We are in the roaring 20s! 2019 was kind in that it brought challenges and victories alike. It allowed us to engage more meaningfully with you and with the tech policy community generally, through this Tech Ticker. We hope that this project has served its purpose of keeping busy tech enthusiasts abreast with important developments in the field and continues to do so going ahead. To kick things off this year, we’re sharing an annual review of all things tech in India in 2019.
2019 saw the release of the ministry of electronics and information technology (“MeitY”) report on India’s trillion dollar digital opportunity for economic growth (our summary). This was closely followed by the release of the contentious draft national e-commerce policy, which was subsequently shelved. The national policy on software products, 2019 (our summary) and the national policy on electronics, 2019 (our summary) followed in close succession. Mid-way through the year, the country was witness to its seventeenth Lok Sabha elections (our reading of the implications of the election results), which saw social media platforms observe a ‘voluntary code of ethics’ to ensure a free and fair voting process. Other important developments on data governance, online content, intermediary liability, cloud computing, cybersecurity fintech, blockchain, competition, and drones have been covered below.
The Personal Data Protection Bill (“PDP Bill”) kept us on our toes throughout 2019. Likely the most consequential development of the year, the PDP Bill was introduced in the Lok Sabha on 11 December 2019. The Bill was host to a number of significant changes from the bill recommended by the Justice Srikrishna committee of experts in 2018 (“2018 Bill”). To learn more about these changes, you can go through our clause by clause redline comparison of the 2018 and 2019 bills here. Subsequently, the Bill was referred to a committee comprising of members from both houses of the Parliament, which is expected to present its report at the end of the 2020 Budget Session (more commentary on the PDP Bill by Ikigai Law can be found here).
Pertinently, the PDP Bill retains localisation requirements for sensitive and critical personal data. This is despite industry pushback against, and advocacy for, unrestricted cross-border data flows. On the other hand, PayPal and Whatsapp – among others – confirmed their willingness to comply with the Reserve Bank of India’s (“RBI”) data localization norms for payment systems in India.
While the PDP Bill governs personal data, the MeitY constituted a committee of experts to deliberate on a governance framework for non-personal data (“NPD”) as well. The committee is likely to release a white paper in 2020, after holding closed-door consultations with various stakeholders.
This year was notable for an increased regulatory creep signalling the Telecom Regulatory Authority of India’s (“TRAI”) drive to regulate cloud computing services. The latest development in this chain was the TRAI’s consultation paper on formulating a ‘self-regulatory’ industry body for governance of cloud service providers (“CSP”). This followed the TRAI’s consultation paper on enhancing the scope of telecom infrastructure companies, in which it floated the idea of a registration framework for CSPs with the department of telecommunications. Later, it also released recommendations on other service providers (“OSP”), endorsing the inclusion of ‘other services’ under the scope of an OSP.
The end of the year saw murmurs that the National Cybersecurity Coordinator was working on a new National Cybersecurity Policy, to be released in early 2020. While an updated policy is in many ways more imminent than necessary (the previous national cybersecurity policy was released in 2013), movement on this front may have been rushed due to the number of cyberattacks in 2019. WhatsApp was infected by the Pegasus spyware in October while in September, Google also wrote of a staggering number of cyberattacks in India. To give a better idea of India’s year with cyber-security, we found this collation of the biggest data breaches in 2019.
2019 saw substantial activity on the intermediary liability front, with law enforcement access and fake news occupying centre stage. Principal to this movement were the forthcoming Information Technology [Intermediaries Guidelines (Amendment) Rules] (“Draft Intermediaries Guidelines”) – likely to be released any time now – and the WhatsApp traceability case. Specifically, the WhatsApp case held everyone’s attention as the Supreme Court delved into questions concerning law enforcement access, decryption, breaking system architectures, fake news/hate speech, and surveillance. We keenly await the Supreme Court’s judgment in 2020! Globally, 2019 also saw the US, UK and Australian governments writing to Facebook asking it to design encryption in a manner that ensures law enforcement access.
Fake news and objectionable content remained under intense scrutiny across the world. In February 2019, the UK government published its report on disinformation and ‘fake news’. Facebook experimented with an independent 40-person oversight board and a 24×7 response team in Singapore to tackle objectionable content. In India, WhatsApp collaborated with the NASSCOM Foundation to spread digital literacy, while Twitter added a new feature on its platform allowing users to report misleading content around India’s 2019 general elections. TikTok was temporarily banned in India by the Madras High Court in April 2019, which alleged that it exposed children to paedophiles, pornography, inappropriate content, and addiction.
Much to the relief of online content streaming platforms, the minister of state for electronics and information technology, Sanjay Dhotre, informed the Indian Parliament in the 2019 winter session that the government does not plan to introduce censorship for online content streaming platforms. Further, the erstwhile secretary to the ministry of information and broadcasting, Amit Khare stated that the government was in favour of a self-regulatory model for content streaming platforms. At the same time, the TRAI began initiating discussions on its consultation paper on the regulation of over-the-top (“OTT”) services. In furtherance of this, the TRAI held open house discussions in Bangalore and Delhi seeking inputs for a regulatory framework for OTT services in India.
In May 2019, the report, which proved to be an important document for the fintech industry. 2019 also saw the finance minister Nirmala Sitharaman controversially propose to scrap merchant discount rates for merchants with an annual turnover of over INR 50 crore provided they offered low-cost digital payment options (such as UPI) to their customers. November also saw BHIM UPI go international for the first time with its demonstration at Singapore FinTech Festival 2019.
This year saw Facebook enter the cryptocurrency market, revealing controversial plans to release its stablecoin Libra soon (Anirudh Rastogi co-authored this piece on the significance of this launch). On the flip side, this led central banks across the globe – especially China – to consider creating their own cryptocurrencies. Breaking from the crowd, an Indian inter-ministerial panel recommended banning all private cryptocurrencies citing possible misuse. The panel also submitted the draft Banning of Cryptocurrency and Regulation of Official Digital Currency Bill, 2019 which criminalises holding, selling and dealing in cryptocurrencies with up to ten years in prison. The hearings at the Supreme Court in the writ petitions challenging the constitutionality of the RBI circular imposing a ban on the cryptocurrency industry’s access to financial services have concluded and the judgment is awaited. Ikigai Law represents the industry in this matter.
2019 kept the Indian drone ecosystem occupied with trying to comply with the Directorate General for Civil Aviation’s drone policy of 2018. Significantly, it certified drones of two Bengaluru-based start-ups after they complied with the no-permission, no-takeoff protocol under India’s new drone policy. In another small yet significant move, the DGCA asked select stakeholders for their views on allowing drones for civilian and commercial purposes, including commercial deliveries, and also initiated a registration process for all existing drones in the country. Away from India, we learned that Wing LLC, the aviation subsidiary of Alphabet Inc. (parent organization of Google) secured a license to make drone deliveries in parts of Virginia, US. Amazon followed suit for deliveries in limited states of the US.
In the digital competition space, the US Department of Justice initiated anti-trust investigations against Google and Apple Inc. The US House Judiciary Committee’s anti-trust panel summoned Google, Apple, Facebook and Amazon for a meeting to discuss their growing monopoly in the digital arena and its effects on innovation. The US Department of Justice hinted at an investigation of leading tech companies for anti-trust practices. Closer home, the Competition Commission of India increased its scrutiny of e-commerce behemoths Amazon and Walmart for alleged anti-competitive practices, culminating in it ordering a probe against them in the early days of 2020.
By end 2019, the MeitY released 4 reports on artificial intelligence (“AI”), with insights on developing an open data platform for AI for leveraging AI in critical areas such as health, food and education and the possible regulation of AI.
By Ikigai Law
2019 was an exciting year for Ikigai Law, bringing challenges that pushed us outside our comfort zone. September saw the release of an Ikigai Law authored IAMAI report titled ‘Digital Technology Policy for India’s USD 5 Trillion Economy’, which serves as a handy primer for anyone interested in India’s tech law and policy space. In October 2019, Aparajita Srivastava, principal associate and Nehaa Chaudhari, Director, public policy authored a paper analysing the net benefits of social graph portability to users and platforms. We also held a roundtable on the government’s proposed amendments to the intermediary guidelines and their effect on intermediary safe harbour in Bangalore, which saw substantial footfall. Rishwin Chandra Jethi authored a piece comparing online content regulation standards in different jurisdictions. In light of the government appointed committee examining governance frameworks for NPD, Vijayant Singh explored various data marketplace models for voluntary data access while Sreenidhi Srinivasan wrote on the possible motivation behind the constitution of the committee. After the release of the Personal Data Protection Bill, 2019, our team created checklists to help organisations comply with the forthcoming bill.
We are happy to report that our efforts and expertise in the field of tech law and policy were able to secure us some awards in 2019. We were recognised as the ‘Mid-size Law Firm of the Year’ and the ‘Best Legal Advisor to Start-ups of the Year’ by the ILA; Asian Legal Business recognised us as the ‘Boutique Law Firm of the Year’ and ‘Asia’s Leading Law Firms to Work For’; and our TMT practice was ranked and Anirudh Rastogi was named as a recognised practitioner by Chambers and Partners.
We hope that you derive similar value from our work and look forward to the opportunity to work with you in the years ahead.