top of page

1. Data Protection

Challenges/ constraints in data protection

  • Most of the data storage companies are based abroad. They also export data to other jurisdiction making it difficult to apply Indian laws.

  • India does not have capability for data localization i.e. to store data within country.

  • There hundreds of private players are involved in data dynamics which makes it difficult to apply uniform data protection framework.

  • Generally, the application using pre-ticked boxes on consent while asking users regarding the acceptance to the terms and conditions.

  • It is usually difficult to trace the perpetrator invading the data privacy.

  • Recently, B. N. Srikrishna committee submitted its report on a Data Protection Framework and a draft bill on data protection.

​

1.1. About Data Protection

  • Data protection is the process of protecting data and involves the relationship between the collection and dissemination of data and technology.

  • It aims to strike a balance between individual privacy rights while still allowing data to be used for myriad purposes.

  • It is required as the volume of data on internet is expanding exponentially and the spread of new technologies like artificial intelligence internet of things big data poses a threat of abuse and misuse of data.

  • Any data protection framework should secure data in its entire life cycle – Data Collection, Data Processing, Data Use, Data Sharing, Data Destruction.

  • Several countries have dedicated law for data protection like Japan’s Act on Protection of Personal Information. Recently European Union has adopted General Data Protection Regulation 2018.

​

1.2. Data protection and India

  • India has around 40 cr internet users and 25cr social media users who spend significant time online. The average cost for data breach in India has gone up to Rs. 11.9 crore, an increase of 7.9% from 2017.

  • Supreme Court in K.S. Puttaswamy case has declared Right to Privacy is a Fundamental right. Hence protecting individual privacy is constitutional duty of the state.

  • India does not have any dedicated legal framework for data protection. Presently some acts cover the data protection in general

  • Sec 43 A of Information technology act 2000 protects user data from misuse but it is applicable to only TRAI guidelines for data security

  • The public should be given the right to choice, consent and to be forgotten to safeguard their privacy.

  • Individual owns the data while data collectors and data processors “mere custodians” of data who are subject to regulations.

  • All entities in the digital eco-system, which control or process the data, should be restrained from using metadata to identify the individual users. In fact, standards for annonymisation/de-identification of personal data in digital systems should be formulated.

  • Both collectors and processors should be accountable for “unintended harm” caused to the user.

  • Entities should follow the principle of data minimization i.e. to collect the bare minimum data needed to provide the service.

  • Existing privacy laws that apply to telecom service providers (TSPs) should also apply to “all entities in the digital ecosystem” such as devices (mobiles and computers), browsers, software operating systems, applications, and over-the-top (OTT) service providers that distribute media streamed over the Internet. corporate entities and not on government agency. Also the rules are restricted to sensitive personal data only — medical history, biometric information among other things.

  • Other acts like consumer protection Act 2015, copyrights act 1957 among others also attempt to protect the personal information.

  • Various attempts at data protection include o In 2011 justice A. P. Shah Panel on data privacy recommended principles for data protection.

  • In 2017, a data privacy and protection bill was tabled in parliament.

  • Recently Telecom regulatory authority of India (TRAI) has given its guidelines for data security.

  • Constitution of Justice B. N. Sri Krishna Committee to prepare framework for data protection and a draft bill, which submitted its report recently. Based on the framework, the committee has also prepared a Draft Personal Data Protection Bill 2018

​

1.3. Key features of Data protection framework as provided by Sri Krishna Committee

  • Fiduciary relationship: The relationship between the individual and the service provider must be viewed as a fiduciary relationship. Therefore, the service provider processing the data is under an obligation to deal fairly with the individual’s personal data, and use it for the authorised purposes only.

  • Definition of personal data: It defined what constituted personal data as data from which an individual may be identified or identifiable, either directly or indirectly. It sought to distinguish personal data protection from Positive impact of the bill

  • The law will create the balance between the rights of the individual and the public good that comes from the digital economy.

  • So far there is no dedicated framework for data protection across country. The proposed law will help create data security architecture and protection of personal information of citizens.

  • The bill will put a check on state surveillance of citizens and help them against being victimized by state. Issues with the bill

  • There is no clarity on what kind of security standards should be followed by the data fiduciary.

  • There are multiple standards being followed as of now. For example, payment companies which deal with financial data follow PCI-DSS (Payment Card Industry Data Security Standard), health firms follow HIPPA (Health Insurance Portability and Accountability Act) globally etc.

  • The regulation may discourage people from using internet and social media as reflected in case of (EU’s) General Data Protection Regulation (GDPR) which mandates that every EU citizen’s data be stored within the EU. The Facebook and Twitter has noted drop in their revenue and visitors’ numbers.

  • It does not clearly define the government’s accountability when it processes personal data of users without their consent.

  • The bill also does not define the time frame for periodic review and frequency of data security audit of companies as well as for reporting of personal data breach at the fiduciary’s end.

​

Issues with data localization

  • There is no evidence that data localization leads to better privacy and security of data.

  • The industry will have to incur the additional costs given the bill proposes that companies ensure the storage, on a server or data centre located in India, of at least one copy of personal data.

  • Keeping a copy in India does not really guarantee against breach of security or privacy. There have been cases of government beneficiaries’ data residing on servers in India being published, going against Aadhaar Act.

  • The bill asks to replace sec 8(1) (j) of RTI act 2005 which may pose a threat to denial of information on the vague grounds of loss of reputation, mental injuries and will render the Act ineffective in securing access to public records pertaining to public servants.

  • The exemption on the ground of security of state may be too broad and may lead to surveillance and systematic access to citizens’ data by the state. the protection of sensitive personal data (e.g., caste, religion, and sexual orientation of the individual), since its processing could result in greater harm to the individual.

  • Consent-based data processing: except these four cases:

  • where processing is relevant for the state to discharge its welfare functions

  • to comply with the law or with court orders in India

  • when necessitated by the requirement to act promptly (to save a life, for instance)

  • in employment contracts, in limited situations (such, as where giving the consent requires an unreasonable effort for the employer)

  • Ownership of personal data: through rights such as right to access, confirm & correct data, right to object data processing and right to be forgotten.

  • Regulatory authority: to inquire into and take action against any violations of the data protection regime. It may also categorise certain fiduciaries as significant data fiduciaries based on their ability to cause greater harm to individuals which will then be required to undertake additional obligations.

  • Amendments to other laws: Minimum data protection standards should be adhered to for all data processing in the country authorized under various laws such as Information Technology Act, Census Act etc.

​

1.4. Key provisions of Draft Personal Data Protection Bill 2018

  • Objective: To balance the growth of the digital economy and use of data as a means of communication between persons with a statutory regime that will protect the autonomy of individuals from encroachments by the state and private entities.

  • Rights of the individual: The Bill sets out certain rights of the individual. These include: right to obtain confirmation from the fiduciary on whether its personal data has been processed, right to seek correction of inaccurate, incomplete, or out-of-date personal data, and right to have personal data transferred to any other data fiduciary in certain circumstances.

  • Obligations of the data fiduciary: include implementation of policies with regard to processing of data, maintaining transparency with regard to its practices on processing data, implementing security safeguards (such, as encryption of data), and instituting grievance redressal mechanisms to address complaints of individuals.

  • Data Protection Authority: to protect interests of individuals, prevent misuse of personal data, and ensure compliance with the Bill.

  • Data localization: It mandates Data localization of at least one copy in India by data fiduciary.

  • Grounds for processing personal data: The Bill allows processing of data by fiduciaries if consent is provided except certain circumstances as provided in the framework.

  • Grounds for processing sensitive personal data: explicit consent of the individual is required for Processing of sensitive personal data except if necessary for any function of Parliament or state legislature, for providing benefits to the individual, or for the compliance of any court judgement.

  • Define Sensitive personal data: It includes passwords, financial data, genetic data, caste, religious or political beliefs, or any other category of data specified by the Authority.

  • Transfer of data outside India: Personal data (except sensitive personal data) may be transferred outside India only where the central government has prescribed that transfers to a particular country are permissible, or where the Authority approves the transfer.

  • Exemptions from compliance: It also gives exemptions for processing of personal data for certain purposes, such as journalistic activities, law enforcement, security of state.

  • Offences and Penalties: The Authority may levy penalties for various offences by the fiduciary including failure to perform its duties, data processing in violation of the Bill, and failure to comply with directions by the Authority. For example, under the Bill, the fiduciary is required to notify the Authority of any personal data breach which is likely to cause harm to the individual failing which can attract a penalty of the higher of Rs 5 crore or 2% of the worldwide turnover of the fiduciary.

  • Amendments to other laws: The Bill makes consequential amendments to the Information Technology Act, 2000 and RTI Act to permit nondisclosure of personal information where harm to the individual outweighs public good.

  • Recognises privacy as a fundamental right: It has provisions to protect personal data as an essential facet of information privacy.

  • Monitoring provisions: Requirements of conducting Data Protection Impact Assessments, audits and appointing a Data Protection Officer are also included in the bill. There should be a periodic review to check if continued storage of data is necessary.

​

2. MONITORING SOCIAL MEDIA

2.1. About the hub

  • It was to be a platform that would allow the government to keep an eye on all social media platforms- Twitter, Facebook, Google+, Instagram, LinkedIn etc.- and try to get a sense of the public mood, with the capability to track any individual’s public posts across platforms.

  • Have the ability to collect digital media chatter from all core social media platforms as well as digital platforms like news, blogs and forums and provide real-time insights, metrics and other valuable data to the government.

  • gauge and analyse the public sentiment towards various government policies and announcements, and track influencers.

  • In terms of setting up an independent unit to track conversation across social media platforms, it is a new idea. But the government has been using other methods to assess social media trends. For example, the New Media Wing of the I&B Ministry has been assisting various arms of the government in keeping an eye on activities on various social media platforms.

 

Recent steps taken by Ministry of Home Affairs for monitoring social media-

  • Union home ministry has decided to constitute a panel to monitor cybercrimes and ensure compliance of complaints by social media platforms.

  • It is sensitising law enforcement agencies to enhance coordination with department of telecom, which is the nodal body to flag violation of IT Act with social media platforms.

  • MHA recently held meeting with representatives of social media platforms such as Google, Facebook and Twitter to discuss measures required to filter malicious content — such as hate speech and video linked to terror, child pornography and fake news — from appearing on social media.

​

2.2. Need for monitoring social media

  • The government has time and again raised its concerns for a need to monitor social media carefully with due safeguards for freedom of expression as such platforms are being misused “to disastrous effect” by groups and individuals to spread violence in the society.

  • Various incidences including lynching of people based on rumours, spreading fake news, online recruitment for terrorist groups, radicalization, hate speech and inciting

  • violence against a certain community, etc. stand as testimony to the need of having a social media monitoring framework.

​

2.3. Challenges in monitoring social media

  • Accountability issues - Challenges with respect to fixing the liability of intermediaries in cases like forwarded

​

Concerns about the monitoring

  • If government gets access to all personal data of individuals on various social media platforms, then it will lead to mass surveillance by the state. Such surveillance will encroach the freedom of speech and privacy of the citizens of our country.

  • Apart from having a chilling effect on free speech, the tool will also be used to “profiling and data basing” of social media users and lacks oversight and accountability.

  • Also, since there is no underlying statutory basis for creation of such a tool and it would be an extra-legal entity. messages on social media platforms like WhatsApp, Facebook, etc.

  • Jurisdictional challenges - Complications in jurisdiction as Facebook etc. operate as subsidiaries of foreign internet companies with their servers located outside India.

  • Anonymity - Police officers have expressed concern over multiplicity of fake profiles that make it even more difficult to track the offenders.

  • Legal challenges such as Internet traffic monitoring and privacy Concerns, fears of censorship and threat to freedom of speech and expression. As of now, the law in India doesn't allow for blanket tapping, warrants have to be obtained on a case to case basis before it can be done.

 

Way forward

  • The issues of engagement, process, technology and legal challenges posed for government agencies dealing with the medium will have to be tackled with a long-term vision. However, a few concrete steps that could possibly be taken on immediately include:

  • Institutionalise the blueprint for a National Social Media Policy: The Indian establishment needs to recognise the medium and grant it a legal status if it needs to deal with the multitude of challenges that rise out of it effectively.

  • Implement and institutionalise the Framework of Guidelines on social media engagement: Department of Electronics and Information Technology’s Framework of guidelines has laid down elaborate guiding principles for engagement of social media by government agencies. It discusses objectives, engagement protocol, types of platforms, communication strategy, responsiveness criteria and legal limitations for agencies to formulate their respective strategies for engaging with the medium and stakeholders. The need is to ensure enforcement and institutionalisation of this policy across the country with immediate effect. This has to be flexible and can be customised, depending the needs of each institution.

  • Create awareness on the Challenges posed by social media: Social media technology can be used for malware propagation, phishing, cybercrime and misinformation campaigns. There exists a huge lack of awareness amongst citizens, law enforcement agencies and higher levels on the potential of misuse of social media.

  • Expand and define scope of public-private partnerships: The government has already recognised that since the private sector is a much larger user of the internet than the government, there is significant private sector participation in critical infrastructure and, most importantly, there exists a huge talent pool in the private sector is something that the government can usefully leverage.

  • Replicate “Social Media Labs” across the country: Use the success and work on the limitations of the social media labs experiment for the future and incorporate the best practices at the state and federal levels across the country.

​

3. Border Area Development Programme (Badp)

Impact of the Scheme

  • The impact of scheme varied in different states. For example-

  • 32% of the people of Manipur, 54% of the people of Mizoram and 100% of people in Himachal Pradesh were satisfied in terms of impact of community development work of the scheme.

  • 82% of the people of Tripura and 14% of the people of Nagaland settled said they do not feel secure. 100% of the people of Gujarat settled said they feel secure.

  • In almost all areas (except Himachal Pradesh) the women’s participation remained varied and unsatisfactory.

  • Also, in terms of convergence with other schemes, it is not very successful because none of the clusters seem satisfied with it.

  • As observed, the bigger villages having village panchayat get most of their works done while small villages associated with that village panchayat fail to get much attention. Thus, there need to be some formula for the distribution of funds. Political connections play a major role in sanction of work under BADP.

  • The Centre has increased its outlay under Border Area Development Programme (to Rs. 1,100 crore in 2017-18 from Rs. 990 crore in 2015-16) for the all-round development of villages located along the international border in 17 states.

​

3.1. About BADP

  • India’s border areas face poor accessibility, inadequate infrastructure, depressed economic growth, rampant poverty and a sense of insecurity among the people. The development of border areas has therefore been envisaged as an important element in border management. Towards this end, the BADP was initiated as early as 1987 as a Centrally Sponsored Scheme.

  • It has three primary objectives: (a) to create infrastructure (b) provide economic opportunities to the border people, and (c) to instil a sense of security among them.

  • BADP covers 111 border districts in 17 States to Recent changes in BADP

  • For comprehensive and all-round development of border villages, it has been decided to develop 61 model villages.

  • Each model village will provide all basic facilities like primary health centre, primary education, community centre, connectivity, drainage, drinking water, etc. to enable sustainable living in border areas.

  • BADP Online Management System has been launched for better planning, monitoring and implementation of various projects under BADP.

  • Border States can submit their respective Annual Action Plans online and receive approvals from Ministry of Home Affairs in electronic mode which will bring in transparency in the sanction process and improve quality of planning and implementation. meet special development needs of border population with focus on people living within 50 kilometres of the International Border.

  • Initially, the programme was implemented in the Western Border States with an emphasis on the development of infrastructure to facilitate deployment of the Border Security Force.

  • Later, the ambit of the programme was widened to include other socio-economic aspects such as education, health, agriculture and other allied sectors.

  • The implementation of BADP is on participatory and decentralized basis through the Panchayati Raj institutions, Autonomous Councils and local bodies.

​

3.2. Constraints in Implementation of BADP Scheme

  • Its first phase is to be implemented in the 0-10 km range from the border areas. When all the development works for this area are completed, the state Government can then start the work in the area beyond 10 km and so on. This is problematic because to reach the phase one areas one must go through utterly underdeveloped areas which are to be covered in later phase, which makes the project expensive.

  • Further, BADP mandates that no work should be allotted beyond 10 km unless 0-10 km (from border) area is ‘saturated’; except that there are no criteria to judge whether or not the area is saturated.

  • In some remote areas, heavy rainfall during the rainy season and snow fall during the winter season creates a great difficulty in implementation of the scheme, especially construction work.

  • The money under the scheme gets spent on infrastructure which other schemes also create. The impact of the specific goals of BADP thus stands diluted.

  • There is no proper formula for the allocation of funds. This creates a lot of scope for subjectivity and monopoly. A fund allocation ratio should be decided as per the distance from border.

​

3.3. Recommendations for Better Implementation of BADP

  • Among various other recommendations of NITI Aayog, few of the important ones are-

  • Inspection and Monitoring of Program- There should be a uniform format throughout the country for evaluating the financial status of such developmental schemes. At present, each State has its own format/Proforma for this purpose. Also, Blocks should be involved at every stage from framing and sending a proposal to the implementation of tasks under BADP.

  • Employment and Skill Generating Schemes- The agriculture sector has become saturated and there is an increase in number of both educated and uneducated unemployed youth who feel that the wages under the scheme are low. There has to be a high degree diversification in the rural economy to bring home non-farming employment opportunities like Small-Scale Industry Promotion.

  • Political Involvement should be Reduced- Although there is political and popular pressure that influences and informs the selection of the work, yet diversification of the works is advisable on the basis of local needs.

  • Awareness about BADP- Along with good coordination among various line departments there is an urgent need for awareness building campaigns in all selected districts and blocks regarding various assets covered under BADP.

  • Construction of all-weather Roads- The problem of inadequacy of funds and a limited flow of funds from the Centre is further exaggerated because these villages are not connected by roads. In cases emergency, the people of these villages find it extremely difficult to access basic amenities.

  • More Funds/Timely Release of Funds- This remains a major constraint to the timely completion of work under BADP.

  • Power to Panchayats in Planning- Panchayat Samiti of the Border villages should be involved in the planning and implementation of the programme because they would be in the best position to evaluate the work of the agencies involved at all levels as well as to forward all the information to the BDOs and Nodal Officers in the district.

  • Confidence Building among People- Due to socio-economic stress, border areas need special treatment when it comes to planning for development, i.e. accelerated and integrated sustainable development. Here, confidence building measures are integral to any developmental strategy hoping to be successful in these areas.

​

4. Strategic Partnership Model

What is strategic partnership model?

  • The model, whose concept was first suggested by the Dhirendra Singh Committee, visualises designating a few private companies as Strategic Partners (SPs) that would not only assume the role of system integrators but also lay a strong defence industrial foundation.

  • Strategic Partnership Model aims to revitalize defence industrial ecosystem and progressively build indigenous capabilities to design, develop and manufacture complex weapon systems for the future needs of the Armed Forces.

  • It aims to promote Joint ventures between indigenous private sector and global defence majors.

  • The government aims to achieve a turnover of Rs 1,70,000 crore in military goods and services by 2025.

​

4.1. Guidelines

  • Incentivise indigenisation: It lay emphasis on incentivisation of transfer of niche technology and ensure higher indigenous content in military equipments to be produced in India.

  • Incentivise global Majors: Global majors in collaboration with Indian Partners willing to make India a Regional / Global manufacturing hub will also be incentivized.

  • Empowered Project Committees (EPC): All procurements under the SP Model would be executed by specially constituted EPCs.

  • Specify norms: The guidelines also specified norms for carrying out various sector specific manufacturing projects.

​

Benefits

  • It will boost self-reliance by encouraging indigenous defence industry and aligning the defence sector with the 'Make in India ' initiative leading to reduction in dependence on imports.

  • EPC will provide focussed attention and ensure timely execution of the projects, thus, ensuring timely delivery of equipment to the Armed Forces.

  • It will enhance competition, increase efficiencies, facilitate faster and more significant absorption of technology.

  • It will ensure development of a wider skill base and promote innovation.

  • The model would also go a long way in bridging the long-standing trust gap between the Indian private sector and Ministry of Defence.

​

Challenges

  • Lack of institutional capacity: Due to this, several promising measures in the past, especially those connected with the ‘Make’ and ‘Buy and Make (Indian)’ procedures, have failed to yield the desired results.

  • Lack of structural and procedural reforms: Lack of reforms in the structures and decision-making processes related to procurement and production have inhibited the development of a strong defence industry.

  • IPR issues: The sensitive issue of Intellectual Property Rights (IPR) is one of the reasons why foreign vendors are generally reluctant to transfer technologies.

  • Issue of viability: There is also a concern regarding the long-term viability of SPs largely due to the privileged position enjoyed by public sector entities. In the past as well, the MoD has often deviated from fair play in award of contracts and handed over large orders to Defence PSUs and Ordnance Factories on nomination.

  • Thus, Government needs to develop capacity and provide adequate resources to implement the model along with following the principle of merit in contract awards.

​

5. APPOINTMENT OF DGPS

5.1. SC’s guidelines while appointing DGPs:

  • SC restrained the State governments from appointing DGPs without first consulting UPSC. These are the guidelines to one of the seven directives issued by the SC in Prakash Singh judgment of 2006.

  • Concerned State government has to send the names of probable candidates to UPSC three months before the incumbent DGP is to retire. UPSC will then prepare a list of three officers on the basis of availability of a clear two years of service and must give due weightage to merit and seniority.

  • State in turn shall immediately appoint one of the persons shortlisted by UPSC who should continue to hold the post for a reasonable period beyond the date of superannuation.

  • Any legislation or rule formed by any of the states or the Central Government running counter to the direction shall remain in abeyance.

​

5.2. Significance of the SC’s directions

  • Putting an end to favoritism and political influence in higher level appointments it will ensure that there are no distortions in the appointment of DGP of the state.

​

Way forward

  • The SC has laid down the guidelines only for one of the directions it gave in 2006. There are other directives also which need to be implemented in letter and spirit like on the State Security Commission.

  • Police needs to be given functional autonomy to enforce rule of law and needs to be restructured and modernized for India to achieve status of a great power.

​

6. Missile Shield For Delhi

6.1. More on News

  • The government is procuring a variety of air defence systems, including missiles, launchers and command-and-control units from the US, Russia and Israel, besides deploying indigenously developed missiles as part of the project.

  • Recently, Defence Acquisitions Council (DAC) approved the acquisition of National Advance Surface to Air Missile System-II (NASAMA) for the security of Delhi.

​

7. Rim Of Pacific Multinational Naval Exercise (RIMPAC)

7.1. Details

  • The 26th edition of RIMPAC, hosted by the U.S. Indo-Pacific Command (INDOPACOM), RIMPAC is the world’s largest set of international maritime war games.

  • The theme of RIMPAC 2018 is "Capable, Adaptive, Partners."

  • This is the first time Brazil, Israel, Sri Lanka and Vietnam are participating in RIMPAC.

  • Indigenously built stealth frigate, INS Sahyadri, participated in RIMPAC.

  • China is absent this year as it was dis-invited from participating by the U.S., citing China’s military actions in the South China Sea.

  • The Indian Navy was an observer for the 2006, 2010 and 2012 editions of the exercise. In 2014, INS Sahyadri was deployed for the 24th edition of the exercise, while INS Satpura took part in 2016.

July Internal Security Threats

bottom of page