Hi everyone! As the industry is abuzz with the action around IT Rules, murmurs about the PDP Bill, crypto regulations and more, we bring you a glimpse of everything that’s keeping the tech-law and policy wonks busy.
Digital media, online content and intermediary liability
The Ministry of Electronics and Information Technology (MeitY) gave Twitter ‘one last chance’ to comply with the Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021 (IT Rules) as a ‘gesture of goodwill’, failing which its safe harbour protections will be withdrawn. Safe harbor is protection from liabilities arising from third-party content. The MeitY is not entitled to vest or take away safe harbour from a platform in this manner. It is empowered to frame rules which Twitter will have to follow to claim safe harbour under the Information Technology Act, 2000 (IT Act). The deadline for platforms with more than 50 lakh registered users in India such as Twitter, Facebook, WhatsApp, etc. to be compliant with the IT Rules lapsed on 25 May 2021. Without a notification extending this timeline, it is for a court to decide if these platforms can claim safe harbour as a defence.
Twitter’s compliance status was also subject to a challenge before the Delhi High Court, where one Amit Acharya (advocate) filed a petition claiming that he was unable to find the details of a resident grievance redressal officer on Twitter’s website for raising his complaint. The Court observed that Twitter will have to adhere to the IT Rules unless their operation is put on hold. Reports suggest that Twitter has appointed a lawyer in India as an ‘interim grievance officer’. The IT Rules say that the grievance officer must be an ‘employee’ of the company who is a resident in India. This case may clarify if it is possible to appoint external persons instead of employees as officers.
In a first by social media intermediaries, WhatsApp challenged the traceability rule under the IT Rules in the Delhi High Court. It argued that the requirement to identify the first originator of a message was unconstitutional and violated users’ fundamental right to privacy. In response, the MeitY acknowledged that it had ‘no intention’ of violating citizens’ privacy, but had to ‘maintain law and order and ensure national security’. Read Vijayant and Aman’s views for the Quint on what this means for users. Also, Nehaa spoke with ET Now on obligations of social media and other intermediaries, and Aman with ABP Network about the dispute between WhatsApp and the government and its implications for user privacy.
Adding to the volley of cases against the IT Rules, musician TM Krishna filed a petition before the Madras High Court, and alleged that the IT Rules went beyond the scope of the IT Act. He argued that the obligations imposed on intermediaries under the IT Rules offended his right as an artist and cultural commentator. They imposed a chilling effect on his right to free speech, and impinged on his right to privacy- “which like music itself, is an experience”. So far digital news platforms – The Wire, Livelaw, etc. and WhatsApp have challenged the IT Rules. Krishna’s case is the first from a content creator.
In other news, the Ministry of Information and Broadcasting (MIB) rounded up OTT and digital news platforms and issued notices directing them to furnish information under the IT Rules. It also appointed Vikram Sahay, Joint Secretary (P&A) of the MIB as the Authorised Officer (AO), setting the foundation for the oversight mechanism administered by the MIB under the IT Rules. An AO can direct OTT platforms to modify or delete content, and block access to information in the interest of sovereignty, public order, security of State etc. Nehaa spoke at a Medianama panel discussion on the impact of the IT Rules on news. Read the key takeaways from this discussion here and here.
Data and privacy
In an interview, the IT minister Mr. Ravi Shankar Prasad indicated that the Joint Parliamentary Committee (JPC) on the Personal Data Protection Bill (PDP Bill) has submitted an ‘interim report’ to the government, and he expects the final report and the Bill to be tabled before Parliament in the monsoon session. Soon after, Mr. Jairam Ramesh, a Congress MP and JPC member took to Twitter to reveal that the JPC Chairperson Ms. Meenakshi Lekhi had assured that a draft report will be shared with the JPC members for comments, and that was still awaited. Mr. Prasad then said that the JPC is yet to finalise its report. Parliamentary procedure allows the JPC to share the ‘completed part’ of its report with the government before tabling it in Parliament. This could be done to ensure that the government and the JPC are on the same page, and the JPC’s version of the PDP Bill is passed smoothly when it’s tabled.
In other news, cybersecurity experts questioned the Indian Computer Emergency Response Team (CERT-In), on its failure to take action against Air India, Domino’s, Big Basket, and MobiKwik for suffering data breaches. They claim that since the passage of the IT Act 2000, no company has been penalised for a data breach. Experts are ‘exploring all options including legal’ against the cybersecurity regulator. Currently, the CERT-In is the national agency for incident response under the IT Act, and is required to collect, disseminate and analyse information on cyber incidents.
An employee union of the State Bank of India, UNI Global Association, IT for Change, and the Joint Action Committee Against Foreign Retail and E-Commerce, have urged the Reserve Bank of India (RBI) to scrap the New Umbrella Entity (NUE) licensing process. They have asked the RBI to not allow large corporates to set up a for-profit retail payment system in India due to, among other things, data safety concerns. In 2020, the RBI had issued guidelines for entities to set up a pan-India NUE akin to the National Payments Corporation of India (NPCI). And, six consortiums including So Hum Bharat, Tata Group-Flipkart-Payu, Amazon-Axis Bank, RIL-Facebook-Google, and more had applied for an NUE license.
Also, the RBI clarified that banks denying services to its users dealing in cryptocurrencies based on a 2018 circular of the RBI that banned trade in virtual currencies is ‘invalid’, as it was overturned by the Supreme Court in March 2020. The RBI refrained banks from citing its 2018 circular, and asked them to undertake customer due-diligence in line with the Know Your Customer (KYC), Anti-Money Laundering (AML), and Combatting on Financing Terrorism (CFT) standards. We represented several cryptocurrency exchanges challenging the 2018 circular in the Supreme Court. Read our take on all things blockchain and crypto, here.
For a round-up of developments in the fintech space, subscribe to our new monthly newsletter- FinTales! Read past issues here, and subscribe by emailing email@example.com with the subject “FinTales”.
The Goods and Services Tax (GST) council has set up a Group of Ministers (GoM) to examine the issue of taxation of services provided by casinos, race courses and digital gaming platforms. Among other things, the GoM is expected to assess whether tax should be paid on ‘total betting amount or just the fee retained by the platform’, and suggest legal changes to better arrive at valuation of services of gaming platforms. In this report on online gaming that we authored for the IAMAI; we discuss legal challenges in the sector including tax related issues such as GST failing to separate games of skill from games of chance and, information asymmetry between the industry, the tax department and state authorities leading to constant scrutiny of gaming platforms.
The National Digital Health Mission (NDHM), which is aimed at enabling universal healthcare coverage by leveraging technology, has kick started the process of approving companies that can participate in its sandbox. The sandbox was introduced to facilitate innovation, testing, and selection of technology solutions in the healthcare sector. An approval means that companies can take their products live in the NDHM. Shambhavi had previously argued that the NDHM sandbox would be a golden opportunity for the health tech industry to showcase their solutions with the potential of being chosen as an NDHM service provider.
The government may ask the telecom regulator to come up with a dedicated licensing framework for operators looking to provide satellite based internet services in India. The telecom department may seek the regulator’s views on whether the scope of existing satellite licenses could be expanded to accommodate such operators or a new license category is necessary, and the spectrum bands that may be allocated for this purpose. This comes at a time when OneWeb, Starlink, and others are getting ready to foray into India’s satellite internet space, and the Department of Space (DoS) has released the draft space communication policy to promote private satellite communications industry. Read our comments on the policy to the DoS, here.
‘Badges’ in May-June!
We were ranked among India’s leading law firms by the India Business Law Journal in data compliance and cybersecurity, internet and e-commerce, and sports and gaming categories. Acknowledgment came in plenty, and our clients lifted our spirits with their words: “They are truly excellent on matters of policy research and thought leadership on sunrise sectors”.
The celebration continued as we were recognised as the mid-sized ‘Law Firm of the Year’ by IDEX Legal, along with the ‘Employment Law Firm of the Year’ and ‘Best Legal Advisor to Start-up Business’. Anirudh was named the ‘Managing Partner of the Year’, and Nehaa was a finalist for ‘Young Achiever of the Year’. The jury at IDEX Legal called us “the go-to legal advisor for start-ups”, “a firm that specialises in new age fields”, that “enables the clients in avoiding future problems”. We are elated, and hope to continue the streak!