On April 28, 2022, the Indian Computer Emergency Response Team (CERT-In) issued Direction No. 20(3)/2022-CERT-In (“Directions”) under Section 70B (6) of the Information Technology (“IT”) Act, 2000. The Directions are ostensibly aimed to address information security practices, procedures, prevention, response, and reporting of cyber incidents. These Directions threw up significant challenges for users’ privacy through mandatory data collection and storage by service providers, and undisclosed data sharing by CERT-In.
This is a companion discussion topic for the original entry at https://internetfreedom.in/top-secret-one-year-on-cert-in-refuses-to-reveal-information-about-compliance-notices-issued-under-its-2022-directions-on-cybersecurity/