GOVERNMENT OF INDIA

MINISTRY OF ELECTRONICS AND INFORMATION TECHNOLOGY

LOK SABHA

UNSTARRED QUESTION NO. 3902

TO BE ANSWERED ON: 11.12.2019

MISAPPROPRIATION OF DATA

3902. SHRI ANANTKUMAR HEGDE:

Will the Minister of Electronics & Information Technology be pleased to state:-

(a) whether the Government has noticed any misappropriation of data from social media platforms;

(b) if so, the details thereof and the reaction of the Government thereto along with the corrective steps taken by the Government in this regard;

(c) whether the Government has notified any rules for applications or gadgets using facial recognition systems, to safeguard users’ privacy; and

(d) if so, the details thereof and if not, the reasons therefor?

ANSWER

MINISTER OF STATE FOR ELECTRONICS AND INFORMATION TECHNOLOGY

(SHRI SANJAY DHOTRE) 

(a) and (b): Based on the media reports regarding interference by Cambridge Analytica in Indian elections, Government had approached Cambridge Analytica as well as Facebook separately on 23.03.2018 seeking clarifications. Cambridge Analytica responded on 03.04.2018 that they do not have any Facebook data of Indian citizens. On 05.04.2018, Facebook informed the Government that data of estimated 562,455 Indian’s may have been accessed by Cambridge Analytica through installations of the App developed by GSR and installed by Indians. As there were perceived inconsistencies, Government again approached both companies separately and asked Cambridge Analytica for additional details emphasizing that any data concerning Indians is required to be given due sanctity.

(c) and (d): Section 43A of the Information Technology Act, 2000 provides for compensation to be paid to the victim in case of unauthorized access of information and leakage of sensitive personal information respectively. It mandates ‘body corporates’ to implement ‘reasonable security practices’ for protecting ‘sensitive personal information’ of individuals. The Information Technology (Reasonable security practices and procedures and sensitive personal data or information) Rules, 2011 notified under this section defines sensitive personal information which includes biometric information. The Rules mandate that body corporate must provide policy for privacy and disclosure of information, so that user is well aware of the type of personal data collected, purpose of collection and usage of such information. The rules also specify mode of collection of information, disclosure of information, transfer of information, etc.

In addition, Ministry of Electronics & Information Technology is working on the Personal Data Protection Bill to safeguard the privacy of citizens, and proposes to table it in Parliament.