“Upar wala sab kuch dekh rha hai” (The one above is watching everything) is the tag line of an ad campaign run by CP Plus: a Noida-based CCTV (Closed Circuit Television) surveillance equipment provider.
Here, one must note that CCTV surveillance has long been a subject of debate, with concerns over overreach and legitimate security needs. Government agencies often require the use of cameras in public spaces. However, as the DPDP Act is now operationalised with the finalisation of its Rules, relating to CCTVs, the main questions relating to CCTVs are:
- Who is the omnipresent God-like figure?
- And, more importantly, why is that figure watching us?
Even if the purpose for installing CCTV is clearly defined, how can consent be effectively obtained in a CCTV environment, especially when the individual is not aware of the camera-based surveillance?
And how can consent work, particularly in community or commercial spaces where the flow of visitors can be significantly higher, making the individual consent-taking mechanism practically infeasible?
Why CCTV footage data matters now?
Recently in Gujarat, CCTV footage of pregnant women getting injections at a maternity hospital were leaked online, and this content was allegedly put up for sale on Telegram groups: which is increasingly becoming a hub for illegal content, including porn, non-consensual sexual imagery, and pirated movies as well.
One must note that facial information is considered the most sensitive biometric information, requiring a high level of due diligence for protection. However, when it comes to CCTV footage content, the concerns of protecting citizens’ rights when such footage violates their privacy become even more apparent with the ever-increasing number of cameras and the growing demand for illicit content in niche corners of the internet.
Therefore, the question that remains is: How will the DPDP Act impact CCTV deployment, and what recourse can data principals follow in the event of CCTV-related data breaches and data leaks?
Which law governs the use of CCTV footage in India?
India doesn’t have a single definitive law governing CCTV footage and its data. Generally, CCTVs fall under the Information Technology Act, 2000 (IT Act) and the IT (Reasonable security practices and procedures and sensitive personal data or information) Rules, 2011.
However, as CCTV videos contains facial data that the rules classify as biometric information, the DPDP Act covers CCTV data and aims to protect people’s personally identifiable information.
Are CCTV companies data fiduciaries?
So if facial data falls under the DPDP Act, does that make CCTV companies, whether they offer cloud-based or local systems, data fiduciaries?
Answering this question, Anubhab Sarkar, Managing Partner at Triumvir Law, clarified that, “CCTV companies, vendors, providers are not Data Fiduciaries when they merely supply equipment, maintain systems, or store…
Source link
Disclaimer
We strive to uphold the highest ethical standards in all of our reporting and coverage. We blogs.grocliq.com want to be transparent with our readers about any potential conflicts of interest that may arise in our work. It’s possible that some of the investors we feature may have connections to other businesses, including competitors or companies we write about. However, we want to assure our readers that this will not have any impact on the integrity or impartiality of our reporting. We are committed to delivering accurate, unbiased news and information to our audience, and we will continue to uphold our ethics and principles in all of our work. Thank you for your trust and support.
Website Upgradation is going on for any glitch kindly connect at [email protected]
