Hello, dear reader. We hope you and your loved ones are safe and we hope this newsletter is a small distraction during these challenging times.
Here’s what’s new in the world of technology law and policy.
Digital media, online content and intermediary liability
April saw several developments on the new Information Technology (Intermediary Liability and Digital Media Ethics Code) Rules, 2021 (IT Rules):
A challenge to the IT Rules was filed before the Kerala High Court by a free and open-source programmer represented by the Software Freedom for Law Centre. The petition talks about the difficulties faced by the free and open-source software community in complying with the IT Rules. For example, free and open-source software companies may not have the financial capacity to comply with obligations such as appointing chief compliance officers. The case is likely to be listed in May. Other petitions against the IT Rules, filed by the Quint, the Wire, Pratidhvani, and Advocate Sanjay Kumar Singh, are pending.
On 20 April 2021, the Delhi High Court in the case of X v. Union of India issued guidelines to take down “offensive content” and discussed the IT Rules briefly. A woman moved the court alleging that anonymous persons had taken her photos from her private social media accounts and posted them on a pornographic website without her consent. Despite her complaints, the National Cyber-Crime Reporting Portal and the local police did nothing, which led her to court. The court noted the limitations of online platforms/intermediaries to ‘fully and effectively’ take down offensive content despite court orders and passed directions on removing offensive content online. The court held that search engines should globally de-index information within 24 hours of receiving a court order along with information received from the investigating authorities – the IT Rules give intermediaries a time limit of 36 hours to comply with court orders. Therefore, the judgment has reduced the statutory timelines for search engines. In October 2019, the Delhi High Court passed a similar judgment (Swami Ramdev v. Facebook & Ors), where it ordered intermediaries to take down offensive content globally. In X v. Union of India, the court also directed intermediaries to endeavour to deploy automated tools to proactively monitor, identify and disable access to any content which is exactly identical to the offending content which is to be removed, and directed that the intermediaries should comply with the provisions of the IT Rules, among other guidelines. Since the IT Rules have been challenged in a separate petition before the Delhi High Court, it clarified that any observations in this judgment will not affect the question of the constitutionality of the IT Rules.
In a virtual event, Rakesh Maheshwari (Scientist G, Ministry of Electronics and Information Technology) gave a few clarifications on the IT Rules. He said that the IT Rules aim to empower users to have a safe and welcoming online environment, and have a dispute and grievance redressal mechanism to protect themselves. He also said that there is no intent to dilute the safe harbour protection given to intermediaries. He announced that the ministry is planning to issue a clarification on the definition of intermediaries and ‘significant social media intermediaries.’ He noted that these definitions will be closely aligned with those in the Personal Data Protection Bill, 2019. The IT Rules will be supplemented by ‘standard operating procedures’ to ensure effective compliance.
The international human rights association, Committee to Protect Journalists criticized the IT Rules, stating that the grievance redressal mechanism allows any person to raise complaints against digital news platforms, and that these complaints can escalate to the central government. This can be an impediment to the freedom of the press, and journalists’ rights. Similarly, non-governmental organizations Global Network Initiative (GNI) and Electronic Frontier Foundation expressed their concerns against the IT Rules. GNI urged the Indian government to consider revising the IT Rules and called on the Ministry of Electronics and Information Technology to “engage in an open, deliberative process” about how to mitigate the concerns that the IT Rules seek to address. Both organizations questioned the traceability obligation, and sharp compliance timelines in the IT Rules.
Data and privacy
The Portuguese Data Protection Authority ordered its government to stop sharing census data with a U.S. based cloud service provider. The authority ruled that Portuguese citizens’ data would not get an adequate level of protection in the United States, because of its invasive surveillance laws. This decision follows the Schrems II ruling of last year, in which the EU-US Privacy Shield was invalidated on similar grounds.
India has also been reportedly trying to seek adequacy status under the GDPR for some time. The latest decision to come out of the European Union further demonstrates the wide-ranging impact of Schrems II. It is likely to cast a shadow over Indian efforts, given the lack of reform in surveillance laws and broad exemptions for government under the forthcoming Personal Data Protection Bill.
Fintech
Reportedly, the National Payments Corporation of India (NPCI) is planning to ban all gaming related UPI transactions under INR 50. This move is aimed to control UPI volumes that have increased during the COVID-19 pandemic, which has led to instances of payment failures and bank outages. According to reports, there has been a surge in low ticket gaming transactions (ranging from INR 1 – INR 10) which the current UPI infrastructure is unable to handle.
To prevent data breaches and strengthen cybersecurity, the Reserve Bank of India (RBI) is planning to issue cybersecurity norms for payment system providers such as Paytm and NPCI. Reportedly, the cybersecurity norms for payment service providers will be similar to the guidelines on digital payments security control for banks and certain non-banking financial companies issued by the RBI in February 2021.
For more fintech updates, sign up for FinTales, our monthly newsletter dedicated to all things fintech law and policy, by emailing contact@ikigailaw.com. Read past issues, here.
Digital gaming
Digital versions of popular card games such as rummy and poker are being scrutinized across the country. Many states have banned online rummy and poker, while petitions challenging these bans are pending in several high courts. Digital gaming companies including Play Games24x7, Gameskraft, and Junglee filed a petition in the Kerala High Court challenging the state’s ban. Reportedly, this ban came in response to a petition filed in the Kerala High Court that cited instances of suicides. The companies stated that Kerala’s ban on online rummy goes beyond the Kerala Gaming Act, 1960, as this law is applicable to physical premises only. The court denied an interim stay on the ban. The case is likely to be heard after 15 May 2021, after the court returns after a summer break. Reportedly, the Uttar Pradesh government is planning to introduce a bill to regulate online gambling in the state. The Chairman of the Uttar Pradesh Law Commission said that the bill was being drafted, and the bill is expected to be stringent. It is unclear if this bill would cover both games of skill and games of chance. Read our report for the Internet and Mobile Association of India on India’s digital gaming ecosystem, here.
Blockchain and cryptos
The Competition Commission of India published a Discussion Paper on blockchain technologies and competition. It discusses how different blockchain systems operate and the potential antitrust issues that arise in these scenarios. The paper also warns about potential harms in blockchain markets, including abuse of dominance, and the rise of anti-competitive agreements. Blockchain companies may use their dominant position in one market to enter another market – for instance, a dominant blockchain application may increase the transaction fee it charges and use the higher revenue to provide a wallet service at a lower cost, driving out competitors from the market. The paper errs in trying to classify blockchain into existing legal frameworks, suggesting that it may be similar to partnerships or multi-party contracts, without considering it as a unique phenomenon that needs its own novel legal understanding.
This discussion paper follows the Ministry of Electronics and Information Technology’s draft national strategy, released in January 2021. Read our comments on this strategy, here. Also read our frequently asked questions on all things blockchain and cryptos, here.
In February 2021, the central government had sought to propose a cryptocurrency bill which could include a ban on private cryptocurrencies and introduce a centrally backed digital currency. To clear the air on this, Minister of State for Finance Mr. Anurag Thakur told the media that the government is looking at cryptocurrencies with an open mind and will ensure that investors’ interests are protected. The government has also said that it will take a ‘calibrated approach’ towards regulating digital assets. This is a welcome move because the Indian cryptocurrency market has only recently been allowed to grow after the Supreme Court lifted the ban on cryptocurrency trade in March 2020. Read our write-up on the global regulatory landscape for cryptos, here, and why we think cryptocurrency regulation is the biggest economical and geopolitical opportunity for India this decade, here.
Health-tech
The CoWIN portal, which opened registrations up for the 18-44 age group, saw record traffic on April 28, resulting in it briefly crashing from the sudden surge of registrations. Notably, this platform does not have its own privacy policy, even though it collects personal information such as users’ name, age, contact details, gender, ID proof etc. Previously, Mr. Ashwini Choubey, the Minister of State for Health and Family Welfare, had informed Parliament that CoWIN data is encrypted using a highly secure key, that the portal will follow the privacy policy of the National Digital Health Mission, and that the developers have conducted privacy impact assessments while developing the portal.
In a potentially game-changing move in India’s COVID-19 vaccination drive, the Ministry of Civil Aviation and the Director General of Civil Aviation have granted permission to the Indian Council of Medical Research to conduct a feasibility study for the delivery of COVID-19 vaccines through drones. The Telangana Government has also been granted permission under the Unmanned Aircraft Systems Rules, 2021 to conduct experimental beyond visual line of sight (BVLOS) drone flights. These permissions will allow drone operators to scale their operations and allow drones to replace traditional modes of collecting aerial data such as aircrafts and satellites. Read more about the Unmanned Aircraft Systems Rules in our blogpost, here. Also read our analysis of the global regulatory landscape for BVLOS operations, here.
Space
Space X’s broadband company Starlink opened for pre-orders in India in February this year and planned to begin rollout in 2022. However, the Broadband India Forum asked the Telecom Regulatory Authority of India (TRAI) to disallow any beta version. The Department of Telecommunications (DoT) has now informed Space X that it cannot operate without the necessary regulatory clearances. The DoT is yet to decide whether Starlink will need approvals for its ISP and very small aperture terminal (VSAT) services, or if it should seek a license for high-speed satellite services. As this confusion continues, the Starlink program is currently blocked in India.
That’s it from us. We’d love to hear from you. Tell us what you think about the developments we covered. Or if you’d like us to cover another development. Write to us at contact@ikigailaw.com.
