iOS Lockdown Mode Feature: The Cyber Bouncer for Your iPhone!

Introduction

In an era where digitalization is transforming every facet of life, ensuring that personal data is protected becomes crucial. The enactment of the Digital Personal Data Protection Act, 2023 (DPDP Act) is a significant step that has been taken by the Indian Parliament which sets forth a comprehensive framework for Digital Personal Data. The Draft Digital Personal Data Protection Rules, 2025 has recently been released for public consultation to supplement the Act and ensure its smooth implementation once finalised. Though noting certain positive aspects, there is still room for addressing certain gaps and multiple aspects under the draft rules that require attention. The DPDP Act, 2023 recognises the individual’s right to protect their personal data providing control over the processing of personal data for lawful purposes. This Act applies to data which is available in digital form as well as data which is not in digital form but is digitalised subsequently. While the Act is intended to offer wide control to the individuals (Data Principal) over their personal information, its impact on vulnerable groups such as ‘Persons with Disabilities’ requires closer scrutiny. 

Person with Disabilities as data principal

The term ‘data principal’ has been defined under the DPDP Act under Section 2(j) as a person to whom the personal data is related to, which also includes a person with a disability. A lawful guardian acting on behalf of such person with disability has also been included under the ambit of this definition of Data Principal. As a result, a lawful guardian acting on behalf of a person with disability will have the same rights and responsibilities as a data principal under the Act. 

• Section 9 of the DPDP Act, 2023 states that before processing the personal data of a person with a disability who has a lawful guardian, the data fiduciary must obtain verifiable consent from that guardian, ensuring proper protection of the person with disability's data privacy.
• The data principal has the right to access information about personal data under Section 11 which is being processed by the data fiduciary.
• Section 12 provides the right to correction and erasure of personal data by making a request in a manner prescribed by the data fiduciary. 
• A right to grievance redressal must be provided to the data principal in respect of any act or omission of performance of obligations by the data fiduciary or the consent manager. 
• Under Section 14, the data principal has the right to nominate any other person to exercise the rights provided under the Act in case of death or incapacity. 

Provision of consent and its implication

The three key components of Consent that can be identified under the DPDP Act, are:

• Explicit and Informed Consent: Consent given for the processing of data by the data principal or a lawful guardian in case of persons with disabilities must be clear, free and informed as per section 6 of the Act. The data fiduciary must specify the itemised description of the personal data required along with the specified purpose and description of the goods or services that would be provided by such processing of data. (Rule 3 under Draft Digital Personal Data Protection Rules)

• Verifiable Consent: Section 9 of the DPDP Act provides that the data fiduciary needs to obtain verifiable consent of the lawful guardian before processing any personal data of such a person with a disability.  Rule 10 of the Draft Rules obligates the data fiduciary to adopt measures to ensure that the consent given by the lawful guardian is verifiable before the is processed. 
• Withdrawal of Consent: Data principal or such lawful guardian has the option to withdraw consent for the processing of data at any point by making a request to the data fiduciary.   

Although the Act includes certain provisions that focus on the inclusivity of persons with disability, the interpretation of such sections says otherwise. 

Concerns related to provisions for Persons with Disabilities under the DPDP Act:

• Lack of definition of ‘person with disabilities’: The DPDP Act or the Draft Rules does not define the term ‘persons with disabilities’. This will create confusion as to which categories of disability are included and up to what percentage.  The Rights of Persons with Disabilities Act, 2016 clearly defines ‘person with benchmark disability’, ‘person with disability’ and ‘person with disability having high support needs’. This categorisation is essential to determine up to what extent a person with disability needs a lawful guardian which is missing under the DPDP Act.   
• Lack of autonomy: Though the definition of data principal includes persons with disabilities however the decision-making authority has been given to the lawful guardian of such individuals. The section creates ambiguity for people who have a lower percentage of disability and are capable of making their own decisions and have no autonomy in making decisions related to the processing of their personal data because of the lack of clarity in the definition of ‘persons with disabilities’. 
• Safeguards for abuse of power by lawful guardian: The lawful guardian once verified by the data fiduciary can make decisions for the persons with disabilities. This raises concerns regarding the potential abuse of power by lawful guardians in relation to the handling of personal data. The DPDP Act does not provide any specific protection against such abuse.
• Difficulty in verification of consent: The consent obtained by the Data Fiduciary must be verified. The process that will be adopted for verification is at the discretion of the data fiduciary according to Rule 10 of the Draft Data Protection Rules. The authenticity of consent is difficult to determine as it is a complex process which lacks a standard format. Also, with the technological advancements, it would be challenging to identify whether the information given to verify the consent is actually true. 

CyberPeace Recommendations

The DPDP Act, 2023 is a major step towards making the data protection framework more comprehensive, however, the provisions related to persons with disabilities and powers given to lawful guardians acting on their behalf still need certain clarity and refinement within the DPDP Act framework. 

• Consonance of DPDP with Rights of Persons with Disabilities (RPWD) Act, 2016: The RPWD and DPDP Act should supplement each other and can be used to clear the existing ambiguities. Such as the definition of ‘persons with disabilities’ under the RPWD Act can be used in the context of the DPDP Act, 2023. 
• Also, there must be certain mechanisms and safeguards within the Act to prevent abuse of power by the lawful guardian. The affected individual in case of suspected abuse of power should have an option to file a complaint with the Data Protection Board and the Board can further take necessary actions to determine whether there is abuse of power or not. 
• Regulatory oversight and additional safeguards are required to ensure that consent is obtained in a manner that respects the rights of all individuals, including those with disabilities. 

References:

• https://www.meity.gov.in/writereaddata/files/Digital%20Personal%20Data%20Protection%20Act%202023.pdf
• https://www.meity.gov.in/writereaddata/files/259889.pdf 
• https://www.indiacode.nic.in/bitstream/123456789/15939/1/the_rights_of_persons_with_disabilities_act%2C_2016.pdf 
• https://www.deccanherald.com/opinion/consent-disability-rights-and-data-protection-3143441
• https://www.pacta.in/digital-data-protection-consent-protocols-for-disability.pdf
• https://www.snrlaw.in/indias-new-data-protection-regime-tracking-updates-and-preparing-for-compliance/ 

‍

Introduction

India & Bangladesh have adopted proactive approaches, focusing on advancing cyber capacity building in the region. Bangladeshi and Indian cybersecurity experts have emphasised the importance of continuous technology training to protect the digital space from growing cyber-attacks and threats. They call for greater collaboration to share knowledge and expertise in cyber resilience, network vulnerability, and cyber risk assessment. The Cyber-Maitree 2023 event held in Dhaka aimed to enrich and build capacity to counter cyber-attacks and threats. The senior director of India's Computer Emergency Response Team acknowledged the growing dependence on cyberspace and the need for increased preparedness as critical infrastructures, energy systems, banks, and utilities are connected to the internet. Recently, Bangladesh Cyber ​​Security Summit 2024, organised by Grameenphone, was held in Dhaka on March 5th, 2024. Such collaborative dialogues between the countries serve as a shining example of cooperation between the governments of Bangladesh and India, serving as a platform for knowledge sharing, capacity building, and international cooperation in cyber security.

Cyber Maitree held in 2023

In 2023, India and Bangladesh held  'Cyber Maitree 2023', an initiative hosted by the ICT Division of the Bangladeshi Government, to address cybersecurity challenges in a rapidly globalising world characterised by digitisation. The event, which translates to "Cyber Friendship," was an interface for cybersecurity experts and aspirants from both nations, creating an avenue for extensive training, practical exercises, and a dynamic exchange of information. We need to emphasise the importance of bolstering digital safety as both nations grapple with the rapid digitisation of the world.

India-Bangladesh joint efforts aim to fortify cyber resilience, pinpoint potential network vulnerabilities, bolster rigorous risk assessments, and illuminate the landscape of cyber threats. It encompasses various sectors, including cybersecurity, artificial intelligence, ICT, and IT-driven human resource expansion. The growing camaraderie between India and Bangladesh has been evident through strategic engagements, such as the India-Bangladesh Startup Bridge and the establishment of 12 High Tech Parks in Bangladesh.

Highlights of the India-Bangladesh MoUs for Cyber Security Cooperation

In 2017, India and Bangladesh signed a Memorandum of Understanding (MoU) focused on cyber security cooperation. 

In 2022, Both nations crafted a Memorandum of Understanding (MoU), highlighting collaboration in spheres such as e-governance, e-public service delivery, research, and development. A separate agreement was also inked focusing on mutual information sharing pertaining to cyber-attacks and incidents. The first MoU aims to provide a framework for training Bangladesh Railway employees at Indian Railways' training institutes, including field visits. The Indian Railways will coordinate with officials from the Ministry of Railways, Government of Bangladesh to improve training facilities in Bangladesh. The second MoU focuses on collaboration in IT systems, for the Bangladesh Railway. The Ministry of Railway, Government of India, will offer IT solutions for passenger ticketing, freight operations, train inquiry systems, asset management digitisation, HR and finance infrastructure. The MoUs aim to strengthen the friendship bond between India and Bangladesh and promote friendly cooperation in the railway sector.

Way Ahead

Zunaid Ahmed Palak, State Minister for Posts, Telecom and ICT, Bangladesh, has announced that Bangladesh and India will collaborate to ensure the safety of the cyber world. The two countries are expected to sign a final agreement within the next three to six months. He stressed the importance of attracting investments in the postal, telecommunication, and IT sectors. He also highlighted the strong ties between Bangladesh and India. He also announced that 12 high-tech parks will be constructed in Bangladesh with an Indian Line of Credit, starting operation by 2025. He further referred to the Indian Cyber Emergency Response Team (CERT), and said "We are very much enthusiastic in fighting against the cyber attacks and crimes as the team is now working with us". 

Bangladesh Cyber ​​Security Summit 2024

The Bangladesh Cyber Security Summit 2024, organised by Grameenphone, was held in Dhaka on 5th March 2024, focusing on cybersecurity issues and opportunities, fostering collaboration between government, private organisations, industry experts, and sponsors investing in Bangladesh's digital future.

Conclusion 

India and Bangladesh share a common vision for a secure digital future, focusing on cybersecurity collaboration to safeguard shared aspirations and empower nations to thrive in the digital age. We must emphasise the need to fortify digital defenses, leveraging expertise, innovation, and collaboration to secure interconnected futures. Collaborative relations in Information and Communication Technology and Cyber Security will strengthen digital defense and establish cyber resilience. 

References:

• https://caribbeannewsglobal.com/bangladesh-and-india-call-for-more-cyber-security-training/?amp=1
• https://www.indianewsnetwork.com/en/20231005/bangladesh-and-india-strengthen-ties-through-cyber-maitree-2023
• https://www.bssnews.net/news-flash/150763
• https://digibanglatech.news/english/bangladesh-english/125439/
• https://www.mea.gov.in/Portal/LegalTreatiesDoc/BG17B3024.pdf
• https://digibanglatech.news/english/bangladesh-english/125439/
• https://www.tbsnews.net/tech/ict/bangladesh-india-work-together-cyber-security-palak-712182

‍

On the occasion of 20th edition of Safer Internet Day 2023, CyberPeace in collaboration with UNICEF, DELNET, NCERT, and The National Book Trust (NBT), India, took steps towards safer cyberspace by launching iSafe Multimedia Resources, CyberPeace TV, and CyberPeace Café in an event held today in Delhi.

CyberPeace also showcased its efforts, in partnership with UNICEF, to create a secure and peaceful online world through its Project iSafe, which aims to bridge the knowledge gap between emerging advancements in cybersecurity and first responders. Through Project iSafe, CyberPeace has successfully raised awareness among law enforcement agencies, education departments, and frontline workers across various fields. The event marked a significant milestone in the efforts of the foundation to create a secure and peaceful online environment for everyone.

Launching the Cyberpeace TV, café and isafe material , National Cybersecurity coordinator of Govt of India, Lt Gen Rajesh Pant interacts with the students by introducing them with the theme of this safer internet day. He launched the coword cyber challenge initiative by the countries. Content is most important in cyberspace. He also assured everyone that the government of India is taking a lot of steps at national level to make cyber space safer. He compliments CPF for their initiatives.

Ms. Zafrin Chaudhry, Chief of Communication, UNICEF addresses students with the facts that children make out 1 out of 3 in cyberspace, so they should have a safe cyberspace. They should be informed and equipped with all the information on how to deal with any kind of issues they face in cyberspace. They should share their experience with everyone to make others aware. UNICEF in partnership with CPF is extending help to children to equip them with the help and information.

Major Vineet Kumar, Founder and Global President of CPF welcomed all and introduced us about the launching of iSafe Multimedia Resources, CyberPeace TV, and CyberPeace Café . With this launch he threw some light on upcoming plans like launching a learning module of metaverse with AR and VR. He wants to make cyberspace safe even in tier 3 cities that’s why he established the first cybercafé in Ranchi.

As the internet plays a crucial role in our lives, CyberPeace has taken action to combat potential cyber threats. They introduced CyberPeace TV, the world’s first multilingual TV Channel on Jio TV focusing on Education and Entertainment, a comprehensive online platform that provides the latest in cybersecurity news, expert analysis, and a community for all stakeholders in the field. CyberPeace also launched its first CyberPeace Café for creators and innovators and released the iSafe Multimedia resource containing Flyers, Posters, E hand book and handbook on digital safety for children developed jointly by CyberPeace, UNICEF and NCERT for the public.

O.P. Singh, Former DGP, UP Police & CEO Kailash Satyarthi foundation, , started with the data of internet users in India. The Internet is used in day-to -day activities nowadays and primarily in social media. Students should have a channelized approach to cyberspace like fixed screen time, information to the right content, and usage of the internet. I really appreciate the initiates that CyberPeace is taking in this direction.

The celebration continued by iSafe Panel Discussion on “Creating Safer Cyberspace for Children.” The discussion was moderated by Dr. Sangeeta Kaul, Director of DELNET, and was attended by panellists Mr. Rakesh Maheshwari from MeitY(Ministry of electronics and information Technology, Govt. of India), Dr. Indu Kumar from CIET-NCERT, Ms. Bindu Sharma from ICMEC, and Major Vineet Kumar from CyberPeace.

The event was also graced by professional artists from the National School of Drama, who performed Nukkad Natak and Qawwali based on cyber security themes. Students from SRDAV school also entertained the audience with their performances. The attendees were also given a platform to share their experiences with online security issues, and ICT Awardees, Parents and iSafe Champions shared their insights with the guests. The event also had stalls by CyberPeace Corps, a Global volunteer initiative, and CIET-NCERT for students to explore and join the cause. The event’s highlight was the 360 Selfie Booth, where attendees lined up to have their turn.

Read more at: https://www.cxotoday.com/press-release/safer-internet-day-2023-cyberpeace-launch-isafe-multimedia-resources-cyberpeace-tv-and-cyberpeace-cafe/