Hi there! In this edition, we unpack the debate over India’s data protection law, RBI’s Account Aggregator framework, Karnataka’s move to ban online gambling, and more. Let’s get to it!
Data and privacy
We are delighted to share that we worked with NASSCOM on a study to understand the impact of the decision of Europe’s top court, the CJEU, on EU-US privacy shield (Schrems II) on Europe-India data transfers. In 2020, the CJEU struck down the privacy shield- the primary arrangement to enable data transfers between the EU and US. The CJEU believed that US surveillance laws didn’t adequately protect EU residents’ data. To understand how organisations could continue data transfers post Schrems II, we analysed the decision, the new Standard Contractual Clauses (SCC) (a data transfer tool) and the European Data Protection Board’s guidance on data transfers. We also mapped 250+ Indian laws that allow the government to access data, identified 3 key data access laws – the Information Technology Act and interception rules, Telegraph Act, and the Criminal Procedure Code, and tested them against EU standards. Key findings: Organisations can continue to rely on SCCs for EU-India data transfers after conducting a case-by-case assessment of Indian data access laws and practices to see if they meet EU standards. Indian laws might fare better than US surveillance laws as they allow both Indian and foreign citizens to approach courts for privacy violations. Additionally, India’s upcoming Personal Data Protection Bill (PDP Bill) could include additional safeguards that bolster the Indian case.
Now, what is happening with the PDP Bill? The Joint Parliamentary Committee (JPC) on the PDP Bill discussed suggestions made by the newly appointed chairperson Mr. P.P. Chaudhary, who proposed over 100 amendments to the draft. Some suggestions include dropping ‘personal’ from the title of the PDP Bill, expanding the scope of the data protection authority, and retaining clauses that allow the government to access non-personal data for public policy purposes. Certain members expressed concerns over delay in tabling the JPC report before Parliament due to fresh debate on the PDP Bill. The JPC got an extension to submit its report in the winter session of Parliament (November/December 2021). A delay in tabling the report was expected due to new appointments to the JPC. With the JPC completing 2 years in December 2021 since its formation, and previous reports indicating that it was close to finalizing its report, it is likely that the JPC may push to meet the extended deadline.
In an unusually regressive move, Karnataka joined the likes of Telangana and Andhra Pradesh in banning both games of skill and chance. The law has been opposed widely by various stakeholders, including the gaming industry, IAMAI and the Confederation of All India Traders.The chief minister of Karnataka clarified that the Bill only bans games of chance, and games of chance pretending to be games of skill. However, the language of the Bill explicitly states that games of skill will be illegal. The timing of introducing such a law is also questionable, given that the Madras High Court recently struck down a similar law passed by the Tamil Nadu government as unconstitutional. And the Kerala High Court also invalidated a law banning online rummy in the state. Even the Telangana government has stated that it will revise its previous law which banned both games of skill and chance to make it more industry friendly.
Arpit and Rutuja from our team told Medianama, “It is quite strange that the Karnataka government decided to go ahead with this law, despite several precedents on why a law like this is unlikely to work. There is the recent Madras High Court judgement, with many of its observations directly applying to this situation. Even more important are the recent statements from the Telangana government, which seems to have learnt from what happened in Tamil Nadu, and publicly emphasized that there is a need to pass legislations governing online gambling and gaming that wouldn’t suffer judicial setbacks. Even if one is to ignore the legal technicalities, it is also a bizarre decision for a state like Karnataka from a policy perspective — the state that houses the Silicon Valley of India is now shunting away one of India’s biggest sunrise sectors. Karnataka’s former IT minister also tweeted yesterday expressing concerns about this.”
Additionally, Ms. Sujata Chaturvedi (IAS, Bihar Cadre 1989) was appointed as the Secretary, Department of Sports. In her previous stint, she served at the Department of Personnel and Training (central government department for personnel management).
Digital media, online content and intermediary liability
In a meeting with social media platforms, Minister of State for Electronics and IT Rajeev Chandrasekhar said the requirement to trace messages under the Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021 (IT Rules) is not connected to breaking end-to-end encryption (E2EE) and is an “absolute necessity” for national security. WhatsApp had filed a petition challenging the traceability provision and argued that this would require it to break E2EE, which is violative of users’ privacy and free speech. Breaking encryption may expose user data to bad targets. Read Vijayant and Aman’s piece for the Quint where they unpack WhatsApp’s petition and examine different solutions offered by the government/experts on traceability.
Meanwhile, the Madras High Court said that the order passed by the Bombay High Court staying the operation of Code of Ethics under the IT Rules (set of guidelines governing digital news and OTT platforms) will have an all-India effect. Also, the government had sought a transfer of the petitions against the IT Rules pending in different state courts to the Supreme Court. There was no movement on the same until the Chief Justice of India while hearing another case against the media’s handling of the Tablighi Jamaat meeting, commented on the social media’s lack of accountability for fake news. To this, the government said that the IT Rules address this issue, requested that the Tablighi case be clubbed with the transfer petition, and the Supreme Court agreed.
In other news, Mr. Apurva Chandra (IAS, Maharashtra Cadre 1988) assumed the charge of the Secretary of Ministry of Information and Broadcasting. He has served at the Ministry of Defence, Labour and Petroleum & Natural Gas previously. He is also responsible for operationalizing the first smart industrial township (Delhi-Mumbai Industrial Corridor) in Aurangabad.
E-commerce and consumer affairs
Several government ministries raised concerns against the Consumer Protection (E-commerce) Rules, 2020 (Draft Rules). The Ministry of Finance objected to 12 proposals including the ones that ban discounted sales and said that the Draft Rules were ‘excessive’. The Ministry of Corporate Affairs said that the provisions on competition and abuse of dominant position fall under the ambit of the competition regulator. The Niti Aayog’s vice chairman Rajiv Kumar also wrote to Mr. Piyush Goyal, Minister of Consumer Affairs indicating that the Draft Rules would impact small businesses and “send the message of unpredictability and inconsistency in our policy-making”. Mr Goyal then clarified that such strong feedback will help the government in formulating a robust policy, and any reports of differences within the government is just an attempt to “sensationalise any feedback”.
Also, Mr. Anurag Jain (IAS, Madhya Pradesh Cadre 1989) assumed the charge of the Secretary of the Department of Promotion of Industry and Internal Trade (DPIIT). He played an instrumental role in the “Master Plan for Delhi-2041” which aimed at fostering a sustainable, liveable and vibrant Delhi through increased concretisation, privatisation and investments. And, Ms. Shruti Singh (IAS, Punjab Cadre 2004) took charge as the Joint Secretary of the DPIIT. She has supported regulatory reforms and initiatives for startups in India and worked in areas of industrial investment and district administration.
The National Health Authority (NHA) released consultation papers for comments on the three building blocks (unified health interface, the healthcare professionals’ registry, and the health facility registry) of the National Digital Health Mission (NDHM) in June and July 2021. The health interface is intended to be an open network for hospitals, healthcare professionals, service providers (mobile apps for telemedicine), patients to interact with each other regardless of what mobile/device they are using. The registries are intended to capture live and updated information about the various types of healthcare professionals (doctors, nurses, therapists) and facilities (clinics, hospitals). The NHA also conducted a stakeholder consultation on the design and governance of the issues, where questions on patient consent, accommodating the realities of the doctor-patient relationship, and various risks associated with choosing an open network approach to digital health were raised. We submitted our comments on the consultation papers. Also, the NDHM is being re-branded and launched as the Pradhan Mantri-Digital Health Mission.
The RBI’s Account Aggregator (AA) framework (notified in 2016) is now live. The framework currently includes 4 AAs – Finvu, OneMoney, NESL, CAMS Finserv, and 8 banks including the State Bank of India, ICICI, and IDFC Bank. AAs are entities licensed by the RBI as non-banking financial companies. They enable data sharing with user consent between financial information providers (like banks and insurance providers) with financial information users (like credit agencies or wealth management companies). Any entity regulated by a financial sector regulator such as the RBI, the Securities Exchange Board of India can participate in the AA ecosystem as an information provider or user.
For more fintech developments, subscribe to our new monthly newsletter- FinTales! Read past issues here, and subscribe by emailing firstname.lastname@example.org with the subject “FinTales”.