RTItransparencyquarterly update2024

Quarterly Transparency Report for October-December 2024: APAAR ID (again), Digital Media Policy and more

In the fourth quarter of 2024, IFF's transparency vertical filed 9 RTI applications to seek accountability from public institutions on digital rights issues and received some significant information with a mix of some omissions and evasions.

Rubayya Tasneem
Rubayya Tasneem
Shravani Nag Lanka
Shravani Nag Lanka
Medha Garg
Medha Garg
Injila Muslim Zaidi
Injila Muslim Zaidi

23 December, 2024
10 min read

Donate Now

tl;dr

In the fourth quarter of 2024, IFF’s transparency vertical filed nine (9) Right to Information (“RTI”) applications with different public authorities at both the state and national levels to promote transparency and accountability in their operations while also empowering Indian citizens with pertinent information relating to their digital rights. Some notable responses from this quarter include the continued evasion of information regarding the consent circular for Automated Permanent Academic Account Registry ( “APAAR”) ID, details on various state-level digital media policies, non-transparent and vague responses for government-backed surveillance projects, and more. 

Why should you care?

The Right to Information Act, 2005 (“RTI Act”) was established to foster transparency and accountability within public authorities by enabling citizens to access information held by these bodies. Ensuring such access is crucial to prevent democratic processes from being undermined by public authorities acting in their own interests. When transparency is not prioritised in public decision-making, citizens are left vulnerable, unable to effectively monitor and challenge potential abuses of power by these authorities.

The RTI Act completed 19 years on October 12, 2024. Over the years, however, the RTI Act has faced significant setbacks, such as the weakening of Section 8(1)(j) through the passage of the Digital Personal Data Protection Act, 2023 (“DPDP Act”). An amendment in the DPDP Act amendment removed the legal foundation for allowing government agencies to share personal information in the public interest. Despite these challenges, the RTI Act remains one of the most vital tools available to the public for engaging with and demanding transparency and accountability from both Union and state governments. The Digital Transparency vertical at IFF works diligently to obtain information on various ongoing policies and public sector projects through RTI applications. The responses we receive often serve as a basis for government engagement, advocacy, and, in some cases, strategic litigation. Previous reports on our transparency endeavours can be accessed here

RTIs filed

Here is a list of RTIs we filed this quarter:

  1. We asked the Ministry of Agriculture and Farmers’ Welfare about its AI-based National Pest Surveillance System (“NPSS”) which seeks to connect farmers and scientists over the phone. We inquired about the details of the AI technologies and methods used in the system, including information on the application used to collect data of the farmers’. We also requested them to provide a comprehensive list of third-party individuals and entities involved in the development and operation of the system interface, along with the budget outlay for the project. We received a detailed response regarding this which mentioned that the NPSS system uses Plantix deep learning models for pest detection and WadhwaniAl APIs for accessing its trap-based surveillance model of deep learning. It also mentioned that the fund allocated for the development of NPSS  is Rs. 69.92 lakhs and the actual expenditure to date is: Rs. 35.57 lakhs. 
  2. Over the past year, the government has been emphasising and propagating the use of Jeevan Praman i.e. Digital Life Certificate (“DLC”). DLC is a biometric-enabled digital service for pensioners of central or state governments. By introducing this, pensioners need not visit the office of the disbursing agency for physical submission of life certificates and instead may use the Aadhaar-enabled biometric authentication mechanism to generate DLC. We asked the Department of Pensions & Pensioners Welfare regarding the use of Face Authentication Technology (“FAT”) systems in generating DLCs and whether the FAT requires mandatory Aadhaar enrollment. We further inquired about the legal backing and guidelines grounding this project, its current implementation status and coverage, the start date for individual registration, guidelines for operation, the nature of registration (mandatory or voluntary), consent procedures, access details for entities, and security measures against data breaches. 
  3. We asked the Ministry of Health and Family Welfare (“MoHFW”) about their directive to hospitals to install CCTV cameras on campus. This included high-resolution CCTV cameras on campus at strategic locations like entrances, exits, corridors, dark spots and sensitive areas, and control rooms to monitor activities on a real-time basis. We requested information on the current status of the project, including a list of hospitals where it will be implemented. Additionally, we sought details on the technology being used, such as AI and facial recognition technology (“FRT”). In our next section, we delve deeper into some of the notable responses which we have received till now. 
  4. It was reported in August 2024 that the National Payments Corporation of India (“NPCI”) is in discussions with a few startups to enable biometric authentication for the popular mobile-based UPI payments. We asked NPCI for information on the implementation measures being taken to operationalise the biometric authentication for UPI payments and the legal framework within which they are operating. We requested detailed information on the technologies used for biometric authentication, along with copies of the privacy policy, data use policy, and data access policy concerning the data collected during biometric authentication. Additionally, we inquired about the consent framework for users whose biometrics have been collected, as well as the procedure for withdrawing or deleting their biometric data.
  5. We asked the Ministry of Information and Broadcasting (“MIB”) for the details on the legal notice issued to the Wikimedia Foundation Inc. which was reported by the Hindustan Times on November 05, 2024. Allegedly, the notice pointed out complaints of bias and inaccurate information on the website and questioned why Wikipedia should not be treated as a publisher instead of an intermediary. We requested a copy of the abovementioned notice and communication exchanged internally in MIB regarding it. We additionally asked for documents citing reasons for issuing such a notice. 
  6. On August 28, 2024, the Department of Telecommunications (“DoT”) released draft versions of 4 rules, under the new Telecommunications Act, 2023, namely the draft Telecommunications (Procedures and Safeguards for Lawful Interception of Messages) Rules, 2024, draft Telecommunications (Temporary Suspension of Services) Rules, 2024, draft Telecommunications (Telecom Cyber Security) Rules, 2024 and draft Telecommunications (Critical Telecommunication Infrastructure) Rules, 2024 which been have notified under the Telecommunications Act, 2023. These rules were released for public consultation providing a thirty-day timeframe for inviting comments. IFF submitted detailed comments on the draft rules. Currently, all 4 rules have been notified. Read more about these notified rules. (here, here, here and here). However, it is to be noted that the responses received from stakeholders on the 4 draft Rules have not been made public by the DoT as of date. In light of this and to gather comprehensive information, we filed an RTI and asked DoT to share an exhaustive list of all responses received by them. 

The never-ending saga of APAAR ID - a game of transfers 

On July 29, 2023, the Automated Permanent Academic Account Registry [“APAAR ID”] was introduced by the Ministry of Education [“MoE”] through a panel discussion on the implementation of the National Education Policy, 2020. The APAAR ID system presents significant risks, especially in the collection and handling of minors' sensitive data, including personal and academic information, without adequate legal safeguards or robust data protection measures. We had earlier submitted numerous RTIs to the Ministry of Education and Ministry of Electronics and Information Technology (“MeitY”) regarding the seemingly unchecked implementation of the APAAR ID across India, but have yet to receive any responses. 

Our concerns regarding APAAR ID grew as reports started emerging of parents being coerced into signing consent forms by schools for APAAR ID. On November 18, 2024, we filed RTIs with the CBSE, Delhi Education Department, and the Karnataka Education Department enquiring if any circulars were issued to schools (directly or indirectly) directing them to mandatorily seek consent from the parents for the creation of APAAR IDs. Unsurprisingly, the Union government repeated its previous trend as CBSE transferred the RTI to the Department of School Education and Literacy under the Ministry of Education, which in turn transferred the RTI back to CBSE. The Delhi Education Department transferred the RTI to the Directorate of Education, who further transferred the RTI to the zone-wise government schools. The government schools shared a circular, and letters from the Secretary and Additional Secretary, the Ministry of Education instructing schools to organise "special parent-teacher meetings" to try and convince parents to create an APAAR ID for their children.

AI CCTV in hospitals: storing data without safeguards 

After a directive of the Ministry of Health and Family Welfare (MoHFW) to hospitals to install a sufficient number of high-resolution CCTV cameras on campus at strategic locations like entrances, exits, corridors, dark spots and sensitive areas, and set up control rooms to monitor activities on a real-time basis after a 31-year-old trainee doctor was brutally raped and murdered at the RG Kar Hospital in Kolkata on August 9, 2024. The Ministry transferred our RTIs to various hospitals and then we received detailed responses from the hospitals. The responses received from several prominent hospitals, including AIIMS MP, AIIMS Delhi, Lady Harding Medical College, AIIMS Raipur, AIIMS Bhubaneswar, JIPMER Puducherry, and others, reveal troubling practices surrounding the deployment of CCTV cameras with AI and Facial Recognition Technology (FRT).

While AIIMS MP and Lady Harding Medical College confirmed they do not use FRT, AIIMS Raipur and AIIMS Patna acknowledged the use of AI-enabled cameras capable of FRT, though without clear confirmation of its implementation. JIPMER Puducherry also admitted to using AI, though they declined to specify the technology used. Concerns arise from the storage of CCTV footage, with hospitals storing data collected from these CCTV cameras for periods ranging from 30 to 33 days, but without disclosing where this data is kept. AIIMS Delhi stated that the data would be stored for 30 days, but the storage location was not revealed. AIIMS Bhubaneswar also informed that data is stored in a centralized CCTV control room, with a backup retention period of approximately 30 days. The lack of clarity on data protection measures raises alarm, especially since these hospitals are collecting and storing sensitive patient information without adequate regulations in place. Considering that the DPDP Act is still not in force and in the absence of clear AI regulations, these practices put patients’ privacy at serious risk. The potential for data breaches, unauthorized access, and misuse of sensitive information is substantial, underscoring the urgent need for comprehensive legislation to govern the use of AI and surveillance in healthcare settings.

Goa and MP Tourism Drop the Ball on Digital Media Policy: No Public Consultation, No Clear Answers

Following the reports on August 28, 2024, regarding the Uttar Pradesh government's Digital Media Policy, 2024, we filed an  RTI  requesting the policy document and details about the consultation process, as the policy had not been officially released to the public. In our research, we discovered that MIB and several other states also have similar digital media policies. Consequently, we submitted RTIs to MIB, Haryana, Punjab, and Himachal Pradesh,  requesting information on the number of empanelled influencers, cancellations of empanelments, budget allocations, any legal actions taken against influencers, and details of consultations for these policies.

Additionally, media reports indicated that Rajasthan, Assam, and Sikkim had also initiated similar empanelment processes for social media influencers to promote government schemes, yet these policy documents are not publicly accessible. This lack of transparency undermines the state's accountability to its citizens. Therefore, we filed RTIs with these states (see here, here and here) to request the policy documents and to inquire whether public consultations were conducted before their implementation.

The policies in Madhya Pradesh and Meghalaya on social media and influencer engagement differ notably from those in other states, with some focusing on tourism promotion and others targeting government welfare ads, but limited to print media and news portals, excluding social media. We also submitted RTIs to these states (see here and here) to obtain their policy documents and details on any consultations held before their release, among other information. The Madhya Pradesh Tourism Board confirmed initiating the empanelment process for influencer campaigns, with letters issued to four agencies: Collectcent Digital Media Pvt. Ltd., Barcode Entertainment, The Crayons Network, and YAAP Digital Media Pvt. Ltd. When asked about the inclusion of digital entities in the Digital and Social Media Policy, 2022, the Board stated no information was available, and no policy drafts or details on consultations were provided.

The Goa government responded to us on  October 09, 2024, where it provided the names of the empanelled influencers along with the category of influencers as per its digital media policy. It also gave us information on the allocation of funds and it also acknowledged that no public consultation was conducted before this policy was implemented, raising significant concerns about the lack of citizen involvement and the potential for arbitrary decision-making.

We also got a response from the Madhya Pradesh Tourism Board which confirmed that it has initiated the empanelment process for influencer campaigns, with letters issued to four agencies: Collectcent Digital Media Pvt. Ltd., Barcode Entertainment, The Crayons Network, and YAAP Digital Media Pvt. Ltd. However, since the empanelment is still in process, there has been no cancellation, blacklisting, or legal action. The budget allocation for these agencies will be determined after agreements are finalized. When asked about the inclusion of digital entities in the Digital and Social Media Policy, 2022, the Madhya Pradesh Tourism Board stated that no information was available. Additionally, there was no information on consultations conducted before drafting these policies, and no policy drafts were available with the department.

First Appeals

  1. To combat misinformation and fake news, several Indian states have started constituting state-level fact check units (“FCU”) or other authorities. To seek clarity and further details on how these states are addressing fake, false, and misleading information, and if they have established any state-level FCU for this purpose we have filed two separate RTI applications with all the States and Union Territories – first, asking them about the efforts and steps taken by them to monitor and regulate the dissemination of fake, false, and misleading information online as well as online, and the second, asking the States about the establishment or constitution of any fact-check unit, or any other authority, to regulate the dissemination of fake, false and, misleading information. We received responses from Gujarat and Meghalaya to both the FCU RTIs. Gujarat's Public Information Officer (“PIO”) (Additional Director General of Police and Cyber Crime Cell) denied access, citing exemptions under a 2005 Gujarat Home Department notification. Similarly, Meghalaya's PIO (Director General of Police) cited a 2024 State Government notification exempting information under the Criminal Investigation Department. Both states raised similar exemptions in response to the second FCU RTIs. We filed first appeals, arguing that despite Section 24' of the RTI Act’s exemption for intelligence and security information, allegations of corruption and human rights violations must still be disclosed under the proviso to Section 24(4). However, the First Appellate Authorities in both cases upheld the response of the PIO stating that the appeal is not substantiated by any allegation of corruption or human rights allegations.

S.N.

Authority

FAA Order

1.

Inspector General of Police, Meghalaya [Specific]

Order

2.

Inspector General of Police, Meghalaya [Generic]

Order

3.

Director General of Police, Gujarat [Generic]

Order

So, what’s next?

Well, we will continue to monitor the news closely, submit relevant RTI requests, and file first appeals as needed, while steadfastly advocating for transparent, accountable, and citizen-driven democratic institutions. We eagerly await responses to the remaining RTIs and will update you in our next quarterly report. Stay tuned for more updates!

Subscribe to our newsletter, and don't miss out on our latest updates.

Similar Posts

1
Supreme Court issues notice in Sushant Singh's transfer petition challenging website blocking

Sushant Singh has sought transfer of his writ petition from the Bombay High Court to the Supreme Court, challenging Rules 8 and 16 of the IT Blocking Rules, 2009. On 02.05.2025, the Supreme Court issued notice and tagged it with SFLC’s pending petition raising similar issues.

6 min read

2
Section 44(3) and the Systematic Dismantling of the RTI Act: A Fact Check to Ashwini Vaishnaw

Section 3 has no relevance to the RTI amendment, and Mr. Ashwini Vaishnaw's response fails to address the core concern: Section 44(3) weakens citizens’ right to information and transparency in governance. IFF does a fact check. 

6 min read

3
Budget Session 2025: A Digital Rights Review

The Budget Session of Parliament, held from January 21 to April 4, 2025, included a recess from February 13 to March 10 for Standing Committee reviews. Key discussions covered various national issues, including digital rights and freedoms.

12 min read

Donate to IFF

Help IFF scale up by making a donation for digital rights. Really, when it comes to free speech online, digital privacy, net neutrality and innovation — we got your back!