The following text is copyright 2011 by Network World, permission is hearby given for reproduction, as long as attribution is given and this notice is included.
India: Data privacy: yes, adults: no, Internet privacy: no
By: Scott Bradner
India has just approved three new information technology rules (http://www.mit.gov.in/sites/upload_files/dit/files/GSR3_10511(1).pdf). One, titled "Reasonable security practices and procedures and sensitive personal data or information," will impact many US companies who outsource some of their IT operations to India. Another, titled " Intermediaries guidelines," covers India-based ISPs and other companies who transport Internet data but who do not manage or edit the data and, among other things, assumes there are no adult users of the Internet in India. The third, titled "Guidelines for Cyber Cafe," tries to ensure that users of cyber cafe's in India have no privacy.
The Indian rules seems to be written to cover data gathered by Indian companies from anywhere in the world, even if the Indian company is working for a company in the US and only collecting information about US residents. Many US companies outsourcing some of their IT operations to India may have to upgrade their systems and practices if the rules are interpreted this way
The other two sets of rules pertain to Indian "intermediaries" and "cyber cafes." Both sets of rules are rather strict. The intermediaries rule provides a long list of what types of Information Internet users cannot "host, display, upload, modify, publish, transmit, update or share." The list includes the normal suspects of obscene, pornographic, libelous, and copyright violations. But it also includes a prohibition of information that could "harm minors in any way." This clause prevents adults from talking to adults over the Internet about topics that someone might think harmful to a minor, such as a 5-year old. I guess the Indian authorities think that there are no adults in India.
The cyber cafe rules seem designed to ensure that cafe users have no privacy at all. The cafe operator must maintain a list of all users and forward the list to the authorities monthly. A log of all websites visited must also be kept and the cafe must be designed so that the user's screen is visible at all times.
I guess, in India, privacy is for data, not for users and only kids use the net. That comes across as somewhat of a mixed message about the maturity of Indian society.
disclaimer: Some of the things that go on in Harvard Yard may provide a mixed message about the maturity of some Harvard students, but they outgrow it. In any case, I know of no Harvard opinions on the Indian rules so the above opinions must be my own.