By Aishwarya Jagani

As India moves forward with its much-awaited Personal Data Protection Bill (PDPB), privacy critics fear that “backdoor clauses” could allow the government access to data without consent and could create a feckless oversight board whose members would serve the whim of officials.

“The two biggest flaws are the lack of independence of the Data Protection Authority and the several ‘backdoor clauses’ contained within the PDPB,” Rohin Garg of the Internet Freedom Foundation (IFF), a privacy-rights organization in New Delhi, told Digital Privacy News.

Even B.N. Srikrishna, a retired India Supreme Court judge who led the committee that drafted the first version of the bill in 2018, attacked exemptions legislators since have added, telling Digital Privacy News that the bill now could “slide into an Orwellian state.”

By Aishwarya Jagani

Privacy advocates are alarmed that authorities in a city in India plan to use artificial intelligence to monitor women’s facial expressions in an effort to stop roadside harassment, arguing the program would raise serious privacy and surveillance issues.

“Use of facial recognition is extremely problematic — especially here, since it is open-ended,” Anushka Jain, of the Internet Freedom Foundation (IFF), said of the program in Lucknow, about 310 miles southeast of New Delhi.

“The use is continuous and not limited to any one area, time or specific incident,” she told Digital Privacy News. “This means that 24-7 surveillance of women who come under the gaze of these cameras will be done.”

In January, Lucknow Police Commissioner D.K. Thakur said that authorities had identified as many as 200 harassment hotspots often visited by women and where most complaints are reported.

By Aishwarya Jagani

A plan approved last month to set up a national network of public WiFi hotspots throughout India has raised widespread concerns from privacy and cybersecurity experts.

“I have no doubt that government agencies are also going to have full access (to this data), which could breach citizens’ data privacy — and this can be considered a risk to data security,” Viney Kumar, a New Delhi cybersecurity expert, told Digital Privacy News.

“While this is a great initiative, there are many risks associated with it,” he added. “If this isn’t rolled out in a planned, phased and secured manner then this may turn out to be a disaster as well.”

Eric Cole, a cybersecurity consultant and CEO at Secure Anchor Consulting in Ashburn, Va., said: “The biggest challenge with public WiFi is that it, by default, is typically unencrypted.”

By Aishwarya Jagani

India is in dire need of a data-privacy law, experts told Digital Privacy News, but they continue to raise concerns about a 2019 proposal that is being studied by a joint committee of Parliament.

“India, as of today, neither has a dedicated law on data-protection and privacy — nor has extensively adopted any international guidelines on privacy or data-protection,” said Saikiran Kannan, an open-source intelligence analyst in Singapore and a writer for India Today and Zenger News.

“There are some specific provisions on privacy listed in the Information Technology Act of 2000 (IT Act),” he added. “But these are very basic laws when compared to countries like U.S.A., Singapore and U.K.

“They can so easily be subverted — and the judicial proceedings in such cases take a long time to prosecute,” Kannan said.

By Aishwarya Jagani

 As India Prime Minister Narendra Modi’s government gears up for a full rollout of its National Digital Health Mission (NDHM), experts continue to raise privacy and security concerns over what could be the world’s biggest health database. 

“Large databases are always risky, especially when handling sensitive data like health data,” Prasanth Sugathan, legal director of the Software Freedom Law Centre in New Delhi, told Digital Privacy News.

“Moreover, in this case, the data could be exposed to multiple entities — and the data-security practices of these entities will have a bearing on the safety of the sensitive health data” he said.

The NDHM was announced in August, with test-runs launched in six union territories — federal areas that are governed, in part or in whole, by Modi’s government.

By Sakshi Udavant

Months after full-scale internet shutdowns ended in Kashmir and other parts of India, functional online services have not been fully restored — leaving citizens helpless during the COVID-19 crisis, privacy advocates told Digital Privacy News.

“Turning off internet access is a drastic decision that hurts the state’s own ability to communicate with their people,” said Rachel Vrabec, a privacy researcher and founder of the privacy start-up Kanary.

“However, they justify these actions in order to prevent ‘rumors from spreading and causing violence.’

“Because they don’t control the platforms where organizing is taking place or rumors are spreading, like Facebook or Twitter, they shut off access to the entire network,” she added.