are now shifting to Signal – another messaging app.

As per the new Terms of Service, WhatsApp may use the information to “operate, provide, improve, understand, customize, support and market” its services and offerings to users. WhatsApp has reiterated that personal conversations do not fall under this category.
It even states neither WhatsApp nor Facebook can see or hear an individual’s private conversations. Personal messages are protected by end-to-end encryption and will be continued to be protected in the same manner. It is claimed that WhatsApp cannot even see the location that one has shared.

WhatsApp has also clarified that some large business might need to use secure hosting services from Facebook to manage WhatsApp chats with their customers.
Due to the backlash by the app’s users, the update has been delayed till 8th February 2021.

Recently, Delhi High Court’s Hon’ble Judge Prathiba M. Singh has recused herself from hearing a petition challenging this very update in the privacy policy of WhatsApp, on the grounds that it violates Fundamental Rights enshrined under Part III of the Constitution of India.
She took an objection on basis of the e-mail send by WhatsApp stating she should not hear this matter on which Hon’ble Justice Prathiba M. Singh replied “I was in any case, not going to hear it”. It is understood that the email pointed out that Justice Singh had appeared in a connected matter when she was a lawyer. Though WhatsApp later withdrew the email unconditionally, Justice Singh chose not to hear the matter.

The counsels appearing for WhatsApp are Senior Advocates Kapil Sibal and Mukul Rohatgi said that e-mail was being withdrawn unconditionally.
Advocate Chaitanya Rohilla filed a petition stating that the new privacy policy introduced by WhatsApp violates the right that is guaranteed by the Constitution that is Right to Privacy. As the privacy policy gives always the online activities of the individual without any government authority or supervision.
The petition said that “WhatsApp has made a mockery out of our fundamental Right to Privacy while discharging a public function in India, besides jeopardizing the National Security of the country by sharing, transmitting and storing the users data in some another country and the data in turn will be govern by laws of foreigner country”.
The case was finally sent to a single bench on 18th January 2021.

Reported by – Komal Dhore

The petitioner has filed a Writ of Certiorari to quash down the FIR registered against him under Sections 504, 506, and 120-B IPC and Section 3/5 of the Uttar Pradesh Prohibition of Unlawful Conversion of Religion Ordinance 2020 (U.P. Ordinance No.21 of 2020).

According to the facts, it has been alleged that the petitioner used to visit the informant’s house to meet the latter’s wife (victim in this case) and a mother of two children. He used to do so in an attempt to convert her so that he can marry her and for that very purpose he had gifted her mobile phone.

The petitioner submits that the FIR has been filed based on mere suspicion and no concrete evidence has been presented against the same. Further, under Article 25 of the Indian Constitution, all persons are equally entitled to freedom of conscience and the right freely to profess, practice, and propagate religion, subject to public order, morality, and health and the other provisions of Part-III of the Constitution. The petitioner further has submitted that the present case is also about upholding the right to privacy as a basic right under the Indian Constitution.

The court has upheld the claim of the petitioner and has observed that the victim is an adult and is aware of her well-being. She and the petitioner have a Fundamental Right to Privacy. As two adults they are aware of the consequences of their supposed relationship.

The court while highlighting the argument on the right to privacy has mentioned the decisions upheld by the Hon’ble SC in the cases of Justice K.S. Puttaswamy and others Vs. Union of India (UOI) and Ors. reported in (2017) 10 SCC and in Joseph Shine Vs. Union of India, (2019) 3 SCC 39.

The next date of listing for the matter is the 7th of January 2021. Till then the court has ordered issuing a notice to the Respondent that no coercive measures are to be taken against the petitioner in connection.