Greetings, privacy pros!
Numerous concepts and analogies about personal data have been discussed by key stakeholders in India.
The Ministry of Electronics & Information Technology has created a multi-stakeholder committee to deliberate on data governance for non-personal information and the possible regulation on use of such data. The committee discusses large-scale “community” data as a natural resource that will be the growth engine of the economy. This would supplement the data governance regime for regulating use of personal data through a draft data protection bill, which is likely to be tabled in next Parliament session.
But that's not all. The Supreme Court has asked the Indian government to explain if it is contemplating linking social media with Aadhaar, creating a debate around anonymity, privacy and safety on the internet. A High Court judgment ruled hostels could not require students to hand over their mobile phones during certain hours, citing that what students do in their own time with their own device is their own business. TikTok/Bytedance responded to a list of questions the MeitY asked about the company’s data collection, its intermediary status and the steps it has taking to protect children, among other things.
While the Indian courts continue to hear arguments on WhatsApp-Traceability issues, Facebook has offered alternatives to absolute traceability of messages, including use of metadata and machine intelligence for dealing with the issue, even offering to harness WhatsApp, Instagram and Facebook linkages to provide assistance to law enforcement agencies.
China’s regulation on the protection of children’s personal information comes into effect 1 Oct. This follows a policy draft covering cross-border flow of personal information, strengthening China’s regulatory regime on data ecosystem.
Meanwhile, the U.S. Department of State’s Bureau of Democracy, Human Rights, and Labor released a draft guidance on "Export of Hardware, Software and Technology with Surveillance Capabilities and/or parts/know-how," likely impacting consumer grade and dual-use items. What technology services are covered? “Spyware; crypto-analysis products; pen-test tools; deep packet inspection; specialized computer vision chips; non-cooperative location tracking; Stingrays; automatic license plate readers; body-worn cameras; drones and unmanned aerial vehicles, facial recognition software; thermal imaging systems; rapid DNA testing; automated biometric systems; social media analytics software; gait analysis software; network protocols surveillance systems; and devices that record AV & can remotely transmit or can be remotely accessed.”
The guidance advocates privacy by design by suggesting integrating safety features, like enabling tracking of deployment; alerting exporter of misuse; striping certain capabilities prior to export; limiting the use once sold; providing a kill switch; limiting upgrades, updates and support; data minimization and auto data deletion feature. Limited data collection and use is provisioned as suggested contractual clauses. The guidelines are not intended to be mandatory, and the feedback period is open until 4 Oct. There is a brief thread on this topic on Twitter.
If you want to comment on this post, you need to login.