{"id":29592,"date":"2018-10-26T11:23:43","date_gmt":"2018-10-26T05:53:43","guid":{"rendered":"https:\/\/blog.forumias.com\/?p=29592"},"modified":"2018-10-26T11:23:43","modified_gmt":"2018-10-26T05:53:43","slug":"architecture-for-privacy","status":"publish","type":"post","link":"https:\/\/forumias.com\/blog\/architecture-for-privacy\/","title":{"rendered":"Architecture for privacy"},"content":{"rendered":"<p><strong><a href=\"http:\/\/indianexpress.com\/article\/opinion\/columns\/architecture-for-privacy-data-protection-facebook-india-united-states-5163819\/\">Architecture for privacy<\/a><\/strong><\/p>\n<p><strong>Context: Privacy protection<\/strong><\/p>\n<p>Data protection requires a strong regulatory framework with a hierarchy of regulators to protect basic rights<\/p>\n<p><strong>Fear of Digitization: Mass surveillance<\/strong><\/p>\n<ul>\n<li>Databases linked by unique identities can possibly create an infrastructure for totalitarian observation of citizens\u2019 activities across different domains<\/li>\n<li>The mere existence of such infrastructure, if unrestricted, can potentially disturb the balance of power between the citizens and the state, stifle dissent and be a threat to civil liberty and democracy<\/li>\n<\/ul>\n<p><strong>Data misuse<\/strong><\/p>\n<ul>\n<li>Not only can personal information leach out and be used by unpredictable entities in unpredictable ways, but one can also be mis-profiled, wrongly assessed or even influenced using out-of-context data, without being able to control such actions or sometimes even being aware of them<\/li>\n<li>Exclusions and denials because of poorly thought out use cases, like perhaps because fingerprints do not match, are more direct violations.<\/li>\n<\/ul>\n<p><strong>What India needs to do?<\/strong><\/p>\n<ul>\n<li>We should have stricter provisions than the sector-specific standards in the US<\/li>\n<li>India should ideally have a more innovation-friendly setup than what the European General Data Protection Regulation (GDPR) can offer, which perhaps is unduly restrictive but is unlikely to be commensurately effective<\/li>\n<li>Our designs need to be especially sensitive to our large under-privileged population, which may not have the necessary cultural capital to deal with overly complex digital setups<\/li>\n<li>Not only do the data regulators require independent authority, but they also need to actively participate in the data protection architecture<\/li>\n<li>Apart from determining the fairness of algorithms and use cases, they need to play two other main roles<\/li>\n<li>The first should be to determine, and explicitly list out, authorisations for data access for various data processing functions based on a rights-based principle in addition to consent<\/li>\n<li>Purpose limitation needs to be built into such authorisations, and all-purpose extension requirements must be explicitly considered<\/li>\n<li>The second role should be to ensure that data can be accessed only through audited, pre-approved and digitally signed computer programs after online authentication and verification of the authorisations presented<\/li>\n<li>Both the data regulator and the data controller should maintain non-repudiable logs of all data accesses, and neither should be able to access the data independent of the other<strong style=\"font-size: 1rem;\">\u00a0<\/strong><\/li>\n<\/ul>\n<p><strong>Conclusion<\/strong><\/p>\n<p>The technology to support such regulatory functions exists, what is necessary now is an effective and rights-based data protection law, and the will to build the required regulatory capacity<strong>\u00a0<\/strong><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Architecture for privacy Context: Privacy protection Data protection requires a strong regulatory framework with a hierarchy of regulators to protect basic rights Fear of Digitization: Mass surveillance Databases linked by unique identities can possibly create an infrastructure for totalitarian observation of citizens\u2019 activities across different domains The mere existence of such infrastructure, if unrestricted, can&hellip; <a class=\"more-link\" href=\"https:\/\/forumias.com\/blog\/architecture-for-privacy\/\">Continue reading <span class=\"screen-reader-text\">Architecture for privacy<\/span><\/a><\/p>\n","protected":false},"author":61,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"jetpack_post_was_ever_published":false,"footnotes":""},"categories":[555],"tags":[],"class_list":["post-29592","post","type-post","status-publish","format-standard","hentry","category-test-1","entry"],"jetpack_featured_media_url":"","views":{"total":0,"cached_at":"","cached_date":1704829692},"jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/forumias.com\/blog\/wp-json\/wp\/v2\/posts\/29592","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/forumias.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/forumias.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/forumias.com\/blog\/wp-json\/wp\/v2\/users\/61"}],"replies":[{"embeddable":true,"href":"https:\/\/forumias.com\/blog\/wp-json\/wp\/v2\/comments?post=29592"}],"version-history":[{"count":0,"href":"https:\/\/forumias.com\/blog\/wp-json\/wp\/v2\/posts\/29592\/revisions"}],"wp:attachment":[{"href":"https:\/\/forumias.com\/blog\/wp-json\/wp\/v2\/media?parent=29592"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/forumias.com\/blog\/wp-json\/wp\/v2\/categories?post=29592"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/forumias.com\/blog\/wp-json\/wp\/v2\/tags?post=29592"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}