Using incognito mode and VPN may still not ensure total privacy, according to expert

Introduction

In the labyrinthine expanse of the digital age, where the ethereal threads of our connections weave a tapestry of virtual existence, there lies a sinister phenomenon that preys upon the vulnerabilities of human emotion and trust. This phenomenon, known as cyber kidnapping, recently ensnared a 17-year-old Chinese exchange student, Kai Zhuang, in its deceptive grip, leading to an $80,000 extortion from his distraught parents. The chilling narrative of Zhuang found cold and scared in a tent in the Utah wilderness, serves as a stark reminder of the pernicious reach of cybercrime.

The Cyber Kidnapping 

The term 'cyber kidnapping' typically denotes a form of cybercrime where malefactors gain unauthorised access to computer systems or data, holding it hostage for ransom. Yet, in the context of Zhuang's ordeal, it took on a more harrowing dimension—a psychological manipulation through online communication that convinced his family of his peril, despite his physical safety before the scam.

The Incident 

The incident unfolded like a modern-day thriller, with Zhuang's parents in China alerting officials at his host high school in Riverdale, Utah, of his disappearance on 28 December 2023. A meticulous investigation ensued, tracing bank records, purchases, and phone data, leading authorities to Zhuang's isolated encampment, 25 miles north of Brigham City. In the frigid embrace of Utah's winter, Zhuang awaited rescue, armed only with a heat blanket, a sleeping bag, limited provisions, and the very phones used to orchestrate his cyber kidnapping.

Upon his rescue, Zhuang's first requests were poignantly human—a warm cheeseburger and a conversation with his family, who had been manipulated into paying the hefty ransom during the cyber-kidnapping scam. This incident not only highlights the emotional toll of such crimes but also the urgent need for awareness and preventative measures.

The Aftermath

To navigate the treacherous waters of cyber threats, one must adopt the scepticism of a seasoned detective when confronted with unsolicited messages that reek of urgency or threat. The verification of identities becomes a crucial shield, a bulwark against deception. Sharing sensitive information online is akin to casting pearls before swine, where once relinquished, control is lost forever. Privacy settings on social media are the ramparts that must be fortified, and the education of family and friends becomes a communal armour against the onslaught of cyber threats.

The Chinese embassy in Washington has sounded the alarm, warning its citizens in the U.S. about the risks of 'virtual kidnapping' and other online frauds. This scam fragments a larger criminal mosaic that threatens to ensnare parents worldwide.

Kai Zhuang's story, while unique in its details, is not an isolated event. Experts warn that technological advancements have made it easier for criminals to pursue cyber kidnapping schemes. The impersonation of loved ones' voices using artificial intelligence, the mining of social media for personal data, and the spoofing of phone numbers are all tools in the cyber kidnapper's arsenal.

The Way Forward

The crimes have evolved, targeting not just the vulnerable but also those who might seem beyond reach, demanding larger ransoms and leaving a trail of psychological devastation in their wake. Cybercrime, as one expert chillingly notes, may well be the most lucrative of crimes, transcending borders, languages, and identities.

In the face of such threats, awareness is the first line of defense. Reporting suspicious activity to the FBI's Internet Crime Complaint Center, verifying the whereabouts of loved ones, and establishing emergency protocols are all steps that can fortify one's digital fortress. Telecommunications companies and law enforcement agencies also have a role to play in authenticating and tracing the source of calls, adding another layer of protection.

Conclusion

The surreal experience of reading about cyber kidnapping belies the very real danger it poses. It is a crime that thrives in the shadows of our interconnected world, a reminder that our digital lives are as vulnerable as our physical ones. As we navigate this complex web, let us arm ourselves with knowledge, vigilance, and the resolve to protect not just our data, but the very essence of our human connections.

References 

• https://www.bbc.com/news/world-us-canada-67869517
• https://www.ndtv.com/feature/what-is-cyber-kidnapping-and-how-it-can-be-avoided-4792135

Introduction

In 2019 India got its bill on Data protection in the form of the Personal Data Protection Bill 2019. This bill focused on digital rights and duties pertaining to data privacy. However, the bill was scrapped by the Govt in mid-2022, and a new bill was drafted, Successor bill was introduced as the Digital Personal Data Protection Bill, 2022 on 18th November 2022, which was made open for public comments and consultations and now the bill is expected to be tabled at the parliament in the Monsoon session.

What is DPDP, 2022?

Digital Personal Data Protection Bill, is the lasted draft regulation for data privacy in India. The bill has been essentially focused towards data protection by companies and the keep aspect of Puttaswamy judgement of data privacy as a fundamental right has been upheld under the scope of the bill. The bill comes after nearly 150 recommendations which the parliamentary committee made when the PDP, 2019 was scrapped.

The bill highlights the following keen aspects-

• Data Fiduciary- The entity (an individual, company, firm, state, etc.) which decides the purpose and means of processing an individual’s personal data.
• Data Principle- The individual to whom personal data is related.
• Processing- The entire cycle of operations that can be carried out concerning personal data.
• Gender Neutrality- For the first time in India’s legislative history, “her” and “she” have been used to refer to individuals irrespective of gender.
• Right to Erase Data- Data principals will have the right to demand the erasure and correction of data collected by the data fiduciary.
• Cross-border data transfer- The bill allows cross-border data after an assessment of relevant factors by the Central Government.
• Children’s Rights- The bill guarantees the right to digital privacy under the protection of parents/guardians.
• Heavy Penalties- The bill enforces heavy penalties for non-compliance with the provisions, not exceeding Rs 500 crore.

Data Protection Board

The bill lays down provisions for setting up a Data Protection Board. This board will be an independent body acting solely on the factors of data privacy and protection of the data principles and maintaining compliance by data fiduciaries. The board will be headed by a chairperson of essential and relevant qualifications, and members and various other officials shall assist him/her under the board. The board will serve grievance redressal to the data principles and can conduct investigation, inquiry, proceeding, and pass orders equivalent to a Civil court. The proceeding will be undertaken on the principle of natural justice, and the aggrieved can file an appeal to the High Court of appropriate jurisdiction.

Global Comparison

Many countries have data protection laws that regulate the processing of personal data. Some of the notable examples include:

• European Union: The EU’s General Data Protection Regulation (GDPR) is one of the world’s most comprehensive data protection laws. It regulates public and private entities’ processing of personal data and gives individuals a wide range of rights over their personal data.
• United States: The US has several data protection laws that apply to specific sectors or types of data, such as health data (HIPAA) or financial data (Gramm-Leach-Bliley Act). However, there is no comprehensive federal data protection law in the US.
• Japan: Japan’s Personal Information Protection Act (PIPA) regulates the handling of personal data by private entities and gives individuals certain rights over their personal data.
• Australia: Australia’s Privacy Act 1988 regulates the handling of personal data by public and private entities and gives individuals certain rights over their personal data.
• Brazil: Brazil’s General Data Protection Law (LGPD) regulates the processing of personal data by public and private entities and gives individuals certain rights over their personal data. It also imposes heavy fines and penalties on entities that violate the provisions of the law.

Overall, while there are some similarities in data protection laws across countries, there are also significant differences in scope, applicability, and enforcement. It is important for organisations to understand the data protection laws that apply to their operations and take appropriate steps to comply with these laws.

Parliamentary Asscent

The case of violation of the privacy policy by WhatsApp at the Hon’ble Supreme Court resulted in a significant advocacy for Data privacy as a fundamental right, and it was held that, as suggested otherwise in the privacy policy, Whatsapp was sharing its user’s data with Meta. This massive breach of trust could have led to data mismanagement affecting thousands of Indian users. The Hon’ble Supreme Court has taken due consideration of data privacy and its challenges in India and asked the Govt to table the bill in Parliament. The bill will be tabled for discussion in the monsoon session. The Supreme Court has set up a constitutional bench to check the bill’s scope, extent and applications and provide its judicial oversight.  The constitution bench of Justices KM Joseph, Ajay Rastogi, Aniruddha Bose, Hrishikesh Roy and CT Ravikumar has fixed the matter for hearing in August in order to enforce the potential changes and amendments in the act post the parliamentary discussion.

Conclusion

India is the world’s largest democracy, so the crucial aspects of passing laws and amendments have always been followed by the government and kept under check by the judiciary. The discussion over bills is a crucial part of the democratic process, and bills as important as Digital Personal Data Protection need to be discussed and analysed thoroughly in both houses of Parliament to ensure the govt passes a sustainable and efficient law.

Introduction

The advent of Electronic Vehicles (EVs) represents a transformative leap towards a more sustainable and environmentally conscious transportation future by nations. However, as these vehicles become increasingly connected and reliant on advanced technological systems, a parallel concern emerges—data privacy. Integrating sophisticated technologies in EVs, such as GPS tracking, biometric authentication, and in-car connectivity, raises substantial questions about the collection, storage, and potential misuse of sensitive personal information. This intersection of automotive innovation and data privacy underscores the need for comprehensive solutions and regulatory frameworks to ensure that the benefits of electric vehicles are realised without compromising the privacy and security of their users.

Electronic vehicles primarily record three types of data;

1. Driving behaviour and patterns: The e-vehicle records braking and driving patterns, including acceleration, speed, and swerve. Some vehicles even track air conditioning usage and airbag deployment to determine the point of failure in the event of a crash.
2. Location data: The e-vehicles also track GPS systems to gauge the speed and direction of the vehicle.
3. EV functions and use of telematic services: Monitoring of EV functions includes battery use management, battery charging history, battery deterioration, electrical system functions and software version information.

Data Privacy requirements of companies

Companies manufacturing e-vehicles are saddled with several data privacy requirements as concerns about consumer safety. Data collected by e-vehicles may be sensitive in nature. Location tracking is a key issue that has garnered attention. The constant recording of a driver's whereabouts can lead to the creation of detailed profiles, raising questions about the potential misuse or unauthorised access to this sensitive information. The risk of surveillance, stalking, or even theft of valuable personal data is a genuine concern for EV owners.

Moreover, integrating smart features, such as voice recognition, biometric authentication, and in-car personal assistants, adds another layer of complexity. These features require the collection and processing of personal data. If not handled securely, they may become vulnerable to hacking or unauthorised access, leading to identity theft or other malicious activities. Additionally, Smart charging systems offer convenience by allowing remote monitoring and control of charging, but they also gather extensive data. The geographical data collected during charging may raise concerns about location privacy.

Striking a delicate balance between leveraging this data for enhancing vehicle performance and user experience while safeguarding the privacy of EV owners is paramount. Transparent privacy policies, secure data storage practices, and stringent encryption protocols are essential components of a comprehensive approach to data protection. If a company is eyeing the international market or utilising cloud-based software with decentralised global data storage, it must also navigate international privacy and data protection laws. A prime example is the General Data Protection Regulation (GDPR), a globally recognised and stringent data protection law applicable to both European-based companies and international entities providing goods, services, or monitoring activities of residents within Europe. 

Manufacturers of these vehicles are subjected to compliance with this comprehensive legal framework. Obligations on companies are levied by them being data fiduciaries; dual liability may also emanate since some data fiduciaries may also qualify as data processors. Special care must be taken when data is being transferred to third parties. 

Further, compliance with consumer safety laws is also an important consideration. In India, the Consumer Protection Act of 2019 safeguards the rights of consumers, holding manufacturers, sellers, and service providers responsible for any harm resulting from faulty or defective products. This extends the Act's coverage to include manufacturers and sellers of internet and technology-based products. When read with the Digital Personal Data Protection Act of 2023 (DPDP Act), the Consumer Protection Act of 2019 takes on additional significance. The DPDP Act, focusing on the security of an individual's digital personal data, introduces provisions such as mandatory consent, purpose limitation, data minimisation, obligatory security measures by organisations, data localisation, and enforcing accountability and compliance. These provisions apply to information generated by and for consumers, offering a comprehensive framework for protecting digital personal data.

Conclusion

The intersection of e-vehicles and data privacy necessitates a careful and comprehensive approach to ensure the coexistence of automotive innovation and user security. As electric vehicles record intricate data related to driving behaviour, location, and telematic services, companies manufacturing these vehicles must navigate a complex landscape of data privacy requirements. The potential risks associated with location tracking, smart features, and the extensive data collected during charging underscore the importance of transparent privacy policies, secure data storage practices, and stringent encryption protocols. Moreover, as companies expand globally, compliance with international privacy laws like the GDPR becomes imperative. Balancing the enhancement of vehicle performance and user experience with the safeguarding of privacy is paramount. Manufacturers, deemed as data fiduciaries, must exercise diligence, especially when transferring data to third parties. Additionally, adherence to consumer safety laws, such as the Consumer Protection Act of 2019, further emphasises the need for a holistic and vigilant approach to ensure the responsible use of data in the evolving landscape of e-vehicles.

References

• https://digitalcommons.law.scu.edu/cgi/viewcontent.cgi?article=1556&context=chtlj 
• https://cyberswitching.com/electric-car-charging-and-data-privacy/#:~:text=Smart%20charging%20systems%20provide%20convenience,in%20safeguarding%20EV%20user%20privacy