Internet Governance Main

by Ben Bas last modified Nov 21, 2011 10:39 AM

Response to Mozilla DNS over HTTPS (DoH) and Trusted Recursive Resolver (TRR) Comment Period

Posted by Gurshabad Grover, Divyank Katira at Jan 19, 2021 12:00 AM |

CIS has submitted a response to Mozilla's DNS over HTTPS (DoH) and Trusted Recursive Resolver (TRR) Comment Period

Read More…

PDP Bill is coming: WhatsApp Privacy Policy analysis

Posted by Pallavi Bedi & Shweta Reddy at Jan 18, 2021 12:00 AM |
Filed under: , ,

WhatsApp started off the new year with changes to its privacy policy that has several implications for data protection and the digital governance ecosystem at large. This post is the first in a series by CIS unpacking the various implications of the policy.

Read More…

Widening the Horizons of Surveillance - Lateral Surveillance Mechanisms

Posted by Mira Swaminathan & Shubhika Saluja at Jan 08, 2021 11:10 AM |

This paper sheds light on the issues and challenges associated with lateral surveillance mechanisms.

Read More…

Widening the Horizons of Surveillance - Lateral Surveillance Mechanisms

Posted by Mira Swaminathan & Shubhika Saluja at Jan 08, 2021 11:01 AM |

This paper sheds light on the issues and challenges associated with lateral surveillance mechanisms.

Read More…

Response to the Pegasus Questionnaire issued by the SC Technical Committee

Posted by Anamika Kundu, Digvijay, Arindrajit Basu, Shweta Mohandas and Pallavi Bedi at Dec 31, 2020 12:00 AM |

On March 25, 2022, the Supreme Court appointed Technical Committee constituted to examine the allegations of alleged unauthorised surveillance using the Pegasus software released a questionnaire seeking responses and comments from the general public.

Read More…

CIS Seminar Series

Posted by Cheshta Arora at Dec 31, 2020 12:00 AM |

The CIS seminar series will be a venue for researchers to share works-in-progress, exchange ideas, identify avenues for collaboration, and curate research. We also seek to mitigate the impact of Covid-19 on research exchange, and foster collaborations among researchers and academics from diverse geographies. Every quarter we will be hosting a remote seminar with presentations, discussions and debate on a thematic area.

Read More…

CIS comments on the Revised Non Personal Governance Framework Report

Posted by Pallavi Bedi, Anubha Sinha and Aman Nair at Dec 31, 2020 12:00 AM |

 

This submission presents a response by researchers at the Centre for Internet and Society, India (CIS) to the second version of the Report on Non-Personal Data Governance Framework prepared by the Committee of Experts (hereafter “Report”). CIS had also provided inputs to 1 the draft version of the Report published in July 2020.

 

Executive Summary

It is beyond doubt that there must exist a regulatory frameowrk that governs the rights accorded to individual, businesses and the state in the context of the use of non personal data. However, based on the recommendations in the Report, we have found that the following areas require greater clarity and deliberation before being enacted. 

General Comments

1. Examining the economic considerations underpinning the non-personal data governance framework

a. Open Data access is not enough to offset network effects and existing power imbalances in key digital sectors

b. Increased Data collection leads to Data Appropriation

2. Addressing the societal concerns that arise with sharing Non Personal Data sharing

a. De-anonymization and harm linked with sharing Non Personal Data

b. ● Sharing non-personal data could result in a culture of data maximisation

Section Specific Comments

1. Section 7.2-Non-Personal Data Roles- Community
a. Vague and very wide definition of Community
 
2. Section 7.7- Data Trustee
a. Need for greater clarity on the defining harmful activities and the appropriateness of Data Trustees 
 
3. Section 7.4(iv)- ‘Duty of care’ of data custodian
a. Lack of clarity on terms including active misuse and harm 
 
4. Section 7.10 -Non-Personal Data Authority
a.Composition of the Authority 
b.Roles and Responsibility of the Authority
 
5. Section 9.3 - Copyright Law
a. Failure to recognise copyright in underlying data of datasets
b. Consider advocating use of limitations and exceptions in copyright law to limit ownership in datasets and underlying data
 

The full version of the submission can be found at: http://www.cis-india.org/internet-governance/cis-comments-revised-npd-report

 
 
 
 

Interoperability and Portability as a Lever to Enhance User Choice and Privacy in Messaging Platforms

Posted by Kamesh Shekar at Dec 31, 2020 12:00 AM |

 

Since last year, digital platforms have been actively making the headlines in various countries for different acquisitions, raising questions around the anti-competitive nature of their behaviour. In the US, about 46 states filed an antitrust case against Facebook along with the Federal Trade Commission in December 2020, accusing them of buying out rivals such as WhatsApp, Instagram etc[1]. Recently, the US supreme court overturned the case by 46, stating it to be tardy and FTC’s case to be “legally insufficient”[2].  However,  one of the solutions proposed for this problem by various experts and politicians is to break up Facebook[3].

Influential people such as Vijay Shekhar Sharma (CEO, Paytm) in India argued similarly when Whatsapp updated its privacy policy to share data with Facebook. They suggested that the movement of users towards Signal could break Facebook's monopoly[4]. While it is conceivable that breaking up a platform or seeking an alternative for them will bring an end to their monopoly, well, in reality, is it so? This post will try to answer this question. In section 1, I discuss the importance of interoperability and portability amongst the messaging platforms for tackling monopoly, which, in turn, helps in enhancing user outcomes such as user choice and privacy. Section 2 discusses the enablers, legislative reimagining, and structural changes required in terms of technology to enable interoperability and portability amongst the messaging platforms. In section 3, I discuss the cost structure and profitability of a proposed message gateway entity, followed by the conclusion. 

 

1. Introduction


In the case of the platform economy, the formation of a monopoly is inevitable, especially in messaging platforms, because of (a) network effects and (b) lack of interoperability and portability between messaging platforms[5]. As the network effect gets vigorous, more users get locked into a single messaging platform leading toward a lack of user choice (in terms of switching platforms) and privacy concerns (as the messaging platforms get more significant, it poses a high risk in terms of data breaches, third-party data sharing etc.). For instance, as a WhatsApp user, it is difficult for me to switch towards any other messaging platforms as my friends, family and business/work still operate on WhatsApp. Messaging platforms  also use the network effect towards their favour (a) by increasing the switching cost (b) by creating a high barrier to entry within the market[6].   

If there was interoperability between the messaging platforms, I could choose between the platforms freely- thereby negating some of the aforementioned limitations. Therefore, to create a competitive environment amongst messaging platforms to enhance user choice and privacy, it is crucial to have an interoperability and portability framework. To deploy interoperability and portability, it is imperative to have coordination among platforms while still competing for individual market share[7]. Interoperability and portability will also bring in healthy competition, as platforms will be nudged to explore alternative value propositions to remain competitive in the market[8]. One of the outcomes of this could be better consumer protection through innovation of privacy safeguards, etc. In addition to this, interoperability and portability could enable a low barrier to entry (through breaking the network effect), which could, in turn, increase online messaging penetration in untapped geographies as more messaging platforms emerge in the market.

There are two kinds of interoperability, vertical interoperability – i.e., interoperability of services across complementary platforms and horizontal interoperability – i.e., interoperability of services between competing platforms. While vertical interoperability exists in the form of the cloud system, multiple system login, etc., horizontal interoperability is yet to experiment at the market level. Nonetheless, realising the competition concerns in the digital platforms’ market, the European Union (European Electronic Communications Code[9], Digital Service Act etc[10].), the US (Stigler Committee Report[11]) and the UK Competition and Markets Authority[12] are mulling a move towards interoperability amongst the digital platforms. Furthermore, Facebook has already commissioned its efforts towards horizontal interoperability[13] amongst its messaging platforms, i.e., Messenger, WhatsApp and Instagram direct messages. This again adds to the competition concerns, as one platform uses interoperability towards its favour.

Besides, one of the bottlenecks towards enabling horizontal interoperability is the lack of technical interoperability – i.e., the ability to accept or transfer data, perform a task etc., across platforms. In the case of messaging platforms, lack of technical interoperability is caused due to the presence of different kinds of messaging platforms operating with different technical procedures. Therefore, to have effective horizontal interoperability and portability, it is crucial to streamline technical procedures and have guidelines which will enable technical interoperability. In the following section, I discuss the enablers, legislative reimagining, and structural changes required in terms of technology to enable interoperability and portability amongst the messaging platforms.

 

2. Message Gateway Entity


2.1. Formation of Message Gateway Entity to Enable Interoperability

To drive efficacious interoperability, it is imperative to form message gateway entities as for-profits that are regulated by a regulator (either an existing one such as TRAI or a newly established one). The three key functions of message gateway entities should be: (a) Maintain standard format for messaging prescribed by a standard-setting council, (b) Provide responsive user message delivery system to messaging platforms, (c) Deliver messages from one messaging platform to another seamlessly in real-time. There have to be multiple message gateway entities to enable competition, which will bring out more innovations, penetration, and effectiveness. Besides, it is prudent to have private players as message gateway entities as government-led message gateway entities for interoperability will not be fruitful as there will be a question of efficacy. Also, this might, in a way, bring the tender style business, which is problematic as the government could have a say in how and who it will provide its service (gatekeeping). However, the government has to set it up by itself only if it is a public good (missing markets) which might not be the case in message gateway entities.

Messaging platforms should be mandated through legislation/executive order to be a member of at least one of the message gateway entities to provide interoperability benefits to its users. Simultaneously, messaging platforms can also handle internal message delivery - User A to User B within the platform - amongst themselves.

While message gateway entities will enable interoperability between messaging platforms, it is crucial to have interoperability among themselves to compete in the market. For instance, a user from messaging platform under gateway A should be able to send messages to a user of a messaging platform under gateway B. Perhaps as we enable competition amongst the message gateways entities, the enrollment price will also become commensurate and affordable for small and new messaging platforms. In addition to this, to increase interoperability, message gateway entities should develop various awareness programs at the user level.

 Further, the regulatory guidelines for message gateway entities (governed by the regulator) must be uniform, with leeway for gateways to innovate technology to attract messaging platforms. Borrowing some of the facets from the various existing legislations, the below suggested aspects should advise the uniform guidelines,

  • End-to-end encryption: As part of the uniform guidelines, message gateway entities should be mandated to enable end-end encryption for message delivery. In contrast, the recent Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules 2021[14] tries to break the end-end encryption by mandating significant social media intermediaries to identify the first originator of a particular message (part II section 4 rule 2) sought through an order. As this mandate impinges upon user privacy and free speech, the Indian government should revise this rule to keep end-to-end encryption intact. Besides, WhatsApp (a significant social media intermediary) has moved to Delhi High Court to block the implementation of the rules, which came into force on May 27th, 2021[15]. Also, Rule 4(2) of IT Rules 2021 contradicts provisions of the PDP Bill 2019 such as privacy by design[16] (Section 22) and the right to be forgotten (Section 20).

  • Neutrality: The guidelines should have a strict rule for enforcing non-discrimination (similar to the Indian Government's 2018 net neutrality principles[17]) in delivering messages by message gateway entities. Discrimination against both messaging platforms and other message gateway entities has to be scrutinised. In addition to that, to hold message gateway entities accountable, the guidelines should mandate monthly disclosure of information (at the messaging platform level with information on which gateway entity they are routed through) on message deliveries and failures in a prescribed user-friendly format to the public.

  • Standard Format Setting: As various messaging platforms follow different formats for providing messaging services, to have seamless interoperability, message gateway entities must adhere to a standard format, which is compatible with formats followed within the market. This standard format has to keep up with technological evolution in this space and to be formulated by an independent standard-setting council (through stakeholder consultation) commissioned by the regulator. The maintenance of this standard format falls into the ambit of message gateway entities and should be governed by the regulator.

  •  Uniform identification information: As the users of messaging platforms identify other users through various means, for instance, on WhatsApp, we use the telephone number, whereas, on Instagram, we use profile name; thus, the unique identification information (UII) of a user (which can be something existing like a phone number or a new dedicated identification number) has to be standardised. Message gateway entities should facilitate messaging platforms with this process, and the generation of UII should be seamless for the user. Besides, a user's unique identification information has to be an additional way to search for other users within a messaging platform and would be crucial for messaging across platforms.

  • Consumer choice: While interoperability should be a default option for all the users, there has to be a user-friendly way of opt-out for the user who wishes to compartmentalise different kinds of messages depending upon the platform used. The unique identification information (in case of a new dedicated number) of a user who had opted out must be ceased to avoid misuse.One of the major reasons users opt-out of interoperability services could be to keep various digital public spheres (personal, leisure, professional, etc.) distant. To tackle this dilemma of the users, the messaging platforms should enable options such as (a) the optional notification for cross-platform messages with the snooze option, so that the user can decide if she wants the cross-platform message to hit the enrolled messaging platform at the given time. (b) The messaging platform should enable the “opt-out from messaging platform” setting for the users to disable messages from a list of platforms. Besides, users might choose to opt-out due to lack of trust. This has to be tackled by both the message gateway entities by creating awareness amongst the users on their rights and messaging platforms by providing a user-friendly privacy policy.

  • ​​Data Protection: As the emergence of message gateway entities creates new data flow, this new flow of data has to take a data minimisation approach. Message gateway entities should be recognised as the data processor (one who processes data for data fiduciary, i.e., messaging platforms). They should adhere to the upcoming Personal Data Protection regime[18] to protect the data principals' personal data and collect personal data as per the proportionality principle. Message gateway entities should not collect any non-personal data or process any form of data to infer the behavioural traits of the data principals or messaging platforms. In addition to this, the name of the message gateway entity enrolled by the messaging platform, data collected and processed by the message gateway entity should be disclosed to the data principals through the messaging platform’s privacy policy.

  • Licensing: There should be a certain level of restriction on licensing to create a level playing field. Applicants for message gateway entities should not have an economic interest in any messaging platforms or social media intermediaries. Applicants have to ensure that the delivery failure of the messages should be at the level of 2% to 1%. Besides, to ensure low levels of delivery failure, data protection compliance and to check other requirements, message gateway entities have to go through technical and regulatory sandbox testing before issuing a license.

  • Consumer Protection: Users should be given a choice to block another user (using unique identification information) for various reasons such as personal, non-personal, phishing etc. After a stipulated number of blocking by multiple users, the suspected user should be denied access (temporarily or permanently according to the reasons) to message gateway entities. Before denying access, the message gateway entities should indicate the messaging platforms to notify the user. There has to be a robust grievance redressal mechanism for users and messaging platforms to raise their complaints regarding blocking, data protection, phishing etc. Besides, unique identification information has to be leveraged to prevent bot accounts and imposters. In addition to this, message gateway entities should be compatible with measures taken by messaging platforms to prevent the spread of disinformation and misinformation (such as restrictions on the number of recipients for forward messages).

 

The figure below showcases the use case of the message exchange with the introduction of message gateway entities.

 

null

Source: Author’s own illustration of the process of interoperability

 

2.2. Portability Feature to Compliment Interoperability

In the case of messaging platforms, when we talk about portability, it is essential to differentiate it into two: (a) portability of the unique identification information of the user from one platform to other seamlessly (b) portability of the user data from one platform to other followed by the portability of unique identification information. As the generation of unique identification information is facilitated by the message gateway entities, the portability of the same has to be done by the respective messaging gateway entity. Adopting some features of process and protocols from Mobile Number Portability[19] mandated by the Telecom Regulatory Authority of India, standard-setting council for messaging gateway entities (discussed above) should streamline the unique identification information portability process across messaging gateway entities.

Followed by the unique identification information porting, the message gateway entities should trigger a notification to the messaging platform (on behalf of the user) to transfer user data towards the requested platform. As mentioned in chapter V, section 19(1)(b) of The Personal Data Protection Bill, 2019, messaging platforms should transfer the user data towards the platform notified by the message gateway entity in the suggested or compatible format.

Globally since the emergence of the General Data Protection Regulation (GDPR) and other legislation that mandates data portability, platforms have launched the Data Transfer Project (DTP)[20] in 2018 to create a uniform format to port data. There are three components to the DTP, of which two are crucial, i.e., Data models and Company Specific Adapter. A Data Model is a set of common formats established through legislation to enable portability; in the case of messaging platforms, the standard-setting council can come up with the Data Model.

Under Company Specific Adapter, there are Data Adapters and Authentication Adapters. The Data Adapter converts the exporter platform’s data format into the Data Model and then into the importer platform’s data format. The Authentication Adapter enables users to provide consent for the data transfer. While Company Specific Adapters under DTP are broadly for digital platforms, adopting the same framework, message gateway entities can act as both a Data Adapter and as an Authentication Adapter to enable user data portability amongst the messaging platforms. Message gateway entities can help enrolled messaging platforms in format conversion for data portability and support users' authentication process using the unique identification information. Besides, as messaging gateway entities are already uniform and interoperable, cross transfer across message gateway entities can also be made possible.

 

3. Profitability of Message Gateway Entities

As the message gateway entities would operate as for-profits, they may cost the messaging platform one-time enrolment fees for membership through which the member (messaging platform) can avail interoperability and portability services. The enrolment fees should be a capital cost that compensates the messaging gateway entities for enabling technical interoperability. In addition to this, message gateway entities may levy minimal yearly fees to maintain the system, customer (messaging platforms) service and grievances portal (for both users and messaging platforms). Besides, in terms of update (as per new standards) or upgradation of the system, message gateway entities may charge an additional fee to the member messaging platforms.

On the other hand, messaging platforms don’t charge[21] a monetary fee for the service because the marginal cost of providing the service is near zero, while they incur only fixed cost. Besides, nothing is free in the platform economy as we pay the messaging platforms in the form of our personal and non-personal (behavioural) data, which they sell to advertisers[22]

Therefore, messaging platforms have to consider the fee paid to the message gateway entities as part of their fixed cost such that they continue not to charge (monetary) users for the service as the cost-per-user would still be very low. Besides, messaging platforms also have economic incentives in providing interoperability as it could reduce multi-homing (i.e., when some users join or use multiple platforms simultaneously).

 

4. Conclusion

While breaking up Facebook and other bigger social media or messaging platforms could bring a level playing field, this process could consume a large portion of resources and time. Irrespective of a breakup, in the absence of interoperability and portability, the network effect will favour few platforms due to high switching cost, which leads to a high entry barrier.

When we text users using Short Message Service (SMS), we don't think about which carrier the recipient uses. Likewise, messaging across messaging platforms should be platform-neutral by adopting interoperability and portability features. Besides, interoperability and portability will also bring healthy competition, which would act as a lever to enhance user choice and privacy.

This also opens up questions for future research on the demand-side. We need to explore the causal effect of interoperability and portability on users to understand whether they will switch platforms when provided with port and interoperate options.

 

This article has been edited by Arindrajit Basu, Pallavi Bedi, Vipul Kharbanda and Aman Nair.  

The author is a tech policy enthusiast. He is currently pursuing PGP in Public Policy from the Takshashila Institution. Views are personal and do not represent any organisations. The author can be reached at [email protected]


 

 Footnotes

 

[1] Rodrigo, C. M., & Klar, R. (2020). 46 states and FTC file antitrust lawsuits against Facebook. Retrieved from The Hill: https://thehill.com/policy/technology/529504-state-ags-ftc-sue-facebook-alleging-anti-competitive-practices

[2] Is Facebook a monopolist? (2021). Retrieved from The Economist:https://www.economist.com/business/2021/07/03/is-facebook-a-monopolist

[3] Hughes, C. (2019). It’s Time to Break Up Facebook. Retrieved from The New York Times: https://www.nytimes.com/2019/05/09/opinion/sunday/chris-hughes-facebook-zuckerberg.html

[4] Shekar, K. (2021). An Elephant in the Room – Recent Case of WhatsApp Fallout Amongst Indian Users. Retrieved from Takshashila Institution: https://takshashila.org.in/an-elephant-in-the-room-recent-case-of-whatsapp-fallout-amongst-indian-users/

[5] Manur, A. (2018). How to Regulate Internet Platforms Without Breaking them . Retrieved from AsiaGlobal Online: https://www.asiaglobalonline.hku.hk/regulate-internet-platforms-antitrust-competition/

[6] Ibid

[7] Nègre, A. (2021). How Can Funders Promote Interoperable Payments? Retrieved from CGAP Blog: https://www.cgap.org/blog/how-can-funders-promote-interoperable-payments;

Cook, W. (2017). Rules of the Road: Interoperability and Governance. Retrieved from CGAP Blog: https://www.cgap.org/blog/rules-road-interoperability-and-governance

[8] Punjabi, A., & Ojha, S. (n.d.). PPI Interoperability: A roadmap to seamless payments infrastructure. Retrieved from PWC: https://www.pwc.in/consulting/financial-services/fintech/payments/ppi-interoperability.html

[9] Proposal for a REGULATION OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL on a Single Market For Digital Services (Digital Services Act) . (n.d.). Retrieved from European Union: https://eur-lex.europa.eu/legal-content/en/TXT/?qid=1608117147218&uri=COM%3A2020%3A825%3AFIN

[10] European Electronic Communications Code (EECC). (n.d.). Retrieved from https://www.gov.ie/en/publication/339a9-european-electronic-communications-code-eecc/

[11] Stigler Center News Stigler Committee on Digital Platforms: Final Report. (n.d.). Retrieved from Chicago Booth: https://www.chicagobooth.edu/research/stigler/news-and-media/committee-on-digital-platforms-final-report

[12] Brown, I. (n.d.). Interoperability as a tool for competition regulation. CyberBRICS.

[13] Facebook is hard at work to merge its family of messaging apps: Zuckerberg. (2020). Retrieved from Business Standard: https://www.business-standard.com/article/companies/facebook-is-hard-at-work-to-merge-its-family-of-messaging-apps-zuckerberg-120103000470_1.html

[14]Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules 2021. (n.d.). Retrieved from: https://www.meity.gov.in/writereaddata/files/Intermediary_Guidelines_and_Digital_Media_Ethics_Code_Rules-2021.pdf

[15] Menn, Joseph. 2021. "WhatsApp sues Indian government over new privacy rules - sources." Reuters. Retrieved from: https://www.reuters.com/world/india/exclusive-whatsapp-sues-india-govt-says-new-media-rules-mean-end-privacy-sources-2021-05-26/

[16] Raghavan, M. (2021). India’s New Intermediary & Digital Media Rules: Expanding the Boundaries of Executive Power in Digital Regulation. Retrieved from Future of Privacy Forum:https://fpf.org/blog/indias-new-intermediary-digital-media-rules-expanding-the-boundaries-of-executive-power-in-digital-regulation/

[17]Net Neutrality. (n.d.). Retrieved from Department of Telecommunications: https://dot.gov.in/net-neutrality;

Parsheera, S. (n.d.). Net Neutrality In India: From Rules To Enforcement. Retrieved from Medianama: https://www.medianama.com/2020/05/223-net-neutrality-india-rules-enforcement/

[18]The Personal Data Protection Bill, 2019. (n.d.). Retrieved from: http://164.100.47.4/BillsTexts/LSBillTexts/Asintroduced/373_2019_LS_Eng.pdf

[19] Consultation Paper on Review of Interconnection Usage Charges, 2019. TRAI.

Mobile Number Portability. (n.d.). Retrieved from TRAI: https://www.trai.gov.in/faqcategory/mobile-number-portability

[20] Data Transfer Project. (2018). Retrieved from https://datatransferproject.dev

[21] Aulakh, G. (n.d.). How messaging apps like WhatsApp, WeChat can make money while offering free texting and calling. Retrieved from Economic Times: https://economictimes.indiatimes.com/tech/software/how-messaging-apps-like-whatsapp-wechat-can-make-money-while-offering-free-texting-and-calling/articleshow/62666227.cms

[22] (2019). Report of the Competition Law Review Committee. Ministry of Corporate Affairs.

Bibliography

  1. Master Direction on Issuance and Operation of Prepaid Payment Instruments. (n.d.). Retrieved from Reserve Bank of India: https://www.rbi.org.in/Scripts/BS_ViewMasDirections.aspx?id=11142
  2. Privacy Without Monopoly: Data Protection and Interoperability. (2021). Retrieved from Electronic Frontier Foundation: https://www.eff.org/wp/interoperability-and-privacy
  3. Sullivan, M. (2021). How interoperability could end Facebook’s death grip on social media. Retrieved from Fast Company: https://www.fastcompany.com/90609208/social-networking-interoperability-facebook-antitrust
  4. Tinworth, A. (n.d.). Why Messenger Interoperability is a digital canary in the coal mine. Retrieved from NEXT: https://nextconf.eu/2019/06/why-messenger-interoperability-is-a-digital-canary-in-the-coal-mine/#gref

 

 

 
 

Pandemic Technology takes its Toll on Data Privacy

Posted by Aman Nair and Pallavi Bedi at Dec 31, 2020 12:00 AM |

The absence of any legal framework has meant these tools are now being used for purposes beyond managing the pandemic.

Read More…

The Competition Law Case Against Whatsapp’s 2021 Privacy Policy Alteration

Posted by Aman Nair and Arindrajit Basu at Dec 31, 2020 12:00 AM |

Having examined the privacy implications of Whatsapp's changes to its privacy policy in 2021, this issue brief is the second output in our series examining the effects of those changes. This brief examines the changes in the context of data sharing between Whatsapp and Facebook as being an anticompetitive action in violation of the Indian Competition Act, 2002.

Read More…

CIS Comments on the National Strategy on Blockchain

Posted by Vipul Kharbanda & Aman Nair at Dec 31, 2020 12:00 AM |

 

This submission is a response by the researchers at CIS to the report “National Strategy on Blockchain” prepared by Ministry of Electronics and Information Technology (MEITY) under the Government of India. 

We have put forward the following comments based on our analysis of the report.


  1. General Comments on the National Strategy

  1. There are currently a number of reports and policies on blockchain use across  departments, ministries and even states. The absence of a harmonised blockchain policy across all departments and institutions of government must be fixed. 

  2. There are inherent dangers with viewing blockchain as a silver bullet solution.  

  3. Informational concerns with blockchain are existent and policies must be designed to reflect these concerns and minimise their occurrences. 


  1. Section Specific Comments 

  1. Section 6.1 - There is a need for greater decentralisation and a shift away from a solely government operated blockchain 

  2. Section 6.2: 

  • The legality of blockchain also faces the hurdle of smart contracts 

  • The RBI decision to halt the use of cryptocurrencies was struck down by the Supreme Court 

  • The right to be forgotten exists as an extension of the right to privacy as well 

  1. Section 7 - There is a need for greater detail and granularity in the report’s analysis and in the suggestions and recommendations that it makes. 

 

Notes From a Foreign Field: The European Court of Human Rights on Russia’s Website Blocking

Posted by Gurshabad Grover at Dec 31, 2020 12:00 AM |

This blogpost summarises the human rights principles applied by the Court to website blocking, and discusses how they can be instructive to petitions in the Delhi High Court that challenge arbitrary censorship in India.

Read More…

The Boss Will See You Now - The Growth of Workplace Surveillance in India, is Data Protection Legislation the Answer?

Posted by Shweta Mohandas and Deepika Nandagudi Srinivasa at Dec 31, 2020 12:00 AM |

The use of pervasive technologies to monitor employees was picking up pace in India, the pandemic accelerated it. The pandemic has changed the way we work either through permanent work from home mandates for those who can work remotely, to heightened social distancing norms for office goers.

Read More…

The Geopolitics of Cyberspace: A Compendium of CIS Research

Posted by Arindrajit Basu at Dec 31, 2020 12:00 AM |

Cyberspace is undoubtedly shaping and disrupting commerce, defence and human relationships all over the world. Opportunities such as improved access to knowledge, connectivity, and innovative business models have been equally met with nefarious risks including cyber-attacks, disinformation campaigns, government driven digital repression, and rabid profit-making by ‘Big Tech.’ Governments have scrambled to create and update global rules that can regulate the fair and equitable uses of technology while preserving their own strategic interests.

Read More…

A Guide to Drafting Privacy Policy under the Personal Data Protection Bill, 2019

Posted by Shweta Reddy at Dec 31, 2020 12:00 AM |

The Personal Data Protection Bill, 2019, (PDP Bill) which is currently being deliberated by the Joint Parliamentary Committee, is likely to be tabled in the Parliament during the winter session of 2021.

Read More…

Media Market Risk Ratings: India

Media Market Risk Ratings: India

Posted by Torsha Sarkar, Pranav M Bidare, and Gurshabad Grover at Dec 31, 2020 12:00 AM |

The Centre for Internet and Society (CIS) and the Global Disinformation Index (GDI) are launching a study into the risk of disinformation on digital news platforms in India, creating an index that is intended to serve donors and brands with a neutral assessment of news sites that they can utilise to defund disinformation.

Read More…

Beyond the PDP Bill: Governance Choices for the DPA

Posted by Trishi Jindal and S.Vivek at Dec 31, 2020 12:00 AM |

This article examines the specific governance choices the Data Protection Authority (DPA) in India must deliberate on vis-à-vis its standard-setting function, which are distinct from those it will encounter as part of its enforcement and supervision functions.

Read More…

Does Google’s bid to replace third party cookies with FLOCs protect user privacy?

Posted by Maria Jawed at Dec 31, 2020 12:00 AM |

In its efforts to deprecate third-party cookies, Google, in August 2019, has brought an alternative plan with its new Privacy Sandbox platform. This plan promises to preserve anonymity when serving tailored advertising. While unveiling the system, Google explained that even though advertising is necessary to keep the web available to everyone, the web ecosystem is at risk if privacy policies do not keep pace with evolving expectations. But does this new framework help users in any way?

Read More…

Big Tech’s privacy promise to consumers could be good news — and also bad news

Big Tech’s privacy promise to consumers could be good news — and also bad news

Posted by Rajat Kathuria and Isha Suri at Dec 31, 2020 12:00 AM |

Rajat Kathuria, Isha Suri write: Its use as a tool for market development must balance consumer protection, innovation, and competition.

Read More…

UN Questionnaire on Digital Innovation, Technologies and Right to Health

Posted by Pahlavi and Shweta Mohandas at Dec 31, 2020 12:00 AM |

The Centre for Internet & Society (CIS) contributed to the questionnaire put out by the Office of the United Nations High Commissioner for Human Rights, on digital innovation, technologies and the right to health. The responses were authored by Pahlavi and Shweta Mohandas, and edited by Indumathi Manohar.

Read More…

Document Actions