Naavi.org

This is part of a series of articles on the proposed Digital India Act set to replace the ITA 2000 which was once amended in 2008. Another small set of amendments proposed by a single man committee of T K Vishwanathan in 2017 was scrapped. Now MeitY is interested in bringing the law upto date to accommodate the current technology eco system which includes Blockchain, Artificial Intelligence, Meta Verse, Crypto Currencies and new crimes like Ransomware.

In this context some discussions have ensued in the media and provide our comments. Viewers may be aware that there is no other website in the world which has more comprehensive discussions of Cyber Law in India starting from around 1998 till date. If you click on the menu link on ITA 2008 and the next link on The Evolution of Amendments , you will reach the page where you can catch all discussions from E Commerce Act 1998 to ITA 2000, the Expert Committee suggestion of ITA 2005, then ITA 2008 etc.  (Click for the link here)

Now we will start our discussions on the Digital India Act as well from the news paper generated discussions now until the Act is finally passed. 

I request all interested persons to keep watching this space and add their comments.

We shall create a “Block Chain” of suggestions

Naavi

Previous Article

The Digital India Act appears to be the brainchild of Mr Rajeev Chandrashekar and the success or failure of the same may both be attributed to him.

While any clarifications in terms of a new law is welcome since many of our lawyers and even the Courts donot understand the Technology environment, let us also see how the old ITA 2000 itself can be applied for some of these issues arising out of new technological developments.

In one of the articles which appeared in Economic Times yesterday titled “Digital India Act to Police Social Media and OTT Platforms”, a ghost digital expert who is privy to the discussions appeared to have raised the following question in justification of the need for the new law.

Quote:

So, for instance, if a metaverse avatar bullies or sexually abuses another avatar, how does one even register such a crime?”

“Or, someone is stealing my crypto assets, replicating my NFTs, or for that matter, who could access my digital credentials, including Aadhar card data, or my finance data, or the food that I order on apps?”

Now let us try to interpret the status of the “Meta Verse Avatar” and the impact of its actions in the “Meta Verse Platform”.

In techno legal terms, a “Meta Verse Avatar” is an electronic document with a specific characteristics.  While an “e-mail address” is an electronic document with an associated name and any e-mails sent under that name can be attributed to the owner of the e-mail (May be with a digital signature to back or the intermediary to substantiate), the “Meta Verse Avatar” is also an electronic document with a more detailed set of parameters which gets converted on a computer screen not as abc@gmail.com but as a 3D picture. Just as one can send a series of messages in a WhatsApp account and each such message is an electronic document including an audio or a video, the actions of a meta verse avatar is also a video. While normal videos are pre-recorded, the Meta Verse avatar is a participant in the video in real time.

Hence laws applicable to an electronic document under ITA 2000/8 can be applied to the Meta Verse avatar.

The “Abuse” can be recognized that the victim avatar can identify herself and produce a Section 65B certified evidence about the conduct of the accused avatar whose identity may not be known to the victim. But the police can investigate and find out the identity of the accused avatar with the help of the Meta Verse platform which is the “Intermediary”.

It is possible that the “Abusive Act” might have happened in a “Public Meta Verse space” or a “Private Meta Verse Space”. A Public Meta Verse space is one where there are other avatars other than the accused and the victim. There is an element of “Virtual Defamation” in the crime. On the other hand if the abuse occurs in a private space where only the victim and the accused alone were there, then we are looking at “harassment” and consequences arising there of.

Current IPC has sections to address both defamation and harassment and they can be applied in this case using ITA 2000 along with the assistance of the Intermediary obliged to cooperate under Section 79.

We must however recall that our honourable Supreme Court did not understand the concept of “Digital harassment” when it struck down Section 66A under the wrong perception that “Publishing” and “Messaging” are same and hence “Harassment through messages” could be considered as “Free Speech” and hence restricting it through Section 66A was not correct. It came to the conclusion that Section 66A had a chilling effect on free speech and hence should be scrapped.

We can use the same incorrect judgement of the Supreme Court now and say that the so called sexual abuse of one avatar by another avatar is the free speech right of the accused avatar and hence Section 66A kind of legislation cannot be applied. Any way, now that Section 66A has been scrapped, one can use an appropriate section under IPC including sexual harassment and say that the “Psychological impact of the abuse on the victim avatar was equivalent to the physical sexual abuse” and hence can be brought under IPC provided the evidence is proved as per the ITA 2000 and Section 65B of Indian Evidence Act.

Hence we donot need to scrap the ITA 2000 to take the Meta Verse crimes to the Adjudicator or the Cyber Crime police.

The argument that we need to scrap the current ITA 2000 because it is incapable of meeting the current technological environment is therefore wrong.

( to be continued…)

Naavi

We have already started a series of discussions under the “Shape of Things to Come-New Data Protection Act of India” in which so far we have released 11 articles. At the same time a discussion has ensued on the part of the law which could replace the ITA 2000. We may need to parallelly work on another series of articles just to counter the motivated media reports that have started appearing.

Naavi.org  has been a watch dog on the attempts of vested interests who try to twist the arm of the Government to get laws made for themselves. We see a scent of this attempt in the withdrawal of PDPB 2019 after the JPC report and an attempt to also scrap and replace the ITA 2000.

While we continue to place positive suggestions for the Government to consider if they are trying to create better laws in good faith. But we will also call out any attempt to create “Criminal Friendly laws” in the guise of modernization of law.

We will therefore parallelly start releasing our views on the squealing that has started about the “Digital India Act”. When articles start appearing in unison in Quint, Media Nama, Economic Times, INC42 etc and speak in common voice on what needs to be done, it is clear that the vested anti India gang is at work.

Since yesterday, we have spotted the following articles.

1. Digital India Act to police social media and OTT Platforms- Economic Times
2. Digital India Act will monitor Social Media, Meta Verse, OTT Platforms: Report…inc42.com
3. Big Tech, OTT platforms stare at uncertainty as center plans to push through Digital India Act this winter session… Economic Times

It is clear that the first wave of attack is coming from the Social Media and OTT who have been at loggerhead with the Ministry since a long time.

In December 2018, a “Draft Intermediary Guidelines 2018″ was issued for public comments. It was vehemently opposed by the vested interests and the Government chickened out and did not take follow up action.

Then Mr Ravishankar Prasad and Prakash Javadekar mustered courage jointly holding each other’s hand and came up with the 25th February 2021 guideline. This was a courageous attempt by the usually hesitant Government to introduce a “Digital Media Ethics Code” It gave 6 months time for implementation .

But the vested interests immediately worked probably at the PMO level to strip both the ministers of their ministry berths and Ravishankar Prasad was banished to the oblivion for having taken on Twitter.

Even the JPC head Mrs Meenakshi Lekhi who appeared to be not pliable was eased out of the JPC with an offer of a ministry. Following Mrs Lekhi’s exit, the JPC recommendations were changed to such an extent that its root purpose was forgotten.

Today when the Ministry quotes “81 Amendments suggested by JPC” as one of the reasons for its decision to scrap the PDPB 2019, it is clear that the post Meenakshi Lekhi work at JPC was only to spoil the possibility of PDPB 2019 being passed.

We should not forget that the new JPC brought in from no where a recommendation on Crypto Currencies into the PDPB recommendations.  This indicated the forces which were at work in getting the law modified to meet the needs of the “Digitally Corrupt”.

It is stated that the Digital India Act will be used to legislate on Meta Verse and Block Chain as per the reports and also address the Crypto Scams.

The intentions are therefore clear enough for those of us who have been closely watching the politics of Crypto currencies. We can  understand that  “Anti India interests” are at work again to get  a law of their choice and all patriotic followers of Cyber Law development in India need to keep a watch on the developments from Delhi.

Who are the members of this Special Committee?

From the articles that have appeared, it appears from the quotes of as usual a “Ghost informant” that Meity has formed a “Special Committee” which is working on the draft.

We the Indians want to know the composition of this committee, who are the members, what are their antecedents and more specifically will they all give a declaration that they donot hold any “Crypto Currency” in their name or in their relatives names. If they have holdings of Crypto Currencies, they need to give a declaration of their holdings since they are going to suggest legislation on Crypto currencies.

Will the Government come out openly about its agenda on why JPC was scrapped and ITA 2000 is being amended wholesale? .

Recently the Minister of Urban Development made an announcement of providing shelter to Rohingyas and the MHA had to step in to correct it. Similarly we expect that the MeitY may come up with a “Criminal Friendly” and “Corruption Friendly” legislation and it will have to be corrected by MHA once again.

If things happen the way we donot want it to happen, Naavi.org will once again stand up against the injustice and fight for the people of India.

We hope things will turn out better and our fears are unfounded. We proceed with this premise and continue our discussion on what amendments should be considered in the new DIA.

(This is a personal fight of Naavi and does not the views expressed here are personal and does not reflect the views of any organization. At present  however, we place the trust in Narendra Modi Government to do what is good for the Indian Society though not all arms of the Government may be in sync with this Pro public stance)

Naavi

(Continued from the previous article)

P.S: This series of articles is an attempt to place some issues before the Government of India which promises to bring a new Data Protection Law that is futuristic, comprehensive and Perfect. 

The  Privacy Protection law applied to “Data” revolves around

a) Collection of Personal information based on a proper consent of the data subject

b) Processing of collected personal information  according to the wishes of the data subject

c) Use of the processed personal information according to the consent of the data subject.

While “Consent” is the principal basis for personal data collection, processing and use, necessity of Governance and Business require recognition of certain circumstances where the “Consent” has to be deemed to exist. Such situations can be described as “Legitimate Interest”.

“Legitimate interest” covers not only the business requirements of the data controller but also the requirements of the Government and the interests of the Public, other data subjects, emergency situations etc.

Hence “Consent” and “Legitimate Interest” are the two main pillars under which the entire Data Protection Principles can be built.

The normal perception is that PDPB 2019 was “Consent dependent” where as GDPR was not. The reason was that under GDPR, Consent was only one of the several basis on which lawfulness of processing was defined

Article 6  of GDPR recognized the following as legal basis. :

a) the data subject has given consent to the processing of his or her personal data for one or more specific purposes;
(b) processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract;
(c) processing is necessary for compliance with a legal obligation to which the controller is subject;
(d) processing is necessary in order to protect the vital interests of the data subject or of another natural person;
(e) processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;
(f) processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, in particular where the data subject is a child.

Point (f) of the first subparagraph shall not apply to processing carried out by public authorities in the performance of their tasks.

In the above, point (b) is directly related to a deemed consent. Point (C) is the right of the data controller, (d) relates to emergencies, (e) relates to (Public interest) and (f) relates to other “legitimate interests” which are commercial in nature.

The business interest included under point (f) should be considered as including the “Advertisement” requirements since “Advertising” is the fundamental right of a business entity since it cannot exist without communicating to its target market, what services or products it sells at what price and how does it distinguish its products from the competition, what are the unique selling propositions etc.

We may notice that under Article 19(1) of the Indian constitution, fundamental rights of citizens include carrying on a business of choice. Curtailing the freedom of conducting a legal business in an efficient manner and earning a reasonable profit is therefore a right of every business entity. If this requires “Advertising”, we should not consider “Advertising” to be a taboo. If “Advertising” is allowed as a fair business practice, then market segmentation and targeted messaging for different markets as well as the profiling of consumers for the purpose of marketing are all legitimate interests of a Data Controller.

Let us therefore shed our misconception that “Advertising” is bad and “Profiling for advertising” is bad and look at what part of advertising and profiling is bad and how they can be avoided or addressed.

So far, no attempt has been made in the data protection laws for regulation of “Advertising” or introducing an “Ethical Code for use of a profile”. Most laws indicate that “Profiling” whether it leads to correct or incorrect perceptions about the data subject is outside the basic purview of “Purpose of Processing”. There is no appreciation that “Advertising” itself can be a “Purpose” for which profiling is created. We need to set right this inadequacy in our laws.

In most cases of personal data processing, profiling is an automatic occurrence. Just as the moment we see another individual, our mind creates a profile of the person  based on his demeanour. The science of “Body Language” is nothing but making an inference out of the visible profile of a person. It is not possible to prevent this human trait. Similarly, when an organization observes certain activity of an individual, an automatic “profile” gets created.

In GDPR we call this as “Automated Processing” and we require the legal basis. For some thing which automatically happens can there be a legal basis? is the moot point. Suppose a customer of Amazon says don’t profile me by my buying habits, will it be feasible for Amazon to delete all buying information as if there is a “Right to Forget” that exists? Firstly the transaction information that contains the personal data of the data subject is a “Joint Data” and Amazon has as much right as the data subject to keep the data and use it as long as “No harm is caused to the data subject”.

Hence just as before I shake hands with you for the first time, I make a statement, donot judge me by my looks, gender, accent, height or colour, such “Denial of consent” has no validity.

Similarly, “Profiling” is a process which is automatic and it is the essence  of understanding the consumer for the purpose of advertising or service. A blanket ban on “Profiling” or “Automatic Processing” is therefore not reasonable.

However, “Automated Decision Making” is different from “Automatic Processing” since automated decision making may involve a potential harm to the data subject.

Once a profile is created, the information may be used either by the Data Controller himself for the improvement of his business or the information may be shared with a third party advertiser. This “Sale” of personal profile is another taboo in data protection law and we often consider it as unacceptable.

A time has come for data protection professionals and the law makers to take a fair view of the needs of “Advertising” and allow certain level of personal data processing which is reasonable and not harmful to the data subject.

We can achieve our objective of protecting the privacy rights of individuals without unduly hurting the business interests by focussing our regulations on the “harm” that may be caused by the misuse of personal information rather than banning certain aspects of its “Use”.

If therefore “Advertising” is declared as a collateral or incidental purpose of personal data processing and a consent is sought from the data subject at the time of collection, it should be considered as a fair request.

For the time being, considering the revolutionary nature of this suggestion, I would like to consider that use of personal information for “Advertising” should be considered as a special use and an “Explicit Consent” may be obtained instead of an ordinary consent or deemed consent.

We can achieve this by declaring that an “Advertising Profile” of a data subject as a “Sensitive Personal Information”.

Now if we go back to our definition of sensitive personal information and processing, we recall that we stated as follows: (refer article 8)

Processing 

“Processing” is defined as any alteration of a binary sequence of data elements and includes data aggregation, data modification, data deletion, data disclosure, data publishing etc.

This was purely a technical definition and was not related to the purpose of processing and did not include “Profiling”.

We may now add the following for definition of Profiling:

Profiling

“profiling” means any form of processing of personal data that directly or indirectly analyses or predicts the behaviour, attributes or interests of a data principal.

Explanation:

Profiling includes purpose oriented collection and arrangement of personal data elements such as Advertising profile, Health Profile, Financial Profile etc.

Sensitive Personal Data 

Personal Data which which may reasonably cause significant harm to the individual  in the hands of unauthorized person is classified as “Sensitive personal data” and includes 

a) Credentials for accessing restricted data

b) Health data

c) Financial data

d) Sex related data

e) Biometric data

f) Genetic data

We shall now modify the definition of “Sensitive personal Information” by including item

(g) Advertising Profile.

Correspondingly, we shall define “Advertising profile” as follows:

Advertising Profile

Advertising Profile means a collection of personal data elements of a data subject/Data Principal that represents the profile of the individual in terms of his commercial activities such as buying of goods and services and includes the intelligent insights that may be developed about the individual that may be used for advertising purpose.

Kindly note that when we use the word “Profile” instead of “Data” to define “Sensitive Personal Information” we are clearly defining that it is not one single parameter that we are defining in this definition but a “Profile” which is a collection of several parameters.

Under this consideration, we can perhaps make corresponding changes in the list of “Sensitive personal information” to replace Health Data, Financial Data or Genetic data etc with corresponding profiles.

We therefore re-define the “Sensitive Personal Information” as follows.

Sensitive Personal Data

Personal Data which may reasonably cause a significant harm to the individual  in the hands of unauthorized person is classified as “Sensitive personal data” and includes 

a) Credentials for accessing restricted data

b) Health Profile

c) Financial Profile

d) Sex Profile

e) Biometric Profile

f) Genetic Profile

(g) Advertising Profile.

As regards the restrictions to be placed on use of information for Advertising, we shall cover it under the compliance requirements since it is related to prevention of harm to the data subject.

By focussing the regulation from “Collection and Processing” to “Misuse and Harm”, the industry would be relieved from the restrictive regime of business involving personal data collection and legitimate use and focus more on the harm caused by the misuse.

This shift of focus may be used by unscrupulous business entities who may take advantage of the weaknesses in the enforcement mechanism. Hence these suggestions need strict vigilance and enforcement.

Currently we use the Data Protection Impact Assessment and the Privacy By Design Policy as instruments to capture the intentions of a Data Controller or Data Fiduciary and follow up with the Concurrent audit and mandatory annual audit as well as the 4% turnover based penalty.

In order to increase the deterrence, any intentional contravention of a “DPIA” or “Privacy By Design Policy” (which in PDPB 2019 required registration) should be considered as “Breach of Trust” and made punishable as a criminal offence subject to a safe harbor clause based on “Due Diligence”. (These will be discussed in detail in subsequent chapters)

It may be necessary that the Due Diligence should include DPIA to be used in any profiling process and should be mandatorily subjected to a DPIA which will be filed with the regulatory authority.

I request the readers to send their comments on the above.

Naavi

P.S: These discussions are presently for a debate and is a work in progress awaiting more inputs for further refinement. It is understood that the Government may already have a draft and may completely ignore all these recommendations. However, it is considered that these suggestions will assist in the development of “Jurisprudence” in the field of Data Governance in India and hence these discussions will continue until the Government releases its own version for further debate. Other professionals who are interested in participating in this exercise and particularly the Research and Academic organizations are invited to participate. Since this exercise is too complex to institutionalize, it is being presented at this stage as only the thoughts of Naavi.  Views expressed here may be considered as personal views of Naavi and not that of FDPPI or any other organization that Naavi may be associated with.

(Continued from the previous article)

P.S: This series of articles is an attempt to place some issues before the Government of India which promises to bring a new Data Protection Law that is futuristic, comprehensive and Perfect. 

In discussing Privacy Regulations, it is important for us to appreciate that problems related to Privacy arise from two important concerns namely the “Surveillance” by the authority and “Advertising” by companies.

Surveillance concerns arise because of the distrust in the Government of the jurisdiction and is inseparable from the politics. It is not easy to raise above politics and look at the needs of “Governance” and “Law Enforcement” beyond the fact that today there is a a particular regime in place. In constructing a new dispensation of the law, it is important that we raise above politics and look at issues only and not which party in power when we discuss how much of leverage should be there for the law enforcement agencies in terms of exemptions and derogations.

“National Security”, “Public Public Safety” and “Law Enforcement” are “Duties” of a Government enforced through the Constitution. No Government can abdicate its duty to maintain Sovereignty Integrity of the Country and hence cannot create a Privacy Law in which its powers to enforce law  is limited by design. It is therefore ultra vires the constitution to expect that there will be restrictions placed on the requirements of National Security as well as Public Safety and Law Enforcement.

Every Citizen also has a duty to ensure that “Sovereignty and Integrity” of the nation as well as public safety is maintained and hence should cooperate with the enforcement of the law for this purpose. Not providing such cooperation could therefore be considered as a punishable offence.

Indian Constitution recognizes and the Privacy Judgement of the Supreme Court (Puttaswamy Judgement) endorses that the “Right to Privacy” of an Indian Citizen is subject to the following “Reasonable Restrictions” under article 19(2)  which states as under.

Article 19(2) in The Constitution Of India 1949

Nothing in sub clause (a) of clause ( 1 ) shall affect the operation of any existing law, or prevent the State from making any law, in so far as such law imposes reasonable restrictions on the exercise of the right conferred by the said sub clause in the interests of the sovereignty and integrity of India, the security of the State, friendly relations with foreign States, public order, decency or morality or in relation to contempt of court, defamation or incitement to an offence

The above sub  section refers to Article 19(1) which states as follows:

Article 19(1) in The Constitution Of India 1949

(1) All citizens shall have the right

(a) to freedom of speech and expression;
(b) to assemble peaceably and without arms;
(c) to form associations or unions;
(d) to move freely throughout the territory of India;
(e) to reside and settle in any part of the territory of India; and
(f) omitted
(g) to practise any profession, or to carry on any occupation, trade or business

“Right to Privacy” is derived from Article 21 of the constitution which states as follows.

Article 21 in The Constitution Of India 1949

21. Protection of life and personal liberty

No person shall be deprived of his life or personal liberty except according to procedure established by law.

Though Article 21 itself does not by itself mention the reasonable exceptions, it is considered as applicable to all fundamental rights and the Supreme Court has further ratified this stand.

In the PDPB 2019, the Government was more conservative than what the Constitution provided by providing exemptions under Section 35 restricted only to

“the interest of sovereignty and integrity of India, the security of the State, friendly relations with foreign States or public order; or for preventing incitement to the commission of any cognizable offence relating to sovereignty and integrity of India, the security of the State, friendly relations with foreign States or public order,”

It is interesting to note that the Constitutional provisions support exemption in respect of “Decency and Morality” or in relation to “Contempt of Court”, “Defamation” and “Incitement of an offence ( in general and not necessarily considered cognizable)” but Section 35 omitted the exemptions under the considerations of  Decency and Morality” or in relation to “Contempt of Court” and  “Defamation”.

It  also reduced the scope of “Preventing incitement to an offence” to only “Cognizable offence” and further only in respect of the sovereignty and integrity of India, security of state, friendly relations with foreign states or public order, again omitting the “Decency and Morality” as well as “Contempt of Court” and “Defamation”.

Section 35 of PDPB 2019 was therefore  more conservative than what was required under the constitution  and also well within the limits of the Indian Constitution .

However, there was a strong opposition to this section and probably such opposition could be ascribed to the judiciary which was perhaps unhappy that “Contempt of Court” was removed from the exemption.  I do not think that removal of  “Decency and Morality” or “Defamation” from the exemption was much  of a concern. However, public were not able to understand the motivation in opposing the provisions of Section 35.

It is a separate debate whether the Government could have avoided the controversy by simply not making any change in the “Reasonable Exception”. But in that case the clauses such as “Decency” and “Morality” as well as “Any offence even if it is not cognizable and only related to sovereignty and integrity of India,  security of state, friendly relations with foreign states or public order” and “Defamation” could have been considerations under which exemptions could be claimed by the Government. This would have provided more sweeping powers to the Government which could be misused later by another regime.

We therefore not only should support the version of the PDPB 2019 as regards the exemptions, but also re-iterate in the proposed New Data Protection Act of India by a specific section in the “Preliminary Chapter” on Applicability.

Remember that PDPB 2019 did not define Privacy or Information Privacy directly and left it to the interpretation under the Supreme Court judgement. We considered this as inappropriate and suggested that it is the responsibility of the Government to come up with a definition and not leave it to the interpretation of the complying organizations.  Expecting a complying organization to define what they are expected to “Protect” when the nine member Supreme Court bench or the Government abdicates their responsibility to provide clarity is considered unfair.

We therefore recommended the definition of Privacy to be included in the Act  as follows:

Privacy

“Privacy is a fundamental right under the Constitution of India as an independent right under the Right to life and liberty that guarantees an individual that shall not be infringed except under due process of law as defined in this Act and  includes the following.

(a) “Physical Privacy” means the choice of an individual to determine to what extent the individual may chose to share his physical space with others.

(b) “Mental Privacy” means the choice of an individual to determine to what extent the individual may chose to share his mind space with others

(c) “Neuro Privacy” means the choice of an individual to determine to what extent the individual may share his neuro space with others

(d) “Information Privacy” means the choice of an individual to determine to what extent the individual may share data about the individual with others.

Explanation:

1.“Sharing” in the context above means “making the information available to another human being in such form that it can be experienced by the receiver through any of the senses of seeing, hearing, touching, smelling or tasting of a human in such a manner that the identity  of the individual to whom the data belongs may become recognizable to the receiver with ordinary efforts”.

Now we propose that we can add a second explanation to this section as follows.

2. The Right to Privacy referred to in this section is subject to the reasonable restrictions in the interest of sovereignty and integrity of India, the security of the State, friendly relations with foreign States or public order; and  for preventing incitement to the commission of any cognizable offence relating to sovereignty and integrity of India, the security of the State, friendly relations with foreign States or public order,

P.S: These discussions are presently for a debate and is a work in progress awaiting more inputs for further refinement. It is understood that the Government may already have a draft and may completely ignore all these recommendations. However, it is considered that these suggestions will assist in the development of “Jurisprudence” in the field of Data Governance in India and hence these discussions will continue until the Government releases its own version for further debate. Other professionals who are interested in participating in this exercise and particularly the Research and Academic organizations are invited to participate. Since this exercise is too complex to institutionalize, it is being presented at this stage as only the thoughts of Naavi.  Views expressed here may be considered as personal views of Naavi and not that of FDPPI or any other organization that Naavi may be associated with.

The Government of India has released a press note as follows:

Inviting comments on the Consultation Paper on ‘Need for a new legal framework governing Telecommunication in India’

Legal framework for telecommunication in India is governed by Laws which were enacted long before India’s independence. Technology has evolved significantly in the recent decades.

Stakeholders have been demanding evolution of legal framework to keep it in tune with changing technology. Therefore, Ministry of Communications has prepared a consultation paper on need for a new legal framework in telecom sector.

The consultation paper may be accessed at https://dot.gov.in/whatsnew/consultation-paper-need-new-legal-framework-governing-telecommunication-india.

Comments may be sent on the email ID : naveen.kumar71@gov.

Some of my immediate observations on the consultation paper are captured below for the comments of the readers.

1. The objectives of the proposed new legal framework governing telecommunication in India to bring better administrative clarity is welcome.
2. Today, telecommunication has merged with the Digital world and the Telecommunication network has become a network for carrying digital data. It is therefore similar to a Wide Area Network of electronic data. It has hardware which includes the “Tower Network” and “Content” which is “Data” that flows between users. The carrier is the “Spectrum” which is a unique “Virtual” asset. The regulations should cover all these segments of business.
3. Out of the above three segments, regulation of Towers in the form of licensing, prevention of harm through the radiation, the right of way etc are one kind of regulations that need to be put in place.
4. Second type of regulation is related to the “Spectrum” management which is a right to use a certain frequency band. The “Electro Magnetic Radiation” emanating from the towers is a similar phenomenon of something travelling through air and having a consequence but difficult to conceptually describe in a law. “Spectrum Management and “Radiation Management” are special areas of regulation unique to this industry.
5. Third type of regulation is related to the content. Since the content generated, transmitted and stored by the telecom industry is mostly “Digital” the regulation can be merged with the regulation of digital content. In order to regulate the small part of analog communication, the digital law itself may be used by a “Deeming effect” by declaring that Analogue communication for the purpose of regulation in this industry is deemed to be “digital” in form and regulations meant for digital content may be extended to analog content as well.
6. Fourth type of regulation is related to the end user equipment for receiving and transmitting telecom signals which may include the “Set Top Boxes”, the Routers” etc. These are also similar to the digital data transmission and processing devices such as “Computers” and “Mobiles” and hence care should be exercised not to create overlapping regulations.
7. Since the MeitY has made some announcements that they may consider a “Unified” law for Telecommunications and Information Technology, the DOT may consider to restrict the “Telecom Law” to the special requirements of the Telecom industry which relate to “Spectrum Management” and place the issues related to tower management, content management, Set top management etc to the “Unified Digital Law” that may be drafted for integration of the Data Protection law and Information Technology Act.
8. The entire telecom network may be declared as “Protected System” under the current Section 70 of the ITA 2000 and declared as “Critical IT Infrastructure” . Special powers may be notified to regulate the Critical IT Infrastructure which may include the “Right of Way”.
9. Framework for mergers, acquisitions and Insolvency provisions etc are also similar to the issues that arise in IT (eg  insolvency of Net4India and merger of CIBIL with TransUnion) and can be handled by the Unified law.
10. The Universal Service Obligation can also be merged with the IT regulations under the Unified law.
11. Penalties, as well as Public Safety and National Security also can be merged with IT regulations under the Unified law.
12. Hence if the Telecom regulations address “Spectrum” issue, most of the legal requirements would be adequately addressed. Since “Spectrum” also has relations to the “WiFi” which is a concern of the IT industry, it may not be impossible to merge the spectrum regulation also with the Unified law though it requires some innovative thinking.

(Welcome Comments)

Naavi