Skip to main content

Cloud computing, Data protection law in India and Sprinklr controversy #opinion

There is no legislation in India that specifically recognizes cloud computing. Hence all these computer related cases or crimes may be dealt with the existing IT Act and Privacy Laws. When compared to EU-GDPR or Canada's PIPEDA, these laws are very weak.
Cloud computing services that deal with personal or sensitive personal information need to comply with the requirements set out under the Privacy Rules related to security, encryption, access to data subject, disclosure, international transfer and publication of policy statements. Cloud service providers in India may also be required to comply with the Information Technology (Intermediaries Guidelines) Rules 2011 (Intermediary Guidelines) prescribed under the IT Act.
Controversy : Sprinklr agreement is based on Laws in New York./Govt sells the data/without consent from citizen.
India lacks stringent data privacy laws as well a strong IT act. However as per current law, the IT Act  covers offenses committed outside of India if the offense involves a computer, computer system or computer network located in India. This would protect consumers within India who procure cloud computing services from service providers located outside India. Section 75 of the IT Act 2000 ,states that the provisions of the act would apply to any offense or contravention thereunder committed outside India by any person (including companies), irrespective of his nationality, if the act or conduct constituting the offense or contravention involves a computer, computer system or computer network located in India.
Though Sprinkler has confirmed in writing that the data is stored in Mumbai Amazon Cloud Data center, the opposition and critics of the State goverment are not convinced. So when it comes to privacy, India lacks strong laws. However, The Personal Data Protection Bill 2019 (PDP Bill 2019) was tabled in the Indian Parliament and is currently being analyzed. In its current form, the bill now only requires the storage of “sensitive personal data” within India, a subset of what was within the previous mandate. Sensitive personal data can also be transferred abroad for the purpose of processing upon the fulfillment of certain conditions including obtaining explicit consent from the data user (called “data principal”) and being in pursuance of a contract or an intra-group scheme that safeguards user rights, while also ensuring liability on the data processor (fiduciary) if harm does accrue. (clause 34 PDP 2019 Bill).

Alternatively, “sensitive personal data” may be transferred abroad if the data is to be accorded an adequate level of protection in that jurisdiction. Further, Indian law enforcement authorities must have access to that data when they need to, for conducting criminal investigations. The Indian government has the power to notify any data as “critical personal data,” which must be stored and processed only in India. However “Critical Personal Data” has not yet been defined by the government.
Even if some data breach happens, as of now, India don't have a stringent rule to bring the culprits on its knees. So all those talking on Privacy is just a bluff.In that sense, the laws in US is much stringent than India. 
Related Article : Cambridge Analytica and Information Technology Act of India: Why India needs a Stringent Data Privacy Law?
Note1 : Currently proposed PDP bill itself is controversial. The latest version of the Personal Data Protection Bill 2019 would allow the government to direct companies to hand over the anonymized personal data and non-personal data of citizens. It would also give the government the power to directly collect citizen data without consent so long as it serves the public interest, as well as provide it with the discretion to exempt an entity or department from any part of the law. This PDP bill is supposed to protect the privacy and now it seems different.

Note2: Regardless the scenarios, any contracts must be awarded only after the consultation with the legal department. This is a valid point. Changing technologies or current data processor just because of controversy doesn't help anyone in this COVID19 critical period.

Popular posts from this blog

Cisco ASA: Disable SSLv3 and configure TLSv1.2.

For configuring TLS v1.2, the ASA should run software version 9.3(2) or later. In earlier versions of ASA, TLS 1.2 is not supported.If you are running the old version, it's time to upgrade. But before that i will show you the config prior to the change. I am running ASA version 9.6.1 Now ,set the server-version to tlsv1.2, though ASA supports version tlsv1.1, its always better to configure the connection to more secure. Server here in the sense, the ASA will be act as the server and the client will connect to the ASA.     #ssl server-version tlsv1.2 set the client-version to tlsv1.2, if required.     #ssl client-version tlsv1.2 ssl cipher command in ASA offers 5 predefined security levels and an additional custom level.     #ssl cipher tlsv1.2 high we can see the setting of each cipher levels using #show ssl cipher command. Now set the DH group to 24, which is the strongest offered as of now in the ASA.     #ssl dh-group group24 An

How to Install Netmiko on Windows?

Netmiko, developed by kirk Byers is an open source python library  based on Paramiko which simplifies SSH management to network devices and is primarily used for network automation tasks. Installing Netmiko in linux is a matter o f one single command but if you need to use Netmiko in your Windows PC, follow this process. 1) Install the latest version of Python. 2) Install Anaconda, which is an opensource distribution platform that you can install in Windows and other OS's ( 3) From the Anaconda Shell, run “ conda install paramiko ”. 4) From the Anaconda Shell, run “ pip install scp ”. 5) Now Install the Git for Windows. ( . Git is required for downloading and cloning all the Netmiko library files from Github. 6) From Git Bash window, Clone Netmiko using the following command git clone         7) Once the installation is completed, ch

RUST error: linker `link.exe` not found

While compiling Rust program in a windows environment, you may encounter the error : linker `link.exe` not found. This is because of the absence of the C++ build tools in your machine. For compiling Rust programs successfully, one of the prerequisites is the installation of the Build Tools for Visual Studio 2019.   Download the Visual Studio 2019 Build tools from the Microsoft website. After the download, while installing the Build tools, make sure that you install the required components (highlighted in Yellow) This will download around 1.2GB of required files. Once everything is successfully installed, reboot and re-run your rust program and it will compile successfully.   Read More on RUST Hello World Rust Program : Code explained RUST Cargo Package Manager Explained Data Representation in Rust.

What is a Gratuitous ARP? How is it used in Network attacks?

Many of us encountered the word "Gratuitous" while exploring the network topic on ARP, The Address Resolution Protocol. Before explaining Gratuitous ARP, here is a quick review on how ARP works. ARP provides IP communication within a Layer 2 broadcast domain by mapping an IP address to a MAC address.For example, Host B wants to send information to Host A but does not have the MAC address of Host A in its ARP cache. Host B shoots a broadcast message for all hosts within the broadcast domain to obtain the MAC address associated with the IP address of Host A. All hosts within the same broadcast domain receive the ARP request, and Host A responds with its MAC address. We can see the ARP entries on our computers by entering the command arp -a . So, back to the topic on what is a Gratuitous reply, here is a better explanation. Gratuitous arp is when a device will send an ARP packet that is not a response to a request. Ideally a gratuitous ARP request is an ARP request packe

Recovery Procedure: Alcatel-Lucent Omni-Switch not booting AOS: Going to Mini-boot prompt.

Problem: Switch not booting AOS; Going to Mini-boot prompt. Model: Alcatel-Lucent OS6850 [Note:The same procedure might be applicable for different models of Omni-Switches, However, for this illustration, i have used OS-6850 ] Reason: This problem may occurs due to corrupt AOS image files or misconfigured boot parameters. Hence switch cannot boot the images properly and will go to Mini-boot prompt.  Work Around: [Note: This zmodem procedure consumes a lot to time to finish the process.] 1.) Power off your OS6850 2.) When you switched it back on, stop it before the Miniboot (there is some counter counting down from 4). Press Enter to break. 3.) You will have the following prompt " => " 4.) Enter " setenv baudrate 115200 ”. Increasing baudrate helps to increase the data transfer speed using zmodem. 5.) Enter " saveenv " 6.) Enter " boot " 7.) The switch should run now in baud rate 115200 (so you have to change your clients ter