Hi there!

July has been a very active month for privacy, particularly in India. Even as I write this, the Hon’ble Supreme Court of India is listening to concluding arguments from petitioners and the State on whether Privacy is a Fundamental Right or not in India. An MP (Jay Panda) introduced a private member bill on Data Privacy & Protection in Parliament. MEITY has constituted a committee of experts to deliberate on a Data Protection Framework for India.

Meanwhile, things continue to gallop on the global front too. LinkedIn took a company to court for scraping data from its site and building a business around it. A court in Germany hauled up a company for installing spyware on employees’ computers to spy on them. A group of researchers demonstrated how easy it is to unearth web browsing histories of users from supposedly anonymised, easily-available data. A company in the US got into a controversy about planning to sell the data its ‘smart’ vacuum cleaners gather about people’s homes. And, most alarming of all, Washington Post announced the results of a study they did of about 5000 popular apps for children- where more than 50% of them failed to protect data.

Read on for details on the above topics.

As always, look forward to your feedback on privacy@arrka.com

Cheers,

Shivangi Nadkarni

Co-Founder & CEO, Arrka Consulting

 

How We are all ‘Droids’:

http://www.livemint.com/Opinion/G703Vija2uE0I2L5Lbl1SJ/Regulation-for-us-droids.html

This article talks about how we have all become ‘data droids’ and how this data is being used by companies.

‘…The European Commission has also signalled that it is data on private individuals that is the real competition currency of the future and that it may well look to regulate the way the big internet firms compete by collecting and using such private data…. Meanwhile, the American attitude to competition seems to be heading the other way….. We would do well by taking Europe’s lead when we frame our own “data democracy” laws’

Happenings in India:

Nandan Nilekani spoke out about the need for data protection & privacy. Here is one news report that outlines what he spoke: http://timesofindia.indiatimes.com/india/citizens-should-have-ownership-of-digital-data-that-they-generate-nilekani/articleshow/59715877.cms

Member of Parliament, Jai Panda, tabled a private member bill in Parliament. Here is a news report that gives some details on this: http://www.livemint.com/Opinion/EcRER0qfjd1ooT1twFzdVJ/High-time-India-had-a-right-to-privacy-law.html

And the biggest news of all is the current proceedings in the Hon’ble Supreme Court of India on whether Privacy is a Fundamental Right or not. An unprecedented 9-Judge bench has been constituted to take a decision on this. Some of the finest legal luminaries have been arguing for both sides of the divide – with a bunch of petitioners on one side and the State on the other side. Whatever the final outcome, the debate has been fantastic and worth listening in to. Here are two of the good folks live-tweeting the proceedings:

https://twitter.com/prasanna_s

https://twitter.com/gautambhatia88

PS: Stand by for a note from our end on this shortly.

Interesting German Court ruling on Violation of Privacy:

An employee of a German company took the company to court for firing him because he was found working for another company while at work – using evidence from a keyboard tracking software installed to spy on employees. The court ruled the usage of the spying software as illegal given it had been done without the knowledge & consent of the employee. What is interesting about this case is that it could happen to any company – and how organizations need to be careful.

https://www.thelocal.de/20170727/court-rules-bosses-cant-use-keyboard-tracking-software-to-spy-on-workers/

LinkedIn and the Web Scraping Case:

‘HiQ scrapes data about thousands of employees from public LinkedIn profiles, then packages the data for sale to employers worried about their employees quitting. LinkedIn sent hiQ a cease-and-desist letter warning that this scraping violated the Computer Fraud and Abuse Act.’

It would be interesting to find out how this case pans out. Many businesses are based on ‘data scraping’ – what would happen to such businesses if HiQ was found to be in violation?

https://arstechnica.com/tech-policy/2017/07/linkedin-its-illegal-to-scrape-our-website-without-permission/

A Study on how easy it is to get our Identities from our ‘Anonymised’ Browsing Histories:

A group of German researchers gathered ‘clickstream’ data of 3 Million individuals from Web Analytics companies. This data is supposed to be anonymised (having no identity information). In reality, they could get a host of personal information from that. The article below explains how this was done. A fascinating read…

https://nakedsecurity.sophos.com/2017/08/01/anatomy-of-a-privacy-fail-when-dark-data-gives-away-your-identity/

Internet of Things & Privacy:

A controversy about this company, iRobot, sharing the data it collects via its ‘smart’ Vacuum Cleaners emphasizes how much of personal data gets collected by our smart devices. The iRobot Vacuum cleaner collects data about the layout of a user’s home. This data combined with other data about the individuals residing in that home can be a serious invasion of privacy.

http://www.techtimes.com/articles/212095/20170729/irobot-clears-up-roomba-vacuum-cleaner-privacy-issues-says-it-will-never-sell-your-data.htm

Children’s Apps and Privacy:

This study – by Washington Post – talks of how they tested about 5000 popular apps for children and how over 50% of them failed to protect their data. Check out the detailed note here:

https://www.washingtonpost.com/news/the-switch/wp/2017/07/27/we-tested-apps-for-children-half-failed-to-protect-their-data/?utm_term=.3902261548d4