All Blogs
-
Structural considerations with ODR itself
-
The report classifies ODR as a singular entity rather than a group of technologies that require different approaches.
-
Currently ODR still has a number of functional limitations such as difficulty to account for nuance, limitation of algorithms and vulnerability of the systems.
-
The report also fails to address how the psychological limitations involved with ODR, such as involving communication, perception and preferences of parties will be solved for when implemented at the national level.
-
Socio-Economic considerations when transitioning to nation wide ODR
-
There is a lack of current access to digital infrastructure that limits ODR’s effectiveness.
-
The projections made in the report disproportionately rely on market forces while suggesting a lack of mandated standards
-
Privacy and Security concerns with moving to ODR
-
Need for greater clarity on oversight and regulation of ODR platforms
-
An independent sectoral regulator is a necessity
-
Other comments
-
The opt out model proposed must be changed to allow for the option of ADR as well.
- Using information from court orders, user reports, and government orders, and running network tests from six ISPs, Kushagra Singh, Gurshabad Grover and Varun Bansal presented the largest study of web blocking in India. Through their work, they demonstrated that major ISPs in India use different techniques to block websites, and that they don’t block the same websites (link).
- Gurshabad Grover and Kushagra Singh collaborated with Simone Basso of the Open Observatory of Network Interference (OONI) to study HTTPS traffic blocking in India by running experiments on the networks of three popular Indian ISPs: ACT Fibernet, Bharti Airtel, and Reliance Jio (link).
- For The Leaflet, Torsha Sarkar and Gurshabad Grover wrote about the legal framework of blocking in India — Section 69A of the IT Act and its rules. They considered commentator opinions questioning the constitutionality of the regime, whether originators of content are entitled to a hearing, and whether Rule 16, which mandates confidentiality of content takedown requests received by intermediaries from the Government, continues to be operative (link).
- In the Hindustan Times, Gurshabad Grover critically analysed the confidentiality requirement embedded within Section 69A of the IT Act and argued how this leads to internet users in India experiencing arbitrary censorship (link).
- Torsha Sarkar, along with Sarvjeet Singh of the Centre for Communication Governance (CCG), spoke to Medianama delineating the procedural aspects of section 69A of the IT Act (link).
- Arindrajit Basu spoke to the Times of India about the geopolitical and regulatory implications of the Indian government’s move to ban fifty-nine Chinese applications from India (link).
Government COVID-19 Responses in the Context of Privacy : Part II
This is the second part in a two part series of posts analysing the privacy implications of the state’s responses to COVID-19.
Comments on Data Empowerment and Protection Architecture
CIS has submitted comments to the Data Empowerment and Protection Architecture
Intermediary liability and Safe Harbour: On due diligence and automated filtering
This post discusses this ‘due diligence’ obligation in the intermediary liability regime in India, with a focus on its scope and whether it includes the possibility of automated content filtering.
Understanding the Data Gaps on Wikidata Concerning Heritage Structures of West Bengal
This is a short study on identifying the data gaps related to heritage structures in West Bengal on Wikidata, and potential strategies to address the same. The report is authored by Bodhisattwa Mandal, with editorial oversight and support by Puthiya Purayil Sneha and external review by Sumandro Chattapadhyay. This is part of a series of short-term studies undertaken by the CIS-A2K team in 2019-2020.
The PDP Bill 2019 Through the Lens of Privacy by Design
This paper evaluates the PDP Bill based on the Privacy by Design approach. It examines the implications of Bill in terms of the data ecosystem it may lead to, and the visual interface design in digital platforms. This paper focuses on the notice and consent communication suggested by the Bill, and the role and accountability of design in its interpretation.
CIS Comments on Draft ODR Report
This submission is a response by the researchers at CIS to the report “Designing the Future of Dispute Resolution: The ODR Policy Plan for India” prepared by the NITI Aayog Expert Committee on ODR.
We have put forward the following comments based on our analysis of the draft report.
The Wolf in Sheep's Clothing: Demanding your Data
The increasing digitalization of the economy and ubiquity of the Internet, coupled with developments in Artificial Intelligence (AI) and Machine Learning (ML) has given rise to transformational business models across several sectors.
Reclaiming AI Futures: Call for Contributions and Provocations
CIS is pleased to share this call for contributions by Mozilla Fellow Divij Joshi. CIS will be working with Divij to edit, collate, and finalise this publication. This publication will add to Divij’s work as part of the AI observatory. The work is entirely funded by Divij Joshi.
CIS Report on Legal and Policy Implications of Autonomous Weapons Systems
Link to full report: https://cis-india.org/internet-governance/legal-and-policy-implications-of-autonomous-weapons-systems
Wars have been a part of human existence from the very beginning. However, the evolution of civilization has led to the evolution of wars. As a society, our discourse is now centred around on how this new generation of wars is best fought rather than whether at all to fight them. This inevitability of war has further led countries to develop means and methods of warfare, for inevitability of war is only acceptable when it is accompanied by the inevitability of victory. Autonomous Weapon Systems (AWS) or Lethal Autonomous Weapons Systems (LAWS) have, in recent times, sparked a global debate regarding what is being called the future of technology: artificial intelligence. In the backdrop of revolutionizing wars, AWS are being developed by certain countries to gain an edge over the others, forcing others to participate in the arms race of the 21st century in order to prevent asymmetric development of warfare. The international community must now contemplate the legal, moral and ethical implications of further developing existing automated weapons and giving them more autonomy than ever before.
It is to ally such concerns that a Group of Governmental Experts (GGE) was convened by the United Nations Convention on Certain Conventional Weapons (UN CCW) in December 2016, clearly demonstrating the global interest in the issue at hand. The Convention on Prohibitions or Restrictions on the Use of Certain Conventional Weapons Which May Be Deemed to Be Excessively Injurious or to Have Indiscriminate Effects or the UN CCW was established with the aim of restricting weapons considered to cause unnecessary suffering and impact civilians disproportionately and indiscriminately.
This paper is divided into 4 Chapters.
Chapter I authored by Anoushka Soni defines and differentiates between certain key terms imperative for a better understanding of autonomous weapon systems in all its technicalities. Further, the Chapter also provides a broad overview of the difference in existing state practice by reviewing the lack of universality of a definition for autonomous weapons.
Chapter II also authored by Anoushka Soni analyses autonomous weapons from the perspective of international humanitarian law. It first contemplates the prima facie illegality of autonomous weapons, and subsequently focuses on their lawful use with regard to the principles of distinction, proportionality and military necessity and the conclusion provides a normative look at the way forward.
Chapter III authored by Elizabeth Dominic goes into the question of accountability and redress and evaluates models of criminal and civil liability in case autonomous weapons systems go wrong.
Chapter IV authored by Elizabeth Dominic evaluates the role of the private sector in the development, trade and policy framework on autonomous weapons systems around the world.
Investigating Encrypted DNS Blocking in India
We find that encrypted DNS protocols are not blocked in India and share our test methodology.
Mapping GLAM in Maharashtra
This is a short study on mapping the digital transition in selected Galleries, Libraries, Archives and Museums (GLAM) institutions in Maharashtra, India, and exploring possibilities and challenges for collaborations with Wikimedia projects. Research was undertaken by Aaryaa Joshi, Dnyanada Gadre-Phadke, Kalyani Kotkar and Subodh Kulkarni; the report has been authored by Subodh Kulkarni with editorial oversight and support by Puthiya Purayil Sneha, and external review by Sumandro Chattapadhyay. This is part of a series of short-term studies undertaken by the CIS-A2K team in 2019–2020.
Comments to National Digital Health Mission: Health Data Management Policy
CIS has submitted comments to the National Health Data Management Policy. We welcome the opportunity provided to our comments on the Policy and we hope that the final Policy will consider the interests of all the stakeholders to ensure that it protects the privacy of the individual while encouraging a digital health ecosystem.
Mapping Web Censorship & Net Neutrality Violations
For over a year, researchers at the Centre for Internet and Society have been studying website blocking by internet service providers (ISPs) in India. We have learned that major ISPs don’t always block the same websites, and also use different blocking techniques. To take this study further, and map net neutrality violations by ISPs, we need your help. We have developed CensorWatch, a research tool to collect empirical evidence about what websites are blocked by Indian ISPs, and which blocking methods are being used to do so. Read more about this project (link), download CensorWatch (link), and help determine if ISPs are complying with India’s net neutrality regulations.
Access to Knowledge 2019–2020 Utilisation Certificate
Access to Knowledge 2019–2020 WMF APG Utilisation Certificate
CIS digital policy organisation tracker
Update: We, at CIS, acknowledge our error and insensitivity in publishing this tracker in its current form. Missing key organisations and movements is a disservice to the list, and an erasure of the contributions of our colleagues to our shared area of work. We also acknowledge grave flaws in our methodology in preparing this list. For all these mistakes, we unreservedly apologise. Based on feedback received from the community, we have taken down this tracker.
Government’s COVID-19 Responses in the Context of Privacy: Part I
Introduction
The ongoing COVID-19 pandemic is one of the biggest health emergencies to hit the world in a long time. The health measures recommended by experts for the prevention and containment of the spread of COVID-19 include regular washing of hands, wearing masks, maintaining physical distance, isolation of suspected cases, etc. At the community level case isolation and contact tracing have emerged as key elements of the comprehensive strategy to control the spread and transmission of COVID-19. To this end the government of India, launched a contact tracing app known as Aarogya Setu and encouraged (in certain cases with a tinge of intimidation) the people to install and use the same in order to bolster its contact tracing measures.
Although a lot of attention has been given to the privacy issues related to the Aarogya Setu app, there has been comparatively less focus on the other measures taken by the Central and State governments for containment of COVID-19. Some of these measures include – stamping suspected cases with “Home Quarantine” using indelible ink (Maharashtra, Delhi, Karnataka), pasting notices outside the houses of individuals advised home quarantine (Delhi, Mumbai), establishing containment zones around the residences of COVID-19 positive patients, releasing the names and addresses of COVID-19 positive patients, etc. It is obvious that all these measures involve some measure of violation of the right to privacy of the individual concerned. However (as mentioned above) there has been little public discussion around the privacy rights violated by these measures, especially when one compares it to the media attention garnered by the privacy issues related to the Aarogya Setu app. It is not easy to find the reasons behind most of the measures mentioned above in official government guidelines as the guidelines themselves are often not publicly present or readily available online.Wherever such guidelines are available, such as the Central Government guidelines regarding containment zones, they do not contain any background as to why the government feels that such measures are needed.
Although it is obvious enough to everyone that there are privacy issues involved in the government measures listed above however that does not necessarily mean that these measures necessarily violate the right to privacy of an individual. This is because like any other legal right, the right to privacy is also not absolute and in certain cases the right to privacy has to give way to other considerations. We shall therefore discuss the privacy implications of the different government actions in this series of posts, each of which shall analyze one specific type of government response to determine whether it complies with the principle of protection of the right to privacy. In this particular piece we shall examine whether releasing the names of COVID positive patients violates their right to privacy.
The Law on Privacy
The right to privacy was not always recognized under Indian law, in fact early Supreme Court decisions such as M.P. Sharma v. Satish Chandra, [AIR 1954 SC 30] and Kharak Singh v. State of U.P., [AIR 1963 SC 1295] specifically denied the existence of a right to privacy. The first semblance of judicial recognition for the right to privacy was the minority opinion in Kharak Singh which was later adopted as the majority view in Gobind v. State of M.P., [(1975) 2 SCC 148] to uphold the existence of a right to privacy in India. However due to the fact that Gobind and other decisions recognizing the right to privacy such as R. Rajagopal v. State of Tamil Nadu, [(1994) 6 SCC 632] and People’s Union for Civil Liberties v. Union of India, [(1997) 1 SCC 301] were delivered by smaller Benches of the Supreme Court, a Nine Judge Bench was constituted in K.S. Puttaswamy v. Union of India, [(2017) 10 SCC 1] to authoritatively decide the existence and scope of the right to privacy. The Supreme Court in Puttaswamy not only categorically recognized the right to privacy, but also discussed in detail its origins and scope as well as the circumstances under which the right may be limited.
While a detailed analysis of the judgment and the law of privacy itself is beyond the scope of this paper, it might be useful to recount here the brief essence of the Puttaswamy judgment. Since there were six different orders delivered in this case, for the sake of avoiding any confusion, we will discuss only the judgment delivered by Justice D.Y. Chandrachud since that was the judgment delivered on behalf of four Judges (while the other five judgments were delivered on behalf of individual Judges), and therefore would have the most weight as a precedent. In this judgment it was held that privacy is a constitutionally protected right emerging not only from the right to privacy guaranteed under Article 21 of the Constitution but its elements also arise in varying contexts from other facets of freedom and dignity recognized and guaranteed under other fundamental rights. It was further held that not only does privacy include at its core the preservation of human intimacies, it also connotes a right to be left alone. While the legitimate expectation of privacy may vary from the private to the public arenas, it is not lost or surrendered merely because the individual is in a public place since it is an essential facet of the dignity of the human being. Informational privacy has also been specifically recognized as a facet of the right to privacy.
Most importantly the Court held that like other fundamental rights the right to privacy is also not an absolute right. However an invasion of privacy has to be justified on the basis of a law which stipulates a procedure which is just, fair and reasonable. The Court specified a three-fold test for any action that violates the right to privacy: (i) legality, which postulates the existence of law; (ii) need, defined in terms of a legitimate state aim; and (iii) proportionality which ensures a rational nexus between the objects and the means adopted to achieve them. We will examine the various State actions in light of the principles above and analyse whether each of these actions satisfy the three-fold test laid down in Puttaswamy.
Analysis of Government Action
In a number of states such as Uttar Pradesh, Orissa, etc. a daily list of the names, age, address, etc. of the individuals who have been reported to be COVID positive is released and widely circulated. Although this practice may now have ceased in some places, previously such lists were released either through the conscious actions or the negligence of the state health authorities. The release of such information in the public domain clearly has privacy repercussions for the individuals concerned. Besides, these actions also seem to be at odds with the Guidelines issued by the Central Government titled “Addressing Social Stigma Associated with COVID-19” which categorically ask the public not to spread names or identity of those affected or under quarantine or their locality on social media. The Madras High Court in a recent decision (K. Narayanan v. Chief Secretary, Government of Tamil Nadu) relied on the above Guidelines to reject a petition requiring the state government to publish the names of all COVID positive patients on a website. The reason for such a prayer was to warn the public to stay away from such COVID positive patients in order to prevent the spread of the disease. However this argument was categorically rejected by the Court on the ground that publishing the names may lead to law and order problems as well as social stigma for the patients and their families.
The Indian Medical Council (Professional Conduct, Etiquette and Ethics) Regulations, 2002 also require physicians to keep patient information confidential except in situations where such information needs to be used to prevent a healthy person from being exposed to a communicable disease (Indian Medical Council (Professional conduct, Etiquette and Ethics) Regulations, 2002, Chapter II, section 2.2). Even the World Health Organization’s Guidance on contact tracing requires that “ethics of public health information, data protection, and data privacy must be considered at all levels of contact tracing activities” and that safeguards must be put in place to guarantee privacy and data protection in accordance with the legal frameworks of the countries. The Supreme Court in the case of Mr. “X” vs. Hospital “Z”, [AIR 1999 SC 495] has also upheld the right to privacy of a patient regarding his medical records, except insofar as it may be necessary to disclose such information in order to protect third parties from harm.
As far as the legal framework of the right to privacy is concerned, the Supreme Court in Puttaswamy clearly states that the sphere of privacy stretches to those matters where there is a reasonable expectation of privacy and then specifically recognizes medical information as a category of data where such an expectation of privacy would exist. The specific example of medical records is used by the Supreme Court to illustrate the point on balancing a legitimate state interest in the private information of its citizens vis-à-vis the individual’s right to privacy. It was recognized that although medical records are generally protected by the right to privacy, the state may assert a legitimate interest in analyzing medical records to understand and deal with a public health epidemic to prevent a serious impact on the population. However the Court put a very important caveat saying that such information may be used by the state if it preserves the anonymity of the individual. Thus the state may assert a legitimate interest in acquiring and using health records of individuals to deal with an epidemic provided it preserves the anonymity of the individual.
The above illustration from the judgement seems to suggest that the State only has the power to retain the health records of individuals if their anonymity is preserved and does not have the power to make such records public at all. However this interpretation was implicitly rejected by the Orissa High Court in Ananga Kumar Otta v. Union of India and others, (Writ Petition (PIL) No.12430 of 2020, Order dated 16-07-2020). A PIL (Public Interest Litigation) was filed by an advocate asking the Court to issue directions to the state authorities to take action against those persons whose actions or negligence led to the disclosure of the names of COVID positive patients and also to ensure that such events do not happen in the future. The State of Odisha claimed that it had passed the Odisha COVID-19 Regulations, 2020 which provided that the name, exact address and phone number of persons under treatment should not be disclosed, except in special circumstances affecting public health and safety and with the approval of the State Government. Discussing (and implicitly upholding) the Regulations the Court refused to pass a blanket order preventing the disclosure of the names of COVID patients as the Regulations provided that there would be no indiscriminate disclosure, rather any disclosure of identity would only be in exceptional circumstances. The Court however clarified that any action of disclosure under these exceptional circumstances as per the Regulations would also have to satisfy the triple test laid down in Puttaswamy.
Conclusion
The legal position that emerges from the above analysis is that the names and addresses of COVID positive patients cannot be released by the state authorities under normal circumstances as this would be violative of the right to privacy. However since the right to privacy is not absolute and is subject to exceptions, therefore there can be no absolute ban on releasing the names of COVID positive patients and such an act may be allowed under exceptional circumstances, although no such circumstance has been considered or illustrated by any Court till date. The only scenario in which such disclosures were allowed was when the Odisha government wanted to release the names of deceased COVID warriors (government employees engaged in COVID containment activities) so as to bestow them with appropriate state honors during their funeral. However even this act was done only with the previous consent of the family members of the deceased.
Thus while the law leaves scope for situations where the names of COVID positive patients may be released by the state authorities, no specific examples of such situations have been listed out by the Courts. The only guidance given by Courts in this regard is that any such disclosure would have to satisfy the established exceptions to the right to privacy, more specifically the three-fold test laid down by the Supreme Court in Puttaswamy of legality, proportionality and legitimate state interest.
Recommendations for EU cyber diplomacy
Written statement by Arindrajit Basu delivered at the EU Cyber Direct Civil Society Forum 2020
IFAT and ITF - Locking Down the Impact of Covid-19
This report, by Indian Federation of App-based Transport Workers (IFAT) and International Transport Workers’ Federation (ITF), New Delhi office, explores the responses to the outbreak of Covid-19 by digital platform based companies, trade unions, and governments to help out workers for digital platform based companies hereafter app based workers during the lockdown. The research work in this article is a characterization of the struggles of app based workers during the global pandemic and how it has affected and changed the world of work for them. The surveys were conducted amongst the workforce working for app based companies like Ola, Uber, Swiggy, Zomato etc. This study is partially supported by CIS as part of the Feminist Internet Research Network led by the Association for Progressive Communications.
CIS Internship Programme (October 2020)
The Centre for Internet and Society (CIS) provides opportunities for students and professionals to undertake remote internships. Please continue to read through for more information about the process.
Regulatory Road for Cryptocurrencies: Comments on the Report of the Inter-ministerial Committee on Virtual Currencies
On 22nd July 2019, the Inter ministerial committee that was constituted to study the issues related to virtual currencies submitted its report. It is important to analyze the various aspects of cryptocurrencies that have been considered to evaluate the Committee’s proposed next steps.
Document Actions