#FactCheck - "AI-Generated Image of UK Police Officers Bowing to Muslims Goes Viral”

Digital vulnerabilities like cyber-attacks and data breaches proliferate rapidly in the hyper-connected world that is created today. These vulnerabilities can compromise sensitive data like personal information, financial data, and intellectual property and can potentially threaten businesses of all sizes and in all sectors. Hence, it has become important to inform all stakeholders about any breach or attack to ensure they can be well-prepared for the consequences of such an incident.  

The non-reporting of reporting can result in heavy fines in many parts of the world. Data breaches caused by malicious acts are crimes and need proper investigation. Organisations may face significant penalties for failing to report the event. Failing to report data breach incidents can result in huge financial setbacks and legal complications. To understand why transparency is vital and understanding the regulatory framework that governs data breaches is the first step. 

The Current Indian Regulatory Framework on Data Breach Disclosure

A data breach essentially, is the unauthorised processing or accidental disclosure of personal data, which may occur through its acquisition, sharing, use, alteration, destruction, or loss of access. Such incidents can compromise the affected data’s confidentiality, integrity, or availability. In India, the Information Technology Act of 2000 and the Digital Personal Data Protection Act of 2023 are the primary legislation that tackles cybercrimes like data breaches. 

• Under the DPDP Act, neither materiality thresholds nor express timelines have been prescribed for the reporting requirement. Data Fiduciaries are required to report incidents of personal data breach, regardless of their sensitivity or impact on the Data Principal. 
• The IT (Indian Computer Emergency Response Team and Manner of Performing Functions and Duties) Rules, 2013, the IT (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011, along with the Cyber Security Directions, under section 70B(6) of the IT Act, 2000, relating to information security practices, procedure, prevention, response and reporting of cyber incidents for Safe & Trusted Internet prescribed in 2022 impose mandatory notification requirements on service providers, intermediaries, data centres and corporate entities, upon the occurrence of certain cybersecurity incidents. 
• These laws and regulations obligate companies to report any breach and any incident to regulators such as the CERT-In and the Data Protection Board.

The Consequences of Non-Disclosure

A non-disclosure of a data breach has a manifold of consequences. They are as follows:

• Legal and financial penalties are the immediate consequence of a data breach in India. The DPDP Act prescribes a fine of up to Rs 250 Crore from the affected parties, along with suits of a civil nature and regulatory scrutiny. Non-compliance can also attract action from CERT-In, leading to more reputational damage.
• In the long term, failure to disclose data breaches can erode customer trust as they are less likely to engage with a brand that is deemed unreliable. Investor confidence may potentially waver due to concerns about governance and security, leading to stock price drops or reduced funding opportunities. Brand reputation can be significantly tarnished, and companies may struggle with retaining and attracting customers and employees. This can affect long-term profitability and growth.
• Companies such as BigBasket and Jio in 2020 and Haldiram in 2022 have suffered from data breaches recently. Poor transparency and delay in disclosures led to significant reputational damage, legal scrutiny, and regulatory actions for the companies.

Measures for Improvement: Building Corporate Reputation via Transparency

Transparency is critical when disclosing data breaches. It enhances trust and loyalty for a company when the priority is data privacy for stakeholders. Ensuring transparency mitigates backlash. It demonstrates a company’s willingness to cooperate with authorities. A farsighted approach instils confidence in all stakeholders in showcasing a company's resilience and commitment to governance. These measures can be further improved upon by:

• Offering actionable steps for companies to establish robust data breach policies, including regular audits, prompt notifications, and clear communication strategies. 
• Highlighting the importance of cooperation with regulatory bodies and how to ensure compliance with the DPDP Act and other relevant laws. 
• Sharing best public communications practices post-breach to manage reputational and legal risks.

Conclusion

Maintaining transparency when a data breach happens is more than a legal obligation. It is a good strategy to retain a corporate reputation. Companies can mitigate the potential risks (legal, financial and reputational) by informing stakeholders and cooperating with regulatory bodies proactively. In an era where digital vulnerabilities are ever-present, clear communication and compliance with data protection laws such as the DPDP Act build trust, enhance corporate governance, and secure long-term business success. Proactive measures, including audits, breach policies, and effective public communication, are critical in reinforcing resilience and fostering stakeholder confidence in the face of cyber threats.

References

• https://www.meity.gov.in/writereaddata/files/Digital%20Personal%20Data%20Protection%20Act%202023.pdf 
• https://www.cert-in.org.in/PDF/CERT-In_Directions_70B_28.04.2022.pdf 
• https://chawdamrunal.medium.com/the-dark-side-of-covering-up-data-breaches-why-transparency-is-crucial-fe9ed10aac27 
• https://www.dlapiperdataprotection.com/index.html?t=breach-notification&c=IN

Introduction

The world has been riding the wave of technological advancements, and the fruits it has born have impacted our lives. Technology, by its virtue, cannot be quantified as safe or unsafe it is the application and use of technology which creates the threats. Its times like this, the importance and significance of policy framework are seen in cyberspace. Any technology can be governed by means of policies and laws only. In this blog, we explore the issues raised by the EU for the tech giants and why the Indian Govt is looking into probing Whatsapp.

EU on Big Techs

Eu has always been seen to be a strong policy maker for cyberspace, and the same can be seen from the scope, extent and compliance of GDPR. This data protection bill is the holy grail for worldwide data protection bills. Apart from the GDPR, the EU has always maintained strong compliance demographics for the big tech as most of them have originated outside of Europe, and the rights of EU citizens come into priority above anything else.

New Draft Notification

According to the draft of the new notification, Amazon, Google, Microsoft and other non-European Union cloud service providers looking to secure an EU cybersecurity label to handle sensitive data can only do so via a joint venture with an EU-based company. The document adds that the cloud service must be operated and maintained from the EU, all customer data must be stored and processed in the EU, and EU laws take precedence over non-EU laws regarding the cloud service provider. Certified cloud services are operated only by companies based in the EU, with no entity from outside the EU having effective control over the CSP (cloud service provider) to mitigate the risk of non-EU interfering powers undermining EU regulations, norms and values.

This move from the EU is still in the draft phase however, it is expected to come into action soon as issues related to data breaches of EU citizens have been reported on numerous occasions. The document said the tougher rules would apply to personal and non-personal data of particular sensitivity where a breach may have a negative impact on public order, public safety, human life or health, or the protection of intellectual property.

How will it secure the netizens?

Since the EU has been the leading policy maker in cyberspace, it is often seen that the rules and policies of the EU are often replicated around the world. Hence this move comes at a critical time as the EU is looking towards safeguarding the EU netizens and the Cyber security industry in the EU by allowing them to collaborate with big tech while maintaining compliance. Cloud services can be protected by this mechanism, thus ensuring fewer instances of data breaches, thus contributing to a dip in cyber crimes and attacks.

The Indian Govt on WhatsApp

The Indian Govt has decided to probe Whatsapp and its privacy settings. One of the Indian Whatsapp users tweeted a screenshot of WhatsApp accessing the phone’s mic even when the phone was not in use, and the app was not open even in the background. The meta-owned Social messaging platform enjoys nearly 487 million users in India, making it their biggest market. The 2018 judgement on Whatsapp and its privacy issues was a landmark judgement, but the platform is in violation of the same.

The MoS, Ministry of Electronics and Information Technology, Rajeev Chandrashekhar, has already tweeted that the issue will be looked into and that they will be punished if the platform is seen violating the guidelines. The Digital Personal Data Protection Bill is yet to be tabled at the parliament. Still, despite the draft bill being public, big platforms must maintain the code of conduct to maintain compliance when the bill turns into an Act.

Threats for Indian Users

The Indian Whatsapp user contributes to the biggest user base un the world, and still, they are vulnerable to attacks on WhatsApp and now WhatsApp itself. The netizens are under the following potential threats –

• Data breaches
• Identity theft
• Phishing scams
• Unconsented data utilisation
• Violation of Right to Privacy
• Unauthorised flow of data outside India
• Selling of data to a third party without consent

The Indian netizen needs to stay vary of such issues and many more by practising basic cyber safety and security protocols and keeping a check on the permissions granted to apps, to keep track of one’s digital footprint.

Conclusion

Whether it’s the EU or Indian Government, it is pertinent to understand that the world powers are all working towards creating a safe and secured cyberspace for its netizens. The move made by the EU will act as a catalyst for change at a global level, as once the EU enforces the policy, the world will soon replicate it to safeguard their cyber interests, assets and netizens. The proactive stance of the Indian Government is a crucial sign that the things will not remain the same in the Indian Cyber ecosystem, and its upon the platforms and companies to ensure compliance, even in the absence of a strong legislation for cyberspace. The government is taking all steps to safeguard the Indian netizen, as the same lies in the souls and spirit of the new Digital India Bill, which will govern cyberspace in the near future. Still, till then, in order to maintain the synergy and equilibrium, it is pertinent for the platforms to be in compliance with the laws of natural justice.

Introduction 

India envisions reaching its goal of becoming Viksit Bharat by 2047. With a net-zero emissions target by 2070, it has already reduced GDP emission intensity by 36% (from 2005 to 2020) and is working towards a 45% reduction goal by 2030. This will help the country achieve economic growth while minimizing environmental impact, ensuring sustainable development for the future. The 2025 Union Budget prioritises energy security, clean energy expansion, and green tech manufacturing. Furthermore, India’s promotion of sustainability policies in startups, MSMEs, and clean tech shows its commitment to COP28 and SDGs. India’s key policy developments for sustainability and energy efficiency include the Energy Conservation Act (2022), PAT scheme, S&L scheme, and the Energy Conservation Building Code, driving decarbonization, energy efficiency, and a sustainable future.

India’s Policy and Regulatory Landscape 

The Indian law of Energy Conservation (Amendment) Act which was enacted in 2022 aims at enhancing energy efficiency while ensuring economic growth. It works on the aim of reducing emission intensity by 2030. The Act tackles regulatory, financial, and awareness barriers to promote energy-saving technologies. Next, the Perform, Achieve, and Trade (PAT) Scheme improves cost-effective energy efficiency in energy-intensive industries through tradable energy-saving certificates. Adding on, the PLI Scheme boosts green manufacturing by attracting investments, both domestically and internationally. The Bureau of Energy Efficiency (BEE) enforces Minimum Energy Performance Standards (MEPS) and star ratings for appliances, guiding consumers toward energy-efficient choices. These initiatives collectively drive carbon reduction and sustainable energy use in India.

Growth of Energy-Efficient Technologies 

India has been making massive strides in its integration of renewable energy, such as solar and wind energies, mainly due to improvements in storage technologies. Another key development is the real-time optimization of energy usage through smart grids and AI-driven energy management. The EV and green mobility boom has been charged through by the rapid expansion of charging infrastructure and the policy interventions to support the shift. The building of green building codes and IoT-driven energy management has led to building efficiency, and finally, the efforts for industrial energy optimisation have been met through AI/ML-driven demand-side management in heavy industries. 

Market Trends, Investment, and Industry Adoption 

The World Energy Investment Report 2024 (IEA) projects global energy investment to surpass $3 trillion, with $2 trillion allocated to clean energy. India’s clean energy investment reached $68 billion in 2023, a 40%+ rise from 2016-2020, with nearly 50% directed toward low-emission power, including solar PV. Investment is set to double by 2030 but needs a 20% further rise to meet climate goals.

India’s ESG push is driven by Net Zero 2070, SEBI’s BRSR mandates, and UN SDGs, with rising scrutiny on corporate governance. ESG-aligned investments are expanding, reinforcing sustainability. Meanwhile, energy efficiency in manufacturing minimizes waste and environmental impact, while digital transformation in energy management boosts renewable integration, grid reliability, and cost efficiency, ensuring a sustainable energy transition.

The Way Forward 

There are multiple implementation bottlenecks present for the active policies which include infrastructure paucity, financing issues and even the on-ground implementational challenges of the active policies. To combat these issues India needs to adopt measures for promoting public-private partnerships to scale energy-efficient solutions. Incentives for industries to adopt green technologies should be strengthened (tax exemptions and subsidies for specific periods), with increased R&D support and regulatory sandboxes to encourage adoption. Finally, the role of industries, policymakers and consumers needs to be in tandem to accelerate the efforts made towards a sustainable and green future for India. Emerging technologies play an important in bridging gaps and aim towards the adoption of global best practices for India.

References

• https://instituteofsustainabilitystudies.com/insights/lexicon/green-technologies-innovations-opportunities-challenges/
• https://powermin.gov.in/sites/default/files/The_Energy_Conservation_Amendment_Act_2022_0.pdf‍
• https://www.ibef.org/blogs/esg-investing-in-india-navigating-environmental-social-and-governance-factors-for-sustainable-growth