Logo

Defender of your Digital Freedom

All Posts | Apr 01,2019

Our Comments to DPIIT on the Draft National E-commerce Policy

On 23rd February, 2019, the Department for Promotion of Industry and Internal Trade (“the DPIIT”) released the Draft National E-Commerce Policy (“the Draft Policy”) with the objective to help stakeholders fully benefit from opportunities arising from the progressive digitization of the domestic digital economy and establish a level playing field for all stakeholders in the digital economy.

Though, titled as the ‘National E-Commerce Policy’ the document addresses a wide range of subjects, such as data protection and ownership, cross-border data flow, foreign investment, tax, competition issues, intellectual property and intermediary liability, among other things. These issues affect a number of stakeholders and industries in addition to e-commerce websites and their consumers.

Our comments, inter alia, address issues with the Draft Policy like - jurisdiction of the DPIIT, data ownership and sovereignty, data localisation, intermediary liability and law enforcement access to data. Our detailed comments are as follows:

All Posts | Mar 22,2019

FAQ – Draft National E-Commerce Policy

On 23rd February, 2019, the Department for Promotion of Industry and Internal Trade (“the DPIIT”) released the Draft National E-Commerce Policy (“the Draft Policy”) with the objective to help stakeholders fully benefit from opportunities arising from the progressive digitization of the domestic digital economy.

The Draft Policy addresses a wide range of subjects such as - data protection and ownership; data localization; foreign investment; tax; competition law; intellectual property and intermediary liability. Thus, this policy document reads more like a ‘digital economy’ policy rather than an ‘e-commerce’ policy.

To illustrate the wide ambit of the Draft Policy, we have listed a few questions, which may also serve as a ready reckoner on key issues covered by this policy document. The questions are as follows:

 

Which subjects does the Draft Policy touch upon?

Apart from addressing issues around e-commerce, the Draft Policy addresses subjects such as data sovereignty, cross-border flow of data, intellectual property, intermediary liability, FDI, tax and competition law.

 

Can the DPIIT issue a policy on such a wide range of subjects?

As per the Government of India (Allocation of Business) Rules, 1961, the DPIIT can issue policies on matters related to e-commerce, general industrial policy, intellectual property and FDI. But, the Draft Policy goes beyond that remit and delineates policy on data protection, cross-border flow of data and intermediary liability, which are subjects falling under the aegis of the Ministry of Electronics and Information Technology (“MeitY”). MeitY through various public consultations has already addressed issues around these subjects.

 

What does the Draft Policy say on data sovereignty?

The Draft Policy treats data like oil and other natural resources. It emphasises the importance of protecting data, prevent its misuse and regulate its processing. The policy argues that the data of a country is a collective resource and a national asset, which the government holds in trust, rights to which may be permitted. The document compares data to a resource like a coal mine or telecom spectrum. The policy doesn’t mention how this intersects with the Justice BN Srikrishna Committee Report or the Draft Personal Data Protection Bill, 2018 on the subject of data ownership and sovereignty.

 

Does the Draft Policy impose restrictions on cross-border data flow?

Yes, the Draft Policy argues that without imposing restrictions on cross-border data flow, India would not be able to create high-value digital products locally. Domestic companies will merely be processing outsourced data, if not for data localisation. According the policy document, data localisation will also lead to job creation.

 

What about ‘Intermediary Liability’? Does the e-commerce policy comment on that as well?

Yes, the Draft Policy, while recognizing the importance of ‘social media’, states that such organizations have an increasing ‘social responsibility’. It argues that content posted on social media and similar websites cannot be compromised and these platforms must ensure the genuineness of any information posted on their websites.

 

Does the policy address counterfeit goods/ piracy on e-commerce platforms?

Yes, the Draft Policy gives trade mark owners the right to delist products from e-commerce sites if they are uploaded without their prior concurrence. This may affect transactions such as second-hand sales. The policy also places a requirement on marketplaces to take down counterfeit products at the behest of customers. As per the current jurisprudence on the subject only right holders may demand for product takedowns. For copyrighted content, the policy requires ‘intermediaries’ to put in place measures to prevent online dissemination of pirated content. These issues have been recently addressed as part of a public consultation conducted by MeitY on the publication of the Draft Intermediaries Guidelines (Amendment) Rules, 2018.

 

Does the policy address artificial intelligence and algorithmic transparency?

To ensure algorithmic transparency and AI explainability, the policy document has suggested that the Government should have a right to seek disclosure of source code and algorithms. The document states that a balance needs to be struck between commercial interests and consumer protection.

 

Does the Draft Policy disregard customer consent?

Yes and No. While the policy recognizes that data ownership rests with individuals and processing of such data cannot be done without the owner’s explicit consent, it also seeks to bar the sharing of sensitive data by business entities with third parties ‘even with customer consent’. The policy does not explain how this is in consonance with the Supreme Court’s judgment in the case of Justice K.S. Puttaswamy (Retd.) & Anr. v. Union of India & Ors. [W.P. (C) No. 494 of 2012] or the Draft Personal Data Protection Bill, 2018.

 

Doesn’t the Draft Personal Data Protection Bill, 2018, cover most of these topics such as data ownership, data localization, anonymisation, etc.?

Yes, a number of the subject matters addressed by the Draft Policy have been already discussed in detail by the Justice BN Srikrishna Committee and covered under the Draft Personal Data Protection Bill, 2018. Relevant stakeholders have given their comments to MeitY on the Bill and its contents, covering topics such as data localisation, anonymisation and data ownership.

 

Does the Draft Policy make arguments already being considered by MeitY under the public consultation on the Draft Intermediaries Guidelines (Amendment) Rules, 2018?

Yes, issues around intermediary liability and content regulation have been addressed in detail during the recently concluded public consultation conducted by MeitY on the Draft Intermediaries Guidelines (Amendment) Rules, 2018. It is unclear from the policy document whether MeitY was consulted by DPIIT in the drafting the policy.

2Justice KS Puttaswamy v. Union of India [WP (Civil) No. 494 of 2012] -

All Posts | Mar 07,2019

Conference on Future of Tech Policy in India

SFLC.in is organising a Conference on Future of Tech Policy in India on 15 March in New Delhi to discuss issues related to Rights on the Internet. Our report on ‘Intermediary Liability in India: The Legal Landscape and Notable Developments’ will be launched during this event.

Broad Agenda:

  • 09:30 AM to 10:00 AM - Registration

  • 10:00 AM to 11:30 AM - Session 1: Misinformation and Intermediary Liability + Report launch

  • 11:30 AM to 11:45 AM - Tea Break

  • 11:45 AM to 01:15 PM - Session 2: The Role of Social Media in Elections

  • 01:15 PM to 02:00 PM - Lunch Break

  • 02:00 PM to 03:15 PM - Session 3: Online Harassment

  • 03:15 PM to 03:30 PM - Tea Break

  • 03:30 PM to 05:00 PM - Session 4: The Future of Tech Policy

Context for the discussions:

Internet has emerged as a “critical infrastructure of our times”,[fn]Net Neutrality And Zero-Rating: Oral Testimony at the Canadian Radio-television and Telecommunications Commission’s hearing on Differential Pricing Practices Related To Internet Data Plans, November 4, 2016.[/fn] an ecosystem for democratic exchange of information, economic growth and evolution of new political culture. Due to the indispensability of Internet in our daily lives, the intertwined issues of fake news, online harassment, Internet shutdowns and the use of online platforms affect us deeply. Misinformation and online harassment often translate into grave physical violence. Most solutions to these have been reactionary and lack a well debated, planned and strategic approach. The Government has proposed the Information Technology (Intermediaries Guidelines) Rules, 2019, (Draft Rules) that threatens free speech and privacy rights by pushing intermediaries to take proactive steps to censor online content. A Draft National E-Commerce Policy released recently is being perceived a barrier to free flow of data across borders as it recommends data localization among other things. Self regulatory measures taken by technology companies in the form of Community Guidelines lack transparency and have not sufficiently addressed user concerns. Unsurprisingly, we have not yet arrived at a solution that can balance our rights with public security concerns.

A safe, inclusive, accessible and democratic Internet cannot become a reality unless the solutions are driven by a true mutli-stakeholder discussion. To collectively answer these questions and brainstorm ideas to inform the policy debate in tech policy, we invite you to our Conference on Future of Tech Policy in India, where we will be launching our report on ‘Intermediary Liability in India: The Legal Landscape and Notable Developments’.

We have recently organised discussions on Misinformation and Intermediary Liability in New Delhi (Jan 11, Jan 18, Feb 13), Bengaluru (Jan 15), Mumbai (Jan 16), Kochi (Jan 30) and Hyderabad (Feb 12). We have published a Blue Paper[fn]Available at https://sflc.in/blue-paper-misinformation-and-draft-intermediary-guidelines[/fn] containing comments, remarks and inputs received during the above-mentioned discussions.

 

Registration and participation are free of charge. Please RSVP at https://www.eventbrite.com/e/conference-on-future-of-tech-policy-in-india-tickets-57703767522

Please share this invitation with your friends, colleagues and anyone else that you believe might be interested in participating in the discussion.

All Posts | Feb 28,2019

Summary Report: ‘Defending Free Speech and Privacy on the Internet’ A Round Table Discussion on the Future of Intermediary Liability in India

SFLC.in organized a round table discussion on the Future of Intermediary Liability in India titled 'Defending Free Speech and Privacy on the Internet'. The round table took place on 13th February, 2019 at India International Centre, New Delhi. Attendees included members of civil society, industry organizations, academia, representatives from tech companies, intermediaries, industry and media. The round table included two sessions and following is a report on major discussions that took place.

Session 1: Discussing key recommendations made by various stakeholders

The discussions during the first session of the round table focused on:

  1. Classification of intermediaries:

  2. Rule 3(4) of the proposed Information Technology (Intermediaries Guidelines) Rules, 2011 (“Draft Rules”) which requires intermediaries to inform users about privacy policy at least once every month;

  3. Rule 3(9) of the Draft Rules which directs intermediaries to deploy automated filters for proactively filtering unlawful information or content;

  4. Rule 3(5) of the Draft Rules which mandates enabling tracing out of information; and

  5. Incorporation of intermediaries under Rule 3(7) of the Draft Rules.

Participants reasoned that Draft Rules should be framed according to the role of intermediaries and their control over the content. The present situation is that the proposed Draft Rules apply to all intermediaries, from online platform to cyber cafes. This one size fits all approach is problematic. There is a need to identify the categories that Draft Rules would apply to and tailor the conditions for each category.

The requirement to inform users at least once every month is counterproductive as it will cause consent fatigue. As an alternative, the requirement should be that platforms upload the changes in their privacy policies so that the users are kept meaningfully abreast of the relevant updates in policies and do not get lost in a barrage of messages.

On the use of automated content filtering, the participants agreed that this requirement will not only effectuate pre-censorship but will also have a chilling effect on free speech. When read with Draft Rule 3(2)(b) which contains a broad category of terms such as “blasphemous”, “grossly harmful” and “harassing” that are vague1, deployment of technologies to proactively monitor and weed out such content will violate the right to freedom of speech and expression. This also implies that the intermediary will be applying its judgement to take decisions about removing content posted by third parties. This abrogates the basic conditions of safe harbour for intermediaries under Section 79 of the Information Technology Act, 2000 (“IT Act”).

Taking the discussions further, the participants discussed the issue of traceability. Traceability depends on the kind of information the intermediary collects and has nothing to do with encryption. There are challenges in fulfilling this requirement as the intermediaries will be required to maintain impossibly vast database of information and this affects the principle of data minimisation, an essential component for implementation of right to privacy. Moreover, creating backdoors or deliberate vulnerabilities in end to end encryption threatens security of users, exposing them to hackers. To facilitate tracing, applications like ShareChat and Tiktok include a watermark with the handle of the user which doesn't reveal the identity of the user but ties the messages to it.

Further, mandatory requirement for incorporation under the Companies Act, 2013 of India cannot be introduced by a subordinate legislation under the IT Act. This is excessive delegation and goes beyond the scope of the proposed Draft Rules. The condition will impose onerous burden on start-ups and dis-incentivize them from growing. Alternative options such as opening representative office and designating an officer for constant coordination with law enforcement agencies can be explored.

Session 2: Safe Harbour Is Essential, But How Can We Ensure Accountability

Second session of the round table focused on balancing safe harbor protection for intermediaries while making then accountable for unlawful content. The discussion broke out with an admission that intermediaries themselves want the unlawful content such as hate speech, misinformation, child pornography, copyright infringement being taken down at the earliest but free speech should not be made a casualty in the process.

The Draft Rules could be seen as excessive delegation under the IT Act and a form of state censorship. Section 69A of the IT Act already allows issuing directions for ‘blocking for public access of any information through any computer resource’. Section 79 of the IT Act on the other hand relates to safe harbour protection only. It is an exception clause and imposing elaborate content take down requirements under it is outside its purview. This view was supported by Supreme Court in Shreya Singhal v. Union of India [WP (Crim) 167 of 2012] and Delhi High Court in Myspace Inc. V. Super Cassettes Industries Ltd. [FAO(OS) 540/2011] where the courts found that Section 79 was an exception and shouldn’t be used as a substantive provision for content take down. Also Section 69A has procedural safeguards which must be followed before issuing content take down notices. However, Section 79 being exception clause lacks adequate safeguards and the Draft Rules dilutes necessary checks needed for content take down. So, it was suggested that Section 69A should be invoked for the purpose instead of Section 79.

Concerns were raised on stringent response time to take down notices imposed under the Draft Rules. In some cases the government notice is in a vernacular language and translating these or getting a legal opinion on validity of order takes time.

Attendees realized that the government has bona-fide concerns that there has been a rise in misinformation, terrorist propaganda and other forms of unlawful content on digital space. Intermediaries should be made responsible but rules and regulation should be proportionate. Suggested solutions include IAMAI’s self-regulatory model, intermediaries making contract with users not to upload such content (T&C) and updating community guidelines. The knowledge gap should be filled by regular interaction between a consortium of technology companies and government. Also, more transparency is needed from the tech-companies.

On the fake news issue, it was suggested that fake news should be clearly defined and applied equally across intermediaries. A common list benchmark on fake news could be created. Social media entities could work with fact checking organizations to collate a list. Predictability of user behavior by the social media platforms has been criticized as biased.

There is a social and literacy gap that needs to be filled. Low literacy rates and large population is a challenge while dealing with fake news. A holistic approach including capacity development, educating the users on ‘netiquettes’ and generating awareness should be used. Efforts being taken in some Kerala schools to train students to identify fake news could be replicated at regional and national levels. Correcting fake news with right information was suggested. Police could counter fake news by using the same social medial platforms. Police in Kolkata runs a Facebook page to generate awareness. Similarly, police in Maharashtra is using technology to take down copyright infringing content.

On incorporation requirement in the Draft Rules, an issue was raised that tech-companies do not cooperate with law enforcement agencies. It was suggested that standard operating procedures should be established and process gaps need to be addressed.

Use of fake news in election campaigns was also discussed. Government being a major stakeholder in the election process has a larger role to play. It should work with the Election Commission of India (“EC”) in taking out advertisements against fake news. Simple steps like asking for fact checking could bring a huge change. The recent deliberations at EC on Section 126 of Representation of People Act, 1951 could have been broader and more transparent.

Certain clarifications in IT Act were suggested. It is unclear what consequences would ensue on violation of safe harbor protection. Whether intermediaries would be exposed the entire list of offences under the IT Act and other laws like IPC. Some attendees were of the view that intermediaries should not be given a blanket safe harbor protection especially for content or fake news that leads to ethnic cleansing or lynchings. The recent expose by New York Times that Facebook knew about the unprecedented Russian advertisement spending was discussed. It was reiterated that platforms must be made responsible and transparent.

In summary, suggestions included building transparency and accountability in industry and tech-companies; training and capacity building in digital literacy and security; government should be involved in the process; addressing challenges in implementation by building a centralized complaint mechanism on fake news and online harassment, and building a stronger encryption policy. Policy intents and recitals are good options that could be incorporate to better understand the draft rules.

1In the Shreya Singhal v. Union of India (WP (Crim) 167 of 2012) the Supreme Court declared that Section 66A suffered from the vice of vagueness and had struck it down. Terms used in Section 66A such as “grossly harmful” and “harassing” are still used in the Draft Rules.

 

All Posts | Feb 19,2019

Submission to Parliamentary Committee on Information Technology

Parliamentary Committee on Information Technology invited views on the issue of “Safeguarding Citizens Rights on Social/Online News Media Platforms”. The views were heard on 11th February 2019 along with inputs from MeitY and Twitter.

We at SFLC.in made our submission on common forms of harm on the internet, common remedial measures undertaken or provided by online platforms and the existing legal provisions. We also submitted our recommendations supporting right to privacy, endorsing strong encryption, emphasising importance of safe harbour for intermediaries, advocating wider consultations for finding solutions to tackle hate speech, opposing proactive monitoring of content and suggesting that intermediaries be free to come out with their own Terms of Service. Our submitted views are given below:

All Posts | Feb 18,2019

Our Counter Comments to MeitY on the Draft Intermediaries Guidelines (Amendment) Rules, 2018

The Draft Information Technology [Intermediaries Guidelines (Amendment) Rules], 2018 (“the Draft Rules”), were issued by the Ministry of Electronics and Information Technology (“MeitY”) on the 24th of December, 2018. The Draft Rules seek to amend existing ‘due diligence’ guidelines [The Information Technology (Intermediaries Guidelines) Rules, 2011] which are to be followed by ‘intermediaries’ [as per the Information Technology Act, 2000 (“IT Act”)]. Section 79 of the IT Act provides for a safe-harbour to intermediaries for, “any third party information, data, or communication link made available or hosted by him”. Intermediaries are required to observe due diligence while discharging their duties under the IT Act and observe guidelines as laid down by the Central Government.

We had submitted detailed comments to MeitY on the Draft Rules on January 31, 2019, highlighting concerns like - the 'one size fits all' approach to regulation; use of vague and ambiguous terms; violation of free speech and privacy rights; excessive delegation of legislative powers; and lack of procedural safeguards. Our detailed comments can be found, here.

Subsequently, MeitY had uploaded the comments it received from various stakeholders in two batches, they can be found, here and here.

The time period for submitting counter comments to MeitY concluded on February 14, 2019 and we submitted our detailed counter comments to MeitY on the due date. Our counter comments as submitted to MeitY are as follows:

All Posts | Feb 01,2019

Blue Paper: Misinformation and Draft Intermediary Guidelines

In the wake of increased spread of misinformation on social media, the Ministry of Electronics and Information Technology (MeitY) has issued The Draft Information Technology [Intermediaries Guidelines (Amendment) Rules], 2018.

SFLC.in conducted a series of discussions on misinformation and the proposed Draft Intermediary Guidelines across India in January 2019 including New Delhi (Jan 11 & 18), Bengaluru (Jan 15), Mumbai (Jan 16) and Kochi (Jan 30).

This Blue Paper contains the comments, remarks and inputs made during the above-mentioned discussions by the participants. The document does not reflect the views of SFLC.in.

All Posts | Feb 01,2019

Our Comments to MeitY on the Draft Intermediaries Guidelines (Amendment) Rules, 2018

The Draft Information Technology [Intermediaries Guidelines (Amendment) Rules], 2018 (“the Draft Rules”), were issued by the Ministry of Electronics and Information Technology (“MeitY”) on the 24th of December, 2018. The Draft Rules seek to amend existing ‘due diligence’ guidelines [The Information Technology (Intermediaries Guidelines) Rules, 2011] which are to be followed by ‘intermediaries’ [as per the Information Technology Act, 2000 (“IT Act”)]. Section 79 of the IT Act provides for a safe-harbour to intermediaries for, “any third party information, data, or communication link made available or hosted by him”. Intermediaries are required to observe due diligence while discharging their duties under the IT Act and observe guidelines as laid down by the Central Government.

We have submitted detailed comments to MeitY on the Draft Rules highlighting concerns like - the 'one size fits all' approach to regulation; use of vague and ambiguous terms; violation of free speech and privacy rights; excessive delegation of legislative powers; and lack of procedural safeguards. Our detailed comments are as follows:

All Posts | Feb 01,2019

Joint Letter to MeitY Addressing Key Issues with the Draft IL Rules, 2018

The Ministry of Electronics and Information Technology, Government of India ("MeitY"), released the Draft Intermediaries Guidelines (Amendment) Rules, 2018 on the 24th of December, 2018 ("the Draft Rules"). The Draft Rules seek to amend the existing Intermediaries Guidelines, which enlist certain conditions for online intermediaries to follow in order to qualify for the safe-harbour protection offered to them under Section 79 of the Information Technology Act, 2000. MeitY had requested relevant stakeholders to provide their comments/ suggestions by the 31st of January, 2019 on the Draft Rules.

We have submitted a joint letter to Shri Ajay Prakash Sawhney, Secretary, MeitY, highlighting key provisions of the Draft Rules which impact basic human rights such as free speech and privacy. The joint letter has been signed by various civil society organizations, free software associations, public spirited academicians and professionals.

We have also submitted our detailed comments to the Ministry stating our concerns with the Draft Rules. Our detailed comments will be available on this website soon.

We endeavour to regularly consult with concerned government departments on proposals which adversely affect citizen's digital rights.

We thank all the signatories for extending their support and standing for digital rights.

A copy of the joint letter is as follows: