The Supreme Court of India on September 26 pronounced its judgement on the validity of the Aadhaar project, upholding it in a 4:1 verdict.
FSMI strongly criticises the proposed Data Protection Bill put forth by Sri
Krishna Committee. The bill completely fails to protect the data of the user
while providing Government access to personal data without any checks
and balances. The situation where the Data agencies of Government are not
being regulated creates a scope for mass surveillance and legitimises any
data collection by the Government.
In addition, FSMI criticises this lax regulation which gives a free hand to
employers in collecting and processing data for the purposes of recruitment,
termination, assessment etc of the employees – without taking their consent.
The report places the onus of any legal consequences on the user in the case
of withdrawal of consent. This is unjust and places undue pressure on the
part of the user to forcibly retain consent. User privacy and rights are
neglected completely by not providing any means for erasure of personal
Far from protecting user data, the bill has no provision for any inquiry about
data collected by the Government. It exempts the Government from any
consequences of data breach. This proposition is dangerous considering the
recent breaches of personal data which were collected during aadhar
This draft bill subverts the provisions of the RTI Act, crippling citizen's
right to information. This is a move aimed at reducing transparency and
accountability of the Government.
In the name of data localisation, the bill mandates complete mirroring of
data within the country. This is clearly a provision which could allow the
Government to gain access to any database of Indian users.
Though the bill talks about 'Privacy by Design' and 'Transparency', it fails to
implement these principles in a concrete and binding manner.
The objective of any strong data protection law should be to protect the data
privacy of the people and make sure that they have ultimate control over it.
Regulations must be made in order to uphold individual privacy and prevent misuse of data (including data breaches).
FSMI demands that the government not accept this draft bill in its current
form and a stronger data protection law which puts control of data in the
peoples' hands be drafted.
FSMI writes to the the CEO of UIDAI about a patched version of the Enrollment Client Management Platform (ECMP) software used for off-line Aadhaar enrollment, which can potentially be used to bypass geo-location and bio-metrics, and also change the mapping between personal data of Aadhaar holders and their bio-metric data. Given the seriousness of this issue and the imminent threat to our national security given the widespread use of Aadhaar for identification purposes, we hope that UIDAI would treat this matter with utmost seriousness.
The recent controversy over the profiling of millions by consulting firm Cambridge Analytica using the 'stolen' data of Facebook users has come to India with the IT Minister giving belligerent statements about summoning Mark Zuckerberg.
Free Software Movement of India welcomes the unanimous ruling of the nine-judge bench of the Supreme Court declaring privacy to be a fundamental right under the Constitution.
In a move that can only be seen as regressive, the Government of India has blocked access to the website ‘archive.org’, also called ‘Wayback Machine’. No official reason has been given for this block.
A number of organisations had asked the TRAI to call for a consultations on net neutrality and its violations by the telecom operators. Instead, TRAI has come out with a consultation that promises that henceforth, all services - or at least the ones that compete with the telecom companies - is liable to be licensed.
As repeatedly noted by TRAI in its Consultation Paper, the use of online communication applications encourages the use of the Internet and associated services. This not only drives increased data use and therefore increased revenues for telcos but also meets an evident social need.
We as users of telecom services and members of the Indian tech community, were shocked to learn a few days ago that Airtel was carrying out unsolicited packet injection into all content viewed over its 3G networks.
It was revealed that Airtel was tampering with its user's online communications on its 3G network, and maliciously inserting advertisements into its user's data. This ensured that all users of Airtel's 3G networks were forced to view certain specific advertisements inserted by Airtel, irrespective of the content they chose to view on the Internet. Further, by interfering with the data packets to and from its customers terminals, Airtel has clearly acted in violation of the privacy rights of at least thousands if not millions of Indian citizens and has rendered their online communications unsafe.