Union Minister for State for Electronics And Information Technology Rajeev Chandrasekhar unveiled and gave an overall glimpse of the proposed basic structure/framework and an overall roadmap of the Digital India Act 2023 (DIA) on March 9, 2023. A public consultation was invited by MEITY for this, and it was organised in Bangalore and attended by several participants in a hybrid mode of both “in person” participation as well as “online mode”.
The DIA is a giant leap towards the right direction, and only time will tell how many problems it addresses and how many of them still remain unresolved, and how many fresh ones get created. Some of the Open Internet principles (like elements of choice, competition, online diversity, fair market access and ease of doing business (EODB) & ease of compliance for startups) may militate against some parallel consultations happening and the objectives sought to be achieved there like the TRAI’s latest consultation on “Convergence of Carriage of Broadcasting and Telecom Services”, as also some of the provisions provided for in the draft Telecommunications Bill. The TRAI Consultation on convergence contemplates the creation of a single regulator to cover telecom, broadcast, social media, gaming, OTTs and other digital services and for having a revenue share mechanism and /or licensing requirements which may result in passing on of the cost burden to end consumers. This was despite the absence of any evidence of market failure and in clear absence of consensus among ministries like the information and broadcasting and the Department of Telecommunication (DoT). In other words, the approach has a clear possibility of creation of entry barriers and eliminating competition from smaller players and a total elimination of some mediums of distribution by way of causing a regulatory death. The said consultation must surely wait and not jump the gun or be issued in any hurried manner without waiting for the outcome of the various ongoing consultations of Telecommunication Bill, Data Protection and now the Digital India Act. The working in silos, which frequently finds mention in the TRAI Consultation, must first be addressed between the authorities namely the DoT, the IM ministry, MeitY and regulators like the TRAI and the Competition Commission. At the same time, some aspects of “Open Internet” on Big Tech are a welcome step and these provisions do give a ray of hope to address the ongoing publisher-platform relationship dispute and also promise to give statutory backup to the recent CCI Rulings against Google on “abusing its dominance on Play Store policies” as also the “Anti-competitive practices in relation to Android mobile devices”.
It looks like the intent is to soon catch up with the global legislation on the subject. It has been a matter of common knowledge and globally proven in multiple jurisdictions that big techs like Google have been found abusing monopoly in ad technology or for that matter unlawfully blocking rival payment systems and acting as knowledge and information gatekeepers. In other words, big tech is often found to be gaming and holding hostage the entire ecosystem. On a critical note, maybe this Digital India Act could have been the starting point in the series of legislations proposed and should have preceded the Telecommunications Bill as also the Digital Data Protection Bill to have a more structured approach and to avoid inconsistencies and complications. There is nothing discussed on the various sub judice issues like the concern of oversight mechanism (headed by bureaucrats) over the self-regulatory mechanism (headed by a retired Supreme Court judge) within the 3-tier mechanism as to whether they would stay or are intended to be modified in the DIA to bring an end to some pending litigations as well. If not, there is a possibility of fresh rounds of litigation on several aspects. Digital piracy is another area that probably needs to be well covered in the Digital India Act. I am sure that the DIA would keep engaged lawyers & policy professionals to craft reasons and rationales to the intermediaries they represent for keeping them within the scope & ambit of the umbrella benefit of “Safe Harbour Provisions” and on several other aspects.
My notes on the event and the subject are here for everyone’s benefit:
Rakesh Maheshwari (Senior Director & Group Coordinator MeitY), who opened the session, listed various initiatives already taken by MeitY in terms of legal & policy matters, namely the IT Intermediary Rules, the Online Gaming Rules (which is being actively worked upon), the Draft Digital Data Protection Bill, and now the Draft Digital India Act 2023, the discussions on which have started. Reference was also drawn to some recent amendments made to the IT Act as also the Jan Vishwas Bill wherein again the changes in the IT Act have been proposed and which are currently pending in Parliament.
Interestingly, Minister Chandrasekhar opened up on the note that the response to this consultation has been overwhelming and it has seen participation from several stakeholders some of which were even cases of gatecrash. For obvious reasons, the gatecrash was a natural consequence as most of the stakeholders surely would have solved a jigsaw puzzle to gain entry to attend the discussion on the most important piece of legislation that would govern the internet space in the years to come. Thankfully, the minister was on an appreciative note for such widespread participation. The way forward has been stated to be that a core team would be working on the draft which would include the MeitY team, outside legal and industry experts, whereafter the same would be put to consultation for general public, media, academia, students, associations, internet governance forums, consumer forums, etc, before the Act is passed. In response to a question, the minister said the intention was to enact DIA at the earliest, within 2023 itself (though no specific timelines have been decided), after an extensive consultation, and it would decide the future of the Internet and the way it would operate.
The presentation made by the minister can be summarised as under:
1. It was assured to the participants and stakeholders that every element of the Digital India Act would be designed, built on the touchstone and foundation of a consultation at every step.
2. The subject was opened up by explaining the thought process behind the proposed legislation and on the questions of why to have a Digital India Act and the goals meant to be achieved.
3. The present regulatory landscape of the IT Act 2000 comprises of the IT Intermediary Guidelines and Digital Media Ethics Code, Reasonable Security Practices and SPDI Rules, Certifying Authority Rules, Use of Electronic Records and Digital Signatures, Indian Computer Emergency Response Team [CERT-IN], Procedure & Safeguards for Blocking Rules (Sec 69), Cyber Appellate Tribunal. The internet has since come a long way and dramatically & drastically evolved and transformed over the last two decades since the enactment of IT Act 2000.
4. Way back in the year 2000, the internet consisted of the Internet Service Provider (ISP) who provided the internet connection or access to the same through a portal. At the time when the IT Act 2000 was enacted, several of the innovations that have come over a period of time — e-commerce, social media platforms etc — were completely missing. Further, it had a “limited mandate” which is the legal recognition of electronic records, transactions and electronic signatures over the electronic medium.
5. A comparative was also given on “Internet in 2000” vs “Internet Today”, to summarise the present challenges in cyber space and which were found to be beyond the scope of the IT Act 2000:
- In 2000, there were about 5 million Indians on Internet vis-à-vis the 850 million (digital nagriks) as it stands today, making India the largest digitally connected democracy. It is expected to touch the 120 crore population of the country by 2025.
- There had only been one type of “Intermediary” whereas now there are multiple types of “Intermediaries” namely “E-commerce”, “Search Engines”, “Ad tech”, “Digital Media”, “Social Media”, “AI”, “OTT”, “Gaming”, etc. This would mean that the “Safe Harbour Provisions” deserve to be re-examined as to who should be conferred the benefit of the same and who should not be entitled for the same.
- Internet had been much good way back in 2000 and acted as facilitating interactions among citizens whereas now it has become a space for criminalities and illegalities.
- In the initial years of Internet, the traditional forms of user harms were cyber crime, cyber security hacking etc, which were conventional and predictable, whereas now we have complex forms of user harm, which include catfishing, doxxing, cyber stalking, cyber trolling, gaslighting, phishing, etc.
- Internet used to be a source of good information, news and data whereas now it has become a medium for proliferation of hate speech, disinformation and fake news and with AI it is becoming more and more complex.
6. While on the one hand, the internet, devices and information technology have empowered the citizens of India, at the same time it has also created challenges in the form of “user harm”, “ambiguities in user rights”, “security”, “women & child safety”, “organised information wars”, “radicalisation and circulation of hate speech”, “misinformation & fake news”, “unfair trade practices”, etc. It is high time that the provisions of the same were re-visited and a new legislation brought in to replace it.
7. India’s innovation ecosystem has been rapidly growing and today’s digital economy is far more complex and diversified, comprising of the Internet, consumer tech, AI, block chain, cyber security, high performance computing, and so on, and it is the vision that the innovation leadership that is demonstrated by India through startup culture has to be maintained in such a way that the new laws and policies further catalyse and enable the same in the times to come.
8. The goals of Digital India Act 2023 is essentially acknowledging the need for Global Standard Cyber Laws and to spell out the goals and proposed structure of the Digital India Act and the way forward.
9. In so far as the goals of the Digital India 2026 are concerned, the same aims to achieve with a laser focus on a $1 trillion digital economy by 2025-26 (Atmanirbhar Bharat), India to be a globally competitive hub of innovation and entrepreneurship system, India instead of being a consumer of technology to head towards the producer of the same and to be in the list of leading pact of nations shaping the future of technologies and to be a trusted player in the global value chain for digital products, devices, platforms and solutions.
10. Keeping in trend with the objectives of global cyber laws, the main wish list objectives as announced by the minister can be summarised as:
- Huge responsibility on the government to ensure Internet as Open, Safe, Trusted and Accountable.
- Accelerate the growth of innovation and technology.
- Manage the complexities of Internet and rapid expansion of the types of diverse Intermediaries.
- Create a framework for accelerating digitalization of Govt. and to strengthen democracy and governance.
- Protect Citizens’ rights/popularly called as “Digital Nagriks”.
- Address emerging technologies and risks.
- Being future proof and future ready.
11. The way the Digital India Act (DIA) is being conceived as of today is to bring along with it the Digital Personal Data Protection Act, the DIA Rules, the National Data Governance Policy, the IPC amendments for cyber-crimes, etc. The broad index of the DIA was to be divided into “Preamble”, “Principles”, “Digital India Government”, “Open Internet”, “Online Safety and Trust including User Harm”, “Intermediaries”, “Accountability”, “Regulatory Framework”, “Emerging Technologies, Risks and Guard Rails” and lastly “Miscellaneous” chapter.
12. The goals of the DIA were summarised too, the crux of which is as under:
- From the point when it was perceived that the internet is a place or space where the present law is unable to reach the new law should be future ready and must evolve through rules that can be updated for the benefit of platforms and mediums that it intends to regulate. It should address the tenets of Digital India i.e Open Internet, online safety and trust as a reciprocal to user harm, accountability and quality of service, adjudicatory mechanism, new technologies, etc.
- Urgent need for a specialised and dedicated adjudicatory mechanism for Online Civil & Criminal Offences which should be easily accessible, deliver timely remedies to citizens, resolve Cyber Disputes, develop a unified Cyber Jurisprudence, enforce the rule of Law online, etc.
- The need to have an evolvable digital law was emphasized stating the same to be consistent with changing market trends, disruption in technologies, development in international jurisprudence and global standard for qualitative service/products delivery framework. Further the evolvable law was required to rapidly create, modify and enforce regulations. It should be able to adopt principles and rule based approach as against a prescriptive approach through regulations which provides a legislative framework under governing principles and effective measures for securing compliance with the ever evolving rule of law.
13. The “Open Internet” should have:
- Elements of choice, competition, online diversity, fair market access and ease of doing business (EODB) & ease of compliance for startups.
- The “Open Internet” is also intended to facilitate “fair trade practices”, “prevention of concentration of market power and gatekeeping”, “distortions through regulation of dominant ad tech platforms / app stores”, “promoting Start-up India via non-discriminatory access through Digital services and interoperable platforms".
- Should safeguard innovation to enable emerging technologies like AI/MI, Web 3.0, Autonomous systems, Robotics, IoT, Distributed Ledger/Block chain, Quantum computing, Virtual Reality (VR) / Augmented Reality (AR), Mixed Reality (MR), Real time Language Translators, National Language Processing, etc.
- Promotion of digital governance and to ease the access to Govt. and other public utility services, delivery of services through online and mobile platforms in a simple, accessible, inter-operable and citizen friendly manner.
- It may need to update provisions in the Competition Act 2002. It must be kept in mind that Competition Amendment Bill is also in the course of discussions and thus it is extremely important that all this legislations are well synchronized and should eliminate any contradiction and inconsistencies.
14. The user harms globally is taking various forms and shapes and some of which is peculiar and unique to the internet and the various instances already seen include cases related to YouTube algorithms, social media companies being sued for harming students' mental health, ease of making AI-based online porn like in the case of recently banned loan apps where the borrowers returning money as a result of apps gaining access to User’s photos and creating pornographic content out of the same by way of “morphing” and thereafter broadcasting it to the phonebook of the User, etc. With respect to “Online Safety” and “Trust”, especially for the vulnerable class like women, children, senior citizens, various aspects were highlighted:
- With the objective of Internet not to become a toxic space as a result of “revenge porn”, “dark web”, “women & children harassment/exploitation”, “defamation”, “cyber bullying”, “slamming and slicing”, etc and which therefore required adjudication of User Harm and making it a responsible space. With the advent of AI the threat would multiply and the scope and ambit of the above taking new avatars can be unimaginable.
- “Age gating” by regulating addictive tech and protect minors’ data, safety and privacy of children on social media platforms, gaming and betting apps, mandatory do not track requirements, to avoid children as data subjects for ad targeting, etc.
- Digital User Rights including Right to be Forgotten, Right to Secured Electronic Means, Right to Redressal, Right to Digital Inheritance, Right against Discrimination, Rights against Automated Decision Making, etc.
- Discretionary moderation of fake news by social media platforms, should be critically examined and regulated under the Constitutional Rights of Freedom of Speech and Expression.
- Definition and regulation of high risk AI systems through legal, institutional, quality testing framework to examine regulatory models, algorithmic accountability, zero-day threat and vulnerability assessment, examine AI based ad targeting, content moderation, etc;
- Privacy invasive devices such as spy camera glasses, wearable tech to be mandated under stringent regulation before market entry with strict KYC requirements for retail sales for appropriate criminal law sanctions.
- Secure cyber space by empowering agencies like CERT-IN for cyber resilience strengthening the penalty framework for non-compliance, advisories on information and data security practices, etc.
- Content monetisation rules for platform generated and User generated content.
- Weaponisation of disinformation in the name of free speech like the threats caused by the recent inventions of ChatGPT, or the existing Twitter’s ability to amplify misinformation. While social media intermediaries have started acting upon the harmful content basis of the recent IT Rules, however, the same has not been found to be enough, like YouTube acted against 58.2 Lac channels, 56 Lac videos (30% of which were found to be in India). Top 3 reasons for channel suspension were found to be spam, misleading, nudity and child safety and top 3 reasons for video removal were again child safety, violent content, nudity, etc. Also META acted upon 322 Crore content on Facebook and 52 Crore on Instagram and top 3 reasons were found to be fake accounts, spam, nudity and sexual activity. Similarly, WhatsApp acted against 97.2 Lac Indian accounts which were banned on the basis of User complaints through WhatsApp’s own user tools and resources. These have been stated to be baby steps with a long way to go.
15. With respect to accountable internet, which has been the government's endeavour as can be seen in the past, and the DIA discussion is also an opportunity to re-look into the framework developed so far. The need for responsible and ethical use of online technologies was re-emphasised and global concern on menaces which have been encountered like deep fakes, chat bots, insecure block chain causing cyber threats, were illustrated. The following points were be made:
- Adjudicatory and appellate mechanism for accountable and responsive digital operators as against a “Naam ke Vaste” (coined by the Hon’ble Minister), appointment of Grievance and Compliance Officers who casually dealt with the grievances and which required the constitution of Grievances Appellate Committees (GACs); Updated Intermediary framework, obligation on Significant Digital operators through classifications/mandates, algorithmic transparency & periodic risk assessment by digital entities;
- Accountability for upholding constitutional rights of citizens especially Article 14, 19 & 21. Ethical use of AI based tools to protect rights or choices of Users, provisions of deterrent, effective, proportionate and dissuasive penalties, etc.
- Whole of Govt. response for a unified, coordinated, efficient and responsive governance architecture including an effective appropriate government structure and dedicated enquiry agency and a specialized dispute resolution/adjudicatory framework.
- Disclosure norms for data collected by Data Intermediaries for data collected above a certain thresholds.
- Standards for ownership for anonymized personal data collected by Data Intermediaries.
16. With respect to concerns and queries raised by some of the participants, and the response given by the minister, a few pertinent ones are:
- Avoid an omnibus legislation which impact other areas of legislation like Competition and similar ones to avoid collateral damage to one and avoid conflicts.
- With respect to automation & identification of Intermediaries, the response was categorical that not all Intermediaries deserve the protection of Safe Harbour and thus Intermediaries needs to be defined to identify the ones who constitute more than what the Intermediaries are and to decide whether the Safe Harbour protection can be granted to them or not, which is a subject matter of discussion. The Govt. is likely to avoid prescriptive kind of legislation when it would be dealing with DIA.
- On a question relating to money block chain and tech block chain crypto sites, it was responded by the Hon’ble Minister that internet would be regulated at multiple places including MeitY, RBI, or the Internet Regulator. However in the event of being a part of money block chain the RBI regulations & other laws and regulations of the financial ecosystem are unavoidable.
- With respect to question on overlap with other legislations like E-commerce Rules, Consumer Protection Act, SEBI, etc., the challenge was recognized with an assurance that the same would be attempted to be addressed as the discussion progresses.
- On the permission to export data out of the country, it was stated that the same would only be limited to jurisdictions which respect the data of Indian citizens and enforceability would be a very important criteria to determine whether the country can be in the list of “permitted jurisdictions”.
- A concern of enforcement was highlighted with respect to the earlier IT Act provisions as well for which it was stated that while the issue would be discussed the solution probably lies in also parallelly bringing amendments to IPC and CrPC to effectively deal with cybercrimes and to be reflective of the intents and objects of DIA. It was though clarified that there is no intent of appointing any specific cadre to deal with them and the existing police capacity can be strengthened to deal with them in an effective manner.
- On CSAM a concern of child safety missing in India was raised and for the same it was assured that the intent is to make Internet a child safe place.
- Uniformity of definitions across Legislations and Ministries which has been a concern in the past as well was also highlighted.
- On behalf of the Indian Music Industry which also closely connects with Film Industry a suggestion was with respect to safe harbors provisions to be extended to genuinely automated and passive intermediaries but not for the interactive intermediaries and that the same needs to be done with suitable tweaks in Section 79 of IT Act basis Global Precedents.
- Accountability must include Quality of service but of course subject to discussion and aspects of how NPD would be dealt.
- Issues of Internet Inclusion, Internet Governance, Resilience, Diversity of Supply, absence of blockage from the gateway points, technology neutrality, decriminalization of offence, issues faced by Persons with disabilities (PwD) are also important aspects to be addressed in DIA.
- On the aspect of content Regulation on OTT and Social Media, surveillance architecture and ecosystem it was stated that content would continue to remain within the purview of MIB and the DIA would be confined to user harm and the Intermediary Categorization and the grant of benefit of safe harbor provisions.
- There should be a separate legislation for AI and Metaverse like in other jurisdictions. CSAM to be mandatorily reported by Intermediaries. Intermediaries ability to monitor content should be the determinative test for grant of Safe harbor provisions etc.were some other suggestions.
- The negative list should be removed in the IT Act and there not be any case or items in any list were it should not apply or to be excluded from the ambit of the DIA.
We can only hope and expect that these consultations, which had different starting points of discussion, finally converge, catch up with each other, synchronise and harmonise together, and work towards the overall betterment of all the sectors that they touch upon, besides addressing upon all the evils that have been identified and mitigating and minimising the ones that would emerge in future.
The author is the Head of Public Policy & Regulatory Affairs at ABP Network and ABP Studios.
Disclaimer: The opinions, beliefs, and views expressed by the various authors and forum participants on this website are personal and do not reflect the opinions, beliefs, and views of ABP Network Pvt Ltd.