- Data localisation is not the only approach towards protecting data privacy
- WhatsApp, with 459 million users.
- WhatsApp can seamlessly share user metadata and mobile information with its parent company Facebook. Facebook Inc, which also owns Instagram.
- Facebook has sought to integrate the offerings from WhatsApp, Instagram and Facebook, with the former acting also as a tool that secures payments for services and ads posted on the latter two applications, beyond its primary use as a messaging service.
- This integration of three large consumption products is a means to monetise their everyday use by consumers.
- Data transfer from WhatsApp to Facebook is not possible in regions such as the EU.
- In the EU region, there are strong data protection laws. Tech companies are banned from storing and transfering user data.
- India should follow the European Union model and put in place a strong data protection law. Such law should align with the recommendations of the Srikrishna Committee.
- The committee has tried to address concerns about online data privacy in line with the 2018 Puttaswamy judgment.
- The draft Bill proposed by the government in 2019 diluted some of the provisos.
- As per the draft bill, only sensitive personal data needs to be mirrored in the country, and not all personal data as mandated by the committee.
- But data localisation as proposed by the committee may not necessarily lead to better data privacy, as it carries the possibility of domestic surveillance over Indian citizens.
- Any data security bill should have stronger checks on state surveillance before it is passed.
Source: Privacy and surveillance; The Hindu, January 22; 2021
Section 66A of the IT Act
- Bihar police circular on social media posts reveals low tolerance for criticism.
- The warning by the Bihar police of legal action being taken against users of social media for “offensive” posts targeting the government, its Ministers and officials, betrays both hypersensitivity and ignorance of the law.
- Section 66A, which dealt with “Punishment for sending offensive messages through communication service, etc.” was struck down by the Supreme Court in 2015, as being too broadly defined.
- The Act’s remaining penal provisions pertain only to other offences — sending obscene or prurient messages, hacking, stealing computer resources, identity theft, personation, and violation of privacy. There is nothing specific in the law that would render strong, even offensive and intemperate, criticism of the government a cyber-offence.
- Police cannot register FIRs for defamation, as the offence can only be dealt with by way of criminal complaints before magistrates, and cannot be the subject of a police investigation.
- The government has the power to institute criminal defamation cases through public prosecutors.
Source: Overzealous threat/The Hindu/January 26