{"title":"The constitutionality of the new Indian CERT-In VPN rules","authors":"Siddharth Chaturvedi, H. Srivastava","doi":"10.1093/idpl/ipad015","DOIUrl":null,"url":null,"abstract":"\n This article examines the constitutionality of the Cyber Security Directions released by Computer Emergency Response Team India (CERT-In). The new guidelines issued by CERT-In, the nodal agency of the Ministry of Electronics and Information Technology, have been in the news in India due to concerns being raised by various companies and privacy watchdogs like the Internet Freedom Foundation that the guidelines were affecting the fundamental right to privacy and personal autonomy of the individuals. The guidelines promulgated give CERT-In the authority to demand and retain various kinds of personally identifiable information for more than 5 years. The mandates related to virtual private network service providers are unreasonable and violative of user privacy, while the domain of information that is to be collected is ambiguous and unspecified for the purpose, thus increasing the chances of surveillance and potential censorship. The authors also give suggestions on how to overcome anomalies which are present in the guidelines issued by CERT-In.","PeriodicalId":51749,"journal":{"name":"International Data Privacy Law","volume":"61 1","pages":""},"PeriodicalIF":2.6000,"publicationDate":"2023-07-24","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"International Data Privacy Law","FirstCategoryId":"90","ListUrlMain":"https://doi.org/10.1093/idpl/ipad015","RegionNum":4,"RegionCategory":"社会学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q1","JCRName":"LAW","Score":null,"Total":0}
引用次数: 0
Abstract
This article examines the constitutionality of the Cyber Security Directions released by Computer Emergency Response Team India (CERT-In). The new guidelines issued by CERT-In, the nodal agency of the Ministry of Electronics and Information Technology, have been in the news in India due to concerns being raised by various companies and privacy watchdogs like the Internet Freedom Foundation that the guidelines were affecting the fundamental right to privacy and personal autonomy of the individuals. The guidelines promulgated give CERT-In the authority to demand and retain various kinds of personally identifiable information for more than 5 years. The mandates related to virtual private network service providers are unreasonable and violative of user privacy, while the domain of information that is to be collected is ambiguous and unspecified for the purpose, thus increasing the chances of surveillance and potential censorship. The authors also give suggestions on how to overcome anomalies which are present in the guidelines issued by CERT-In.
本文探讨了印度计算机应急响应小组(CERT-In)发布的《网络安全指示》的合宪性。印度电子和信息技术部(Ministry of Electronics and Information Technology)的节点机构CERT-In发布的新指导方针上了新闻,原因是许多公司和互联网自由基金会(Internet Freedom Foundation)等隐私监管机构担心,这些指导方针影响了个人的基本隐私权和个人自主权。颁布的指导方针赋予CERT-In在5年以上的时间内要求和保留各种个人身份信息的权力。与虚拟专用网络服务提供商相关的授权是不合理的,侵犯了用户隐私,而要收集的信息领域是模糊的,并且没有明确的目的,从而增加了监视和潜在审查的机会。作者还就如何克服CERT-In发布的指南中存在的异常给出了建议。
京公网安备 11010802042870号
京ICP备2023020795号-1
分享
求助内容:
应助结果提醒方式:
扫码关注我们
