Scribd Logo
Upload

Welcome to Scribd!

  • 79 views

    Ishan Tiwari Write Up

    Uploaded by

    Ishan Tiwari
    A short write up detailing cambridge analytica controversy and Indian Judicial perspective had the same reared up in India

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd

    Ishan Tiwari Write Up

    Uploaded by

    Ishan Tiwari
    79 views4 pages
    A short write up detailing cambridge analytica controversy and Indian Judicial perspective had the same reared up in India

    Copyright

    © © All Rights Reserved

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    A short write up detailing cambridge analytica controversy and Indian Judicial perspective had the same reared up in India

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Download as pdf or txt
    79 views4 pages

    Ishan Tiwari Write Up

    Uploaded by

    Ishan Tiwari
    A short write up detailing cambridge analytica controversy and Indian Judicial perspective had the same reared up in India

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Download as pdf or txt
    of 4

    Cambridge Analytica (CA) Controversy

    ‘An Indian Judicial Perspective’

    *Ishan Tiwari

    In March 2018, the world of internet networking was turned upside down with the
    revelation that nearly 50 million Facebook users’ data was compromised by a British
    Data Analytics firm called Cambridge Analytica (CA); and, that the confidential
    information was utilized to influence results of United States’ Presidential elections, Pro
    Brexit campaign and several polls in different nations around the globe. The true extent
    of this massive data breach is still being investigated and assessed. In the light of these
    events, many people are now contemplating and re-evaluating their social media
    browsing habits, and data theft has become the new political buzz word.

    The Indian connect of CA stems from the fact that at 250 million plus, India has the
    largest number of Facebook users in the world. Thus, there are more than 250 million
    potential victims of data misappropriation and data breach in the country. This situation
    becomes even graver in the light of accusations that Indian political out-wings like
    Congress party and Janta Dal (united) have also sought the services of CA. Furthermore,
    even before the whole debacle with CA, there have been major judicial and regulatory
    concerns regarding data security of the Aadhar system. While the Union Minister,
    holding Law and Justice and Electronics and Information Technology portfolio, Mr. Ravi
    Shankar Prasad has publicly told Mark Zuckerberg that any breach of data would not be
    tolerated; there is no denying the fact that India needs clarity regarding the appropriate
    legal mechanism that would be applicable to deal with issues like this. 1

    *Integrated B.Tech (Energy Tech) LLB Hons. (IPR Specialization), UPES Dehradun.

    1
    “Won't Allow Data Breach, can summon Mr. Zuckerberg” at
    https://www.ndtv.com/india-news/can-summon-you-law-ministers-stern-message-to-mark-zuckerberg-
    1826897, Accessed on 10th May 2018.
    1
    Presently India does not have a precise piece of legislation to tackle data protection
    issues. The laws that govern data protection are covered under the ambit of Information
    Technology Act, 2000 (2008 amendments) and, Information Technology (Reasonable
    Security Practices and Procedures and Sensitive Personal Data or Information) Rules,
    2011. With respect to data protection, the IT Act, 2000 deals with the issues relating to
    payment of compensation (Civil) and punishment (Criminal) in case of wrongful
    disclosure and misuse of personal data and violation of contractual terms in respect of
    personal data.

    Under Section 43A of the IT Act, 2000, a body corporate possessing, dealing or handling
    any sensitive personal data or information, shows negligence in implementing and
    maintaining reasonable security practices that results in wrongful loss or wrongful gain to
    any person, then they may be held liable to pay damages to the affected person.2

    Section 66 provides that disclosure of information, knowingly and intentionally, without


    the consent of the person concerned and in breach of the lawful contract is punishable
    with imprisonment for a term extending to three years and fine extending to Rs
    5, 00,000.3

    Section 72 provides for punishment with imprisonment for a term which may extend to
    two years, or with fine which may extend to Rs 1, 00,000, or with both in cases of, access
    of electronic record, book, register, correspondence, information, document or other
    material without the consent of the person concerned in pursuance of any of the powers
    conferred under the IT Act Rules or Regulations

    Further, the following important sections have been inserted by the IT Amendment Act,
    2008 regarding data protection issues:

    2
    Dalmia, Vijay Pal; ‘India: Data Protection Laws In India - Everything You Must Know’;
    http://www.mondaq.com/india/x/655034/data+protection/Data+Protection+Laws+in+India; Accessed on
    10th May 2018.

    3
    Information Technology Act, 2000 (2008 Amendments).

    2
     Section 43A – Compensation for failure to protect data.
     Section 66E – Punishment for violation for privacy.
     Section 67C – Preservation and Retention of information by intermediaries.
     Section 72A – Punishment for disclosure of information in breach of lawful
    contract.
     Section 79 – Exemption from liability of intermediary in certain cases.
     Section 84B –Punishment for abetment of offences.
     Section 84C –Punishment for attempt to commit offences.

    Meanwhile the IT Rules deal with protection of "Sensitive personal data or information
    of a person", which includes such personal information which consists of information
    relating to:-

     Passwords;
     Financial information such as bank account or credit card or debit card or other
    payment instrument details;
     Physical, physiological and mental health condition;
     Sexual orientation;
     Medical records and history;
     Biometric information.4

    The rules provide the reasonable security practices and procedures, which the body
    corporate is required to follow while dealing with "Personal sensitive data or
    information". In event of any breach, the body corporate may be held liable to pay
    damages to the person so affected.

    4
    Ibid note 1

    3
    However, India’s leading cyber security experts consider, IT Act, 2000 and its
    amendments not well suited to deal with data misappropriation issues in conjunction with
    social media usage. There is a lacuna in law regarding third party transfers and cross
    border movement of personal data, Precisely, the kind of situation that CA is currently
    embroiled in. Some cyber experts5 believe that FB-CA data breach model is at best
    “immoral and unethical” and not Illegal as per current provisions of IT act, 2000. What
    CA have actually done is getting indulged in data mining and data purchasing activities
    by tricking users to give consent and this is more of a possible breach of trust kind of
    situation rather than breach of data.

    In the opinion of this author, current Indian regulatory framework is inadequate to deal
    with rapidly evolving challenges associated with emerging fields in the sphere of IT like
    Big Data, Internet of Things, and Block-chain etc. Now with a Supreme Court ruling
    guaranteeing the Fundamental Right to Privacy to Indian citizenry, there is a dire need to
    champion the cause for “Sensible” new regulations for Data protection.

    5
    Sunil Abraham (Executive Director of Centre for Internet and Society), Jaspreet Singh (Partner, Cyber
    security, Ernst & Young), Pavan Duggal (Supreme Court Lawyer).

    6
    “Indian laws inadequate to deal with data theft” at:
    //economictimes.indiatimes.com/articleshow/63566404.cms?utm_source=contentofinterest&utm_medium=
    text&utm_campaign=cppst, Accessed on 10th May 2018.

    You might also like