India: New IT rules present major security and privacy concerns, experts say
"New rules to regulate social media spark concerns over privacy", 27 February 2021
The government’s new rules to regulate social media content, forcing companies such as Facebook and WhatsApp to remove posts and share details of certain messages with state authorities, will compromise the privacy of millions of online users in India, experts said.
The rules also do not have safeguards to ensure that users of social media platforms are made aware that their personal data will be stored and analysed by the tech giants. Experts fear the new rules may lead to widespread gathering of personal information by social media platforms in the absence of an online privacy law...
The data minimization principle advocates that only those user data should be collected and processed that are adequate and necessary for that purpose. Globally, it is being followed strictly under the European Union’s General Data Protection Regulation (GDPR).
This is in contrast to the new rules, which mandate intermediaries to retain user information given during the registration process for 180 days (or six months), even after users delete their accounts.
...The rules also state that users who want to verify their accounts should be provided with an appropriate mechanism. Messaging platforms, which offer end-to-end encryption for greater privacy, have been asked to identify the ‘first originator’, which means identifying an internet user who starts sharing any type of mischievous information, which many privacy experts fear is a veiled attempt at state surveillance...