Honouring UN Peacekeepers: Safeguarding Peace in a Changing World

Cyber, is the new weapon today! Cyber Violence is violence in cyber-space that has led to violation of cyber rights of individuals, especially those of children and women. Online violence and harassment have been overlooked laying more emphasis on offline or physical violence.

New Delhi [India], November 12 (ANI/NewsVoir): Cyber, is the new weapon today! Cyber Violence is violence in cyber-space that has led to violation of cyber rights of individuals, especially those of children and women. Online violence and harassment have been overlooked laying more emphasis on offline or physical violence. Cyber violence very often permanently, psychologically impacts the victims and their families. Various forms of threats ranging from morphing, stalking, solicitation of children for sexual purposes, online grooming, have grave consequences on the victims disturbing their mental well-being. Maintaining mental well-being in cyber space is a challenge we wish to promote and advocate for, in order to build responsible netizens.

Together, we stand against violation of cyber rights and strongly believe; it is critical to allow everyone to feel safe online. Netizen’s safety rights must be protected from all kinds of abuse and violence. Setting a mission of ‘Making India Cyber Safe for Children and Women’, Responsible Netism a social purpose organization in association with CyberPeace Foundation, an award-winning Cyber Security think tank working towards bringing CyberPeace in CyberSpace for more than two decades, host its 6th Annual National Conference on Cyber Psychology themed “India Fights Cyber Violence”, scheduled for Saturday, January 22, 2022. Ta advocate on the theme, the campaign #IndiaFightsCyberViolence was launched on November 11, 2021 by Vinay Sahasrabuddhe – President ICCR, Member of Parliament, Priyank Kanoongo – Chairperson, NCPCR and Rekha Sharma, Chairperson NCW at the ICCR Auditorium Delhi. The session was also attended by the CyberPeace Foundation team members.

Vinay Sahasrabuddhe has been a strong advocate of online safety of children, he shared his visionary words and focused on 3 R’s, Research, Reform and Reshape. He recommended extensive research was necessary to strongly voice concerns and remedies based on evidence-based research which would help us reform intervention strategies and the reshape the existing framework to best suit the needs to protect women and children in cyber space. The NCW Chairperson Rekha Sharma shared how critical it is to create awareness about online safety rights of women and reiterated the need for spreading awareness about online safety to reach the last mile in order to build collective action and bring change. She also mentioned the need to conducting nationwide trainings for the police personal to handle and report online distress.

Priyank Kanoongo, the Chairperson of NCPCR has been very proactively advocating for the cause of child online protection and has been instrumental in voicing critical in fiercely voicing his thoughts on protecting online safety rights of children across India. He shared the following thoughts at the launch. He said there is dire need to educate parents about online safety in order to let the information trickle down to their children. He said NCPCR does not hold any inhibitions in naming and shaming violators of child rights be it offline or online and will always raise a strong voice against platform ‘s inability to protect children in cyber space.

Vineet Kumar, Founder and Global President, CyberPeace Foundation, the partnering organization shared that this nationwide movement will build great momentum on the cause of online protection of children and women cross the country and urged organizations across India to pledge their support to the cause. The more people joining this movement would build collective pressure to formulate guidelines and policies the make cyber space safe for children and women. Sonali Patankar – Founder Responsible Netism shared the objective of the campaign was to let online safety reach the last mile and build on aggressive reporting of online content. The movement was an effort to make the campaign India Fights Cyber Violence to make India cyber safe for children.

She shared that the campaign launch would be followed by a nationwide research conducted to understand parents perspectives on cyber violence which would be handy in representing recommendations on women and child safety protocols through commoners. There would be a round table for organizations working with children chaired by Priyank Kanoongo on November 22 followed by a round table held for organizations working with Women chaired by Rekha Sharma Madam on December 22, 2021. The campaign would culminate in the Responsible Netism 6th National Cyber Psychology Conference scheduled for January 22, 2022 that would witness a compilation of the research and the work done throughout the campaign.

The launch was attended by Sujay Patki – Social Activist and Advisor Responsible Netism and Shilpa Chandolikar trustee Responsible Netism, Adv Khushbu Jain Advocate Supreme Court of India followed by the vote of thanks by Unmesh Joshi – Co-founder Responsible Netism. With the success of the launch and the support of NCPCR and NCW, we are sure to make this a nation-wide movement to protect cyber safety rights of netizens and strongly believe in collective action to make India Cyber Safe for Women and Children.

This story is provided by NewsVoir. ANI will not be responsible in any way for the content of this article. (ANI/NewsVoir)(This story has not been edited by Devdiscourse staff and is auto-generated from a syndicated feed.)

Source: https://www.devdiscourse.com/article/business/1804283-cyberpeace-foundation-and-responsible-netism-launches-campaign-india-fights-cyber-violence-against-women-and-children

Digital vulnerabilities like cyber-attacks and data breaches proliferate rapidly in the hyper-connected world that is created today. These vulnerabilities can compromise sensitive data like personal information, financial data, and intellectual property and can potentially threaten businesses of all sizes and in all sectors. Hence, it has become important to inform all stakeholders about any breach or attack to ensure they can be well-prepared for the consequences of such an incident.  

The non-reporting of reporting can result in heavy fines in many parts of the world. Data breaches caused by malicious acts are crimes and need proper investigation. Organisations may face significant penalties for failing to report the event. Failing to report data breach incidents can result in huge financial setbacks and legal complications. To understand why transparency is vital and understanding the regulatory framework that governs data breaches is the first step. 

The Current Indian Regulatory Framework on Data Breach Disclosure

A data breach essentially, is the unauthorised processing or accidental disclosure of personal data, which may occur through its acquisition, sharing, use, alteration, destruction, or loss of access. Such incidents can compromise the affected data’s confidentiality, integrity, or availability. In India, the Information Technology Act of 2000 and the Digital Personal Data Protection Act of 2023 are the primary legislation that tackles cybercrimes like data breaches. 

• Under the DPDP Act, neither materiality thresholds nor express timelines have been prescribed for the reporting requirement. Data Fiduciaries are required to report incidents of personal data breach, regardless of their sensitivity or impact on the Data Principal. 
• The IT (Indian Computer Emergency Response Team and Manner of Performing Functions and Duties) Rules, 2013, the IT (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011, along with the Cyber Security Directions, under section 70B(6) of the IT Act, 2000, relating to information security practices, procedure, prevention, response and reporting of cyber incidents for Safe & Trusted Internet prescribed in 2022 impose mandatory notification requirements on service providers, intermediaries, data centres and corporate entities, upon the occurrence of certain cybersecurity incidents. 
• These laws and regulations obligate companies to report any breach and any incident to regulators such as the CERT-In and the Data Protection Board.

The Consequences of Non-Disclosure

A non-disclosure of a data breach has a manifold of consequences. They are as follows:

• Legal and financial penalties are the immediate consequence of a data breach in India. The DPDP Act prescribes a fine of up to Rs 250 Crore from the affected parties, along with suits of a civil nature and regulatory scrutiny. Non-compliance can also attract action from CERT-In, leading to more reputational damage.
• In the long term, failure to disclose data breaches can erode customer trust as they are less likely to engage with a brand that is deemed unreliable. Investor confidence may potentially waver due to concerns about governance and security, leading to stock price drops or reduced funding opportunities. Brand reputation can be significantly tarnished, and companies may struggle with retaining and attracting customers and employees. This can affect long-term profitability and growth.
• Companies such as BigBasket and Jio in 2020 and Haldiram in 2022 have suffered from data breaches recently. Poor transparency and delay in disclosures led to significant reputational damage, legal scrutiny, and regulatory actions for the companies.

Measures for Improvement: Building Corporate Reputation via Transparency

Transparency is critical when disclosing data breaches. It enhances trust and loyalty for a company when the priority is data privacy for stakeholders. Ensuring transparency mitigates backlash. It demonstrates a company’s willingness to cooperate with authorities. A farsighted approach instils confidence in all stakeholders in showcasing a company's resilience and commitment to governance. These measures can be further improved upon by:

• Offering actionable steps for companies to establish robust data breach policies, including regular audits, prompt notifications, and clear communication strategies. 
• Highlighting the importance of cooperation with regulatory bodies and how to ensure compliance with the DPDP Act and other relevant laws. 
• Sharing best public communications practices post-breach to manage reputational and legal risks.

Conclusion

Maintaining transparency when a data breach happens is more than a legal obligation. It is a good strategy to retain a corporate reputation. Companies can mitigate the potential risks (legal, financial and reputational) by informing stakeholders and cooperating with regulatory bodies proactively. In an era where digital vulnerabilities are ever-present, clear communication and compliance with data protection laws such as the DPDP Act build trust, enhance corporate governance, and secure long-term business success. Proactive measures, including audits, breach policies, and effective public communication, are critical in reinforcing resilience and fostering stakeholder confidence in the face of cyber threats.

References

• https://www.meity.gov.in/writereaddata/files/Digital%20Personal%20Data%20Protection%20Act%202023.pdf 
• https://www.cert-in.org.in/PDF/CERT-In_Directions_70B_28.04.2022.pdf 
• https://chawdamrunal.medium.com/the-dark-side-of-covering-up-data-breaches-why-transparency-is-crucial-fe9ed10aac27 
• https://www.dlapiperdataprotection.com/index.html?t=breach-notification&c=IN

The rapid innovation of technology and its resultant proliferation in India has integrated businesses that market technology-based products with commerce. Consumer habits have now shifted from traditional to technology-based products, with many consumers opting for smart devices, online transactions and online services. This migration has increased potential data breaches, product defects, misleading advertisements and unfair trade practices. 

The need to regulate technology-based commercial industry is seen in the backdrop of various threats that technologies pose, particularly to data. Most devices track consumer behaviour without the authorisation of the consumer. Additionally, products are often defunct or complex to use and the configuration process may prove to be lengthy with a vague warranty. 

It is noted that consumers also face difficulties in the technology service sector, even while attempting to purchase a product. These include vendor lock-ins (whereby a consumer finds it difficult to migrate from one vendor to another), dark patterns (deceptive strategies and design practices that mislead users and violate consumer rights), ethical concerns etc. 

Against this backdrop, consumer laws are now playing catch up to adequately cater to new consumer rights that come with technology. Consumer laws now have to evolve to become complimentary with other laws and legislation that govern and safeguard individual rights. This includes emphasising compliance with data privacy regulations, creating rules for ancillary activities such as advertising standards and setting guidelines for both product and product seller/manufacturer. 

The Legal Framework in India

Currently, Consumer Laws in India while not tech-targeted, are somewhat adequate; The Consumer Protection Act 2019 (“Act”) protects the rights of consumers in India. It places liability on manufacturers, sellers and service providers for any harm caused to a consumer by faulty/defective products. As a result, manufacturers and sellers of ‘Internet & technology-based products’ are brought under the ambit of this Act. The Consumer Protection Act 2019 may also be viewed in light of the Digital Personal Data Protection Act 2023, which mandates the security of the digital personal data of an individual. Envisioned provisions such as those pertaining to mandatory consent, purpose limitation, data minimization, mandatory security measures by organisations, data localisation, accountability and compliance by the DPDP Act can be applied to information generated by and for consumers.

Multiple regulatory authorities and departments have also tasked themselves to issue guidelines that imbibe the principle of caveat venditor. To this effect, the Networks & Technologies (NT) wing of the Department of Telecommunications (DoT) on 2 March 2023, issued the Advisory Guidelines to M2M/IoT stakeholders for securing consumer IoT (“Guidelines”) aiming for M2M/IoT (i.e. Machine to Machine/Internet of things) compliance with the safety and security standards and guidelines in order to protect the users and the networks that connect these devices. The comprehensive Guidelines suggest the removal of universal default passwords and usernames such as “admin” that come preprogrammed with new devices and mandate the password reset process to be done after user authentication. Web services associated with the product are required to use Multi-Factor Authentication and duty is cast on them to not expose any unnecessary user information prior to authentication. Further, M2M/IoT stakeholders are required to provide a public point of contact for reporting vulnerability and security issues. Such stakeholders must also ensure that the software components are updateable in a secure and timely manner. An end-of-life policy is to be published for end-point devices which states the assured duration for which a device will receive software updates.

The involvement of regulatory authorities depends on the nature of technology products; a single product or technical consumer threat may see multiple guidelines. The Advertising Standards Council of India (ASCI) notes that cryptocurrency and related products were considered as the most violative category to commit fraud. In an attempt to protect consumer safety, it introduced guidelines to regulate advertising and promotion of virtual digital assets (VDA) exchange and trading platforms and associated services as a necessary interim measure in February 2022. It mandates that all VDA ads must carry the stipulated disclaimer “Crypto products and NFTs are unregulated and can be highly risky. There may be no regulatory recourse for any loss from such transactions.” must be made in a prominent and unmissable manner.

Further, authorities such as Securities and Exchange Board of India (SEBI) and the Reserve Bank of India (RBI) also issue cautionary notes to consumers and investors against crypto trading and ancillary activities. Even bodies like Bureau of Indian Standards (BIS) act as a complimenting authority, since product quality, including electronic products, is emphasised by mandating compliance to prescribed standards. 

It is worth noting that ASCI has proactively responded to new-age technology-induced threats to consumers by attempting to tackle “dark patterns” through its existing Code on Misleading Ads (“Code”), since it is applicable across media to include online advertising on websites and social media handles. It was noted by ASCI that 29% of advertisements were disguised ads by influencers, which is a form of dark pattern. Although the existing Code addressed some issues, a need was felt to encompass other dark patterns.

Perhaps in response, the Central Consumer Protection Authority in November 2023 released guidelines addressing “dark patterns” under the Consumer Protection Act 2019 (“Guidelines”). The Guidelines define dark patterns as deceptive strategies and design practices that mislead users and violate consumer rights. These may include creating false urgency, scarcity or popularity of a product, basket sneaking (whereby additional services are added automatically on purchase of a product or service), confirm shaming (it refers to statements such as “I will stay unsecured” when opting out of travel insurance on booking of transportation tickets), etc. The Guidelines also cater to several data privacy considerations; for example, they stipulate a bar on encouraging consumers from divulging more personal information while making purchases due to difficult language and complex settings of their privacy policies, thereby ensuring compliance of technology product sellers and e-commerce platforms/vendors with data privacy laws in India. It is to be noted that the Guidelines are applicable on all platforms that systematically offer goods and services in India, advertisers and sellers.

Conclusion

Consumer laws for technology-based products in India play a pivotal role in safeguarding the rights and interests of individuals in an era marked by rapid technological advancements. These legislative frameworks, spanning facets such as data protection, electronic transactions, and product liability, assume a pivotal role in establishing a regulatory equilibrium that addresses the nuanced challenges of the digital age. The dynamic evolution of the digital landscape necessitates an adaptive legal infrastructure that ensures ongoing consumer safeguarding amidst technological innovations. As the digital landscape evolves, it is imperative for regulatory frameworks to adapt, ensuring that consumers are protected from potential risks associated with emerging technologies. Striking a balance between innovation and consumer safety requires ongoing collaboration between policymakers, businesses, and consumers. By staying attuned to the evolving needs of the digital age, Indian consumer laws can provide a robust foundation for security and equitable relationships between consumers and technology-based products.

References:

• https://dot.gov.in/circulars/advisory-guidelines-m2miot-stakeholders-securing-consumer-iot
• https://www.mondaq.com/india/advertising-marketing--branding/1169236/asci-releases-guidelines-to-govern-ads-for-cryptocurrency
• https://www.ascionline.in/the-asci-code/#:~:text=Chapter%20I%20(4)%20of%20the,nor%20deceived%20by%20means%20of
• https://www.ascionline.in/wp-content/uploads/2022/11/dark-patterns.pdf