Welcome to Degen Lawyer's Newsletter, this week we bring you some fascinating news. Every week we serve up curated analysis, hot takes, and expert commentary on all things emerging tech and law, sprinkled with a healthy dose of wacky and meme-worthy. Enjoy!

In this week’s edition:

WHAT’S HAPPENING AROUND THE WORLD

1. SEC and Binance clash in courts with Binance’s bid to wind up litigation

   Following Binance’s historic $ 4.3 billion settlement, further development has arisen, with Binance asking U.S. Judge Amy Berman to toss out the SEC lawsuit filed against it. Binance’s core contention remains that the SEC has no authority to regulate crypto assets as they do not meet the definition of an investment contract. On the other hand, the SEC argues that Binance facilitated the trading of several crypto tokens, which it deems unregistered securities. Watch out for this one, because if the court rules against Binance it will have a major impact on the ecosystem.

2. Turkey Reviews Cryptocurrency Regulation Efforts

   Turkey’s Economy Coordination Board met to discuss progress on cryptocurrency regulation. The gathering focused on the cryptocurrency regulation draft and underscored the significance of overseeing the cryptocurrency ecosystem, highlighting the need for effective regulation. As the regulatory landscape evolves, the global community watches Turkey’s efforts to balance innovation with financial integrity. Turkey’s moves reflect its efforts to regulate crypto as a precondition to ensuring removal from the grey list by showcasing its commitment to global financial standards.

3. Australia reviews law enforcement’s capability to respond to cybercrime

   The Office of the Australian Information Commissioner (OAIC), emphasising the importance of privacy regulation and its role in preventing cybercrime, endorsed Australia’s Privacy Act Review report and the Australian Cyber Security Strategy, emphasising their role in strengthening cyber security. The OAIC recommended prioritising the Privacy Act review reforms and encouraging collaboration and information sharing among regulators.

THIS WEEKS DEEP READ

Data Privacy - Is your government the hero or the villain?

Compliance with data protection and privacy laws costs companies and governments globally in millions. For instance, in a 2021 study by Ernst & Young, GDPR compliance is projected to cost Fortune 500 companies almost $8 Billion each year. On the other hand, EU governments and governance bodies spend millions ensuring GDPR compliance. For instance, the Department of Work and Pensions of the UK spent nearly 15 million Pounds ensuring GDPR compliance.

Despite all the expenditure and efforts, what does one do if it is the government itself violates your data privacy?

And of course, we are talking about China – Everyone’s Favourite ‘Big Brother’. The Chinese province of Hebei is trying out a (cool) new app that will inform its users if they are within a 500-meter radius of someone who is in debt. Nifty!! I always wondered how much richer I was then everyone else in front of me at the park. This is part of China’s ridiculously invasive “social credit” system that aims to incentivize citizens to monitor so-called debtors and report them to the authorities if they seem capable of paying their debts.

This raises an important question. How do you regulate the regulator?

India and the right to privacy

In India, the right to privacy is constitutionally guaranteed under  Article 21. Various judgements from the apex court, most notably, in the case of Justice K.S Puttaswamy (Retd) & Ans v/s Union of India & Ors, have unanimously reaffirmed this right. The court affirmed that the right to privacy was integral to the freedom granted in the constitution and an intrinsic aspect of dignity, autonomy and liberty.

The Indian Government and Citizen Data

The Indian Government collects huge amounts of personal data from citizens and residents to support its policies and initiatives. The most important yet controversial data-gathering exercise occurred with the advent of Aadhar (a 12-digit individual identification number, serving as a proof of identity for Indian residents by linking demographic and biometric information of an individual in a central database).  

Is the Data safe in the Indian Governments hands?

India has consistently found itself ranked among the worst-performing countries in terms of data privacy. Described as a surveillance state, its data protection regulations have been assessed by the EU as insufficient to provide an adequate level of protection (I mean it’s no China, but there are levels to this stuff).

The linking of Aadhar data with personal information including financial information has raised concerns that the government would have complete access to each citizen’s online activities, including purchases, travel booking and financial transactions.

And these fears aren’t unfounded, previously, government departments have attempted to monetize the data they held and sold citizen’s data to third parties in the private and public sector. A notable example in this regard is when the government sold data from 250 million vehicle registrations and 150 million driving licenses to 87 private companies and 32 government companies for nearly $ 7.75 million, back in 2019.

As recently as October 2023, a massive Aadhar data leak exposed personal information of nearly 81 crore Indians, more than half of the country’s population. A US based cybersecurity first discovered the data leak and found that the entity which leaked the data was willing to sell the entire Aadhar and Indian passport database for a mere eighty thousand dollars!

The Digital Personal Data Protection Act

India recently passed the Digital Personal Data Protection (DPDP) Act. The Act shockingly contains almost no accountability upon government entities when it comes to data protection and data privacy. The Act contains exemptions which allow the state and its instrumentalities the power to collect and process data with virtually no safeguards, when such activities are related to –

1. Sovereignty and integrity of India

2. Security of the state

3. Friendly relations with foreign states

4. Maintenance of public order

5. Preventing incitement to any cognizable offences

The Act additionally allows the government the power to seek information from firms and issue directions to block content on the advice of a data protection board appointed by the central government. Essentially running the risk of the government turning into a surveillance state.

Conclusion

The government needs to introspect and ramp up efforts to promote and protect data privacy. In today’s world, data is the new oil. A strong data privacy regime, imposing checks on the government itself, with strict red lines needs to be implemented in Indian asap. This will go a long way in protecting citizens' fundamental right to privacy.  The Chinese app displaying the ‘map of deadbeat debtors’ (as described by a Hebei newspaper) reflects what can happen if there’s no check on the state. Responsible and judicious use of data needs to be practised to avoid abuse of citizens’ rights over their data and prevent the state’s hegemony over every aspect of our identity and liberty.

DID YOU KNOW?

Data privacy as a right was first recognised in the Universal Declaration of Human Rights in 1948! Article 12 of the UDHR provides that a person shall not be subjected to arbitrary interference with their privacy, family, home or correspondence. As the internet evolved, this led to countries becoming alerted to the necessity and the nuances of privacy as a right for their citizens and began incorporating it into their domestic laws.

If you would like to receive regular updates on all things regulatory and policy in the emerging technology space, please click the subscribe button below and follow us on our socials and share it with others you think will enjoy it!