All Blogs
-
Liability through negligence
-
Liability as an exemption to safe harbour
International Cyber Law Toolkit scenario: Internet blockage
Arindrajit Basu and Gurshabad Grover’s scenario and international law analysis Internet Blockage was published as part of the NATO Co-operative Cyber Defence Centre of Excellence’s Cyber Law Toolkit as part of its September 2021 annual update.
#CultureForAll Conference on Cultural Mapping
Sahapedia is organising the #CultureForAll Conference on Cultural Mapping, digitally on September 28 and 29, 2021. The conference will take place in collaboration with the Centre for Social Studies at the University of Coimbra, Azim Premji University, the Centre for Internet and Society, and the Re-Centring Afro Asia project at the University of Cape Town.
Facial Recognition Technology in India
The Human Rights, Big Data and Technology Project, University of Essex, UK and the Centre for Internet & Society (CIS) have jointly published a research paper on facial recognition technology. Authors, Elonnai Hickok, Pallavi Bedi, Aman Nair and Amber Sinha, examine technological tools such as CCTV and FRT which are increasingly being deployed by the government.
Fundamental Right to Privacy — Four Years of the Puttaswamy Judgment
Background
On 24 August 2017, in a nine-judge bench decision, the Indian Supreme Court located a fundamental right to privacy within the Indian Constitutional jurisprudence. Previously, the right to privacy has had a dubious existence in India’s judicial history, and it has been suggested that privacy is inherently a Western concept. However, essays by Ashna Ashesh, Vidushi Marda, and Bhairav Acharya — cited in the Puttaswamy judgment — dispelled this notion, by attempting to locate the constructs of privacy in Classical Hindu [link], and Islamic Laws [link]; and Acharya’s article in the Economic and Political Weekly, which highlighted the need for privacy jurisprudence to reflect theoretical clarity, and be sensitive to unique Indian contexts [link].
Through the six opinions in the Puttaswamy judgment, the Supreme Court discussed various aspects of the right to privacy, reading into it the constitutional values of dignity and liberty. In Amber Sinha’s three-part essay, he dissected these components of the right, discussing the sources, structure and scope of the right in detail. [link] Further, a visual guide prepared by Amber Sinha, and Pooja Saxena provides a rich story of privacy in independent India, as well as a visualisation of the various types of privacy the court located within the broader constitutional right. [link]
Privacy, Public Places and Surveillance
“Privacy attaches to the person and not to the place where it is associated.” - Justice Chandrachud, Puttaswamy
The right to privacy initially focused on protecting “private” spaces. These included spaces such as the home, from state interference. This drew from the belief that “a person’s home is their castle”. However, this idea of privacy is not limited simply to a person’s home. Privacy rests in ‘person’ and not in ‘places’. Therefore, even outside one’s home, other spaces could also acquire the character of private spaces, and even public spaces can afford a degree of privacy.
In a paper for the Centre for Development Informatics, Aayush Rathi and Ambika Tandon discussed the wholesale implementation of CCTVs in New Delhi. They deconstructed the narrative that equates greater surveillance with greater safety, more so in the case of women’s safety. Borrowing from feminist approaches to surveillance and privacy, they focussed on lived experiencess of surveillance with a focus on women living in informal settlements in New Delhi to argue that the ‘gaze of CCTV’ is intersectionally mediated and cast upon those already marginalized. [link]
Similarly, in a three part blog series for AI Policy Exchange, Arindrajit Basu and Siddharth Sonkar explain Automated Facial Recognition Systems (AFRS) while defining key privacy related legal and policy questions underpinning the adoption of AFRS. They go on to answer these questions by interrogating the existing data privacy laws in light of the mosaic theory of privacy, noting the dangers of ‘data-veillance’ and the need to recognize necessary safeguards. [link]
Biometrics
“The integrity of the body and the sanctity of the mind can exist on the foundation that each individual possesses an inalienable ability and right to preserve a private space in which the human personality can develop.” - Justice Chandrachud, Puttaswamy
Biometrics was central to the Puttaswamy judgment, as it was the collection of biometric data by the government to build the Aadhaar system that triggered this case, and the urgent need to commit the State to guarding residents’ fundamental right to privacy.
Privacy of information
“Informational privacy is a facet of the right to privacy.” - Justice Chandrachud, Puttaswamy
In the age of Big Data, the collection and analysis of personal data has tremendous economic value. However, these economic interests should not be pursued at the expense of personal privacy. Similarly, modern technology provides excessive opportunities for governments to monitor and survey the lives of citizens. Informed consent and meaningful choice while sharing information is central to the idea of informational privacy.
Based on publicly available submissions, press statements, and other media reports, Arindrajit Basu and Amber Sinha track the political evolution of the data protection ecosystem in India, in EPW Engage. They discuss how this has, and will continue to impact legislative and policy developments. [link]
Pandemic and privacy
Given the outbreak of the Covid-19 pandemic, and the eager techno-solutionism displayed by the government in adopting invasive and potentially unconstitutional technologies during these times, the principles elucidated in Puttaswamy are now more important than ever in upholding our rights. As Lord Atkin had stated in his famous dissent in the case of Liversidge v Anderson: “amid the clash of arms, the laws are not silent,” it is important to ensure that any potential solutions to the problems created by the pandemic are circumscribed by the constitution.
In an essay for the Economic & Political Weekly (EPW), Amber Sinha, Pallavi Bedi and Aman Nair interrogate the techno-solutionist response underpinning the shifts towards the digital in the governance agenda of the Indian State in the last two decades. They focus on the government's vaccination efforts during the pandemic to ground their arguments highlighting the issues of accessibility and privacy. [link]
Writing for the Deccan Herald, Aman Nair and Pallavi Bedi note how pandemic technology infringes upon data privacy, resulting in surveillance and exclusion. They suggest that the trade-off between privacy and pandemic technologies is unjustified given India’s digital divide that makes digital-driven approaches inefficient. [link]
The practical implications of such techno-solutionism can be troubling. In this blog-post, for instance, Pallavi Bedi writes about the privacy concerns haunting the Co-Win platform noting the lack of privacy policies governing the app, lack of clarity vis-a-vis data sharing between different apps such as Co-Win and Aarogya Setu and how it would violate user consent if it is used to develop digital health IDS. [link] In another blog post, Divyank Katira compares the benefits of Digital Vaccine Certificates with regular paper-based ones while focussing on the privacy implications of their use with recommendations on how to make the technology more privacy-respecting. [link]
Moving beyond the concerns raised by the adoption of digital measures by the government, Vipul Kharbanda examines other measures, such as releasing the names of COVID positive patients, putting up notices/posters or barricades around the houses of patients. He analyzes these measures against the existing privacy jurisprudence, including that laid down by the Puttaswamy judgment [link], [link].
Finally, during this pandemic, governments across the world have employed aggressive technological measures to trace individuals and enforce quarantine, costing individuals their privacy in exchange for potential benefit to the collective public health. Mira Swaminathan and Shubhika Saluja document the lateral surveillance this had encouraged, with people keeping a close watch on their neighbours’ behaviours. [link]Wikimedia Wikimeet India 2021/Report
In March 2020, the whole world came to a standstill. What many deemed as a regular ‘flu’ turned out to be the pandemic that brought everyone to their knees. The things that we always did, we could no longer do them. We were all confined to our homes with no choice but to work online. Hanging out with friends, attending weddings, and being a part of the conferences and seminars suddenly became a part of the past. We started using the word unprecedented a lot.
Techno-solutionist Responses to COVID-19
The Indian state has increasingly adopted a digital approach to service delivery over the past decade, with vaccination being the latest area to be subsumed by this strategy. In the context of the need for universal vaccination, the limitations of the government’s vaccination platform Co-WIN need to be analysed.
Do We Really Need an App for That? Examining the Utility and Privacy Implications of India’s Digital Vaccine Certificates
We examine the purported benefits of digital vaccine certificates over regular paper-based ones and analyse the privacy implications of their use.
Finding Needles in Haystacks - Discussing the Role of Automated Filtering in the New Indian Intermediary Liability Rules
On the 25th of February this year The Government of India notified the Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021. The new Rules broaden the scope of which entities can be considered as intermediaries to now include curated-content platforms (Netflix) as well as digital news publications. This blogpost analyzes the rule on automated filtering, in the context of the growing use of automated content moderation.
Comments on proposed amendments to the Consumer Protection (E-Commerce) Rules, 2020
The Consumer Protection (E-commerce) Rules, 2020 were first introduced in an attempt to ensure that consumers were granted adequate protections and to prevent the adoption of unfair trade practices by E-commerce entities. The amendments have proposed several rules which will protect the consumer with a restriction on misleading advertisements and appointment of grievance officers based in India. However, while on this path, the proposed rules have created hurdles in the operations of e-commerce, reducing the ease of business and increasing the costs of operations especially for smaller players; which could eventually pass on to the consumers.
In our submission to the Ministry of Consumer Affairs, we focussed our analysis on eight points: Definitions and Registration, Compliance, Data Protection and Surveillance, Flash Sales, Unfair Trade Practices, Jurisdictional Issues with Competition Law, Compliance with International Trade Law and Liabilities of Marketplace E-commerce Entities.
A snapshot of our recommendations and analysis is listed out below. To read our full submission, please click here.
Definitions and Registrations
The registration of entities with the DPIIT must be made as smooth as possible especially considering the wide definition of E-commerce entities in the rules, which may include smaller businesses as well. In particular, we suggested doing away with physical office visits.
Compliance
As a general observation, compliance obligations should be differentiated based on the size of the entity and the volume of transactions rather than adopting a ‘one size fits all’ approach which may harm smaller businesses, especially those that are just starting up. Before these rules come into force, further consultations with small and medium-sized business enterprises would be vital in ensuring that the regulation is in line with their needs and does not hamper their growth. Excessive compliance requirements may end up playing into the hands of the largest players as they would have larger financial coffers and institutional mechanisms to comply with these obligations.
There is some confusion in the law as to whether the Chief Compliance officer mentioned in the amended rules is the same as the “nodal person of contact or an alternate senior designated functionary who is resident of India” under Rule 5(1).
The safe harbour should therefore refer to due diligence by the CCO and not the e-commerce entity itself. The requirement for the compliance officer to be an Indian citizen who is a resident and a senior officer or managerial employee may place an undue burden on small E-commerce players not located in India.
Data Protection and Surveillance
In the absence of a Personal Data protection bill these rules do not adequately protect consumers’ personal data and reduce the powers given to the Central Government to access data or conduct surveillance
Flash Sales
Conventional flash sales should be defined. Clear distinction must be made between conventional flash sales and fraudulent flash sales. The definition should not be limited to interception of business “using technological means”, which limits the scope of the fraudulent flash sales. Further parameters must be provided for when a flash sale will be considered a fraudulent flash sale.
Unfair Trade Practices
The rules place restrictions on marketplace E-commerce entities from selling their own goods or services or from listing related enterprises as sellers on their platforms. No such restriction applies to brick and mortar stores, and this blanket ban must be rethought.
Jurisdictional Issues with Competition Law
This rule brings the issue of ‘abuse of dominant power’ under the fora of the Consumer Protection Authority or the Consumer Disputes Redressal Commissions. Overlapping jurisdiction of this nature could introduce regulatory delays into the dispute resolution process and can be a source of tension for the parties and regulatory authorities. The intention behind importing a competition law concept such as “abuse of dominant position” in the consumer protection regulations may be understandable, such a step might be effective in jurisdictions which have a common regulatory authority for both competition law as well as consumer protection issues, such as Australia, Finland, Ireland, Netherlands. However, in a country such as India which has completely separate regulatory mechanisms for competition and consumer law issues, such a provision may lead to logistical difficulties.
Compliance with International Trade Law
A robust framework on ranking with transparent disclosure of parameters for the same would also go a long way towards addressing concerns with discrimination and national treatment under WTO law. Further, the obligation to provide domestic alternatives should be clarified and amended to ensure that it does not cause uncertainty and open India up to a national treatment challenge at the WTO.
Liabilities of Marketplace E-commerce Entities
Fallback liability is an essential component of consumers’ protection in the E-commerce space. However, as currently envisioned there is a lack of clarity surrounding the extent to which fallback liability is applicable on E-commerce entities as well as exemptions to this liability. We have recommended alternate approaches adopted in other jurisdictions, which include
Standing Committee's recommendations are at odds with Access to Knowledge
The Indian Parliamentary Committee's report weighs on several aspects of the Indian IPR system and issues of protection and enforcement. This blog post summarily notes the observations and recommendations of the Committee on the Copyright Act, 1957 which stand to impact access to knowledge. The primary issue dealt with was the claim that copyright exceptions were affecting the publishing industry and authors. The recommendations include narrowing of copyright exceptions, barring digital storage and copying, promotion of libraries, and adopting the Berne Convention as the benchmark on limitations and exceptions.
Health IDs: Voluntary or Mandatory?
On August 15, 2020, the prime minister launched the National Digital Health Mission (NDHM) with the objective of improving and streamlining the Indian healthcare system. In December 2020, the Central Government, notified the National Digital Health Mission: Health Data Management Policy (Health Data Policy) seeking to create a digital health ecosystem under the NDHM. A core pillar of the Health Data Policy is to create a unique health identity (UHID) for every Indian citizen.
The Ministry And The Trace: Subverting End-To-End Encryption
A legal and technical analysis of the 'traceability' rule and its impact on messaging privacy.
WIPO SCCR 41: Notes from Day 3 and Day 4
Day 3 and 4 saw the presentation of four studies conducted by external experts on music markets in various regions in the world and one study on rights of stage directors of theatrical productions. Day 4 saw member states sharing their positions on a proposal for creation of two rights 1) rights of stage directors of stage productions and 2) public lending right. The Chair also presented the draft summary of the session upon its conclusion, on Day 4. This blog post shares the specific text under the broadcasting and limitations and exceptions agenda items, relevant from an access to knowledge perspective.
WIPO SCCR 41: Notes from Day 2
Member states delivered opening statements and deliberated on the scope, direction, and progress of work on the limitations and exceptions agenda. This blog post summarises positions and contentions around: 1) Information Session on impact COVID 2) Creating a binding limitations and exceptions international instrument 3) Work Plan under the L&E agenda 4) Conducting regional consultations as per the report on regional seminars and international conference on limitations and exceptions.
State of Consumer Digital Security in India
This report attempts to identify the existing state of digital safety in India, with a mapping of digital threats, which will aid stakeholders in identifying and addressing digital security problems in the country. This project was funded by the Asia Foundation.
Comments on the Cinematograph (Amendment) Bill, 2021
In this submission, we examine the constitutionality and legality of the Cinematograph (Amendment) Bill, 2021, which was released by the Ministry of Information and Broadcasting.
Right to Exclusion, Government Spaces, and Speech
The conclusion of the litigation surrounding Trump blocking its critiques on Twitter brings to forefront two less-discussed aspects of intermediary liability: a) if social media platforms could be compelled to ‘carry’ speech under any established legal principles, thereby limiting their right to exclude users or speech, and b) whether users have a constitutional right to access social media spaces of elected officials. This essay analyzes these issues under the American law, as well as draws parallel for India, in light of the ongoing litigation around the suspension of advocate Sanjay Hegde’s Twitter account.
At the Heart of Crypto Investing, There is Tether. But Will its Promise Pan Out?
The $18.5 million fine levied by the New York attorney general’s office earlier this year to settle a legal dispute, raises more questions than answers.
Submission to the Facebook Oversight Board in Case 2021-008-FB-FBR: Brazil, Health Misinformation and Lockdowns
In this note, we answer questions set out by the Board, pursuant to case 2021-008-FB-FBR, which concerned a post made by a Brazilian sub-national health official, and raised questions on health misinformation and enforcement of Facebook's community standards.
WIPO SCCR 41: Statement by CIS on Limitations and Exceptions Agenda Item
Anubha Sinha delivered a statement on behalf of CIS, on day 2 of the 41st WIPO SCCR session, on the limitations and exceptions agenda item.
Document Actions