Naavi.org

(P.S: This is In continuation of the Earlier Article/s on the subject)

The High Level Committee which gave its recommendations on Arbitration was named as a “Committee to review Institutionalization of Arbitration Mechanism in India”. I am not sure if there was a typographic error in the title of the report which could have been “Review of Institutional Arbitration Mechanism in India”.

The title “Institutionalization” suggests that it was a “Fixed” objective of the Committee to “Institutionalize” the Arbitration mechanism in India. The objective was not to “Review the Institutional Arbitration and suggest improvement”. Just as Government agencies define a specification of a tender document so as to suit a particular objective, this Committee was given a myopic objective to suggest how to institutionalize the system rather than how to improve the efficiency of the system.

It is therefore not surprising that the Committee went about conducting its work with the sole objective of turning all its survey observations to the direction of further institutionalization of the ADR process in India rather than making the existing system more efficient.

The approach of the Committee is therefore not keeping with the objective of Mr Modi to have “Less Government and More Governance”. It follows the good old preference of the bureaucracy to have “More Government and Less Governance”. In the process public money is being looted by the Government machinery as expenses while the tax payer keeps contributing to the kitty.

In pursuance of this principle, the Committee observes ” Arbitral Institutions are not working well and therefore we shall create more institutions to supervise institutions”.

Everybody in the Government is happy with this approach since it gives an impression of something being done without any movement on the ground. But more positions are created for the Delhi Babus and the Retired Judges in this case along with more offices, more office staff, more office cars etc.

I would like Mr Modi and Arun Jaitely to review this approach. Recently Mr Jaitely scrapped Cyber Appellate Tribunal unmindful of the consequences on the Citizens in the pretext of saving costs. At the same time scores of CERTs are being created and now several new institutions are being recommended by the High Level Committee when the ADR system itself is not yet adopted by the community fully. Is there any logic in such a move?

At one time we used to make fun of bureaucracy that whenever a decision is to be postponed they are in the habit of creating a “committee”. Now the trend is whenever a decision is to be taken, suggest a “New Institution”.  Either the decision will be endlessly delayed or if it happens, there are many executive positions at Government cost that become available to the influential people who swarm Delhi’s power corridors.

Modi Government is being cheated by the bureaucracy with this approach which in the long run will increase the number of needless departments and institutions that are running at the cost of the tax payer’s money.

Keeping this tradition, this Committee suggests

a) Arbitration Promotion Council of India, (APCI) an autonomous body which will grade arbitral institutions and provide accreditation for arbitrators.

b) Specialist Arbitration Bar consisting of arbitration lawyers, providing courses etc

c) Specialist Arbitration bench  consisting of Judges who will be trained by National Judicial Academy

d) International Center for Alternate Dispute Resolution as a “Flagship Arbitral Institution”.

e) Creating a post of an International Law Adviser

f) Establishing a 5 member permanent Inter-Ministerial Committee

etc.

We need to justify whether the above institutions are actually required to be set up or they can be carved out of the existing institutions so that costs and administrative lag can be reduced.

The suggestion will ultimately create a ADR structure which will be a shadow of the Judicial structure with multiple institutions each trying to outdo the other and end up preventing a smooth functioning of the system.

There are already bar councils of several description in the country which serve the entire community of advocates. Other professionals such as Chartered Accountants, Computer Specialists, Civil Contractors, etc have their own industry organizations overseeing professionals in their respective domains.

It should therefore be possible for a “Committee to be formed under say the Law Ministry” which can take up the responsibility of creating “Arbitrator Capacity Building” within their domains and share the knowledge on a common platform so that litigants can chose their preferred Arbitrators. Ultimately it is the rating given by the litigants that should build the value of the Arbitrators. A review system where litigants submit their reviews and is supervised by the committee of experts should be sufficient to create a system of “Grading” of the Arbitrators and also the “Arbitratral Institutions”.  Similarly the academic institutions including the Judicial academies can take up education aspects without the need for the APCI.

I therefore suggest that there is no need for an APCI as an institution and instead an adhoc committee of stake holders under the Law Ministry should be able to handle this responsibility. The Law Secretary or an Additional Secretary can lead this committee with his present secretariat. This will enable possibility of action from tomorrow without the need to create a new institution by a further amendment of ACA2015 as the committee proposes.

Ministerial committee can be called from time to time as required without any permanent cost again under the supervision of the Law Ministry.

The need for International Law Adviser might have been felt after the Kulbhushan Jadhav case and this requirement is not restricted to Arbitration but extends to all matters of international legal issues. The External affairs ministry may coordinate with the Law Ministry and the CJI informally to identify the best talent available for this purpose which may differ from case to case depending on the nature of the issue. A Permanent International Law Adviser has the risk of ending up as an adviser to advise who else has to be appointed to handle a particular assignment and nothing else.

The need for an International Center of ADR is a misnomer since every “Institutional Arbitration Councils” should have the necessary expertise for undertaking “International Arbitration”. Domain/Sector specialization is key to the acceptance of the International Community and hence each of the existing Arbitral Institutions should develop a “Domestic Wing” and an “International Wing” and develop the International Expertise within its own sector specialization.

There is actually a need for an International Center for ADR for the IT industry because no such institution exists in India and India is in the forefront of IT industry on a global platform and can claim both a stake in this arbitration and also an expertise.

Effort should be to encourage the industry bodies to think of such sectoral arbitral instituions with the assistance of the Law Ministry. For example, NASSCOM or STPI could very well take up the initiation of such a project for the IT industry and this has already been proposed by the undersigned to some decision makers.

There could be similar opportunities in other industries such as Auto industry or Pharma Industry and representatives from each of such sectoral International arbitral institutions can form a “Federation of International Arbitration Institutions of India” which ultimately may emerge as an industry led apex representative body for International Arbitrations making it possible for India to be considered as an International Center for Arbitrations.

We have already highlighted many times that being the “International Center for ODR” is a step in the direction of India developing into an “International Center for ADR” and hence we need to focus on this niche position which is not occupied by countries like Singapore in the ADR space.

Just as the Specialist Bar will only serve the advocates and does not accommodate professionals from other areas, Specialized Bench will also be only serving the current Judicial members. They can be supported within the current systems so that it does not appear that Arbitration becomes the sole preserve of Lawyers and Judges.

The net suggestion therefore is “Donot Create Multiple Institutions, Make use of the existing infrastructure of bureaucrats and the industry led associations to meet the objectives for which APCI, Specialist Bar and Bench etc are being contemplated.

Also Keep the basic principle that Arbitration (and more so the Mediation) can be effectively handled by Non-Advocates and Non Judges and any attempt to make it the sole preserve of Judiciary and Lawyers is dysfunctional and should be avoided.

Naavi

All Articles

Amendments to ACA 2015 suggested by Srikrishna Panel on Arbitration
Srikrishna Panel: Donot make Arbitration the exclusive preserve of Lawyers and Judges
Two Major Failures of the SriKrishna Committee on Arbitration
Ten Commandments of the Justice Srikrishna Committee… and where the Committee has failed?
Justice Srikrishna Committee on Arbitration Submits its report

(P.S: This is In continuation of the Earlier Article/s on the subject)

If ADR (Alternate Dispute Resolution) in India has failed to take off even after the Amended Arbitration and Conciliation Act (ACA 2015), the root cause has been that the system is being controlled by a few Arbitral Institutions which are not able to effectively transform themselves and keep pace with the development.

During the last few years, I have personally contacted most of these Arbitral Institutions and tried to discuss the possibility of using Online Dispute Resolution mechanism (Check at www.odrglobal.in) to establish a transparent, accountable, economic and faster arbitration system in India. But none of them have shown interest in exploring the possibilities.

The Srikrishna Committee’s major failure is that it has not recognized and addressed the issue of “ODR as an instrument of Improvement of ADR in India”.

Was every member of the committee ignorant about ODR? If so, it speaks bad about their preparation and the quality of secretarial support they got and undermines the value of the entire report.

Even assuming that the websites adr.ind.in or naavi.org or odrglobal.in are too insignificant for the High Level Committee to look at, since the UNCITRAL model law on ODR is under discussion in the international circles, and several academic institutions and blogs have been discussing ODR as a concept, it is unthinkable that the “High Level” Committee was unaware and did not consider it necessary to at least make a mention of ODR and reject it if necessary in its deliberations.

It cannot therefore be accepted that the Committee was ignorant of ODR nor the issue was not brought before it for discussion. We must presume that the Committee did not want to make even a mention of ODR in its report and wanted to completely suppress any discussion there of.

One of the terms of reference of the committee was evolving an effective and efficient arbitration eco system for commercial dispute resolution. Under this it was imperative that the committee should have considered the use of technology which would have led them to a discussion on ODR.

The omission of ODR discussion by the committee directly indicates the mindset that is also the root cause for the failure of ADR becoming popular in India.

Without addressing this “Mindset Problem”, merely creating more institutions for regulation will only increase the overhead for the Government and will not lead to any improvement of Justice Delivery on the ground.

The Mindset Problem

The Committee recorded that there are presently over 35 arbitral institutions in India. (though only six of them responded to the Committee in its survey).

The Committee recognized that the rules and practices followed by these institutions as well as the infrastructure are outdated and inadequate. The committee also acknowledged several oter drawbacks in the existing arbitral institutions.

These observations could have been a used to make a case for promotion of “Adhoc Arbitration”. But the Committee used all its observations on the weaknesses of the Arbitral Institutions to make a case for investing more time, effort and money to strengthen these Institutional arbitration system rather than giving a thought to improvement of the Adhoc Arbitration System.

The real problem that afflicts the Institutional Arbitration system in India is because they are not being run with the objective of being an institution that can ease the grievances of the public. It is the reason why (as the committee itself notes) many of them donot have even a website let alone other public over reach programs. Most of the e-mail addresses of the enrolled arbitrators in these institutions are not reachable or perhaps donot exist. Public are therefore not the first priority of these institutions. Even the enrollment of eligible members of the profession is also not a priority though a few do conduct training programs and generate revenue in the process.

I am sorry to observe that most of the time, it appears that these arbitral institutions become a place for accommodating retiring judges with some position of power and an opportunity to take up lucrative assignments.

I have no objection for retired judges to have an opportunity to use their knowledge and skill for their own post retirement benefit as long as it does not become a hindrance to the development of the society and block the development of “Alternate” means of Dispute Resolution.

When ODRGLOBAL suggested online arbitration with a “Recording” of the arbitration proceedings, most existing institutions saw it as a threat to their current system which hides the inefficiencies and possible biases that may creep into the arbitration process which may get exposed if the proceedings are recorded.

The reason why most arbitrations end up in litigation and prolong the resolution (which has been addressed to some extent in the ACA 2015) is that the party which has lost the Arbitration does not trust the neutrality of the Arbitrator. The recording of the ODR deliberations would have eliminated this distrust. But inefficiencies of the arbitrators and their biases would have come out into the open. The same judges who today oppose recording of Court proceedings have objections to the recording of the arbitration proceedings also.

We often hear about nepotism in  Judicial appointments. Similarly the allocation of arbitration opportunities in the arbitration institutions often are not fairly distributed and donot give opportunities based on special skills and domain knowledge that some potential arbitrators may bring in.

The mindset of vested interests controlling different arbitral institutions prevent any major change in the rules of appointment of arbitrators and hence qualified and efficient arbitrators without a God Father in the Judiciary donot like to be part of the system and rather would prefer Adhoc Arbitrations.

Without addressing these type of contentious issues, the High Level Committee makes a case for discouraging Adhoc Arbitrations and recommends investments in Institutional Arbitration. This is not the right strategy for development of the ADR System.

The Advantage of Adhoc Arbitration System

If Adhoc Arbitration is encouraged, it will be able to provide an opportunity for young Advocates to look at “Arbitration” as a career (Which also will provide a stock of Mediators). It will also provide many non advocate domain specialists to take up arbitration.

Once all advocates see the opportunity to create a career in Arbitration, they will automatically ensure that every Contract automatically incorporate arbitration clauses and encourage their clients to go for arbitration even as an after thought.

Today advocates encourage litigation because they are only familiar with this system and are not concerned about the delays.

In the new ACA 2015 which provides for time bound completion of Arbitrations and incentives for early completion as well as dis-incentives for delays, the commercial disputants would be happy to resolve the issue one way or the other quickly and go ahead with their activities rather than pursuing litigation in Courts for years.

The new ACA 2015 also makes it difficult to challenge the arbitration on flimsy grounds and hence the delays due to judicial challenges can be reduced if the Judiciary actually responds positively.

The Committee’s conclusion that Adhoc Arbitration results in delays is therefore unfounded.

The only argument in favour of Institutional Arbitration against Adhoc Arbitration is that Institutions can put in efforts to bring efficient and honest persons in their panel, train them and ensure that a person who is unworthy of sitting as an arbitrator does not get an opportunity.

However, the Arbitral Institutions have failed to adequately discharge this responsibility of creating better talents and giving them a fair opportunity and they may not do so in future also.

This comment is not to be construed as a criticism of all Arbitral Institutions. If a few of the institutions do discharge their responsibilities properly, they can continue to do so without the need for any discriminatory preference under the regulations.

The recommendations of the committee is in the nature of supporting inefficient arbitral institutions  instead of leaving it to market forces to provide an opportunity for  efficient adhoc arbitrators to fight on their individual strengths.

Discouraging the growth of Adhoc Arbitral systems and encouraging inefficient Arbitral institutional mechanism is to be considered as the Second most important failure of the High Level Committee. 

Naavi

All Articles

Amendments to ACA 2015 suggested by Srikrishna Panel on Arbitration
Srikrishna Panel: Donot make Arbitration the exclusive preserve of Lawyers and Judges
Two Major Failures of the SriKrishna Committee on Arbitration
Ten Commandments of the Justice Srikrishna Committee… and where the Committee has failed?
Justice Srikrishna Committee on Arbitration Submits its report

The High Level Committee to Review the Institutionalization of Arbitration Mechanism in India under the Chairmanship of Justice B.N.Srikrishna, (HLC-IA) was constituted with the specific objective of examining the roadblocks to the development of institutional arbitration and prepare a roadmap for making India a “Robust center for International and Domestic Arbitration”.

The Committee has now produced its report and contains several suggestions. Given the reputation of Justice B.N.Srikrishna, the recommendations would be given due consideration and implemented in due course.

The Committee’s recommendations and the follow up actions by the Government have the potential to bring significant changes to our society and it is essential for Citizens and Professionals in the related areas to ensure that the Government’s future actions in this regard do not get derailed from the central objective of “Freedom from inefficiency in Dispute Resolution System in India”.

We therefore raise certain issues for debate through these columns with the hope that the Government would take note of some positive suggestions that may arise out of this debate.

I invite public to join this debate and add their views to make the debate useful.

The principal recommendations of the committee consist of

1. Grading of Arbitral Institutions through Arbitration Promotion Council of India (APCI)
2. Accreditation of Arbitrators through APCI
3. Creation of specialist arbitration bar and bench
4. Legislative support for institutional arbitration
5. Amendments to Arbitration and Conciliation Act to remove some ambiguities
6. Setting up of the International Center for Alternate Dispute Resolution (ICADR)
7. Some Recommendations on the Management and Resolution of Bilateral Investment Treaty (BIT)
8. Creation of the post of an “International Law Adviser”
9. Permission to Foreign Lawyers to represent clients in International arbitrations held in India
10. Separate legislation governing Mediation

We shall discuss these Ten  Major recommendations individually to take on record what the committee has suggested and also to point out further changes that may be considered.

Naavi has been in the forefront of creating awareness about the benefits of Alternate Dispute Resolution as a necessary development in India and has highlighted the need for making India the International Hub for Arbitration, Establishing a Cyber Disputes Mediation and Arbitration Center, An International Arbitration Council for IT industry, Taking the global lead in ODR infrastructure etc. These have been discussed over a period of time under naavi.org and ADR Knowledge Center. (http://adr.ind.in/wp/).

It is therefore natural that we observe that the HLC-IA while providing some very essential recommendations has also failed to recognize some aspects that required to have been part of the considerations of the Committee.

It is our duty to make bring this to the notice of the public so that at least at the time of implementation of the suggestions, these issues will be given a due consideration.

The Committee set about with a given terms of reference which was to focus on the “Arbitral Institutions” and therefore it was constrained in its approach. The more important focus should be how to liberate the Indian Citizens from the inefficiencies of the dispute resolution mechanism in India led by the Judicial system where “Delays” are more the norm than the exceptions. Delay in Justice delivery encourages extra constitutional settlement of disputes and raise of corruption and violence in the society.

Hence improvement in the system of “Alternate Dispute Resolution Mechanism” should be our focus and not restricted to improvement in the system of “Institutional Arbitration”. We find this the major lacuna in the setting of the agenda of this Committee and the final outcome.

We shall elaborate on this in subsequent articles.

I request the Government and the Members of the committee to look at the views presented here in a series of articles as positive suggestions and not as criticisms.

Naavi

All Articles

Amendments to ACA 2015 suggested by Srikrishna Panel on Arbitration
Srikrishna Panel: Donot make Arbitration the exclusive preserve of Lawyers and Judges
Two Major Failures of the SriKrishna Committee on Arbitration
Ten Commandments of the Justice Srikrishna Committee… and where the Committee has failed?
Justice Srikrishna Committee on Arbitration Submits its report

I wish at least after 70 years, we move towards an Independent India where every type of discrimination and bias in Law and Governance such as based on Religion, Caste, Language, Gender, State etc in  are removed and there is real equality for all, appeasement to none….. and also ….independence from Cyber Crimes

Naavi

TRAI has released a consultation paper on Privacy for comments from Stake holders. A Copy of the Consultation paper is available here: 

Comments from stake holders have been invited by 8th September 2017 and counter comments can be submitted by 22nd September 2017.

Comments and counter comments can be sent by e-mail to arvind@trai.gov.in or bharatgupta.trai@gmail.com

---

“Privacy” is a complicated subject which is presently under discussion in different fora including the Supreme Court. “Protecting Privacy” is a democratic principle and addressed as a part of the Human Rights commitment of the society. Privacy Protection is presently recognized in India through various Supreme Court Judgements as a derivative of the Rights under Article 21. (Refer here). As a constitutional right a Citizen may be able to seek remedy from the Government but when seeking remedy from others there is a need for statutory provision that defines what is the extent of the Right, how to evaluate damage and how the compensation can be provided etc.

At the same time, when “Privacy Information” is available in the form of “Data in electronic form”, other legislation such as ITA 2000/8 have provided remedies in different forms. Many times, industry recognizes “Data Protection” as synonymous with “Privacy Protection”.

We shall leave for now the larger debate of whether Privacy protection is equivalent to protection of the data related to Privacy of a person or it is a reasonable approximation.

We know that at present a “Data Protection Act” is being drafted and it may define the scope of data protection and its relation to Privacy. Supreme Court may simply recognize “Privacy” as a “Fundamental Right” subject to “Reasonable Restrictions” and leave it to the legislature and executive to define what is “Reasonable”. The ball will be back in the Court of the legislature and Executive to take this forward.

In this direction, we can appreciate that TRAI is trying to pre-empt a discussion on what the “Data Protection Act” can do through the issue of the Consultation Paper. If the Supreme Court leaves it to the legislature and the legislature through the Data Protection Act agrees for a “Sectoral Data Protection Officer for Telecom Industry”, then TRAI’s present efforts will give it a head start for defining the policies and procedures for data protection by the “Telecom Sector Data Protection Officer”.

Government of India has already proposed a “CERT for Telecom” and this CERT_TEL has to define what constitute a “Breach” that needs to be monitored by the CERT-TEL. The definition of the “Breach” in this context is linked to the expectations of “Data Protection” requirements which this consultation paper tries to address.

Hence TRAI appears to be thinking ahead and preparing itself to draft the guidelines for its CERT-TEL besides assisting the Data Protection Act to be drafted with sufficient scope for TRAI to retain its hold on the industry.

Keeping all this complications in mind, it is not easy to comment on the consultation paper without a good debate. I wish different groups of experts discuss the consultation paper and come up with their own views.

As always, it is better to start with a template for discussion and hence Naavi.org would like to place its preliminary views on the consultation paper for public view here and request members of the public to either submit their comments directly to TRAI or atleast send their comments here and enable me to consolidate and submit.

My Preliminary Views are therefore presented here in below:

 

Q.1        Are the data protection requirements currently applicable to all the players in the eco-system in India sufficient to protect the interests of telecom subscribers? What are the additional measures, if any, that need to be considered in this regard?

Current data protection requirements from the consumer perspective are addressed by ITA 2000/8. The Telco is an “Intermediary” subject to Section 79 of ITA 2000/8 in some instances of data flow. In some other instances of data flow such as the subscriber information, Telco is a Body Corporate which collects and uses the data for its own purpose and is therefore subject to Section 43A of ITA 2000/8. Under Sec 72A, (as well as Sec 79) Telco is also liable for contractual breaches and Sec 72A applies to all  “Personal Information” though under Section 43A, the liabilities are limited to Sensitive personal Information only.

The requirements of law enforcement for interception are also addressed adequately both under the Telegraph Act and ITA 2000/8 (Sec 69,69A,69B,70B) of the ITA 2000/8.

These provisions if properly implemented are good enough to provide protection of the data from the privacy perspective of an individual availing a service from the Telco.

The problem however is that the law regarding data protection is not properly implemented and there is no proper deterrence for violation.

Under ITA 2000/8 any contravention has to be handled by means of a complaint by the affected party to the “Adjudicator” or the “Police”. Police are overburdened and will accept complaints only if a serious criminal offence has taken place. Adjudicators are largely not keen to take up complaints suo-moto and complaints can be filed only of the telecom subscriber can prove a financial damage.

We therefore need to strengthen the “Grievance Redressal mechanism”  under the ITA 2000/8. Though this is mandatory under Section 79 of ITA 2000/8, no TELCO is presently compliant with ITA 2000/8 and hence there is no proper grievance redressal mechanism in place. Presently the TELCO grievance redressal is only focused on the billing disputes and most of the time, TELCOs get away by cheating the customers with false billing and the grievance redressal mechanism becomes a sham.

TRAI has failed to respond to customer complaints even when it is brought to their attention since it does not have its own mechanism to handle subscriber complaints against TELCOs.

We therefore need the following action:

1. TELCOs need to introduce online dispute resolution mechanism and appointment of a suitable Ombudsman (could be at least one for each state) to address the grievances.
2. TRAI should respond to subscriber complaints by raising an automatic Customer Complaint Ticket on line and keeping it open until the TELCO resolves it.

Q: 2:  In light of recent advances in technology, what changes, if any, are recommended to the definition of personal data? Should the User’s consent be taken before sharing his/her personal data for commercial purposes? What are the measures that should be considered in order to empower users to own and take control of his/her personal data? In particular, what are the new capabilities that must be granted to consumers over the use of their Personal data?

There are three kinds of data that a subscriber interaction with the TELCO generates and the policies may have to be different for each of these kinds of data.

The three kinds of data are

1. Data supplied by the subscriber at the time of creation of an account
2. Data generated for billing and usage purpose by the TELCO
3. Data that accumulates about the usage habits of the subscriber which automatically flows through the network of the TELCO and can be either stored or discarded at the discretion of the TELCO.

(a) Data supplied by the subscriber at the time of creation of an account

Data supplied by the subscriber at the time of creation of the account  includes data  like the name, address, family particulars, age profile, income profile, asset ownership, PAN number etc which are part of the application form for seeking the TELCO’s service on which “Consent” can be obtained.

If the TELCO obtains biometric data, it becomes “Sensitive Personal Information” and a mere “Consent” from an unsuspecting and un-informed customer is not to be considered as adequate. The biometric devices used for e-KYC through Aadhar will be the biggest threat to the Privacy of the subscribers and a key point of data breach.

TRAI therefore has to ensure that the devices are properly audited and accredited before they are used.

Though most of the time TELCOs abuse the consent obtained in the application form, the mechanism for getting the consent is in place and it is for the TRAI and the grievance redressal mechanism to address the violations.

(b) Data generated for billing and usage purpose by the TELCO

However, during the course of the service, data such as the CDR and Tower Data emerge. This is data on which “Joint Ownership” can be claimed.

However, for the TELCO, the CDR is only relevant for billing purpose and nothing more. Tower data is relevant only for technical purpose and would be of use even in a de-identified form.

But for the subscriber, these are “Sensitive Personal Data” which can provide critical information which can infringe on the subscriber’s privacy rights. It is however open to TRAI to treat is as such.

At present CDR or Tower Data is not classified by ITA 2000/8 as “Sensitive Personal Data”. But they are to be treated as such.

The Law enforcement has a specific requirement for access to the CDR and Tower data from the point of view of law enforcement both as intelligence measure before any crime occurs and after a crime occurs.

From the point of view of national security, law enforcement must have access to such data when required and procedural enablement for the same has to be provided.

Some times Law Enforcement may need to even block communication and TELCOs need to implement such orders or emergent basis.

However, in such cases the issues of Human Rights, Freedom of Expression etc are normally raised.

We therefore need to establish a mechanism to enable Law enforcement to block communication without adversely affecting critical services.

I have suggested that in times of network blockade, an emergent network needs to be set up to carry critical communications just as “Ambulance Service operates in a Curfew situation”. I have called this as “Digital Data Ambulance” system and this should specially take care of Financial and Health related communication when the network is otherwise blocked.

Required technical enablement has to be provided for this purpose by TELCOs and necessary procedure for the subscribers to invoke such services need to be established.

(c) Data that accumulates about the usage habits

The third category of data that accumulates during the interaction between the subscriber and the TELCO is the information about “Data Usage” such as the websites visited, Advertisement links clicked etc.

This information has a commercial value and is often the target of Data mining in the “Big Data” scenario.

The TELCOs have little use of this for their main business of providing service and even if they do, they donot need identified data and can make use of de-identified data.

However if the TELCOs factor in the value of this data as part of their legitimate revenue they need to recognize that they need to provide appropriate notice to the customers and take their consent.

If TELCOs donot take the consent of the customers but monitor their browsing and usage habits particularly with use of some software tools as Airtel was once accused of doing (and could be doing even now), it would amount to a violation of ITA 2000/8 under Section 66 and 69A.

TELCOs therefore need to introduce a system according to which, by default such information can be de-identified so that they can be used for most data analytics requirements at the higher level and seek specific consent from the customer for use of “Identified usage habits”.

Such consents have to be incentivized by some return favour to the consenting customers which is distinguishable from other customers. The nature of incentives can be left to the TELCOs to structure but there has to be some incentive for the customers to share marketable information that is entirely their own creation.

Q.3        What should be the Rights and Responsibilities of the Data Controllers? Can the Rights of Data Controller supersede the Rights of an Individual over his/her Personal Data? Suggest a mechanism for regulating and governing the Data Controllers.

My response to the earlier questions also defines the rights and responsibilities of the data controller. If they follow the principles of Privacy which Section 79 of ITA 2000 captures such as Disclosure, Consent, Responsible Use, Security, etc. it should suffice.

However, the problem is that a TELCO operates with thousands of sub-contractors and employees distributed across the country and also uses couriers as agents all of which introduced additional elements of risk for data misuse.

The mechanism for monitoring the TELCO’s Privacy and Information Security implementation  particularly at the dealer/street level offices level is currently inadequate and this has to be strengthened.

The TELCO is liable for the inadequate security at all levels and TRAI has to impose penalties on TELCOs whenever deficiencies are observed at the lower levels. Obviously the grievance redressal mechanism has to address this since TRAI may not be able to conduct its own audits in this regard.

The responsibility should however be placed on the TELCOs to periodically inspect and audit the dealers and other offices and submit a confirmation to TRAI and in the event of any breaches observed later, the audits can be questioned and penalized.

Q: 4 Given the fears related to abuse of this data, is it advisable to create a technology enabled architecture to audit the use of personal data, and associated consent? Will an audit-based mechanism provide sufficient visibility for the government or its authorized authority to prevent harm? Can the industry create a sufficiently capable workforce of auditors who can take on these responsibilities?

 If properly structured a technology enabled architecture to audit use of personal data and associated consent can be effective. There is always a possibility of manual supervision over riding the automated audits on a sampling basis to ensure a high degree of compliance.

The development of the architecture should be done in such a manner that available manpower of skilled auditors can be used for over riding supervision of exceptional observations collated by the automated systems.

An innovatively structured system can achieve the objective though at present nothing more can be said in this regard.

Q: 5:  What,  if  any,  are  the  measures  that  must  be  taken  to encourage the creation of new data based businesses consistent with the overall framework of data protection?

Presently TELCOs have a business interest that introduces a conflict with the Privacy related responsibilities. Any effort of TRAI to improve the Privacy Protection will be resisted since there is a perceived cost escalation.

Hence there could be a specialized intermediary that takes care of e-KYC for multiple TELCOs along with the “Privacy Disclosure on behalf of TELCOs” and “Obtention of Consent”. Such agencies can be called “TELCO Enrolment Agencies” such as the “Certifying Authorities of a Digital Certificate System”. They should be licensed directly by TRAI after suitable checks and according to some norms to be developed. They can provide “Certificate of TELCO Enrolment” which can be used by multiple TELCOs. The cost will be absorbed in higher efficiency and avoidance of duplication.

Presently customers hold accounts with multiple TELCOs and undergo multiple KYC verifications. Whenever they port the numbers, there is a repetition of KYC. The KYC process is done by inexperienced sub contractors who donot know the importance of KYC and this gives room for fake customers. On the other hand a few specialized “Enrollment Certification Agencies” can serve all TELCOs more efficiently.

The Government has already created a “Digi Locker” service and enabled many service providers to be created for maintaining of the “Digi Locker” service. This can also be used either directly by the TELCOs or by the Enrollment Certification agencies to further make the system more efficient and economical.

Obviously the scheme cannot be discussed in detail here but if the concept is accepted, further details can be worked out.

Similarly agencies can be licensed for information security audits of dealers who may report their findings to the TELCOs under copy to TRAI for follow up.

Q:6       Should government or its authorized authority setup a data sandbox, which allows the regulated companies to create anonymized data sets which can be used for the development of newer services?

Yes.. This requirement of segregating data as “Identified” and “de-identified” has already been covered earlier. It is an essential requirement.

Q:7 How can the government or its authorized authority setup a technology solution that can assist it in monitoring the ecosystem for compliance? What are the attributes of such a solution that allow the regulations to keep pace with a changing technology ecosystem?

It is necessary for certain basic policy level agreement to be drawn up before we can address the question of “How” the technology solution can be developed.

We need to ensure that we donot end up with too many regulatory bodies that will introduce more complications.

TRAI should be the apex regulatory authority for all TELECOM companies and rest of the regulation can be done by licensed operators such as what has been suggested above for enrollment certification.

Q:8 What are the measures that should be considered in order to strengthen and preserve the safety and security of telecommunications infrastructure and the digital ecosystem as a whole?

 There are established techno legal processes used for information security. At higher levels this is fortified by a proper management of the people involved. These can be used for securing TELCO networks also. The actual measures will however be dynamic and case specific.

Q: 9 What are the key issues of data protection pertaining to the collection and use of data by various other stakeholders in the digital ecosystem, including content and application service providers, device manufacturers, operating systems, browsers, etc? What mechanisms need to be put in place in order to address these issues?

Content and Application service providers use TELCOs as their sub contractors and the mutual legal liabilities are settled out of the contractual liabilities and provisions of ITA 2000/8.

Except proper awareness creation and dispute resolution mechanism, there need not be major issues in meeting the requirements of protection of the public from misuse of content and applications.

Q: 10 Is there a need for bringing about greater parity in the data protection norms applicable to TSPs and other communication service providers offering comparable services (such as Internet based voice and messaging services). What are the various options that may be considered in this regard?

 The distinction between different types of communication providers is no longer relevant since the entire system runs on data network. All services today are digital and any attempt to segregate them for commercial purpose is futile and can be avoided.

Q: 11 What   should   be   the   legitimate   exceptions   to   the   data protection requirements imposed on TSPs and other providers in the digital ecosystem and how should these be designed? In particular, what are the checks and balances that need to be considered in the context of lawful surveillance and law enforcement requirements?

There need not be any exceptions other than what is done in the law enforcement and consent based contexts.

There has to be procedures in place along with an implementation mechanism and sanction policy for misuse. Drafting such policies is not difficult but they are often abused without proper deterrence. The regulatory agency such as TRAI has the control which it needs to fortify with the will.

“Regulated Anonymity” (Check details here) which is one of the suggestions I have made in different contexts to ensure that de-identification is controlled by a committee which is trusted by the data subjects. Some variant of this thought needs to be used for ensuring that law enforcement does not violate the norms of Privacy protection developed for a larger purpose.

However, law enforcement rights in the interest of security has to be preserved at all costs.

Q.12        What are the measures that can be considered in order to address the potential issues arising from cross border flow of information and jurisdictional challenges in the digital ecosystem?

 The cross border flows of information cannot be prevented in the context of globalization of data management as well as the reasons of cost optimization.

The Government needs to separately address the issue of incentivizing the creation of data centers in India for global usage (not necessarily for Indian usage).

This requires not only financial and technological incentives but also legal incentives such as creating “Special Data Protection Zones” where data protection laws of a different  country are allowed to be applied with immunity from application of local laws. This concept has also been discussed by the undersigned separately in a different context and can be shared if required.

Naavi

India is presently in the process of re-writing some of the Cyber laws regarding

a) Privacy… through the Supreme Court’s view on whether Privacy is a Fundamental Right?

b) Data Protection Act under drafting

c) Health Data Privacy Act under drafting

d) TRAI draft guideline on Privacy under discussion

e) Information Technology Act

We can presume that Supreme Court will say that “Privacy” is a “Fundamental Right” of an Indian Citizen subject to “Reasonable Restrictions”. It may make some lofty noises but will not make much change in the Privacy Environment. More will be done through the other laws.

In the meantime, another issue has cropped up in the Cyber Space on “Ad Blocking” which has been challenged under “Copyright” legislation as if “Advertisement is a fundamental right” of business and removal would be an offence. (See this article for more information)

In India, ITA 2000 defines any “Program” that “Without the permission of the owner of the computer”, “diminishes the value or utility of a service”, which should include unauthorized use of “My Bandwidth usage Rights” as a “Computer Contaminant”. Introduction of such Computer contaminants is a cognizable offence under Section 66 of ITA 2000/8 read with Section 43.

Unfortunately the clarity that “Advertisements” could be considered as “Computer Contaminants” have not been properly recognized by Law enforcers and Consumers and hence no action is being taken when consumers are being cheated by Advertisers.

Many times content is being completely covered by Ads repeatedly or video ads starting rolling as soon as we visit a website etc. This menace has now started affecting the Mobile Users also to the extent that “Ad Supported Apps” have become a nightmare to the content/service users.

There are many instances when without the knowledge of the App owners, Obscene ads and invitation to pornographic websites are appearing even in mobile apps meant for common usage. I have pointed out such issues in “Google Ads” in one Radio app and have also seen it in the Chess Online App. This indicates that whatever filters are supposed to block such ads at the end of the ad supplier, is not working.

“Ad Blocking” has therefore become a necessary requirement at the user end as a “Consumer Right”. However many content providers including media websites have started a trend to block content unless the AdBlocker is removed. The recent DMCA attack on “Easylist” which was asked to remove a site from its filter. This may snow ball into a serious fight between greedy content providers and the Consumers.

While Advertisement industry (of which I was a part in the past) has a legitimate reason to exist, it has to recognize that Advertisement has to be an appendage to content and not the other way round. The media trend now in print started by Times Group is that the first page of a news paper is an Advertisement and content starts only from the third or fourth page.

Paid content on TV channels are also more than proportionately covered by Advertising to the extent that consumers feel like paying for the ads more than for the content. Initially TRAI tied to block advertisements in paid channels but the commercial strength of the TV channels over powered the TRAI and brought advertisements even into paid channels.

The “Rule of Proportionality” between content and advertising has been given a go by in the Print and the TV and it is slowly creeping into the web and mobile. We need to preserve this through the forthcoming changes in Cyber Laws that address “Privacy”.

While static ads that take a banner in the bottom or top is mostly tolerated, the so called “Intersticial Ads” that cover the entire page and does not allow the content to be displayed until the ad goes off is an encroachment of the “Privacy” of the content user and has to be condemned.

Similarly the video ads that start playing on a website as soon as the page is loaded without waiting for the user to chose whether he has to run the ad or not eats away the bandwidth that the consumer has bought at a cost for browsing the content and not the ads. Such ads take more than 100% of the band width otherwise required for the content viewing. Since all ISPs are stakeholders in this “Bandwidth bloating game” all of them are happy with such ads. Only the consumer is unhappy.

There is no doubt that content owners justify their right to advertisement because of the contractual consent they may try to obtain by some standard form contract terms hidden some where in the website which may not even be confirmed by the digitally signed means of clicking on the “I Accept” button.

It should therefore be ruled that “Ad Blocking” is a “Fundamental Right” along with the “Privacy Right” and cannot be abrogated by contract which any way most of the times is an implied contract only.

I therefore urge that the Privacy Laws that are being drafted now should define “Advertisements” as an “Intrusion of Privacy” and “Ad Blocking” should not be considered as a “Right” either under Copyright laws or Free speech consideration.

If for some reason, our Supreme Court fails to recognize this, I wish ITA 2000 amendment should recognize this and introduce a clause to recognize that

“Unsolicited Ad serving on web or mobile should be considered as a “Spam” and subject to “Reasonable Restrictions”.

Such reasonable restrictions should include by way of “Rules” that the ad content on a mobile or  a webpage should not exceed 10% of the visible space and the total bandwidth usage by ads should not exceed 15% of the total bandwidth required for the page.

Any excess should be specifically authorized each time by an affirmative consent which should be recorded and made auditable by relevant authorities.

Any contravention should be made punishable by way of civil compensation to the consumer as well as fine just as TRAI does on contravention of unsolicited call blocking norms.

One more regulation that needs to be considered is that

When a service is contracted by a user (eg: when an app is first installed or a Privacy Policy version is frozen on the website), whatever was the advertisement composition, should not be increased after the installation without express consent.

The above suggestions can also be made to TRAI since it has placed the consultation paper for public comment upto September 22, 2017.

Since “Privacy” is a “Right to be Left Alone”, the “Ad Blocking” can be considered as protection of this “Right to be left alone to use the content” without the intrusion of the Advertisements. The honourable Supreme Court should take note of this and if possible, make a suitable observation.

Putting a regulation on Advertisements across all media should mitigate the risk of commercialization of web and mobile services and preserve the “Net Neutrality” principle also.

I hope TRAI will give due thought to the need to put a control on the Advertisements and appropriately draft their rules on Privacy protection. (We shall separately discuss the consultation paper in a subsequent article)

Naavi