#FactCheck -2018 Baba Ramdev Video on Cheap Petrol Resurfaces Amid Fuel Price Hike, Shared Out of Context

Biological data includes biometric information such as fingerprints, facial recognition, DNA sequences, and behavioral traits. Genetic data can be extracted from an individual’s remains long after their death and can continue to identify both that individual and an expanding pool of their living relatives. This persistent identification can significantly reduce privacy over time, revealing genetic characteristics and familial relationships across successive generations.

Key Developments in Privacy Protection for Biological Data:

Legal texts have been created relating to personal data protection and privacy broadly, and can sometimes prove to be poor adaptations specifically for ‘biometric data’ and its safety. Some examples are mentioned below:

1. EU and UK- GDPR

GDPR focuses primarily on biometrics in Biological Data while deciphering the technology's immense potential. The EU describes “personal data” under the General Data Protection Regulation (GDPR) including any identifiable information about a particular person. For example, this can include names, identification numbers, location data, and other structured and unstructured data. In addition, the GDPR has more specific requirements around processing sensitive or “special categories of personal data.” These “special categories” include things like genetic and biometric data. For biometric security to work well, citizens' rights must be protected appropriately, and the data collected by private and public concerns must be managed carefully and sensibly. 

2. USA

California Consumer Privacy Act (CCPA) grants Californian consumers the right to protect their personal information and biometric data including the right to disclosure or access, the right to be forgotten, and data portability. The sale of personal information and the option of opt-out is also given to consumers. Additionally, it contains the right to take legal action, with penalties imposed for violations.

The California Privacy Rights Act was passed on November 3, 2020, and took effect on January 1, 2023, with a lookback period starting January 1, 2022. It introduces sensitive personal information which includes biometric data and other sensitive details. 

Virginia's Consumer Data Protection Act, effective from January 1, 2023, designates genetic and biometric data as sensitive data that must be protected.

Illinois' Biometric Information Privacy Act is recognised as the most robust biometric privacy law in the United States. The significance of the Rosenbach v. Six Flags case lies in the Illinois Supreme Court's ruling that a plaintiff does not need to demonstrate additional harm to impose penalties on a BIPA violator. A mere loss of statutory biometric privacy rights is sufficient to warrant penalties.

3. India

As per Rule 2(1)(b) of the SPDI Rules, Sensitive Personal Data or Information, including biometric data is included under its meaning. The term ‘biometric data’ has not been defined in the Digital Personal Data Protection Act, 2023. The need for data privacy under the DPDP Act emerges only if such data is subsequently digitised under extraction and manipulation, including notice and consent requirements and penalties. 

The Biotech-PRIDE (Promotion of Research and Innovation through Data Exchange) Guidelines of 2021 are aimed at fostering an exchange of information which would thereby enhance research and innovation among various research groups nationwide. These guidelines do not deal with the generation of biological data but are a mechanism to share and exchange information and knowledge generated according to existing laws, rules, regulations and norms of the country. They will ensure data-sharing benefits, maximise use, avoid duplication, maximise integration, ownership of information, better decision-making and equity of access

How is Biological Data vulnerable?

• Biological data is often immutable, meaning it cannot be altered once compromised. Unlike other authentications that can be changed, compromised biometric data poses a permanent risk, making its protection paramount.
• The use of facial recognition technology by law enforcement agencies and the creation of databases by the same also highlights the urgent need for stringent privacy protections.
• Advances in technology, particularly AI and ML, make it easier to collect, analyse, and utilise biometric data by manipulating biometric data. This in turn is leading to new forms of identity theft and fraud that make it necessary to enhance security measures and ethical considerations to prevent abuse.
• Cross-border data transfers raise serious privacy concerns, especially as countries have varying levels and standards of data protection. 
• Wearable health-related biometric devices lack the required privacy protections which ends up making the data they collect vulnerable to misuse and breaches.

Future Outlook

With the growing use of biological data, there is likely to be increased pressure on regulatory bodies to strengthen privacy protections. This necessitates a need for enhanced security measures to protect users' identities and further prevent any form of unauthorised access. Future developments should be aimed at including strict consent requirements, and enhanced data security measures, especially for wearable devices. A new legal framework specifically designed to address the challenges posed by biometric data would be welcome. Biological data protection is an emerging need in the digital environment that we live in today.

References

• https://www.cnbc.com/2024/08/17/new-privacy-battle-is-underway-as-tech-gadgets-capture-our-brain-waves.html 
• https://www.snrlaw.in/sense-and-sensitivity-sensitive-information-under-indias-new-data-regime/ 
• https://www.thalesgroup.com/en/markets/digital-identity-and-security/government/biometrics/biometric-data‍
• https://www.business-standard.com/article/economy-policy/govt-releases-guideline-to-provide-framework-for-sharing-of-biological-data-121073001467_1.html

Introduction

Union Minister of State for Electronics and IT, Rajeev Chandrasekhar, announced that rules for the Digital Personal Data Protection (DPDP) Act are expected to be released by the end of January. The rules will be subject to a month-long consultation process, but their notification may be delayed until after the general elections in April-May 2024. Chandrasekhar mentioned changes to the current IT regulations would be made in the next few days to address the problem of deepfakes on social networking sites.

The government has observed a varied response from platforms regarding advisory measures on deepfakes, leading to the decision to enforce more specific rules. During the Digital India Dialogue, platforms were made aware of existing provisions and the consequences of non-compliance. An advisory was issued, and new amended IT rules will be released if satisfaction with compliance is not achieved.

When Sachin Tendulkar reported a deepfake on a site where he was seen endorsing a gaming application, it raised concerns about the exploitation of deepfakes. Tendulkar urged the reporting of such incidents and underlined the need for social media companies to be watchful, receptive to grievances, and quick to address disinformation and deepfakes.

The DPDP Act, 2023

The Digital Personal Data Protection Act (DPDP) 2023 is a brand-new framework for digital personal data protection that aims to protect individuals' digital personal data. The act ensures compliance by the platforms collecting personal data. The act aims to provide consent-based data collection techniques. DPDP Act 2023 is an important step toward protecting individual privacy. The Act, which requires express consent for the acquisition, administration, and processing of personal data, seeks to guarantee that organisations follow the stated objective for which user consent was granted. This proactive strategy coincides with global data protection trends and demonstrates India's commitment to safeguarding user information in the digital era.

Amendments to IT rules

Minister Chandrasekhar declared that existing IT regulations would be amended in order to combat the rising problem of deepfakes and disinformation on social media platforms. These adjustments, which will be published over the next few days, are primarily aimed at countering widespread of false information and deepfake. The decision follows a range of responses from platforms to deepfake recommendations made during Digital India Dialogues.

The government's stance: blocking non-compliant platforms

Minister Chandrasekhar reaffirmed the government's commitment to enforcing the updated guidelines. If platforms fail to follow compliance, the government may consider banning them. This severe position demonstrates the government's commitment to safeguarding Indian residents from the possible harm caused by false information.

Empowering Users with Education and Awareness

In addition to the upcoming DPDP Act Rules/recommendations and IT regulation changes, the government recognises the critical role that user education plays in establishing a robust digital environment. Minister Rajeev Chandrasekhar emphasised the necessity for comprehensive awareness programs to educate individuals about their digital rights and the need to protect personal information.

These instructional programs seek to equip users to make informed decisions about giving consent to their data. By developing a culture of digital literacy, the government hopes to guarantee that citizens have the information to safeguard themselves in an increasingly linked digital environment.

Balancing Innovation with User Protection

As India continues to explore its digital frontier, the junction of technology innovation and user safety remains a difficult balance. The upcoming Rules on the DPDP Act and modifications to existing IT rules represent the government's proactive efforts to build a strong framework that supports innovation while protecting user privacy and combating disinformation. Recognising the changing nature of the digital world, the government is actively participating in continuing discussions with stakeholders such as industry professionals, academia, and civil society. These conversations promote a collaborative approach to policy creation, ensuring that legislation is adaptable to the changing nature of cyber risks and technology breakthroughs. Such inclusive talks demonstrate the government's dedication to transparent and participatory governance, in which many viewpoints contribute to the creation of effective and nuanced policy. These advances reflect an important milestone in India's digital journey, as the country prepares to set a good example by creating responsible and safe digital ecosystems for its residents.

Reference : 

• https://economictimes.indiatimes.com/tech/technology/govt-may-release-personal-data-bill-rules-in-a-fortnight/articleshow/106162669.cms?from=mdr
• https://www.business-standard.com/india-news/dpdp-rules-expected-to-be-released-by-end-of-the-month-mos-chandrasekhar-124011600679_1.html 

‍

Introduction:

Digital Forensics, as the term goes, “It is the process of collecting, preserving, identifying, analyzing, and presenting digital evidence in a way that the evidence is legally admitted.”

It is like a detective work in the digital realm, where investigators use various specific methods to find deleted files and to reveal destroyed messages.

The reason why Digital Forensics is an important field is because with the  advancement of technology and the use of digital devices, the role of Digital Forensics in preserving the evidence and protecting our data from cybercrime is becoming more and more crucial.

Digital Forensics is used in various situations such as:

• Criminal Investigations: Digital Forensics enables investigators to trace back cyber threat actors and further identify victims of the crime to  gather evidence needed to punish criminals.

• Legal issues: Digital Forensics might aid in legal  matters involving intellectual property infringement and data breaches etc.

Types of Digital Data in Digital Forensics:

1.Persistent (Non-volatile) Data :-

• This type of Data Remains Intact When The Computer Is Turned Off.
• ex. Hard-disk, Flash-drives

2.  Volatile Data :-

• These types of Data Would Be Lost When The Computer Is Turned Off.
• ex. Temp. Files, Unsaved OpenFiles, etc.

The Digital Forensics Process

The process is as follows

• Evidence Acquisition: This process involves making an exact copy (forensic image) of the storage devices such as hard drives, SSD or mobile devices. The goal is to preserve the original data without changing it.

• Data Recovery: After acquiring the forensic image, the analysts use  tools to recover deleted, hidden or the  encrypted data inside the device . 

• Timeline Analysis: Analysts use timestamp information from files, and system logs to reconstruct the timeline of activities on a device. This helps in understanding how an incident spanned out and who was involved in it.

• Malware Analysis: In cases involving  security breaches, analysts analyze malware samples to understand their behavior, impact, and origins. various reverse engineering techniques are used to analyze the malicious code.

Types of tools:

• Faraday Bags: Faraday bags are generally the first step in digital evidence capture. These bags are generally made of conductive materials, which are used to shield our electronic devices from external waves such as WiFi, Bluetooth, and mobile cellular signals, which in turn protects the digital evidence from external tampering.

• Data recovery : These types of software are generally used for the recovery of deleted files and their associated data.  Ex. Magnet Forensics, Access data, X-Ways

• Disk imaging and analysis :These types of softwares are Generally used to replicate the data storage devices and then perform further analysis on it ex. FTKImager, Autopsy, and, Sleuth Kit

• File carving tools: They are generally used to extract information from the embedded files in the image made. Ex.Foremost, Binwalk, Scalpel

Some common tools:

• EnCase: It is a tool for acquiring, analyzing, and reporting digital evidence.

• Autopsy: It is an open-source platform generally used for analyzing hard drives and smartphones.

• Volatility: It is a framework used generally for memory forensics to analyze volatile memory dumps and extract info.

• Sleuth Kit: It is a package of CLI tools for investigating disk images and its associated file systems.

• Cellebrite UFED: It is a tool generally used for mobile forensics.

Challenges in the Field:

• Encryption: Encryption plays a major challenge as the encrypted data requires specialized techniques and tools for decryption.

• Anti-Forensic Techniques: Anti-Forensics techniques play a major challenge as the criminals often use anti-forensic methods to cover their tracks, making it challenging to get the digital evidence.

• Data Volume and Complexity: The large volume of digital data and the diversity of various devices create challenges in evidence collection and analysis.

The Future of Digital Forensics: A Perspective

‍With the  growth of technology and the vast presence of digital data, the challenges and opportunities in Digital Forensics keep on updating themselves. Due to the onset of new technology and the ever growing  necessity of cloud storage, mobile devices, and the IoT (Internet of Things), investigators will have to develop new strategies and should be ready to adapt and learn from the new shaping of the tech world.

Conclusion:

‍Digital Forensics is an essential field in the recent era for ensuring fairness in the digital era. By collecting, inspecting, and analyzing the digital data, the Digital Forensics investigators can arrive lawfully at  the prosecution of criminals and the settlement of civil disputes. Nowadays with technology on one hand progressing continuously, the discipline of Digital Forensics will certainly become even more pivotal in the case of investigations in the years to come.