Whatsapp 93125-11015 For Details

Daily Current Affairs for UPSC Exam

22Aug
2022

Data protection in India (GS Paper 2, Polity and Governance)

Data protection in India (GS Paper 2, Polity and Governance)

Context:

  • The withdrawal of the Personal Data Protection Bill from Parliament came as a surprise, particularly after so much effort was put into it over the last five years.

 

Background:

  • Between August 2017 and July 2018, a 10-member committee chaired by a former Supreme Court judge drafted the Bill.
  • The committee included four senior government officials. The Bill was then revised by the government, approved by the Cabinet, and tabled in Parliament in December 2019.
  • Subsequently, a joint parliamentary committee, or JPC, comprising a majority of BJP members, reviewed the bill and submitted its report in December 2021.

 

Right to privacy:

  • The withdrawal does not reflect well on the government, the entire process having been played out under its regime. This also increases uncertainty about the future of privacy regulation in India.
  • One way to understand this decision is to go back to the genesis of this law, which arose out of the Justice K.S. Puttaswamy v. Union of India case where the court held that the right to privacy had both a positive and negative aspect.
  • The former implies the need for the state to actively take measures to protect an individual’s privacy. Thus, the government was more or less forced to initiate the drafting of a data protection law.

 

The scope of the law:

  • The growing importance of the digital economy and the broad scope of the proposed law also contributed to contestations between stakeholders as the law was being deliberated.
  • Shaped by different interests and incentives, the state, industry, and advocacy groups all have very different expectations of what a data protection law should look like.
  • For instance, for domestic industry such a law represents a compliance hurdle, which could put it at a disadvantage. However, a law can also promote regulatory certainty, thereby opening up the possibility of increased data flows and the growth of data processing business.
  • For the state, a law could limit intrusive data processing by state agencies, but it could also promote geopolitical, strategic or regulatory interests.
  • Similarly, individuals could benefit by the restrictions on harmful data processing, but on the other hand, a poorly drafted law could legitimise certain intrusive practices.
  • Each version of the law, the 2018 Bill of the Srikrishna Committee, the 2019 Bill introduced in Parliament, and the version of the JPC in 2021 faced different types of critique from different stakeholders. For instance, law enforcement interests were seen as being obstructed by the 2018 draft, leading to broad exemptions being provided in the 2019 Bill.

 

Dilution of the focus on data privacy:

  • However, what appears striking is the consistent dilution of the focus on data privacy from the 2018 version onwards. From being the centerpiece of the legislation, privacy protection was increasingly being seen as one of several objectives being pursued.
  • This was seen most clearly in the JPC’s recommendations, which sought to significantly revise the scope of the law. The JPC recommended moving away from a personal data protection law towards a law to govern the entire data ecosystem.
  • It further suggested putting in place a number of broader restrictions on social media and other entities. This attempt to solve multiple problems in the digital ecosystem saw an already broad law being turned into an omnibus Bill. This made one question the ability to properly implement it.
  • In addition, the provisions relating to many issues were lacking in detail. For example, the provisions related to processing of data by the state, governance of non-personal data and the regulation of social mediacould all have been fleshed out with greater substantive and procedural detail, which is required to balance the complex competing interests at hand.

 

Form of new law:

  • The government has suggested that it will introduce multiple legislation comprising a new comprehensive legal framework.
  • This is the right approach, as trying to fit all objectives related to the digital ecosystem or even data governance into one Bill would be a mistake. It is healthy to maintain some polycentricity in the governance of a complex digital economy, and different laws and agencies should co-exist.
  • It would be ideal if each bill addressed a single coherent set of objectives: For instance, one personal data protection bill should not be burdened with other objectives.
  • Similarly, separate laws could deal with issues concerning state surveillance, or issues in the data economy such as dealing with competition-related concerns arising out of the monopolisation of data by certain entities.

 

Nature of protections:

  • The 2018 law, on which future drafts were based, borrowed heavily from the rights-based European General Data Protection Regulation. This framework was however criticised by some due to its perceived unviability in the Indian context.
  • For instance, creating a cross-sectoral data protection entity with the power to take significant coercive action is seen as problematic given the rule of law, capacity and regulatory constraints in India. Some of these issues could be addressed in creating a new data privacy law.

 

Roadmap:

  • First, it should build in a risk-based approach to data protection, so that the regulatory focus is directed towards addressing sources of potential harm.
  • Second, based on risk assessments, the law could enable co-regulation and self-regulation (with the regulator acting as a backstop). These could reduce compliance burdens on entities without significantly affecting rights protection.
  • Third, the current version of the law was weak on accountability measures for the data protection regulator. The new Bill should include more provisions to ensure that the regulator uses its powers well. These include provisions relating to appointments, consultations, reporting, and so on.
  • Fourth, even while the law is being drafted, the government should invest in building some administrative capacity to implement it, so that when the law is eventually passed, implementation can begin soon after. This has been previously done with SEBI and PFRDA.
  • Finally, it is vital that any new law is framed based on transparent and meaningful consultations with all stakeholders.

 

Delhi Police’s use of facial recognition technology

(GS Paper 3, Science and Tech)

Context:

  • Right to Information (RTI) responses received by the Internet Freedom Foundation, a New-Delhi based digital rights organisation, reveal that the Delhi Police treats matches of above 80% similarity generated by its facial recognition technology (FRT) system as positive results.

Why is the Delhi Police using facial recognition technology?

  • The Delhi Police first obtained FRT for the purpose of tracing and identifying missing children.
  • The procurement was authorised as per a 2018 direction of the Delhi High Court in SadhanHaldar vs NCT of Delhi.
  • However, in 2018 itself, the Delhi Police submitted in the Delhi High Court that the accuracy of the technology procured by them was only 2% and “not good”.

 

Function Creep:

  • Things took a turn after multiple reports came out that the Delhi Police was using FRT to surveil the anti-CAA protests in 2019.
  • In 2020, the Delhi Police stated in an RTI response that, though they obtained FRT as per the SadhanHaldar direction which related specifically to finding missing children, they were using FRT for police investigations.
  • The widening of the purpose for FRT use clearly demonstrates an instance of ‘function creep’ wherein a technology or system gradually widens its scope from its original purpose to encompass and fulfil wider functions.
  • The Delhi Police has consequently used FRT for investigation purposes and also specifically during the 2020 northeast Delhi riots, the 2021 Red Fort violence, and the 2022 Jahangirpuri riots.

 

What is facial recognition?

  • Facial recognition is an algorithm-based technology which creates a digital map of the face by identifying and mapping an individual’s facial features, which it then matches against the database to which it has access.
  • It can be used for two purposes: firstly, 1:1 verification of identity wherein the facial map is obtained for the purpose of matching it against the person’s photograph on a database to authenticate their identity.
  • For example, 1:1 verification is used to unlock phones. However, increasingly it is being used to provide access to any benefits or government schemes.
  • Secondly, there is the 1:n identification of identity wherein the facial map is obtained from a photograph or video and then matched against the entire database to identify the person in the photograph or video. Law enforcement agencies such as the Delhi Police usually procure FRT for 1:n identification.
  • For 1:n identification, FRT generates a probability or a match score between the suspect who is to be identified and the available database of identified criminals. A list of possible matches are generated on the basis of their likelihood to be the correct match with corresponding match scores.
  • However, ultimately it is a human analyst who selects the final probable match from the list of matches generated by FRT.

 

Why is the use of FRT harmful?

  • India has seen the rapid deployment of FRT in recent years, both by the Union and State governments, without putting in place any law to regulate their use.
  • The use of FRT presents two issues: issues related to misidentification due to inaccuracy of the technology and issues related to mass surveillance due to misuse of the technology.
  • Extensive research into the technology has revealed that its accuracy rates fall starkly based on race and gender. This can result in a false positive, where a person is misidentified as someone else, or a false negative where a person is not verified as themselves. Cases of a false positive result can lead to bias against the individual who has been misidentified.

 

Recent examples of false positive result:

  • In 2018, the American Civil Liberties Union revealed that Amazon’s facial recognition technology, Rekognition, incorrectly identified 28 Members of Congress as people who have been arrested for a crime. Of the 28, a disproportionate number were people of colour.
  • Also in 2018, researchers Joy Buolamwini and TimnitGebru found that facial recognition systems had higher error rates while identifying women and people of colour, with the error rate being the highest while identifying women of colour.
  • The use of this technology by law enforcement authorities has already led to three people in the U.S. being wrongfully arrested.

 

Exclusion:

  • On the other hand, cases of false negative results can lead to exclusion of the individual from accessing essential schemes which may use FRT as means of providing access.
  • One example of such exclusion is the failure of the biometric based authentication under Aadhaar which has led to many people being excluded from receiving essential government services which in turn has led to starvation deaths.

 

Unregulated mass surveillance:

  • However, even if accurate, this technology can result in irreversible harm as it can be used as a tool to facilitate state sponsored mass surveillance. At present, India does not have a data protection law or a FRT specific regulation to protect against misuse.
  • In such a legal vacuum, there are no safeguards to ensure that authorities use FRT only for the purposes that they have been authorised to, as is the case with the Delhi Police.
  • FRT can enable the constant surveillance of an individual resulting in the violation of their fundamental right to privacy.

 

What did the 2022 RTI responses by Delhi Police reveal?

  • In their response, the Delhi Police has revealed that matches above 80% similarity are treated as positive results while matches below 80% similarity are treated as false positive results which require additional “corroborative evidence”.
  • It is unclear why 80% has been chosen as the threshold between positive and false positive. There is no justification provided to support the Delhi Police’s assertion that an above 80% match is sufficient to assume the results are correct.
  • Secondly, the categorisation of below 80% results as false positive instead of negative shows that the Delhi Police may still further investigate below 80% results. Thus, people who share familial facial features, such as in extended families or communities, could end up being targeted. This could result in targeting of communities who have been historically overpoliced and have faced discrimination at the hands of law enforcement authorities.

 

Widened scope under Criminal Procedure (Identification) Act, 2022:

  • The Delhi Police is matching the photographs/videos against photographs collected under Section three and four of the Identification of Prisoners Act, 1920, which has now been replaced by the Criminal Procedure (Identification) Act, 2022.
  • This Act allows for wider categories of data to be collected from a wider section of people, i.e., “convicts and other persons for the purposes of identification and investigation of criminal matters”.
  • It is feared that the Act will lead to overbroad collection of personal data in violation of internationally recognised best practices for the collection and processing of data.

 

Way Forward:

  • This revelation raises multiple concerns as the use of facial recognition can lead to wrongful arrests and mass surveillance resulting in privacy violations.
  • Delhi is not the only city where such surveillance is ongoing. Multiple cities, including Kolkata, Bengaluru, Hyderabad, Ahmedabad, and Lucknow are rolling out “Safe City” programmes which implement surveillance infrastructures to reduce gender-based violence, in the absence of any regulatory legal frameworks which would act as safeguards.

 

Nepal’s new citizenship law

(GS Paper 2, International Relation)

Context:

  • Recently, Nepal President Bidhya Devi Bhandari sent back the Citizenship Amendment Act, 2006 to the Pratinidhi Sabha (House of Representatives), the lower house of the Nepal Parliament, urging the members to reconsider the Act.
  • Ahead of the election season, this clash between the President and the Pratinidhi Sabha has ignited a heated debate over the question of citizenship in Nepal.

 

What is the issue of citizenship in Nepal about?

  • Nepal transitioned into a democracy beginning with the fall of the monarchy in 2006 and the subsequent election of the Maoist government in 2008. The emergence of the multiparty system was followed by the adoption of a constitution on September 20, 2015.
  • All Nepalese citizens born before this date got naturalised citizenship. But their children remained without citizenship as that was to be guided by a federal law which has not yet been framed.
  • This amendment Act is expected to pave the way to citizenship for many such stateless youth as well as their parents.

 

What are the issues with the Act?

  • The main criticism against the Citizenship Amendment Act, 2006 is that it goes against established parameters of gender justice. A cursory reading also reveals contradictions among various sections of the law.
  • According to Article 11(2b), a person born to a father or a mother with Nepalese citizenship can get citizenship by descent.
  • Article 11(5) of the constitution says a person who is born to a Nepalese mother (who has lived in the country) and an unidentified father will also get citizenship by descent. But this section appears humiliating for a mother as she has to declare that her husband is unidentified for the child to be eligible for citizenship. In case of a Nepalese father, such declarations are not required.

Article 11(7) which says that a child born to a Nepalese mother and a father holding a foreign citizenship can get "naturalised citizenship" in accordance with the laws of Nepal appears to contradict Article 11(2b). It places a condition of permanent residency on the mother (and the child) which will determine the grant of citizenship for the child.

Why has the President refused to sign the Act?

  • Ms. Bhandari is the first female President of Nepal. Her refusal to sign the Act has drawn attention to certain sections in the constitution that thrusts greater responsibility on women.
  • For example, Article 11 (5) says that a person who is born to a Nepalese mother and an unidentified father can be granted citizenship by descent.
  • Next, it says that in case the unidentified father turns out to be a foreigner, the citizenship by descent would be converted to naturalised citizenship.
  • Furthermore, it supports punitive action against the mother if the father is found later.

 

Why has the amendment been framed thus?

  • There is an unarticulated concern in the orthodox sections of the country that as Nepalese men, particularly from the Terai region, continue to marry women from northern India, Nepalese identity would be undermined. 
  • Because of this "Beti-Roti" (Nepalese men marrying Indian women) issue, many women could not become citizens of Nepal as they were subjected to the infamous seven-year cooling off period before they could apply for citizenship in Nepal.
  • As such women were stateless, children of such families were also often found to be without Nepalese citizenship. However, the new amendments have done away with the cooling off period for these stateless women. This will benefit the children of such families where the mother and children remained stateless for years.
  • This has however created a division among the major political parties. The Communist Party of Nepal (Unified Marxist–Leninist) wanted to retain the cooling off period while the ruling Nepali Congress and the Maoist party of Pushpa Kamal DahalPrachanda supported the removal of the cooling off period.
  • It is understood that the Prime Minister of Nepal will go to the upcoming polls with the Act as the achievement of his government despite opposition from President.

 

What is the road ahead for the Act?

  • Nepal Citizenshipless Struggle Committee held a protest in Kathmandu demanding that President Bhandari should ratify the Act that was passed again by the Pratinidhi Sabha for the second time.
  • They argue that women of Indian origin, who were deprived of rights because of the cooling off period and bureaucratic procrastination, and their children will be stuck in a stateless condition if the Act is not recognised by the President’s office.

 

Rising cloudburst incidents across India

(GS Paper 3, Environment)

 

Why in news?

  • Many people have been killed in destruction caused by cloudbursts and flash floods in different parts of Himachal Pradesh and Uttarakhand recently.

Isolated areas in these two states have reported heavy rainfall during this time, triggering landslides and flash floods that have disrupted rail and road traffic, and resulted in house and wall collapses.

What are cloudbursts?

  • A cloudburst is a localised but intense rainfall activity. Short spells of very heavy rainfall over a small geographical area can cause widespread destruction, especially in hilly regions where this phenomenon is the most common.
  • Not all instances of very heavy rainfall, however, are cloudbursts.
  • A cloudburst has a very specific definition: Rainfall of 10 cm or more in an hour over a roughly 10 km x 10-km areais classified as a cloudburst event. By this definition, 5 cm of rainfall in a half- hour period over the same area would also be categorized as a cloudburst.

 

Extreme events:

  • To put this in perspective, in a normal year, India, as a whole, receives about 116 cm of rainfall over the entire year. This means if the entire rainfall everywhere in India during a year was spread evenly over its area, the total accumulated water would be 116 cm high.
  • There are, of course, huge geographical variations in rainfall within the country, and some areas receive over 10 times more than that amount in a year. But on average, any place in India can be expected to receive about 116 cm of rain in a year.
  • During a cloudburst event, a place receives about 10% of this annual rainfall within an hour. It is a worse situation than what Mumbai had experienced on July 26, 2005, which is one of the most extreme instances of rainfall in India in recent years.
  • At that time, Mumbai had received 94 cm of rain over a 24-hour period, resulting in deaths of over 400 people and more than USD 1 billion in economic losses.

 

How common are cloudbursts?

  • Cloudbursts are not uncommon events, particularly during the monsoon months. Most of these happen in the Himalayan states where the local topology, wind systems, and temperature gradients between the lower and upper atmosphere facilitate the occurrence of such events.
  • However, not every event that is described as a cloudburst is actually, by definition, a cloudburst. That is because these events are highly localized. They take place in very small areas which are often devoid of rainfall measuring instruments.
  • The consequences of these events, however, are not confined to the small areas. Because of the nature of terrain, the heavy rainfall events often trigger landslides and flash floods, causing extensive destruction downstream.
  • This is the reason why every sudden downpour that leads to destruction of life and property in the hilly areas gets described as a “cloudburst”, irrespective of whether the amount of rainfall meets the defining criteria. At the same time, it is also possible that actual cloudburst events in remote locations aren’t recorded.

 

Can cloudbursts be forecast?

  • The India Meteorological Department forecasts rainfall events well in advance, but it does not predict the quantum of rainfall, in fact, no meteorological agency does. The forecasts can be about light, heavy, or very heavy rainfall, but weather scientists do not have the capability to predict exactly how much rain is likely to fall at any given place.
  • Additionally, the forecasts are for a relatively large geographical area, usually a region, a state, a meteorological sub-division, or at best a district. As they zoom in over smaller areas, the forecasts get more and more uncertain.
  • Theoretically, it is not impossible to forecast rainfall over a very small area as well, but it requires a very dense network of weather instruments, and computing capabilities that seem unfeasible with current technologies.
  • As a result, specific cloudburst events cannot be forecast. No forecast ever mentions a possibility of a cloudburst. But there are warnings for heavy to very heavy rainfall events, and these are routinely forecast four to five days in advance.
  • Possibility of extremely heavy rainfall, which could result in cloudburst kind of situations, are forecast six to 12 hours in advance.

 

Are cloudburst incidents increasing?

  • There is no long-term trend that suggests that cloudbursts, as defined by the IMD, are rising. What is well established, however, is that incidents of extreme rainfall, as also other extreme weather events, are increasing, not just in India but across the world.
  • While the overall amount of rainfall in India has not changed substantially, an increasing proportion of rainfall is happening in a short span of time. That means that the wet spells are very wet, and are interspersed with prolonged dry spells even in the rainy season.
  • This kind of pattern, attributed to climate change, does suggest that cloudburst events might also be on the rise.