Authors: Raktima Roy, Gabriela Zanfir-Fortuna

Raktima Roy is a Privacy Attorney [i]with several years of experience in India and holds an LLM in Law and Technology from Georgetown University, as well as an FPF Global Privacy Intern.

The Digital Personal Data Protection Act of India (DPDP) sprinted through its final stages last week after several years of debates, postponements and negotiations, culminating with its publication in the Official Gazette on Friday, August 11, 2023. In just over a week, the Bill passed the lower and upper Houses of the Parliament and received Presidential assent. India, the most populous country in the world with more than 1.4 billion people, is the largest democracy and the 19th country among the G20 members to pass a comprehensive personal data protection law – which it did during its tenure holding the G20 Presidency.

The adoption of the DPDP Bill in the Parliament comes 6 years after Justice K.S. Puttaswamy v Union of India, a landmark case in which the Supreme Court of India recognized a fundamental right to privacy in India, including informational privacy, within the “right to life” provision of India’s Constitution. In this judgment, a nine-judge bench of the Supreme Court urged the Indian Government to put in place “a carefully structured regime” for the protection of personal data. As part of India’s ongoing efforts to create this regime, there have been several rounds of expert consultations and reports, and two previous versions of the bill were introduced in the Parliament in 2019 and 2022. A brief history of the law is available here.

The law as enacted is transformational. It has a broad scope of application, borrowing from the EU’s General Data Protection Regulation (GDPR) approach when defining “personal data” and extending coverage to all entities who process personal data regardless of size or private status. The law also has significant extraterritorial application. The DPDP creates far reaching obligations, imposing narrowly defined lawful grounds for processing any personal data in a digital format, establishing purpose limitation obligations and their corollary – a duty to erase the data once the purpose is met, with seemingly no room left for secondary uses of personal data, and creates a set of rights for individuals whose personal data are collected and used, including rights to notice, access and erasure. The law also creates a supervisory authority, the Data Protection Board of India (Board), which has the power to investigate complaints and issue fines, but does not have the power to issue guidance or regulations.

At the same time, the law provides significant exceptions for the central government and other government bodies, the degree of exemption depending on their function (such as law enforcement). Other exemptions include those for most publicly available personal data, processing for research and statistical purposes, and processing the personal data of foreigners by companies in India pursuant a contract with a foreign company (such as outsourcing companies). Some processing by startups may also be exempt, if notified by the government. The Act also empowers the central government to act upon a notification by the Board and request access to any information from an entity processing personal data, an intermediary (as defined by the Information Technology Act, 2000 – the “IT Act”) or from the Board, as well as to order suspension of access of the public to specific information. The Central Government is also empowered to adopt a multitude of “rules” (similar to regulations under US state privacy laws) that detail the application of the law.

It is important to note that the law will not come into effect until the government provides notice of an effective date. The DPDP Act does not contain a mandated transitional period akin to the two-year gap between the 2016 enactment of the GDPR and its entry into force in May 2018. Rather, it empowers the Government to determine the dates on which different sections of the Act will come into force, including the sections governing the formation of the new Board that will oversee compliance with the law.

This blog will lay out the most important aspects of the DPDP Act, understanding nonetheless that many of its key provisions will be shaped up through subsequent rules issued by the central government, and through practice.

1. The DPDP Act Applies to “Data Fiduciaries,” “Significant Data Fiduciaries,” and provides rights for “Data Principals”

The DPDP Act seeks to establish a comprehensive national framework for processing personal data, replacing a much more limited data protection framework under the IT Actand rules that currently provide basic protections to limited categories of “sensitive” personal data such as sexual orientation, health data, etc. The new law by contrast covers all “personal data” (defined as “any data about an individual who is identifiable by or in relation to such data”) and does not contain heightened protection for any special category of data. The definition of “personal data,” thus, relies on the broad “identifiability” criterion, similar to the GDPR. Only “digital” personal data, or personal data collected through non-digital means that have been digitized subsequently are covered by the law.

The DPDP Act uses the term “data principal” to refer to the individual that the personal data relates to (the equivalent of “data subject” under the GDPR). A “data fiduciary” is the entity that determines the purposes and means of processing of personal data, alone or in conjunction with others, and is the equivalent to a “data controller” under GDPR. While the definition of data fiduciaries includes a reference to potential joint fiduciaries, the Act does not provide any other details about this relationship.

The definition of fiduciaries does not distinguish between private and public, natural and legal persons, technically extending to any person as long as the other conditions of the law are met.

Specific Fiduciaries, Public or Private, Are Exempted or May Be Exempted from the Core Obligations of the Act

The law includes some broad exceptions for government entities in general, and others apply to specific processing purposes. For instance, the law allows the government to exempt activities that are in the interests of the sovereignty and integrity of India, the security of the State, friendly relations with foreign States, maintenance of public order, or preventing incitement to commit crimes if it provides notice of the exemptions. Justice Srikrishna, who as the head of an expert committee set up to recommend a data protection law in India led the creation of the 2017 first draft of the law, has been critical of these government exemptions, as have been several Members of Parliament during the legislative debate.

Some targeted exceptions also apply to companies, and are either well defined in the law or left to the government for specification. Under what can be called an “outsourcing exception,” the Act exempts companies based in India who process the personal data of people outside of India pursuant to a contract with a company based outside of India from core DPDP obligations including the rights of access and erasure normally held by data principals. Instead, such companies are largely required to only comply with data security obligations.

In addition, the government is empowered to exempt any category of data fiduciaries from some or all of the law, with the DPDP itself referring to “startups” in this context. These are fairly broad provisions and do not include any guidance on how they will apply or who could benefit from them. The government will need to make a specific designation for this exception to operate.

Significant Data Fiduciaries Have Significant New Obligations, such as DPOs, DPIAs and Audits

The DPDP Act empowers the Government to designate any data fiduciary or class of data fiduciaries as a “Significant Data Fiduciary” (SDF), which is done using a series of criteria that lack quantifiable thresholds. These factors range from assessing characteristics of the processing operations (volume and sensitivity of personal data processed and the risk posed to the rights of data principals), to broader societal and even national sovereignty concerns (potential impact of the processing on the sovereignty and integrity of India; risk to electoral democracy; security of the state; and public order).

The designation of companies as SDFs is consequential, because it comes with enhanced obligations. Chief among them, SDFs will need to appoint a Data Protection Officer (DPO), who must be based in India and be the point of contact for a required grievance redressal mechanism. SDFs must also appoint an independent data auditor to carry out data audits and evaluate the SDF’s compliance with the DPDP Act, and to undertake periodic Data Protection Impact Assessments.

It is important to note that appointing a DPO is not an obligation for all data fiduciaries. However, all fiduciaries are under an obligation to establish a “readily available” mechanism for redressing grievances by data principals in a timely manner. In order for such a process to be operationalized, usually an internal privacy compliance function or a dedicated privacy officer would be helpful.

The DPDP Act Recognizes the Role of Data Processors

Data processors are recognized by the DPDP Act, which makes it clear that fiduciaries may engage, appoint or otherwise involve processors to process personal data on their behalf “only under a valid contract” (Section 8(2)). There are no prescribed rules for what a processing contract should entail. However, the DPDP Act places all obligations on data fiduciaries, which remain liable for complying with the law.

Data fiduciaries remain liable for overall compliance, regardless of any contractual arrangement to the contrary with data processors. The DPDP Bill requires data fiduciaries to mandate that a processor delete data when a data principal withdraws consent, and fiduciaries be able to share information of processors they have engaged when requested by a data subject.

1. The DPDP Act Has Broad Extraterritorial Effect and Almost No Restrictions for International Data Transfers

The DPDP Act applies to the processing of “digital personal data” within India. Importantly, the definition of the “data principal” does not include any condition related to residence or citizenship, meaning that it is conceivable fiduciaries based in India who process the personal data of foreigners within the territory of the country may be covered by the Act (outside of the “outsourcing exception” mentioned above).

The Act also applies extraterritorially to processing of digital personal data outside India, if such processing is in connection with any activity related to offering of goods or services to data principals within India. The extraterritorial effect is similar in scope to the GDPR, and it may leave room for a broader interpretation through its inclusion of “any activity” connected to the offering of goods or services.

The DPDP Act does not currently restrict the transfer of personal data outside of India. It reverses the typical paradigm of international data transfer provisions in laws like the GDPR, by presuming that transfers may occur without restrictions, unless the Government specifically restricts transfers to certain countries (blacklisting) or enacts any other form of restriction (Section 16). No criteria for such restrictions have been mentioned in the law. This is a significant departure from previous instances of the Bill, which at one point contained data localization obligations (2018), and evolved at another point into “whitelisting” of countries (2022).

It should also be noted that other existing sectoral laws (e.g., those governing specific industries like banking and telecommunications) already contain restrictions on cross-border transfers of particular kinds of data. The DPDP Act clarifies that existing localization mandates will not be affected by the new law.

1. Consent Remains Primary Means for Lawful Processing of Personal Data Under the Act

Data fiduciaries are under an obligation to process personal data for a lawful purpose and only if they either obtain consent from the data principal for that purpose, or they identify a “legitimate use” consistent with Section 4. This process is conceptually similar to the approach proposed by the GDPR, requiring a lawful ground before personal data can be collected or otherwise processed. However, in contrast to the GDPR (which provides for six possible lawful grounds), the DPDP Act includes only two: strictly defined “consent” and “legitimate use.”

Which lawful ground is used for a processing operation is consequential. Based on the wording of the Act and in the absence of further specification, the obligations of fiduciaries to give notice and respond to access, correction and erasure requests (see Section 4 of this blog) are only applicable if the processing is based on consent and on voluntary sharing of personal data by the principal.

Valid Consent Has Strict Requirements, Is Withdrawable, And Can be Exercised Through Consent Managers

The DPDP Act requires that consent for processing of personal data be “free, specific, informed, unconditional and unambiguous with a clear affirmative action.” These conditions are similarly strict to those required under the GDPR, highlighting that the people whose personal data are processed must be free to give consent, and their consent must not be tied to other conditions.

In order to meet the “informed” criterion, the Act requires that notice be given to principals before or at the time that they are asked to give consent. The notice must include information about the personal data to be collected, the purpose for which it will be processed, the manner in which data principals may exercise their rights under the DPDP Act, and how to make a complaint to the Board. Data principals must be given the option to receive the information in English or a local language among the languages specified in the Constitution.

The DPDP Act addresses the issue of legacy data for which companies may have received consent prior to the enactment of the law. Fiduciaries should provide the same notice to these data principals as soon as “reasonably practicable.” In that case, however, the data processing may continue until the data principal withdraws consent.

Data fiduciaries may only process personal data for the specific purpose provided to the data principal and must obtain separate consent to process the data for a new purpose. In practice, this will make it difficult for data fiduciaries to rely on “bundled consent.” Provisions around “secondary uses” of personal data or “compatible purposes” are not addressed in the Act, making the purpose limitation requirements strict.

Data principals may also withdraw their consent at any time – and data fiduciaries must ensure that the process for withdrawing consent is as straightforward as that for giving consent. Once consent is withdrawn, personal data must be deleted unless a legal obligation to retain data applies. Additionally, data fiduciaries must ask any processors to cease processing any personal data for which consent has been withdrawn, in the absence of legal obligations imposing data retention.

The DPDP Act allows principals to give, manage, review and withdraw their consent through a “Consent Manager,” which will be registered with the Board and must provide an accessible, transparent, and interoperable platform. Consent Managers are part of India’s “Data Empowerment And Protection Architecture” policy, and similar structures have been already functional for some time, such as in the financial sector. Under the DPDP Act, Consent Managers will be accountable to data principals and act on their behalf as per prescribed rules. The Government will notify (in the Gazette) the conditions necessary for a company to register as a Consent Manager, which may include fulfilling minimum technical or financial criteria.

“Legitimate Uses” Are Narrowly Defined and Do Not Include Legitimate Interests or Contractual Necessity

As alternative to consent, all other lawful grounds for processing personal data have been amalgamated under the “legitimate uses” section, including some grounds of processing that previously appeared under a “reasonable purposes” category in previous iterations of the bill. It is notable that the list of “legitimate uses” in Section 7 of the Act does not include similar provisions to the grounds of “contractual necessity” and “legitimate interests” found in GDPR-style data protection laws, leaving limited options to private fiduciaries for grounding processing of personal data outside of consent, including for routine or necessary processing operations.

Among the defined “legitimate uses”, the most relevant ones for processing personal data outside of a government, emergency or public health context, are the “voluntary sharing” of personal data under Section 7(a) and the “employment purposes” use under Section 7(i).

The lawful ground most likely to raise interpretation questions is “voluntary sharing.” It allows a fiduciary to process personal data for a specified purpose for which a principal has voluntarily provided their personal data to the data fiduciary (presumably, provided it without the fiduciary seeking to obtain consent), and for which the principal has not indicated to the fiduciary an objection to the use of the personal data. For instance, one of the illustrations included in the law to explain Section 7(a) is the hypothetical of a buyer requesting a receipt of purchase at a store be sent to her phone number, permitting the store to use the number for that purpose. There is a possibility that subsequent rules may expand this “legitimate use” to cover instances of “contractual necessity” or “legitimate interests.”

A fiduciary may also process personal data without consent for purposes of employment or those related to safeguarding the employer from loss or liability, such as prevention of corporate espionage, maintenance of confidentiality of trade secrets, intellectual property, classified information or provision of any service to employees.

1. Data Principals Have a Limited Set of “Data Subject Rights,” But Also Obligations

The DPDP Act provides data principles a set of enumerated rights, which is limited compared to those offered under modern GDPR-style data protection laws. The DPDP guarantees a right of access and a right to erasure and correction, in addition to a right to receive notice before consent is sought (similar to the right to information in the GDPR). Thus, a right to data portability, a right to object to processing based on other grounds than consent, and the right not to be subject to solely automated decision-making are missing.

Instead, the DPDP Act provides for two other rights – a right to “grievance redressal,” which entails the right to have an easily accessible point of contact provided by the fiduciary to respond to complaints from the principal, and a right to “appoint a nominee,” which permits the data principal to nominate someone who can exercise rights on their behalf in the event of death or incapacity.

Notably, the rights of access, erasure and correction are limited to personal data processing based on consent or the “voluntary disclosure,” legitimate use, which means that whenever government bodies or other fiduciaries rely on any of the “legitimate uses” grounds they will not need to reply to access or erasure/correction requests, unless further rules adopted by the government specify otherwise.

In addition, the right of access is quite limited in scope. It only gives data principals the right to request and obtain a summary of the personal data being processed and of the relevant processing activities (as opposed to obtaining a copy of the personal data), and the identities of all fiduciaries and processors with whom the personal data has been shared by the fiduciary, along with a summary of the data being shared. However, Section 11 of the law leaves space for subsequent rules that may specify additional information to be given access to.

Data principals have the right to request erasure of personal data pursuant to Section 12(3), but it is important to highlight that erasure may also be required automatically – after the withdrawal of consent or when the specified purpose is no longer being served (Section 8(7)(a)). Similarly, correction, completion and updating of personal data can be requested by the principal, but must also occur automatically when the personal data is “likely to be used to make a decision that affects” the principal (Section 8(3)).

Data Principals May Be Fined if They Do Not Comply With Their Obligations

Unlike the majority of international data protection laws, Section 15 of the DPDP Act imposes duties on data principals, similar to Article 10 of Vietnam’s recently adopted Personal Data Protection Decree (titled “Obligations of data subjects”).

These obligations include, among others, a duty not to impersonate someone else while providing personal data for a specified purpose, not suppress any material information while providing personal data for any document issued by the Government, and, significantly, not register a false or frivolous grievance or complaint. Noncompliance may result in a fine (see clause 5 of the Schedule). This may hamper the submission of complaints with the Board, per expert analysis.

1. Fiduciaries are Bound by a Principle of Accountability and Have Data Breach Notification Obligations

The DPDP Act does not articulate Principles of Processing, or Fair Information Practice Principles, but the content of several of its provisions put emphasis on purpose limitation (as explained in previous sections of the blog) and on the principle of accountability.

Section 8 of the Act includes multiple obligations for data fiduciaries, all under an umbrella expectation in paragraph 1 that they are “responsible for complying” with the provisions of the Act and any subsequent implementation rules, both regarding processing undertaken by the data fiduciary and by any processor on its behalf. This specification echoes the GDPR accountability principle. In addition, data fiduciaries are under an obligation to implement appropriate technical and organizational measures to ensure the effective implementation of the law.

Data security is of particular importance, considering that data fiduciaries must both take reasonable security safeguards to prevent personal data breaches, and notify the Board and each affected party if such breaches occur. The details related to modalities and timeline of notification will be specified in subsequent implementation rules.

A final obligation of data fiduciaries to highlight is the requirement they establish a “readily available” mechanism for redressing “grievances” by data principals in a timely manner. The “grievance redress” mechanism is of utmost importance, considering that data principals cannot address the Board with a complaint until they “exhaust the opportunity of redressing” the grievance through this mechanism (Section 13(3)). The Act leaves determination of the time period for responding to grievances to delegated legislation, and it is possible that there may be different time periods for different categories of companies.

1. Fiduciaries Have a Mandate to Verify Parental Consent for Processing Personal Data of Minors under 18

The DPDP Act creates significant obligations concerning the processing of children’s personal data, with “children” defined as minors under 18 years of age, without any distinguishing sub-category for older children or teenagers. As a matter of principle, data fiduciaries are forbidden to engage in any processing of children’s data that is “likely to cause any detrimental effect on the well-being of the child.”

Data fiduciaries are under an obligation to obtain verifiable parental consent before processing the personal data of any child. Similarly, consent must be obtained from a lawful guardian before processing the data of a person with disability. This obligation, which is increasingly common to privacy and data protection laws around the world, may create many challenges in practice. A good resource for untangling its complexity and applicability is FPF’s recently published report and accompanying infographic – “The State of Play: Is Verifiable Parental Consent Fit For Purpose?”

Finally, the Act also includes a prohibition on data fiduciaries engaging in tracking or behavioral monitoring of children, or targeted advertising directed at children. Similar to many other provisions of the Act, the government may issue exemptions from these obligations for specific classes of fiduciaries, or may even lower the age of digital consent for children when their personal data is processed by designated data fiduciaries.

1. The Act Creates a Data Protection Board to Enforce the Law, But Reserves Regulatory Powers For the Government

The DPDP Act empowers the Government to establish the Board as an independent agency that will be responsible for enforcing the new law. The Board will be led by a Chairperson and will have Members appointed by the Government for a renewable two-year mandate.

The Board is vested with the power to receive and investigate complaints from data principals, but only after the principal has exhausted the internal grievance redress mechanism set up by the relevant data fiduciaries. The Board can issue binding orders against those who breach the law, can direct urgent measures to remediate or mitigate a data breach, imposing financial penalties and direct parties to mediation.

While the Board is granted “the same powers as are vested in a civil court” – including summoning any person, receiving evidence, and inspecting any documents (Section 28(7)), the Act specifically excludes any access to civil courts in the application of its provisions (Section 39), creating a de facto limitation on effective judicial remedy similar to the relief provided in Article 82 GDPR. The Act grants any person affected by a decision of the Board the right to pursue an appeal in front of an Appellate Tribunal, which is designated the Telecom Disputes Settlement and Appellate Tribunal established under other Indian law.

Penalties for breaches of the law have been stipulated in a Schedule attached to DPDP Act and range from the equivalent in rupees of USD $120 to USD $30.2 million. The Board can determine the penalty amount from a preset range based on the offense.

However, the Board does not have the power to pass regulations to further specify details related to the implementation of the Act. The Government is conferred broad discretion in adopting delegated legislation to further specify the provisions of the Act, including clarifying modalities and timelines for fiduciaries to respond to requests from data principals, the requirements of valid notice for obtaining a data principal’s consent for processing of data, details related to data breach notifications, and more. The list of operational details that may be specified by the Government in subsequent rules is open-ended and detailed in Section 40(2)(a) to (z). Subsection (z) of this provision provides a catch-all permitting the Central Government to prescribe rules on “any other matter” related to the implementation of the Act.

In practice, it is expected that it will take time for the new Board to be established and for rules to be issued in key areas for compliance.

Besides rulemaking power, the Central Government has another significant role in the application of the law. Pursuant to Section 36, it can require any information (including presumably personal data) that it wants (or “call for”) from the Board, data fiduciaries, and “intermediaries” as defined by the IT Act. No further specifications are made in relation to such requests, other than that they must be made “for the purposes of the Act.” This provision is broader and subject to fewer restrictions than provisions on data access requests in the existing IT Act and its subsidiary rules.

Additionally, the Central Government may also order or direct any governmental agency and any “intermediary” to block information for access by the public “in the interests of the general public.” To issue such an order, the Board will need to have sanctioned the data fiduciary concerned at least twice in the past, and the Board must advise the Central Government to issue such an order. An order blocking public access may refer to “any computer resource” that enables data fiduciaries to offer goods or services to data principals within the territory of India. While it is now common among modern comprehensive data protection laws around the world for independent supervisory authorities to order erasure of personal data unlawfully processed, or to order international data transfers or sharing of personal data to cease if conditions of the law are not met, these provisions of the DPDP Act are atypical because the orders will come directly from the Government, and also because they more closely resemble online platform regulation than privacy law.

1. Exceptions for Publicly Available Data And Processing for Research Purposes Are Notable for Training AI

Given that this law comes in the midst of a global conversation about how to regulate artificial intelligence and automated decision-making, it is critical to highlight provisions in the law that seem directed at facilitating development of AI trained on personal data. Specifically, the Act excludes from its application most publicly available personal data, as long as it was made publicly available by the data principal – for example, a blogger or a social media user publishing their personal data directly – or by someone else under a legal obligation to publish the data, such as personal data of company shareholders that regulated companies must publicly disclose by law.

Additionally, the Act exempts the processing of personal data necessary for research or statistical purposes (Section 17(2)(b)). This exemption is extremely broad, with only one limitation in the core text: the Act will still apply to research and statistical processing if the processing activity is used to make “any decision specific to the data principal.”

There is only one other instance in the DPDP Act where processing data to “make decisions” about a data principal is raised. Data fiduciaries are under an obligation to ensure the “completeness, accuracy and consistency” of personal data if it is used to make a decision that affects the data subject. In other words, while the Act does not provide for a GDPR-style right not to be subject to automated decision-making, it does require that when personal data are used for making any individual decisions, presumably including automated or algorithmic decisions, such data must be kept accurate, consistent and complete.

Additionally, the DPDP Act remains applicable to any processing of personal data through AI systems, if the other conditions of the law are met, given the broad definitions of “processing” and of “personal data.” Further rules adopted by the Central Government or other notifications may provide more guidance in this regard.

Notably, the Act does not exempt processing of personal data for journalistic purposes, a fact criticized by the Editors’ Guild of India. In previous versions of the Bill, especially the expert version spearheaded by Justice Srikrishna in 2017, this exemption was present. It is still possible that the Central Government will address this issue through delegated legislation.

Key Takeaways and Further Clarification

India’s data protection Act has been in the works for a significant period of time and the passage of the law is a welcome step forward after the recognition of privacy as a fundamental right in India by the Supreme Court in its landmark Puttaswamy judgment.

While the basic structure of the law is similar to many other global laws like the GDPR and its contemporaries, India’s approach has its differences, such as more limited grounds of processing, wide exemptions for government actors, regulatory powers for the government to further specify the law and to exempt specific fiduciaries or classes of fiduciaries from key obligations, no baked-in definition or heightened protection for special categories of data, and the rather unusual inclusion of powers for the Government to request access to information from fiduciaries, the Board and “intermediaries”, as well as to block access by the public to specific information in “computer resources”.

Finally, we note that many details of the Act are still left to be clarified once the new Data Protection Board of India is set up and further rules for the specification of the law are drafted and officially notified.

Editors: Lee Matheson, Dominic Paulger, Josh Lee Kok Thong

fpf.org/blog/the-digital-perso…

Authors: Cheng Kit Pang, Elena Guañuna, Alistair Simmons, and Matthew Rostick

Cheng Kit Pang, Elena Guañuna, Alistair Simmons, and Matthew Rostick are FPF Global Privacy Interns.

From July 18 to July 21, 2023, the Personal Data Protection Commission (PDPC) of Singapore held its annual Personal Data Protection Week (PDP Week), which overlapped with the IAPP’s Asia Privacy Forum 2023.

The Future of Privacy Forum (FPF)’s flagship event during PDP Week was a roundtable on the governance implications of generative AI systems in the Asia-Pacific (APAC) region. In organizing this event together with the PDPC, FPF brought together over 80 participants from industry, academia, the legal sector, and international organizations, as well as regulators from across the APAC region, Africa, and the Middle East.

FPF Roundtable on Governance of Generative AI Systems in APAC

On July 21, FPF organized a high-level closed-door roundtable, titled “Navigating Governance Frameworks for Generative AI Systems in the Asia-Pacific.” The roundtable explored the issues raised by applications of existing and emerging AI governance frameworks in APAC to generative AI systems.

Dominic Paulger (Policy Manager, FPF APAC) kicked off the roundtable with a presentation on the existing governance and regulatory frameworks that apply to generative AI systems in the APAC region. The presentation highlighted that to date, most major APAC jurisdictions have opted for “soft law” approaches to AI governance, such as developing ethical frameworks and voluntary governance frameworks, rather than “hard law” approaches, such as enacting binding regulations. However, the presentation also explained that China is an exception to this rule and has been active in enacting regulations targeting specific AI technologies, such as deep synthesis technologies and most recently, generative AI. In addition, even if they do not specifically target Generative AI, the comprehensive data protection laws enacted in most jurisdictions in the region are also applicable to how these types of computer programs are trained and generally process personal data.

The presentation was followed by three hours of discussion, facilitated by Josh Lee Kok Thong (Managing Director, FPF APAC). The discussions were first initiated by firestarters from industry, regulators, and academia:

• Denise Wong (Deputy Commissioner, PDPC);
• Jeth Lee (Chief Legal Officer, Microsoft Singapore);
• Angela Xu (Senior Privacy Counsel, APAC Head, Google);
• Leandro Angelo Y. Aguirre (Deputy Commissioner, National Privacy Commission, Philippines);
• Vincenzo Tiani (Partner, Panetta & Associati, Brussels);
• Arianne Jimenez (Head of Privacy and Data Policy, Engagement, Meta); ; and
• Jason Allen Grant (Director, Centre for AI & Data Governance, and Associate Professor of Law at Singapore Management University Yong Pung How School of Law).

Turning to the wider roundtable discussion, participants highlighted the fast pace of developments in generative AI technology and hence, the importance of adopting an agile and future-proof approach to governance. Participants also identified that compared with other forms of AI technology, generative AI systems were more likely to raise challenges in addressing unseen bias in very large, unstructured data sets and “hallucinations” (generated output that is grammatically accurate but nonsensical or factually inaccurate).

To address these issues, participants highlighted the importance of developing standards and metrics for evaluating the safety of generative AI systems and for measuring the effectiveness of achieving desired outcomes. Participants also called for efforts to educate users on generative AI systems, including the capabilities, limits, and risks of these technologies.

Regarding regulation of generative AI, participants were generally in favor of an incremental approach to the development of governance principles for generative AI systems in the region – allowing actors in the AI value chain to explore ways to operationalize existing AI principles and apply existing governance frameworks to the technology – rather than enacting “hard law” regulations.

Participants also agreed on the need for AI governance principles to account for the three basic layers of the AI technology stack as different policy considerations apply at each of these levels, namely:

• The infrastructure layer, which includes the computing hardware, such as central processing units (CPUs) and graphics processing units (GPUs), that is used to train models and the data centers where this hardware is housed;
• The model layer, which includes the training and operation of generative AI models like Bard, GPT, LLaMa, Stable Diffusion, and so on; and
• The application layer, which includes software applications built on top of generative AI models and the different use cases in which these applications are deployed.

Several participants also raised that at the ecosystem level, it would be important for stakeholders to develop a common or standardized set of terminologies or taxonomies for key concepts in generative AI technology, such as “foundation models” or “large language models” (LLMs).

Some participants also called for greater collaboration between stakeholders, and a multidisciplinary approach to governance of generative AI systems and global alignment when developing best practices.

Photos: Participants from FPF Roundtable on Navigating Governance Frameworks for Generative AI Systems in the Asia-Pacific, 7/21/2023. Photos courtesy of the PDPC.

Other FPF Activities during PDP Week

IAPP Asia Privacy Forum 2023

On July 20, FPF organized an IAPP panel discussion titled “Unlocking Legal Bases for Processing Personal Data in APAC: A Practical Guide,” which built on FPF’s year-long research project on consent and other legal bases for processing personal data in the APAC region – the final report of which was released in November 2022.

Moderator Josh Lee Kok Thong led the discussion, in which panelists Deputy Commissioner Denise Wong, Deputy Commissioner Leandro Y. Aguirre, Arianne Jimenez, and David N. Alfred (Co-Head, Data Protection, Privacy & Cybersecurity Practice, Drew & Napier) explained the challenges faced by practitioners and regulators in addressing differing data requirements for consent and alternatives like “legitimate interests” in APAC data protection laws.

Photo: FPF Panel on Unlocking Legal Bases for Processing Personal Data in APAC, July 20, 2023.

FPF’s APAC office was also represented at two further panels during IAPP Asia Privacy Forum 2023:

• Josh moderated a panel titled “Privacy-First Future: Partnering with Industry and Regulators for an Open Internet” focusing on the PDPC’s newly launched PETs x Privacy Sandbox initiative to reduce cross-site and cross-app tracking.
• Josh alsospoke on another panel titled “From DPO to Data Ethics Officer, Don’t Fall Behind!” which explored whether data protection officers (DPOs) are suited to fulfill the emerging role of a “data ethics officer” and how DPOs can raise data ethics issues to their company boards.

FPF Training on EU AI Act

On the sidelines of PDP Week, FPF held its inaugural in-person FPF Training session in the APAC region. The closed-door training session, which focused on the forthcoming EU AI Act and its impact on the APAC region, was held on July 20 and was conducted by Katerina Demetzou (Senior Counsel for Global Privacy, FPF) with interventions from Vincenzo Tiani from his experience of advising Members of the European Parliament (MEPs) on drafting the EU AI Act. The training provided a detailed analysis of the draft AI Act and explained the lifecycle of AI systems and the law-making process in the EU. The training drew close to 20 attendees comprising regulators and representatives from industry and the legal sector.

Photo: FPF Training on the EU AI Act, 7/20/2023

Conclusion

This was the second time that FPF organized events around PDP Week since the launch of FPF’s APAC office in 2021. The week’s events enabled FPF APAC to foster collaborative dialogues among regulators, industry, academia, and civil society from the APAC region and draw links with the EU, and the US. FPF is grateful for the support of the PDPC and IAPP in organizing these activities.

Edited by Dominic Paulger and Josh Lee Kok Thong

fpf.org/blog/fpf-at-singapore-…

In un recente intervento il presidente del Copasir, e già ministro della Difesa, Lorenzo Guerini si è detto preoccupato da quello che ha percepito come un potenziale “arretramento” del Partito Democratico sull’impegno italiano a raggiungere il 2% del Pil da destinare alle spese per la Difesa. Per il deputato Dem, le necessità di garantire la sicurezza allo spazio euro-atlantico, minacciato direttamente da una guerra ai confini dell’Europa, e l’esigenza di dimostrare la credibilità del Paese nel contesto internazionale, richiedono un gesto di responsabilità da parte di tutte le forze politiche. Airpress ne ha parlato con Roberta Pinotti, già ministro della Difesa e già presidente della Commissione Difesa prima alla Camera e poi al Senato.

Lei condivide i timori di Guerini?

Fare parte di un’Alleanza contempla la necessità, per reputazione e serietà, di impegnarsi a mantenere gli impegni che insieme sono stati assunti. La dichiarazione finale del vertice Nato, in cui i leader dei Paesi alleati si impegnavano, dopo anni di riduzioni anche drastiche alle spese per la difesa, a puntare alla linea guida del 2% del Pil, incrementandole progressivamente, fu sottoscritta a Cardiff nel luglio 2014, alcuni mesi dopo l’occupazione della Crimea da parte della Russia. Il Partito Democratico, così come i partiti le cui storie sono confluite per formarlo, ha sempre impostato la propria politica estera con senso di responsabilità e una adesione convinta alle alleanze internazionali. Credo che il PD non dovrebbe deflettere da questa linea di serietà e affidabilità internazionale.

Nel corso della passata legislatura, il PD si era impegnato in prima linea per la costruzione di una visione condivisa in Parlamento che fissasse l’obiettivo al 2028. Questo cambio di passo da parte della segreteria non rischia di apparire una contraddizione da parte del Partito?

Ricordo bene quella discussione e credo sia stato importante costruire una visione condivisa in Parlamento, visione a cui il PD diede un significativo contributo, non solo attraverso il ministro della Difesa, Lorenzo Guerini, ma anche grazie al lavoro dei gruppi parlamentari. Venne immaginata una seria road map che portava a un incremento progressivo fino al 2% entro il 2028, tempistica che fu scelta valutando le effettive capacità di spesa e di crescita industriale del nostro Paese. La Germania scelse allora un balzo molto più rapido per l’incremento delle risorse: a differenza di quanto viene detto da più parti non sta riabbassando l’asticella dell’obiettivo, lo ha rimodulato proprio per rispettare l’effettiva capacità di spesa.

Un eventuale ritardo, inoltre, potrebbe rendere il Paese il “fanalino di coda” dell’Europa, con un conseguente danno anche alla credibilità internazionale dell’Italia?

Per costruire la difesa europea, tema a cui mi sono dedicata con determinazione arrivando a promuovere la prima cooperazione rafforzata, sottoscritta nel 2017, le risorse sono necessarie; gli impegni degli Stati nazionali in termini di sicurezza e difesa dovranno, semmai, essere ancora più credibili. In prospettiva una Difesa comune consentirà razionalizzazioni che eviteranno sprechi di risorse e inutili duplicazioni, ma ad oggi gli Stati europei, che sono nella stragrande maggioranza membri Nato, richiedono da parte di tutti i partner analogo impegno e serietà. Tanto più che c’è ancora una guerra nel cuore dell’Europa.

Sia le istituzioni della Difesa, sia gli addetti ai lavori, sono concordi nel mettere in guardia dai rischi per la sicurezza italiana, europea e transatlantica da un ritardo nell’adeguamento delle proprie spese al 2%. Un impegno che, ricordiamo, è stato assunto in sede Nato nel 2024, quando lei era ministro della Difesa, e che è stato confermato da tutti i governi italiani che si sono succeduti da allora. Su questo aspetto, qual è la sua posizione?

Ho misurato con mano quanto all’estero la buona reputazione del nostro Paese sia anche connessa alla serietà e alle indubbie capacità con cui le nostre Forze armate hanno operato e operano negli scenari di crisi. Nel 2014 eravamo molto distanti dal 2% di spesa, ma da allora ho operato, anche se non sempre le condizioni generali della finanza pubblica lo hanno consentito, perché gli impegni non fossero scritti sulla sabbia. Pacta sunt servanda.

formiche.net/2023/09/pinotti-2…

On August 8th, the Future of Privacy Forum (FPF) filed comments with the U.S. Federal Trade Commission (the Commission) regarding the Notice of Proposed Rulemaking (NPRM) to clarify the scope and application of the Health Breach Notification Rule (HBNR).

The HBNR was promulgated in 2009 as part of the American Recovery and Reinvestment Act as a breach of security rule. Recent complaints brought by the Commission, GoodRx and Easy Healthcare, were the inaugural and second application of the HBNR and indicated a novel range of alleged privacy breaches rather than traditional security breaches. The cases indicated a shift in the interpretation of “breach of security” by the Commission that drew many proto-typical practices into scope. The NPRM seeks to clarify this broadened scope which has amalgamated traditional breaches of security with nascent breaches of privacy. To draw out and address key issues in the NPRM and the Commission’s considerations, we recommended that the Commission consider the nuance of definitions and address the complexities of breach by specifically:

• Define a Standard for Identifiability for “PHR identifiable health data” to Clearly Expand Protections for a Broad Spectrum of Personal Information
• Define “Relates to” to Include the Creation of Health-Related Inferences from a Wide Range of Routine Commercial Datasets, While Establishing Clear Obligations for Businesses
• Establish Clear Guidelines for Intentional Data Sharing that Does Not Require Affirmative Consent
• Ensure that the Rule Contains “Good Faith” Exceptions for Merely Technical Violations
• Further Define “Breach of Security” to Clarify Where the Commission May Take Enforcement Action

FPF’s full comments to the Commission are available here.

fpf.org/blog/fpf-files-comment…

Today, the Future of Privacy Forum (FPF) releases the Generative AI for Organizational Use: Internal Policy Checklist. With the proliferation of employee use of generative AI tools, this checklist provides organizations with a powerful tool to help revise their internal policies and procedures to ensure that employees are using generative AI in a way that mitigates data, security, and privacy risks, respects intellectual property rights, and preserves consumer trust.

The Checklist draws from a series of consultations with practitioners and experts from over 30 cross-sector companies and organizations to understand current and anticipatory employee use of generative AI tools, benefits and harms, AI governance, and measures taken to protect company data and infrastructure. The conversations focused on any generative AI guidelines, policies, and procedures that had been implemented to govern employees’ use of generative AI tools.

From those discussions, we learned that organizations have broadly varied use cases for generative AI and, therefore, significant variation in generative AI policies. Some organizations have enacted outright bans for generative AI tools without prior approval, while others have created restrictions for the use of generative AI, and still, others have yet to develop express policies and procedures on employee use of generative AI. The Internal Policy Checklist for Generative AI is intended to serve as a guidance document no matter what stage of the process an organization is in. It may be used as a starting point to help kick off the development of internal generative AI policies or as a final check to ensure an organization has provided comprehensive and robust guidelines for their teams.

Click here to view the Checklist.

“It is imperative that both organizations and their employees understand the benefits and risks of generative AI tools, and that organizations have appropriate safeguards in place to support responsive and ethical use,” said Amber Ezzell, AI policy counsel at FPF and author of the checklist. “Employee use of generative AI tools is inevitable and may bring new and unexpected benefits to employers as employees find ways to be more productive and creative in even the most mundane tasks. Developing thoughtful generative AI policies is essential to ensure you’re well prepared for the changing way of work.”

The Checklist provides guidance in four areas:

• Use in Compliance with Existing Laws and Policies for Data Protection & Security. Designated teams or individuals should revisit internal policies and procedures to ensure that they account for planned or permitted uses of generative AI. Employees must understand that relevant current or pending legal obligations apply to the use of new tools.
• Employee Training and Education. Identified personnel should inform employees of the implications and consequences of using generative AI tools in the workplace, including providing training and resources on responsible use, risk, ethics, and bias. Designated leads should provide employees with regular reminders of legal, regulatory, and ethical obligations.
• Employee Use Disclosure. Organizations should provide employees with clear guidance on when and whether to use organizational accounts for generative AI tools, as well as policies regarding permitted and prohibited uses of those tools in the workplace. Designated leads should communicate norms around documenting use and disclosing when generative AI tools are used.
• Outputs of Generative AI. Systems should be implemented to remind employees to verify outputs of generative AI, including for issues regarding accuracy, timeliness, bias, or possible infringement of intellectual property rights. Organizations should determine whether and to what extent compensation should be provided to those whose intellectual property is implicated by generative AI outputs. When generative AI is used for coding, appropriate personnel should check and validate outputs for security vulnerabilities.

For more information, please contact FPF Policy Counsel Amber Ezzell at aezzell@fpf.org or info@fpf.org.

fpf.org/blog/fpf-releases-gene…

youtube.com/embed/vLvLnCmKr2Q

L'articolo Piers Paul Read – Tabù proviene da Fondazione Luigi Einaudi.

Friedrich A. von Hayek è noto soprattutto per i suoi scritti di economia e di filosofia politica. Ma egli ha lasciato un’estesa eredità anche nel campo della psicologia teorica e della teoria della conoscenza. Anzi, si può dire che è proprio quanto da lui sostenuto in tale ambito a fornire gli strumenti con cui afferrare il significato della sua intera opera. Cresciuto in quella che era ancora la Grande Vienna, Hayek ha intrapreso gli studi economici munito di una vasta dotazione culturale, la cui presenza è chiaramente avvertibile anche nei suoi primi scritti di teoria economica. Il che lo ha progressivamente spinto a misurarsi con questioni che, nella spiegazione della vita individuale e collettiva, precedono e conferiscono una più adeguata identificazione ai problemi economici e sociali. Il lettore vedrà che, posti per la prima volta assieme, gli scritti raccolti in questo volume consentono di percorrere un itinerario cha va dalla trasformazione del cervello in una mente umana al perché il mondo sensoriale non sia il punto di partenza, dall’esistenza di un ordine presensoriale alla constatazione che ciò di cui siamo consapevoli è un fenomeno secondario, dalla scienza come sistema ipotetico-deduttivo ai gradi delle nostre spiegazioni e ai fenomeni complessi, dalla dispersione della conoscenza all’interno della società al processo sociale come esplorazione dell’ignoto, dalla presunzione di onniscienza agli «abusi della ragione». È un viaggio che getta una potente luce sull’estensione dell’opera hayekiana e sulla sua fecondità. Non sorprende pertanto che Hayek abbia portato a un più alto grado di elaborazione teorica l’insegnamento metodologico di Carl Menger, il fondatore della Scuola austriaca di economia. Più esattamente, ha mostrato come quell’insegnamento possa essere considerato la provincia di un continente molto più vasto, dentro cui si trovano, per rammentare solo i principali, i contributi di Bernard de Mandeville, David Hume e Adam Smith. Sono autori accomunati dalla stessa premessa gnoseologica, dal riconoscimento cioè della condizione di ignoranza e di fallibilità, a cui indefettibilmente soggiacciono tutti gli esseri umani: perché non c’è nulla che possa renderci onniscienti e non c’è precauzione che possa sottrarci all’errore.

Rubbettino Editore

L'articolo Conoscenza e processo sociale – Lorenzo Infantino proviene da Fondazione Luigi Einaudi.

Twitter WhatsAppFacebook LinkedInEmailPrint

di Michele Giorgio*

(foto di Ibrahim Husseini/The New Arab)

Pagine Esteri, 5 settembre 2023 – In una domenica di inizio agosto, calda e umida, una folla si è radunata in piazza Habima a Tel Aviv per una manifestazione organizzata per ragioni ben diverse da quelle legate alla protesta contro la riforma giudiziaria che ha reso simbolico questo luogo. In maggioranza c’erano palestinesi d’Israele ma anche ebrei. Ragazzi e adulti, uomini e tante donne, non poche della quali velate. Portavano cartelli in arabo ed ebraico con slogan come «Paghiamo le tasse, non il pizzo». Poi è partita la «Marcia dei Morti», con decine di giovani accanto a bare bianche. È stata la protesta più rilevante organizzata dalla società civile araba contro l’inazione del governo Netanyahu nei confronti della criminalità che miete vittime ormai ogni giorno nelle città e nei villaggi arabi in Israele. «Voglio che la polizia faccia rispettare la legge per tutti – ha aggiunto Naja Nasrallah, un’attivista – voglio che smantelli le organizzazioni criminali nella comunità araba. Non vogliamo essere cittadini di seconda classe».

Ben pochi i leader politici ebrei che hanno partecipato. Si è intravista la presidente del partito laburista Merav Michael e gli ex parlamentari Michael Melchior, Yair Golan e Mossi Ras. «È una vergogna il disinteresse delle autorità. Lo Stato deve sradicare questi fenomeni, non può restare a guardare», spiegava Daniel Spitz, 72 anni, ai giornalisti.

Non la pensano allo stesso modo il governo Netanyahu e i comandi delle forze di polizia e di intelligence. Da quella afosa domenica sera non è cambiato nulla se non il numero dei morti ammazzati, 160 in otto mesi, per mano della criminalità o in vendette tra famiglie. Appena pochi giorni fa c’è stato un massacro nella cittadina a maggioranza drusa di Abu San, alle porte di San Giovanni d’Acri: quattro persone sono state uccise a colpi di arma da fuoco, tra cui Ghazi Saab un politico locale. «Lo Stato e le forze dell’ordine non possono chiudere un occhio davanti al dilagante terrore criminale. È responsabilità esclusiva del governo e delle forze dell’ordine», ha protestato il leader spirituale dei drusi Sheikh Mubarak Tari.

Il capo dell’opposizione, il centrista Yair Lapid, ha attribuito la responsabilità al ministro Ben Gir e al governo di estrema destra. «Queste uccisioni, la criminalità nei centri arabi, però non sono un fenomeno di questi mesi. C’erano anche quando governava Lapid e quando erano al potere altri primi ministri» commenta Fares, un insegnante di Haifa. «Gli ebrei – prosegue – ci chiedono perché non partecipiamo alle manifestazioni per la democrazia ma la democrazia in questo paese è ebraica, quindi per loro. Siamo cittadini di seconda classe, da noi la polizia dello Stato ebraico non manda i suoi agenti a combattere i criminali».

Sino ad oggi è stata minima la partecipazione di cittadini arabi ai raduni contro la riforma della giustizia con centinaia di migliaia di persone che paralizzano il centro di Tel Aviv e di altre città. «Per i cittadini arabi – ci spiega l’analista Nadim Nashef, presidente dell’associazione Amli – lo scontro sulla giustizia è una lotta per l’egemonia tra ebrei laici, spesso ashkenaziti, che si rifanno all’Israele dei primi 40 anni e gli altri con varie origini che oggi sono al governo. I palestinesi d’Israele vogliono la democrazia ma non quella ebraica. Chiedono che Israele non sia più lo Stato degli ebrei ma lo Stato di tutti i suoi cittadini. Non si appassionano allo scontro in atto, perché punta a conservare o a scardinare lo status quo che a loro comunque non va bene». Pagine Esteri

*Questo articolo è stato pubblicato in origine dal quotidiano Il Manifesto

Twitter WhatsAppFacebook LinkedInEmailPrint

L'articolo Palestinesi in Israele: lo Stato ci lascia nelle mani della criminalità proviene da Pagine Esteri.

Per la prima volta Xi salterà il G20
Cina: un nuovo ufficio governativo per il settore privato
Cooperazione tra Giappone e Turchia per la ricostruzione dell’Ucraina
Il fondatore di Huawei esorta il gigante tecnologico a far crescere i talenti

I "gate-crashers" cinesi preoccupano gli Usa per rischio spionaggio
200 mila a Seoul per chiedere maggiori tutele per gli insegnanti

L'articolo In Cina e Asia – Per la prima volta Xi salterà il G20 proviene da China Files.

La quarantaduesima edizione del Seminario nazionale di formazione federalista avrà luogo sull’isola di Ventotene dal 3 all’8 settembre, promosso dall’Istituto di Studi Federalisti “Altiero Spinelli”.

Nato nel 1982 su proposta di Altiero Spinelli che in quell’isola scrisse assieme ad Ernesto Rossi il “Manifesto di Ventotene”, il Seminario è diventato uno dei più importanti momenti di riflessione sul futuro dell’Europa e del mondo al quale hanno partecipato nel corso degli anni importanti personalità europee del panorama politico e culturale.

Ogni anno vi prendono parte circa 150 giovani europei attraverso 60 ore di formazione e dibattito tenute da circa 30 relatori.

In tale quadro, con un dibattito di apertura incentrato sulla capacità del Parlamento europeo di imprimere in questo momento storico una svolta federale al processo di integrazione dell’UE, saranno ricordati anche due importanti anniversari legati alla fondazione delle più rilevanti organizzazioni impegnate per l’unità federale europea ossia i 75 anni del Movimento Europeo e gli 80 anni del Movimento Federalista europeo.

Il Comune di Ventotene, in collaborazione con l’Istituto Altiero Spinelli, propone inoltre, in occasione del Seminario di formazione, alcuni eventi dal 3 al 6 settembre: PROGRAMMA.

Per la Fondazione Luigi Einaudi, sarà presente il Project Manager Avv. Gian Marco Bovenzi.

L'articolo Ventotene: seminario nazionale di formazione federalista proviene da Fondazione Luigi Einaudi.

Il partenariato strategico è ora per Tajani «più importante della Via della Seta». Il ministro degli Esteri ha anche invitato la Cina a «usare la sua influenza» per favorire una «pace giusta» in Ucraina. E si sarebbe parlato anche di Africa

L'articolo «Rafforzare le relazioni». L’equilibrismo di Tajani a Pechino proviene da China Files.

Nel distretto di Irob, nell’ area nord orientale del Tigray, continua l’occupazione degli eritrei. Dopo 2 anni di guerra dai risvolti genocidi ed etnici, oggi, dopo 10 mesi passati dalla firma dell’accordo di cessazione ostilità, tali forze continuano con atti violenti, blocco all’accesso umanitario, rapimenti e stupri.

Lo riporta Addis Standard attraverso le recenti testimonianze del popolo tigrino.

Le autorità del distretto hanno denunciato il rapimento di 28 giovani negli ultimi 10 mesi.

Irob è una tra le più piccole minoranze etniche (conta circa 41000 persone) tra le più di 80 presenti in Etiopia. Mai come oggi, dopo 3 anni (tra pandemia e guerra) continua a rischiare di sparire insieme alla sua storia, cultura e lingua, il Saho.

Eyasu Misgina, amministratore dell’ Irob goesda, ha dichiarato che le attività di rapimento sono iniziate con lo scoppio della guerra genocida il 4 novembre 2020. Una madre di Irob ha denunciato che alcuni suoi figli sono stati rapiti nel novembre 2022 dalle forze eritree, subito dopo i negoziati di tregua sostenuti a Pretoria.

“Un certo numero di forze armate sono venuti a casa nostra e hanno preso mio figlio. Hanno detto che volevano che li aiutasse a trasportare le merci. Non è mai tornato a casa e non so dove sia mio figlio”

La donna ha aggiunto che nel giro di una settimana sono stati portati via altri 6 giovani dal loro villaggio. Queste persone non possedevano né armi né facevano parte di milizie o gruppi armati e che se avessero saputo dei rapimenti precedenti, sarebbero fuggiti in luoghi più sicuri. L’occupazione attuale delle forze eritree nel villaggio impedisce ai civili di spostarsi e lavorare.

Altri due residenti hanno condiviso tali affermazioni denunciando il governo federale e quello regionale perché non li tutelano da queste violazioni e crimini, aggiungendo che chi cerca di fuggire dal distretto di Irob rischia di essere arrestato con l’ ipotesi di essere spia eritrea.

Un altro testimone ha dichiarato:

“La pulizia etnica viene portata avanti attraverso diverse tattiche e almeno 36 giovani sono stati rapiti dalle forze eritree, nonostante l’accordo di pace”, ha detto. “La gravità della situazione viene ignorata, con le persone che soffrono la fame, la mancanza di forniture mediche e l’impossibilità di accedere agli aiuti umanitari.”

Secondo i residenti di Irob, le comunicazioni e i servizi pubblici rimangono interrotti. Eccezione della sede dell’amministrazione wereda [distrettuale], Dawhan.

Il corridoio umanitario è ancora bloccato dalle truppe eritree, soprattutto nei quattro kebeles sotto il controllo eritreo: Eindalgeda, Agerlekema, Weratile e Alitena.

Eyasu ha confermato casi di rapimenti e violenze sessuali nella regione. Ha rivelato che più di 30 ragazze e donne sono state violentate sessualmente, con 4 casi di rapimento ufficialmente segnalati.

Tuttavia, a causa di problemi di sicurezza e influenze culturali, molti altri casi potrebbero non essere stati segnalati.

“La mancanza di resoconti accurati rende difficile determinare il numero esatto di ragazze e donne che hanno subito violenza sessuale e schiavitù.”

La situazione a Irob è profondamente preoccupante

La situazione a Irob è profondamente preoccupante, con rapimenti dilaganti e violenze sessuali che si verificano insieme alla fame, che ha causato numerose vittime.

Come riporta Addis Standard:

“La maggior parte della comunità fa affidamento sull’agricoltura per il proprio sostentamento, ma forze esterne hanno ostacolato la loro capacità di farlo. Inoltre c’è una grave carenza di aiuti umanitari e medicinali.”

Eyasu ha rivelato che, a seguito di un accordo di pace, oltre 65 residenti sono morti di fame e per mancanza di accesso medico, e altre 162 persone sono attualmente a rischio.

La strada principale che collega Irob alla città di Adigrat è completamente bloccata dalle forze eritree.

A causa delle restrizioni imposte dalle forze eritree, gli Irob sono stati isolati dalle loro famiglie e parenti che risiedono in diverse aree sotto il controllo eritreo. Questa mancanza di mobilità e le intimidazioni hanno impedito loro di ricevere qualsiasi aiuto umanitario, nonostante i numerosi appelli.

Nell’agosto 2023, la Irob Advocacy Association ha inviato una lettera con richiesta urgente al primo ministro etiope Abiy Ahmed per assistenza umanitaria verso la popolazione di Irob. La lettera sottolinea la terribile crisi umanitaria nella regione, compresi i problemi di fame, malnutrizione, malattie e sfollamenti. Richiesta di dialogo con le autorità eritree per porre fine all’occupazione e riaprire la strada di accesso da Adigrat a Irob.

Questa strada consentirebbe il facile accesso verso il distretto di Irob da parte del supporto umanitario per fornire aiuti come cibo di emergenza, acqua, medicine, ripari e altri beni necessari alla sopravvivenza del popolo di Irob.

Irob Advocacy Association ha inolte condiviso un report in cui denuncia e documenta le atrocità commesse contro la comunità Irob dallo scoppio, durante la guerra e nel periodo post bellico in Tigray: il rapporto evidenzia numerose atrocità, tra cui esecuzioni sommarie di donne e bambini, uccisioni di civili e distruzione e saccheggio di proprietà, tutte perpetrate dalle forze eritree.

La settimana scorsa, i corpi di 25 civili che hanno tragicamente perso la vita durante il violento conflitto a Irob sono stati finalmente sepolti all’interno di una chiesa dopo essere stati riesumati, precedentemente sepolti in maniera sparsa in terreni agricoli (Foto: Amministrazione Irob Woreda)

tommasin.org/blog/2023-09-04/e…

Twitter
WhatsApp
Facebook
LinkedIn
Email
Print

di Marco Santopadre*

L'articolo Un golpe tira l’altro, la françafrique va in pezzi proviene da Pagine Esteri.

ITALIA/CINA. Il ministro degli Esteri incontrerà l'omologo cinese e il responsabile del commercio

L'articolo Tajani a Pechino per evitare ritorsioni dopo l’uscita dalla Via della Seta proviene da China Files.

I titoli di oggi:
Dalla Mongolia Bergoglio saluta il "nobile popolo cinese"
Cina, la campagna anticorruzione colpisce ancora
Crisi immobiliare Cina, Country Garden ottiene l'estensione del debito
Cina, pubblicata nuova legge che limita l'immunità degli Stati esteri nei tribunali cinesi
Cina, Chongqing pubblica la sua legge anti-spionaggio
Cina, Xi promette un commercio dei servizi "più aperto e inclusivo"
Spazio, l'India in missione per studiare il sole e la Cina lancia una roadmap per lo sfruttamento minerario
Singapore, Tharman Shanmugaratnam eletto presidente con il 70% dei voti
Pacifico, confermata la sfiducia al primo ministro

L'articolo In Cina e Asia – Dalla Mongolia Bergoglio saluta il “nobile popolo cinese” proviene da China Files.

Domani a partire dalle 14 avrò il piacere di partecipare all’ incontro organizzato da MediaDuemila e moderato da Maria Pia Rossignaud per parlare dell’ innovazione nell’ era della Ai generativa e della privacy. Qui il link per seguirci meet.google.com/cii-fmtu-exj?h…

guidoscorza.it/linnovazione-ne…

Mentre le bombe dell’invasore russo continuano a cadere sul popolo ucraino che resiste eroicamente, negli schermi cinematografici dell’occidente lampeggiano le esplosioni nucleari del nuovo film di Cristopher Nolan dedicato al fisico Oppenheimer e alla sua controversa figura divisa tra il contributo dato alla realizzazione della prima bomba atomica e la resistenza nei confronti degli sviluppi successivi che hanno portato l’America ad emarginarlo.

C’è un filo logico, semantico e simbolico che lega la realtà e la finzione, non troppo dissimile dalla fallacia intellettuale, con la quale troppo spesso intellettuali di parte e media distorti nascondono ipocritamente il proprio sostengo al regime criminale di Putin.

Come il fuoco di Prometeo, la tecnologia delle armi nucleari ha cambiato per sempre il modo in cui si può intendere la politica internazionale e gli equilibri che la caratterizzano. La Russia può permettersi di invadere impunemente uno stato libero confinante senza che il resto del mondo possa intervenire in modo diretto perché dispone di armi nucleari.

Il film di Nolan, ricco di spunti filosofici e di riferimenti storici ci racconta il punto di partenza del dilemma civile che caratterizza la guerra in corso ai confini dell’Europa: ci sono armi che nessuno dovrebbe avere, perché nelle mani sbagliate possono portarci alla fine del genere umano. Tuttavia il vaso di pandora è già stato aperto, la reazione a catena è in corso quelle armi sono già nelle mani di un criminale genocida.

Non esiste dunque alternativa al pieno supporto dell’occidente alla resistenza del popolo ucraino e dalla vittoria di questo popolo glorioso dipende l’unica possibilità di pace che esiste per il mondo intero, confidando che come cantava Sting negli anni “anche i russi abbiano a cuori il futuro dei propri figli”.

youtube.com/embed/2XqJY-54x3o?…

L'articolo #laFLEalMassimo – Episodio 100: Prometeo Il distruttore di Mondi proviene da Fondazione Luigi Einaudi.

Twitter WhatsAppFacebook LinkedInEmailPrint

della redazione

(foto di Oren Ziv)

Pagine Esteri, 2 settembre 2023 – Oltre 120 persone sono rimaste ferite oggi in scontri tra la polizia israeliana e centinaia di eritrei richiedenti asilo durante una protesta antiregime a Tel Aviv vicino all’ambasciata eritrea.

I manifestanti si sono riuniti questa mattina in via Yad Harutsim dove nel pomeriggio era previsto un evento ufficiale all’ambasciata eritrea. Poi hanno superato le recinzioni e la polizia ha risposto con granate stordenti, lacrimogeni, manganellate e proiettili di gomma. Ha anche sparato colpi in aria. I manifestanti hanno distrutto automobili, finestre e vetrine di negozi, e, a un certo punto, sono riusciti a penetrare nella sala dove avrebbe dovuto svolgersi l’evento e l’hanno vandalizzata.

Eventi simili organizzati nelle ultime settimane dalle ambasciate eritree in tutto il mondo hanno provocato incidenti violenti e hanno aumentato la tensione all’interno della comunità eritrea in Israele.

Già in passato in Israele erano scoppiati tafferugli e scontri violenti tra sostenitori e oppositori del governo eritreo. Nel 2020 un sostenitore del regime è stato pugnalato a morte.

Israele concede con il contagocce lo status di rifugiato politico agli stranieri. Però riconosce i 18.000 eritrei nel suo territorio come richiedenti asilo, fuggiti della dittatura nel loro paese praticata dal presidente Isaias Afwerki al potere da quando l’Eritrea ha ottenuto l’indipendenza nel 1993.

Le organizzazioni per i diritti umani stimano che una piccola percentuale dei richiedenti asilo eritrei siano in realtà dei sostenitori nascosti di Afwerki. Persone che, affermano tutti altri eritrei, Israele dovrebbe fermare perché avrebbero ricevuto l’incarico di infiltrarsi tra gli oppositori di Afwerki per spiarne le attività. Pagine Esteri

GUARDA I VIDEO

pagineesteri.it/wp-content/upl…

pagineesteri.it/wp-content/upl…
Twitter WhatsAppFacebook LinkedInEmailPrint

L'articolo VIDEO. Tel Aviv, scontri con 120 feriti tra polizia e richiedenti asilo eritrei proviene da Pagine Esteri.

youtube.com/embed/qmQXKZlQZW8?…

L'articolo Scuole, tribunali, caserme proviene da Fondazione Luigi Einaudi.