According to leading tech policy and media consultant Prasanto K. Roy, when WhatsApp discovered the Pegasus attack, it quickly fixed the vulnerability, informed users whom it could trace the hack to, informed the relevant governments and initiated legal proceedings against the spyware’s creators in the US federal court.
“As of today, India does not have a dedicated law on privacy or on cyber security. Further, it still does not have a legal framework in place for protecting all kinds of data. The Personal Data Protection Bill, 2019 is pending consideration before the Joint Parliamentary Committee. Further, India does not have a dedicated policy on data localisation,” Duggal informed.
“The circumstances and ecosystem are very ripe for state and non-state actors to do activities aimed at prejudicially impacting the security, integrity, sovereignty and also cyber sovereign interests of India”.
Mere switching to new chat platforms alone may not suffice.
“You will have to inculcate new life skill sets which need to be built on the foundation of cyber security and data privacy,” he said, adding that the present law is extremely deficient and is incapable of protecting personal and data privacy.