DPDP Bill 2023 A Comparative Analysis
Introduction
THE DIGITAL PERSONAL DATA PROTECTION BILL, 2022 Released for Public Consultation on November 18, 2022THE DIGITAL PERSONAL DATA PROTECTION BILL, 2023Tabled at LokSabha on August 03. 2023Personal data may be processed only for a lawful purpose for which an individual has given consent. Consent may be deemed in certain cases.The 2023 bill imposes reasonable obligations on data fiduciaries and data processors to safeguard digital personal data.There is a Data Protection Board under the 2022 bill to deal with the non-compliance of the Act.Under the 2023 bill, there is the Establishment of a new Data Protection Board which will ensure compliance, remedies and penalties.
Under the new bill, the Board has been entrusted with the power of a civil court, such as the power to take cognisance in response to personal data breaches, investigate complaints, imposing penalties. Additionally, the Board can issue directions to ensure compliance with the act.The 2022 Bill grants certain rights to individuals, such as the right to obtain information, seek correction and erasure, and grievance redressal.The 2023 bill also grants More Rights to Individuals and establishes a balance between user protection and growing innovations. The bill creates a transparent and accountable data governance framework by giving more rights to individuals. In the 2023 bill, there is an Incorporation of Business-friendly provisions by removing criminal penalties for non-compliance and facilitating international data transfers.
The new 2023 bill balances out fundamental privacy rights and puts reasonable limitations on those rights.Under the 2022 bill, Personal data can be processed for a lawful purpose for which an individual has given his consent. And there was a concept of deemed consent.The new data protection board will carefully examine the instance of non-compliance by imposing penalties on non-compiler.The bill does not provide any express clarity in regards to compensation to be granted to the Data Principal in case of a Data Breach.Under 2023 Deemed consent is there in its new form as ‘Legitimate Users’.The 2022 bill allowed the transfer of personal data to locations notified by the government.There is an introduction of the negative list, which restricts cross-data transfer.
Related Blogs
Introduction:
With the rapid advancement in technologies, vehicles are also being transformed into moving data centre. There is an introduction of connectivity, driver assistance systems, advanced software systems, automated systems and other modern technologies are being deployed to make the experience of users more advanced and joyful. Software plays an important role in the overall functionality and convenience of the vehicle. For example, Advanced technologies like keyless entry and voice assistance, censor cameras and communication technologies are being incorporated into modern vehicles. Addressing the cyber security concerns in the vehicles the Ministry of Road Transport and Highways (MoRTH) has proposed standard Cyber Security and Management Systems (CSMS) rules for specific categories of four-wheelers, including both passenger and commercial vehicles. The goal is to protect these vehicles and their functions against cyber-attacks or vulnerabilities. This move will aim to ensure standardized cybersecurity measures in the automotive industry. These proposed standards will put forth certain responsibilities on the vehicle manufacturers to implement suitable and proportional measures to secure dedicated environments and to take steps to ensure cyber security.
The New Mandate
The new set of standards requires automobile manufacturers to install a new cybersecurity management system, which will be inclusive of protection against several cyberattacks on the vehicle’s autonomous driving functions, electronic control unit, connected functions, and infotainment systems. The proposed automotive industry standards aim to fortify vehicles against cyberattacks. These standards, expected to be notified by early next month, will apply to all M and N category vehicles. This includes passenger vehicles, goods carriers, and even tractors if they possess even a single electronic control unit. The need for enhanced cybersecurity in the automotive sector is palpable. Modern vehicles, equipped with advanced technologies, are highly prone to cyberattacks. The Ministry of Road Transport and Highways has thus taken a precautionary measure to safeguard all new-age commercial and private vehicles against cyber threats and vulnerabilities.
Cyber Security and Management Systems (CSMS)
The proposed standards by the Ministry of Road Transport and Highways (MoRTH) clarify that CSMS refers to a systematic risk-based strategy that defines organisational procedures, roles, and governance to manage and mitigate risks connected with cyber threats to vehicles, eventually safeguarding them from cyberattacks. According to the draft regulations, all manufacturers will be required to install a cyber security management system in their vehicles and provide the government with a certificate of compliance at the time of vehicle type certification.
Electrical vehicle charging system
Electric vehicle charging stations could also be susceptible and prone to cyber threats and vulnerabilities, which significantly requires to have in place standards to prevent them. It is highlighted that the Indian Computer Emergency Response Team (CERT-In), a designated authority to track and monitor cybersecurity incidents in India, had received reports of vulnerabilities in products and applications related to electric vehicle charging stations. Electric cars or vehicles becoming increasingly popular as the world shifts to green technology. EV owners may charge their cars at charging points in convenient spots. When you charge an EV at a charging station, data transfers between the car, the charging station, and the company that owns the device. This trail of data sharing and EV charging stations in many ways can be exploited by the bad actors. Some of the threats may include Malware, remote manipulation, and disturbing charging stations, social engineering attacks, compromised aftermarket devices etc.
Conclusion
Cyber security is necessary in view of the increased connectivity and use of software systems and other modern technologies in vehicles. As the automotive industry continues to adopt advanced technologies, it will become increasingly important that organizations take a proactive approach to ensure cybersecurity in the vehicles. A balanced approach between technology innovation and security measures will be instrumental in ensuring the cybersecurity aspect in the automotive industry. The recent proposed policy standard by the Ministry of Road Transport and Highways (MoRTH) can be seen as a commendable step to make the automotive industry cyber-resilient and safe for everyone.
References:
- https://economictimes.indiatimes.com/news/india/road-transport-ministry-proposes-uniform-cyber-security-system-for-four-wheelers/articleshow/105187952.cms
- https://www.financialexpress.com/business/express-mobility-cybersecurity-in-the-autonomous-vehicle-the-next-frontier-in-mobility-3234055/
- https://www.gktoday.in/morth-proposes-uniform-cyber-security-standards-for-four-wheelers/
- https://cybersecurity.att.com/blogs/security-essentials/the-top-8-cybersecurity-threats-facing-the-automotive-industry-heading-into-2023
Introduction
Cyber attacks are becoming increasingly common and most sophisticated around the world. India's Telecom operator BSNL has allegedly suffered a data breach. Reportedly, Hackers managed to steal sensitive information of BSNL customers and the same is now available for sale on the dark web. The leaked information includes names email addresses billing details contact numbers and outgoing call records of BSNL customers victims include both BSNL fibre and landline users. The threat actor using Querel has released a sample data set on a dark web forum and the data set contains 32,000 lines of leaked information the threat actor has claimed that the total number of lines across all databases amounts to approximately 2.9 Million.
The Persistent Threat to Digital Fortresses
As we plunge into the abyssal planes of the internet, where the shadowy tendrils of cyberspace stretch out like the countless arms of some digital leviathan, we find ourselves facing a stark and chilling revelation. At its murky depths lurks the dark web, a term that brings forth images of a clandestine digital netherworld where anonymity reigns supreme and the conventional rules of law struggle to cast their net. It is here, in this murky digital landscape, where the latest trophy of cyber larceny has been flagrantly displayed — the plundered data of Bharat Sanchar Nigam Ltd (BSNL), India's state-owned telecommunications colossus.
This latest breach serves not simply as a singular incident in the tapestry of cyber incursions but as a profound reminder of the enduring fragility of our digital bastions against the onslaught wielded by the ever-belligerent adversaries in cyberspace.
The Breach
Tracing the genesis of this worrisome event, we find a disconcerting story unfold. It began to surface when a threat actor, shrouded in the mystique of the digital shadows and brandishing the enigmatic alias 'Perell,' announced their triumph on the dark web. This self-styled cyber gladiator took to the encrypted recesses of this hidden domain with bravado, professing to have extracted 'critical information' from the inner sanctum of BSNL's voluminous databases. It is from these very vaults that the most sensitive details of the company's fibre network and landline customers originate.
A portion of the looted data, a mere fragment of a more extensive and damning corpus, was brandished like a nefariously obtained banner for all to see on the dark web. It was an ostentatious display, a teaser intended to tantalize and terrify — approximately 32,000 lines of data, a hint of the reportedly vast 2.9 million lines of data that 'Perell' claimed to have sequestered in their digital domain. The significance of this compromised information cannot be overstated; it is not mere bytes and bits strewn about in the cyber-wind. It constitutes the very essence of countless individuals, an amalgamation of email addresses, billing histories, contact numbers, and a myriad of other intimate details that, if weaponized, could set the stage for heinous acts of identity theft, insidious financial fraud, and precisely sculpted phishing schemes.
Ramifications
The ramifications of such a breach extend far beyond individual concerns of privacy invasion. This event signifies an alarming clarion call highlighting the susceptibility of our digital identities. In an era where the strands of our daily lives are ever more entwined with the World Wide Web, such penetrations are not merely an affront to corporate entities; they are a direct assault on the individual's inherent right to security and the implicit trust placed in the institutions that profess to shield their most private information.
Ripples of concern have emanated throughout the cybersecurity community, prompting urgent action from Cert-In, India's cyber security sentinel. Upon notification of this digital transgression, alarms were sounded, and yet, in a disconcerting turn, BSNL has remained enigmatic, adopting a silence that seems to belie the gravity of the situation. This reticence stands in contrast to the urgency for open dialogue and transparency — it is within the anvil of these principles that the foundations of trust are laid and sustained.
Conclusion
The narrative of the BSNL data breach transcends a singular tale of digital larceny or vulnerability; it unfolds as an insistent call to action, demanding a unified and proactive response to the perpetually morphing threat landscape that haunts our technologically dependent world. It is an uncomfortable reminder that in the intricately woven web of our online existence, we each stand as potential targets with our personal data held precariously as the coveted prize for those shadow-walkers and data marauders who dwell in the secretive realms of the internet's darkest corners.
References
Introduction
Children today are growing up amidst technology, and the internet has become an important part of their lives. The internet provides a wealth of recreational and educational options and learning environments to children, but it also presents extensively unseen difficulties, particularly in the context of deepfakes and misinformation. AI is capable of performing complex tasks in a fast time. However, misuse of AI technologies led to increasing cyber crimes. The growing nature of cyber threats can have a negative impact on children wellbeing and safety while using the Internet.
India's Digital Environment
India has one of the world's fastest-growing internet user bases, and young netizens here are getting online every passing day. The internet has now become an inseparable part of their everyday lives, be it social media or online courses. But the speed at which the digital world is evolving has raised many privacy and safety concerns increasing the chance of exposure to potentially dangerous content.
Misinformation: The raising Concern
Today, the internet is filled with various types of misinformation, and youngsters are especially vulnerable to its adverse effects. With the diversity in the language and culture in India, the spread of misinformation can have a vast negative impact on society. In particular, misinformation in education has the power to divulge young brains and create hindrances in their cognitive development.
To address this issue, it is important that parents, academia, government, industry and civil society start working together to promote digital literacy initiatives that educate children to critically analyse online material which can ease navigation in the digital realm.
DeepFakes: The Deceptive Mirage:
Deepfakes, or digitally altered videos and/or images made with the use of artificial intelligence, pose a huge internet threat. The possible ramifications of deepfake technology are concerning in India, since there is a high level of dependence on the media. Deepfakes can have far-reaching repercussions, from altering political narratives to disseminating misleading information.
Addressing the deepfake problem demands a multifaceted strategy. Media literacy programs should be integrated into the educational curriculum to assist youngsters in distinguishing between legitimate and distorted content. Furthermore, strict laws as well as technology developments are required to detect and limit the negative impact of deepfakes.
Safeguarding Children in Cyberspace
● Parental Guidance and Open Communication: Open communication and parental guidance are essential for protecting children's internet safety. It's a necessity to have open discussions about the possible consequences and appropriate internet use. Understanding the platforms and material children are consuming online, parents should actively participate in their children's online activities.
● Educational Initiatives: Comprehensive programs for digital literacy must be implemented in educational settings. Critical thinking abilities, internet etiquette, and knowledge of the risks associated with deepfakes and misinformation should all be included in these programs. Fostering a secure online environment requires giving young netizens the tools they need to question and examine digital content.
● Policies and Rules: Admitting the threats or risks posed by misuse of advanced technologies such as AI and deepfake, the Indian government is on its way to coming up with dedicated legislation to tackle the issues arising from misuse of deepfake technology by the bad actors. The government has recently come up with an advisory to social media intermediaries to identify misinformation and deepfakes and to make sure of the compliance of Information Technology (IT) Rules 2021. It is the legal obligation of online platforms to prevent the spread of misinformation and exercise due diligence or reasonable efforts are made to identify misinformation and deepfakes. Legal frameworks need to be equipped to handle the challenges posed by AI. Accountability in AI is a complex issue that requires comprehensive legal reforms. In light of various cases reported about the misuse of deepfakes and spreading such deepfake content on social media, It is advocated that there is a need to adopt and enforce strong laws to address the challenges posed by misinformation and deepfakes. Working with technological companies to implement advanced content detection tools and ensuring that law enforcement takes swift action against those who misuse technology will act as a deterrent among cyber crooks.
● Digital parenting: It is important for parents to keep up with the latest trends and digital technologies. Digital parenting includes understanding privacy settings, monitoring online activity, and using parental control tools to create a safe online environment for children.
Conclusion
As India continues to move forward digitally, protecting children in cyberspace has become a shared responsibility. By promoting digital literacy, encouraging open communication and enforcing strong laws, we can create a safer online environment for younger generations. Knowledge, understanding, and active efforts to combat misinformation and deeply entrenched myths are the keys to unlocking the safety net in the online age. Social media Intermediaries or platforms must ensure compliance under IT Rules 2021, IT Act, 2000 and the newly enacted Digital Personal Data Protection Act, 2023. It is the shared responsibility of the government, parents & teachers, users and organisations to establish safe online space for children.
