Sunday December 15, 2019
Home India Why India Is ...

Why India Is Still Nowhere Near Securing Its Citizens’ Data?

2
//

By Nishant Arora

It was the perfect photo-op when Prime Minister Narendra Modi hugged Facebook CEO Mark Zuckerberg during a town-hall meeting at the social media giant’s sprawling headquarters at Menlo Park, California, in September 2015.

With Facebook now embroiled in a massive data breach controversy, the bonhomie appears to be over, with India warning Zuckerberg of “stringent action”, including summoning him over the “misuse” of information to allegedly influence the country’s electoral process.

Zuckerberg has recently said Facebook will ensure that its platform is not misused to influence elections in India and elsewhere, but after witnessing how social media platforms were infiltrated during the 2016 US presidential election and the Brexit vote in the UK, nothing can be predicted at this point of time.

ALSO READ: Data breaches forced governments and enterprises to focus on cyber security

While governments the world over are fast formulating new laws that deal with users' data security and privacy, and the spread of false news, India lags far behind on this front
While governments the world over are fast formulating new laws that deal with users’ data security and privacy, and the spread of false news, India lags far behind on this front. Pixabay

 

Is the country prepared in case a huge security or privacy breach hits its people?

According to top cyber law experts, India as a nation has missed the broader point in the ever-changing tech landscape.

“The moot point here is: How do we regulate mobile app providers, social media players and intermediaries in terms of handling and processing the users’ information? We don’t have a data protection law in place. We neither have a national law on cyber security nor a national law on privacy,” Pavan Duggal, the nation’s leading cyber law expert, told IANS.

The absence of these critical laws has created a very fertile ground for the misuse and unauthorised access of user information by the service providers.

“On top of it, India has not revisited its stand on intermediaries’ liabilities since 2008. Also, the service providers have been given a great fillip by a judgement of the Supreme court, where the service providers are directed not to take any action till such time they get a court or a government agency order,” Duggal informed.

ALSO READ: India, US to enhance cyber security cooperation

In such a scenario, service providers are using the "Indians' data with impunity".
In such a scenario, service providers are using the “Indians’ data with impunity”. Pixabay

 

“They are transferring them outside the territorial boundaries of the country because we as a nation are sleeping. Once the data goes outside the country, the government loses all control. This has a detrimental impact on the protection and preservation of people’s data privacy and personal privacy,” Duggal stressed.

India has to learn from the European Union (EU) when it comes to formulating a legal framework to secure data.

The EU has asked businesses and service providers globally to comply with its new privacy law — the General Data Protection Regulation (GDPR) — that comes into force from May 25 this year.

The EU GDPR has been designed to harmonise data privacy laws across Europe — to protect and empower all EU citizens’ data privacy and to reshape the way organisations across the region approach data privacy.

After four years of debate, the GDPR was finally approved by the EU Parliament on April 14, 2016. Organisations that fail to comply with the new regulation will face hefty fines.

Although a white paper on data security has been published by the Indian government for all the stakeholders to deliberate upon, the country is still working on drafting a data protection bill.

“India is woefully under-prepared to address issues of data protection and cyber-security. We need a data protection law that protects citizens from misuse of data with strict liability and extremely high statutory damages that must be awarded within a strict period of time,” said Mishi Choudhary, President and Legal Director of New Delhi-based Software Freedom Law Centre (SFLC.in), a not-for-profit organisation.

According to Duggal, also a noted Supreme Court lawyer, India should not cut-paste any other country's law as it has to deal with a different set of problems.
According to Duggal, also a noted Supreme Court lawyer, India should not cut-paste any other country’s law as it has to deal with a different set of problems. Pixabay

ALSO READ: Kremlin Reportedly Planning to Revive KGB-style Security Behemoth

“India’s social realities are entirely different. The country has to deal with the huge issue of Aadhaar which is reeling under variety of cyber attacks because we have failed to apply cyber security as an integral part of the Aadhaar architecture,” Duggal told IANS.

India’s approach has to be based from its soil and the country must strive for information localisation.

“India should not allow its data to be stored outside its boundaries. Service providers must (be made to pay) high penalty if they are found to be misusing the data of Indians irrespective of if they are physically located in the country or not,” Duggal said. IANS

  • You’ve said that right. I am also from India.
    The data security is one serious topic. and our government must work on it. I have recently lost my websites in data breach attacks.

    • hosmathospital897

      Dear Sir /Madam,
      Hello , Are you interested to selling one of your kidney for a good amount
      of {$800.000USD} in India pls kindly Contact us now on our email: as we are
      looking for kidney donor, Very urgently who are group B,group A ,O ve and 0
      ve. Interested Donor should contact us now.

      Best Regards:
      Dr Mayur R Shetty
      Phone Call ;+918496054892
      hosmathospital803@gmail.com
      HOSMAT KIDNEY REPLACEMENT CENTER

SHARE
  • You’ve said that right. I am also from India.
    The data security is one serious topic. and our government must work on it. I have recently lost my websites in data breach attacks.

    • hosmathospital897

      Dear Sir /Madam,
      Hello , Are you interested to selling one of your kidney for a good amount
      of {$800.000USD} in India pls kindly Contact us now on our email: as we are
      looking for kidney donor, Very urgently who are group B,group A ,O ve and 0
      ve. Interested Donor should contact us now.

      Best Regards:
      Dr Mayur R Shetty
      Phone Call ;+918496054892
      hosmathospital803@gmail.com
      HOSMAT KIDNEY REPLACEMENT CENTER

Next Story

Questions Raised on India for Whatsapp Snooping

WhatsApp snooping: Questions on how India tackling data breach

0
Whatsapp snooping
Questions on how India tackling data breach after the whatsapp snooping. Pixabay

The WhatsApp snooping row that involves privacy infringement of 121 Indian users out of 1,400 globally via third-party Israeli Pegasus spyware is now witnessing serious questions on the part of the government in handling such a crucial matter in the absence of a robust digital legal framework.

In a legal memorandum sent to IT and Telecom Minister Ravi Shankar Prasad, the petitioner KN Govindacharya, founder of Rashtriya Swabhimaan Aandolan, said that the Minister’s statement in the Rajya Sabha last week on WhatsApp-Pegasus snooping matter did not reveal the complete truth.

Reacting to the Minister’s claim that no complaint has been made in the IT Ministry till date by anyone in the WhatsApp spyware case, the memorandum said that a petition filed on behalf of Govindacharya by advocate Virag Gupta in Supreme Court on November 2 clearly sought an NIA investigation into the WhatsApp-NSO data Leak and perjury proceedings against WhatsApp and Facebook.

“In earlier such matter of Cambridge Analytica, public data was compromised and the government on its own directed for an investigation by the Central Bureau of Investigation (CBI). However, in the present case, no such action has been taken,” said the petition.

Snooping
The WhatsApp snooping row involves privacy infringement of 121 Indian users out of 1,400 globally. Pixabay

Prasad told the Rajya Sabha that WhatsApp has even established its office in India.

The petitioner argued that WhatsApp Inc is a company registered in the US and has been doing business in India for the last 10 years.

“Till date, WhatsApp does not have an office in India. WhatsApp Application Services Private Limited is an Indian subsidiary, which has a separate corporate personality and has no control over WhatsApp app being used by over 40 crore users in India,” said the RSS ideologue Govindacharya in his petition.

A third key point that Prasad raised in the Rajya Sabha was that WhatsApp has appointed a Grievance Officer in India to take care of users’ complaints.

The petitioner categorically stated that the so-called Grievance Officer has been appointed in the US and not in India as stated by the minister.

After being pulled up by the Supreme Court for not appointing a Grievance Officer and complying with other laws of India, WhatsApp in September last year appointed Komal Lahiri as the Grievance Officer for the country.

Based out of WhatsApp’s headquarters in Menlo Park, California, Lahiri can only be contacted via email and general post.

“India with the biggest user base in the world has become a data colony as all our users’ data is going abroad,” said the petition.

The writ petition filed by Govindacharya in the WhatsApp-NSO Group snooping case is set to be heard in the Supreme Court on December 2.

“In the absence of a robust digital law framework, multinational companies like WhatsApp and its parent company Facebook are misusing the date of 40 crore Indian users. Internet giants have lobbied against data protection laws for long in the country. India should promptly enact data protection law and notify IT Intermediary Rules,” Gupta told IANS.

Snooping India
India with the biggest user base in the world has become a data colony as all the users’ data is going abroad. Pixabay

The Computer Emergency Response Team (CERT-In) had published a vulnerability note on May 17 advising countermeasures to users about a vulnerability in WhatsApp, according to an earlier statement from Prasad.

WhatsApp reported an incident to the CERT-In on May 20, the Minister said.

The Minister added that WhatsApp wrote to CERT-In again on September 5 mentioning an update to the security incident reported in May 2019, that while the full extent of this attack may never be known, WhatsApp continued to review the available information.

According to the petition, to come up for hearing on December 2, “it is clear that WhatsApp misled this Hon’ble Court into believing that its systems were safe. WhatsApp deliberately did not disclose the NSO hacking during proceedings before the Hon’ble Supreme Court, and thus has committed perjury.”

“India is WhatsApp’s biggest market with more than 40 crore users. WhatsApp is owned by Facebook, which also owns Instagram. Facebook has around 30 crore Indian users while Instagram has about 6.9 crore users.”

Also Read- Indian Frontline Employees Don’t Feel Connected: Facebook Report

“Thus, it is clear that data of Indians, including governmental data is being stored in systems, that have already been compromised, which endangers national security.”

NSO Group has stated that it sells its technologies only to government agencies, it added. (IANS)