Hello, folks.

The deadline to submit inputs on India’s draft Personal Data Protection Bill ended yesterday. Now the Ministry of Electronics and Information Technology has this monumental task of sifting through possibly hundreds of inputs to make appropriate changes to the draft bill, with speculations that it will be tabled in the winter session of the Parliament. But the process is elaborate, and a lot of ground needs to be covered before the draft bill becomes the act. With general elections in India early next year, the community breathes optimism that data protection cause will be prioritized and also hope that it becomes an important election agenda.

Almost three weeks back, the Supreme Court of India in a landmark judgment majorly concluded that the Aadhaar program in its entirety isn’t unconstitutional in the backdrop of the right to privacy and suggested substantial reforms by striking down certain provisions under various laws and regulations that governed the use of Aadhaar for different purposes. Unanimously, judges agreed that the Aadhaar should have limited contextual use and ruled out the use by the private sector — including and especially banks and telcos. The government is now mulling the introduction of legislation for Aadhaar use by the private sector. It will be very interesting to see how it unfolds when the use by the private sector is declared unconstitutional. Well, sort of!

Dissenting judge Justice Chandrachud ruled the entire program unconstitutional, but this minority opinion doesn’t hold. He also writes, "Rights and entitlements conferred under the Constitution cannot be subject to the vicissitudes of technology. Also they cannot be based on algorithmic probabilities which UIDAI cannot control." This, I believe, will continue to get quoted and could require certain thinking on standard industry practices, especially the use of third-party black-box software and applications. Decisions taken by programs and algorithms that are not transparent enough will face challenges as we increase the use of technology.

Taking a break from Indian regulatory regime, I found great news for professionals and the community: The CNIL has a new DPO logo that not only helps elevate the DPO role but will also provide a great boost to the role and the job market. An IAPP survey estimated that more than 75,000 DPOs are required globally — and this estimate might be outdated already. The demand for certifications and courses is exponentially rising globally, especially in Asia, following regulatory developments.

Another important piece of news from Down Down Under (i.e., New Zealand!): You now have to hand over unlocked phones and laptops to customs or share the password, or else get ready to lighten your pocket. Nation states are increasingly introducing tighter measures to strengthen border security against the changing nature of hybrid warfare that threatens sovereignty. This is not the first global instance, though.

Happy learning!