Latest news with #DigitalPersonalDataProtectionAct
India Today
a day ago
- Health
- India Today
Why India needs a Genomic Protection Act now
The recent implosion of 23andMe, a once-celebrated pioneer of direct-to-consumer genetic testing, should not merely be viewed as a Silicon Valley story gone wrong. It is a powerful cautionary tale for India, which now stands on the threshold of a genomic someone deeply involved in precision medicine and longevity care, it is time for India to go beyond fragmented data protection frameworks and enact a dedicated Genomic Protection Act, one that prioritises clinical oversight, ethical stewardship, and individual is a genetic mosaic. With more than 4,000 distinct ethno-linguistic communities, centuries of endogamy, and a vast reservoir of rare variants, our population represents both a treasure trove for research and a potential minefield for exploitation. The collapse of 23andMe was not simply about a business model failing. It was about trust being eroded. It showed what happens when data privacy becomes an afterthought and genetic results are served without medical interpretation, leading not to empowerment, but anxiety. We must not repeat these data is not like browsing history. It cannot be deleted or changed. It holds information not just about the individual, but about their children, communities, and future it's leaked or misused, the consequences are irreversible. In India, where public awareness about data rights is still evolving and health literacy varies greatly, the risks of commodifying DNA are the Digital Personal Data Protection Act is a step forward. But it lacks the nuance and granularity required to govern genomic data, which is fundamentally different from other forms of personal urgently need legislation that defines who owns your genetic data, sets limits on how it can be shared, and ensures consent that is layered and ongoing, not broad and PILLARS OF A GENOMIC PROTECTION ACTClinician-Led Testing: Genomic insights must be contextualised within clinical frameworks. Raw data leads to confusion; interpreted data leads to care. Imagine a longevity screen that integrates a patient's APOE status with cholesterol levels, cognitive assessments, and family history—offering a prevention roadmap, not just a risk percentage. That's precision Data Stewardship: Any storage, transfer, or analysis of genomic data should be governed by ethical boards and protected under encrypted, India-based servers. Data sanctity must not be compromised for commercial Consent and Opt-Out Rights: Individuals should be able to choose what portions of their data are used, for how long, and by whom. Consent should be revocable. An individual must have the right to know who accessed their genome and for what Governance: As India moves into population genomics and public-private collaborations, our policies must ensure that innovation does not outpace regulation. Genomic information must never become a tool for discrimination, be it in insurance, employment, or has the opportunity to construct a gold-standard genomic ecosystem, one that learns from global missteps and roots itself in trust, transparency, and scientific integrity. The collapse of 23andMe is not the end of consumer genomics. It is a wake-up call. We must lead with care, not just not a question of whether India will embrace genomics. The question is whether we will do it responsibly. A Genomic Protection Act is no longer optional. It is essential, for science, for ethics, and for the future of every Indian genome.(Disclaimer: This is an authored article. The views and opinions expressed by the doctors are their independent professional judgement, and we do not take any responsibility for the accuracy of their views. This should not be considered as a substitute for physician's advice.)- Ends
Time of India
a day ago
- Business
- Time of India
Google, Meta at loggerheads over age-verification methods for child users
Search engine giant Google and social media major Meta recently reiterated their difference of opinion over how to verify the age of child users on digital the European Digital Services Act , Google proposed a new credential manager application programming interface that will store government-issued IDs in a mobile wallet that it said can be used for age assurance in a completely encrypted and safe manner. Meta has proposed, including in India, to utilise the app stores like Google's Play Store and Apple's App Store to verify the age of a device's has warned that delegating age verification to app stores, as proposed by Meta, would risk overexposing sensitive data and lack consistency across devices. It may also exclude shared or family-used devices, the parent of YouTube said in a recent blog Digital Personal Data Protection Act (DPDPA) requires platforms to obtain verifiable parental consent before processing the personal data of children. This means companies must verify the age of those signing up for their services and, if they are found to be children, obtain consent from their parents or legal guardians. The government has yet to notify the final DPDP Rules that the companies will have to DPDPA and the draft rules released by the government do not prescribe a single, mandatory age verification method. Instead, they broadly require businesses to implement "appropriate technical and organisational measures" to obtain verifiable parental consent. The draft rules suggest a risk-based approach where the platforms catering to children or those dealing with high-risk data might need more stringent verification measures, while others might suffice with on how the age verification of children can be done before their personal data is processed has gathered steam again in India with Kate Charlet, Google's global director of privacy safety and security policy, expressing some views on the subject in a June 13 blog post titled 'An age assurance tool for Europe and beyond'.For both Google and Meta, India is the largest market, and they would seek to ensure that their age-verification methods comply with the local requirements. Google (including YouTube) and Meta (with its umbrella of apps like Facebook, WhatsApp, Instagram and Threads) each have more than a billion users in credential manager enables users to verify that they are above 18 years of age by using digital credentials issued by trusted third parties such as telecom operators or government ID method relies on zero-knowledge proofs, which enable the verification of age without revealing or storing any extraneous personal information."We urge age assurance providers, and app and web developers to build on this secure infrastructure for Android devices," Charlet wrote in her privacy-preserving approach using digital credentials and zero knowledge proofs offers a promising model for Indian platforms to adopt, said Saumya Brajmohan, partner at law firm Solomon & Co."From a legal standpoint, the framework aligns with global digital data protection principles, being founded on the principles of data minimisation, purpose limitation, lawful processing, and privacy by design and by default," Brajmohan said. It also resonates with the DPDPA, which imposes strict obligations on companies when processing a person's personal data, especially that of children, she immediate adoption of the framework could be potentially challenging considering that India currently lacks a federated credential ecosystem, she pointed the India Stack infrastructure, like DigiLocker, e-KYC and Aadhaar eSign, could theoretically serve as a credentialing foundation, concerns around data security, and overreach continue to limit their adoption for this specific use case, she rules under the DPDPA (which have not yet been notified) have not clarified what constitutes a 'verifiable consent' or who is eligible to act as an authorised digital credential provider, she added."This absence of clear rules around acceptable verification methods and trusted companies is what currently prevents Indian platforms from adopting models like Google's without ambiguity," Brajmohan Sahni, partner at law firm Ajay Sahni & Associates, told ET that the government would do well to consider interoperable, government-supported infrastructure such as DigiLocker or tokenised consent mechanisms (such as those used in Unique Identification Authority of India mechanisms) as a common backbone to ensure both compliance and ease of doing Razvi, managing partner of law firm Accord Juris, said Google's proposed age verification model using digital credentials via a mobile wallet offers operational efficiency but raises significant legal concerns, particularly under child data protection regimes."A system that relies on government issued IDs, which most children do not possess fails to meet this obligation in both form and substance," he argued."Moreover, delegating this core compliance function to a mobile wallet introduces outsourcing risks. Age gating is a legal duty of the companies, not the platform. Any failure could lead to regulatory scrutiny, civil claims, or enforcement actions," Razvi explained."It does little to address consent requirements or provide for parental involvement where necessary," he said."While Google's approach is scalable and user-friendly, true compliance demands child-centric, and independently auditable mechanisms," Razvi Charlet in her blog said Meta's age verification proposal would require mobile app stores to verify visitors' ages on behalf of mobile apps."Billed as 'simple' by its backers, including Meta, this proposal fails to cover desktop computers or other devices that are commonly shared within families. It also could be ineffective against pre-installed apps, as Meta's often are," she said."Even more worryingly, it would require the sharing of granular age band data with millions of developers who don't need it. We have strong concerns about the risks this 'solution' would pose to children," Charlet Dasgupta, executive director – tax at Aquilaw, said data verification should be done by platforms providing age-sensitive content rather than providers of operating systems or app stores."Meta's proposal aims for a centralised system because app stores are the primary gateways for users to access apps. Integrating age verification at this level would mean users only need to verify their age once to access a wide range of apps and services. Operational ease as individual applications will not have to separately verify age of users," he said.
Mint
5 days ago
- Politics
- Mint
US mandates public social media for visa applicants, sparks privacy concerns
All international students applying for non-immigrant US visas – specifically F (academic), M (vocational), and J (exchange visitor) categories – are now required to make their social media profiles public to enable their verification before they are let into the country. This diktat, effective immediately, has been met with outrage from data privacy experts and legal professionals in India, who argue it constitutes a severe violation of individual privacy and could infringe upon fundamental rights. The directive, announced by the US Embassy in India on Monday, stipulates that all applicants for these visa categories must adjust their privacy settings on all personal social media accounts to "public." This move, according to the embassy, is intended to "facilitate vetting necessary to establish their identity and admissibility to the United States under US law" and "bolster national security." Also read: Israel-Iran war: After explosions boom Bushehr, Iran's only nuclear plant; Rosatom downplays attack - 'site remains…' US officials will scrutinize online activity across platforms like Facebook, X (formerly Twitter), LinkedIn, and TikTok, looking for any "hostile attitudes toward our citizens, culture, government, institutions, or founding principles," or links to "extremist ideology" or "anti-American sentiment." However, legal experts are quick to highlight the perilous implications of such a broad and intrusive measure. Senior advocate at the Supreme Court N.S. Nappinai noted that while US privacy laws, with the exception of California, may be weak, their fundamental rights, particularly concerning freedom of speech and expression, are absolute. "Any act which could result in restraint of speech and expression could be contested in the US on grounds of violation of this inalienable right," Nappinai stated, adding that "it remains to be seen however whether the requirement is likely to be contested." From an Indian perspective, Nappinai suggested that government intervention might be mandated, as the move directly impacts Indian students. The issue, she emphasized, is not simply about privacy but also about national security, suggesting that the only recourse would be to invoke the US's strong rights of free speech and argue how the requirement could lead to a chilling effect on it. Salman Waris, managing partner, TechLegis Advocates and Solicitors, echoed these concerns. "The US embassy's new rule requiring visa applicants to make their social media profiles public does raise privacy concerns under Indian and global privacy standards, since it forces disclosure of personal data beyond what's typical for such applications." Waris highlighted that this policy "could conflict with privacy rights under India's Digital Personal Data Protection Act and the EU's GDPR, both of which stress data minimization and user consent." He called the new notification "forced consent" for sharing social media profiles and content. Also read: US visa: Indians seeking F, M, J non-immigrant visas must 'adjust social media settings', says embassy — check new rules For students, he warned, it means they will need to review and possibly clean up their online presence, knowing that even old posts or memes could jeopardise their chance of getting the US visa. Aditi Verma Thakur, a senior partner at law firm Ediplis Counsels, said that while the US Department of State's requirement for social media handles has been in place for a few years, citing national security, the new mandate for public profiles raises questions about "free and informed consent under data privacy norms." She emphasized that while accessing public profiles may not be a direct breach of data privacy laws, there are "ethical concerns about how and why these profiles were made public in the first place." Thakur suggested that applicants who are normally cautious about sharing personal information might feel "pressured to make their profiles public in order to not jeopardize their visa application," which she sees as a form of indirect coercion and an intrusion into individual privacy. She also highlighted that under India's new Digital Personal Data Protection (DPDP) Act, 2023, the processing of personal data requires 'explicit consent,' a requirement that becomes diluted when users are forced to make their data public, even if "the underlying privacy concerns in such cases remain relevant and merit attention." Thakur noted that foreign students "sensitive about sharing personal information online may not be comfortable making their profiles public," and this new requirement is "likely to make them more cautious about what they share and how much information they disclose on such platforms." This latest development comes amidst a broader tightening of US visa policies under the president Donald Trump's administration, which has consistently emphasized a "quality workers" approach to immigration. Mint previously reported that the past six months have already seen student visa success rates for the US plummet from a historical 99% to around 70%. This decline is attributed to increased scrutiny and higher rejection numbers. Also read: 'Don't go to India because…': American tourist's Instagram Reel goes viral; social media reacts, 'This is so true' While the US remains a popular destination, particularly for Indian students pursuing science and technology courses, experts anticipate a shift in student sentiment. Mint earlier reported that while in-demand tech skills might still find acceptance, "lower order skills like coding, maintenance, etc., could be limited." Business management programs, too, are expected to see a "gradual plateau," with only Ivy League institutions likely to maintain strong demand. The H-1B visa, often a post-study pathway for F1 visa holders, is also under the Trump administration's microscope. Any stricter H-1B policies or changes to post-study work permits would significantly impact Indian students' decisions to pursue education in the US. Mint previously reported that parents and students are already casting a "wider net" for study-abroad options. The number of students choosing the US has "declined by half" over the past five years, with growing interest in European and some Southeast Asian universities. Concerns over rising political activism on American campuses are also contributing to this shift. Adding to the uncertainty, Canada and Australia, traditionally alternative popular destinations, have also implemented their own clampdowns on international students. This could further push Indian students towards Europe, potentially making "America's loss Europe's gain." Despite the growing anxieties and the new social media requirement, some consultants remain cautiously optimistic, predicting only a "short-term blip" in US visa applications. They even foresee a surge in M1 vocational visas due to a demand for teachers in the US. However, the immediate impact of the public social media profile mandate is undeniable. As Indian students weigh their options, balancing academic aspirations with concerns over privacy and the evolving visa landscape, the new US policy stands as a stark reminder of the increasing complexities in international education.
Time of India
5 days ago
- Business
- Time of India
Revolutionizing India's Debt Securities Market: The Role of Technology and Regulation, ET CISO
By Pratapsingh Nathani, India's debt capital markets have undergone a measured yet significant transformation, evolving from a niche, opaque space into a critical enabler of long-term capital formation. While equity markets have typically drawn more public attention, the debt ecosystem is now foundational to financing infrastructure, digital innovation, and sustainability-linked projects across sectors. Historically shaped by colonial financial structures and limited access, debt instruments in India were informal and lacked transparency. Post-independence industrialization efforts gradually formalized the space, but it was the 1990s economic liberalization that brought structural change. The dissolution of the Controller of Capital Issues and the rise of SEBI as an autonomous regulator introduced market-based pricing and investor-driven capital flows. The launch of the National Stock Exchange, digitization of securities, and proliferation of credit rating agencies further modernized the landscape. Advt Advt Today, technology plays a central role in expanding and securing India's debt markets. Electronic bond trading platforms, algorithmic issuance systems, and API-based market infrastructure have streamlined access and execution. At the same time, the digitalization of regulatory compliance—through e-KYC, Aadhaar integration, and online disclosure frameworks—has lowered entry barriers while enhancing this digital transformation brings new challenges around cybersecurity, data protection, and investor privacy. As digital platforms handle vast amounts of sensitive financial data—from issuer documentation to investor records—robust cybersecurity protocols are no longer optional. Threats ranging from identity theft to real-time trading manipulation have made data security a critical aspect of market infrastructure and market institutions are increasingly recognizing this. SEBI has introduced cybersecurity and cyber resilience frameworks for market intermediaries, mandating periodic audits, threat intelligence sharing, and disaster recovery protocols. Compliance requirements around data localization, encryption, and breach disclosures are aligning with broader national frameworks such as the Digital Personal Data Protection Act, artificial intelligence and machine learning are being deployed not just for credit scoring and portfolio optimization, but also for real-time anomaly detection and fraud prevention in debt transactions. These tools are essential in protecting both institutional and retail investors in a high-frequency, data-rich the innovation front, new instruments—green bonds, InvITs, social bonds, and municipal bonds—are expanding access to mission-critical capital. These products, while designed to fund sustainable development and infrastructure, also demand tighter oversight and data transparency, especially around end-use, ESG reporting, and investor India moves towards becoming the third-largest global economy, the debt capital market's role is no longer confined to financial intermediation—it is emerging as a strategic engine for nation-building. For this ecosystem to reach its full potential, strengthening cybersecurity, data governance, and compliance frameworks will be just as important as regulatory and financial reforms. In a digital-first, data-driven economy, trust and security will define the credibility and scalability of India's capital author's Chairman & Managing Director at Beacon Trusteeship. By , ETCISO Join the community of 2M+ industry professionals. Subscribe to Newsletter to get latest insights & analysis in your inbox. All about ETCISO industry right on your smartphone! Download the ETCISO App and get the Realtime updates and Save your favourite articles.
Time of India
18-06-2025
- Business
- Time of India
Why India's AI future hinges on smarter data centres
Imagine building a skyscraper on sand. That's what India's AI ambitions could look like without rethinking data centres. As generative AI, 5G, and IoT explode, our digital economy's bedrock—data centres—is at a tipping of AI Data Centres in IndiaIndia's data centre market is sprinting at ~25% CAGR, fueled by AI's relentless demand for compute power. But here's the catch: while we generate 20% of global data, we hold just 3% of data centre capacity. The government's push for data localisation under the Digital Personal Data Protection Act (DPDPA) has further accelerated the establishment of local data centres, drawing significant investments from global giants like AWS, Microsoft, and Google, as well as domestic players such as Reliance Jio and Yotta Infrastructure. Recently, during the Union Budget presentation, Finance Minister Nirmala Sitharaman allocated INR 20 billion ($230 million) for the IndiaAI mission, which will be used to build AI and data centre infrastructure, including GPUs, data centres, and connectivity solutions. AI isn't just code—it's hardware. Next-generation data centres need GPU clusters, liquid cooling, optical fibre cables, connectivity solutions, and renewable energy to handle workloads that are ten times denser than traditional setups. Projects like Yotta NM1 in Navi Mumbai and CtrlS Hyderabad exemplify the shift toward AI-optimised facilities, equipped with GPU clusters, advanced cooling, and renewable energy integration. The Infrastructure Gap: A Strategic Imperative Despite this momentum, India's AI data centre infrastructure faces significant challenges: Real estate and Connectivity challenges India's major metro markets like Mumbai, Chennai, Bengaluru, and Hyderabad dominate data centre capacity but face high land costs and limited availability of suitable sites. While metros benefit from robust fibre networks, many regions beyond metropolitan areas still suffer from limited fibre availability and high latency, impeding AI workloads that require ultra-low latency and high bandwidth. Network Latency and Location Strategy AI applications require ultra-low latency to function effectively, which means data centres must be located close to end users in major metropolitan areas. However, high population density and limited land availability complicate site selection. Addressing network latency requires not only proximity but also optimised connectivity infrastructure, including carrier-neutral facilities and high-speed interconnections within and between data centres. Infrastructure Modernisation and AI-Readiness Many existing data centres in APAC were designed before the AI era and are not equipped to handle the unique demands of AI workloads. This creates a gap that new developments and upgrades must fill by incorporating AI-ready features such as higher floor loading capacity, advanced cooling systems, and enhanced network capabilities. Made in India solutions - India's data centre revolution demands locally engineered solutions to overcome unique challenges like connectivity gaps in tier 2 and 3 cities, unreliable power infrastructure, complex land acquisition hurdles, and the need for energy-efficient architectures tailored to extreme climatic conditions. This requires data centre solutions like driving demand for home-grown solutions that cater to hyper-scalable fibre backhaul, edge computing integration, etc. Charting the path forward The fundamental changes AI is bringing to data centres are truly remarkable. India's vision to become a global AI powerhouse hinges on bridging the digital infrastructure gap, requiring advanced connectivity solutions to build this infrastructure. As AI continues to take centre stage, data centres built on agile and future-proof optical fibre foundations will evolve to provide immense compute power. This transformation will enable them to meet the industry's demands, including: Agile, high-bandwidth connectivity for AI - AI workloads demand massive, low-latency data transfer within the data centre and between data centres (DCI). Legacy copper struggles with scale and distance. The industry requires high-speed, low-latency optical solutions. Pre-terminated systems ensure rapid, error-free deployment, which is crucial for scaling AI scalability and future-proofing - India's data explosion requires infrastructure that can scale exponentially. Density is key to managing space and cost. High-fibre-count optical solutions offer unparalleled fibre density for scalable inter-facility links. Pre-terminated Systems are inherently designed for easy upgrades and massive bandwidth headroom, protecting latency and high reliability - AI and real-time analytics demand near-instantaneous data movement. Innovative optical solutions compliant with international standards such as ANSI/TIA-942, TIA-568, ISO 11801 guarantee engineered reliability and signal integrity, minimising latency jitter and failure risk. India's AI future depends on a holistic approach to digital infrastructure—one that integrates advanced optical connectivity, power-efficient cooling, and scalable physical digital infrastructure. India's AI race isn't just about algorithms; it's about reinventing infrastructure that's future-proof, sustainable, and inclusive. The question isn't if we'll bridge the gap—it's how fast.
