Defender of your Digital Freedom

All Posts | Apr 01,2019

Our Comments to DPIIT on the Draft National E-commerce Policy

On 23rd February, 2019, the Department for Promotion of Industry and Internal Trade (“the DPIIT”) released the Draft National E-Commerce Policy (“the Draft Policy”) with the objective to help stakeholders fully benefit from opportunities arising from the progressive digitization of the domestic digital economy and establish a level playing field for all stakeholders in the digital economy.

Though, titled as the ‘National E-Commerce Policy’ the document addresses a wide range of subjects, such as data protection and ownership, cross-border data flow, foreign investment, tax, competition issues, intellectual property and intermediary liability, among other things. These issues affect a number of stakeholders and industries in addition to e-commerce websites and their consumers.

Our comments, inter alia, address issues with the Draft Policy like - jurisdiction of the DPIIT, data ownership and sovereignty, data localisation, intermediary liability and law enforcement access to data. Our detailed comments are as follows:

All Posts | Mar 07,2019

Conference on Future of Tech Policy in India

SFLC.in is organising a Conference on Future of Tech Policy in India on 15 March in New Delhi to discuss issues related to Rights on the Internet. Our report on ‘Intermediary Liability in India: The Legal Landscape and Notable Developments’ will be launched during this event.

Broad Agenda:

  • 09:30 AM to 10:00 AM - Registration

  • 10:00 AM to 11:30 AM - Session 1: Misinformation and Intermediary Liability + Report launch

  • 11:30 AM to 11:45 AM - Tea Break

  • 11:45 AM to 01:15 PM - Session 2: The Role of Social Media in Elections

  • 01:15 PM to 02:00 PM - Lunch Break

  • 02:00 PM to 03:15 PM - Session 3: Online Harassment

  • 03:15 PM to 03:30 PM - Tea Break

  • 03:30 PM to 05:00 PM - Session 4: The Future of Tech Policy

Context for the discussions:

Internet has emerged as a “critical infrastructure of our times”,[fn]Net Neutrality And Zero-Rating: Oral Testimony at the Canadian Radio-television and Telecommunications Commission’s hearing on Differential Pricing Practices Related To Internet Data Plans, November 4, 2016.[/fn] an ecosystem for democratic exchange of information, economic growth and evolution of new political culture. Due to the indispensability of Internet in our daily lives, the intertwined issues of fake news, online harassment, Internet shutdowns and the use of online platforms affect us deeply. Misinformation and online harassment often translate into grave physical violence. Most solutions to these have been reactionary and lack a well debated, planned and strategic approach. The Government has proposed the Information Technology (Intermediaries Guidelines) Rules, 2019, (Draft Rules) that threatens free speech and privacy rights by pushing intermediaries to take proactive steps to censor online content. A Draft National E-Commerce Policy released recently is being perceived a barrier to free flow of data across borders as it recommends data localization among other things. Self regulatory measures taken by technology companies in the form of Community Guidelines lack transparency and have not sufficiently addressed user concerns. Unsurprisingly, we have not yet arrived at a solution that can balance our rights with public security concerns.

A safe, inclusive, accessible and democratic Internet cannot become a reality unless the solutions are driven by a true mutli-stakeholder discussion. To collectively answer these questions and brainstorm ideas to inform the policy debate in tech policy, we invite you to our Conference on Future of Tech Policy in India, where we will be launching our report on ‘Intermediary Liability in India: The Legal Landscape and Notable Developments’.

We have recently organised discussions on Misinformation and Intermediary Liability in New Delhi (Jan 11, Jan 18, Feb 13), Bengaluru (Jan 15), Mumbai (Jan 16), Kochi (Jan 30) and Hyderabad (Feb 12). We have published a Blue Paper[fn]Available at https://sflc.in/blue-paper-misinformation-and-draft-intermediary-guidelines[/fn] containing comments, remarks and inputs received during the above-mentioned discussions.


Registration and participation are free of charge. Please RSVP at https://www.eventbrite.com/e/conference-on-future-of-tech-policy-in-india-tickets-57703767522

Please share this invitation with your friends, colleagues and anyone else that you believe might be interested in participating in the discussion.

All Posts | Dec 24,2018

Technology Policy Developments in India: 2018

As we tread towards the end of the year, 2018. SFLC.in brings you a summary of Tech-Policy developments for the year. We at SFLC.in, participated in some interesting technology policy initiatives in 2018. After the Right to Privacy judgment and EU GDPR, India this year saw extensive activity on the tech-policy front, TRAI submitted its recommendation on privacy, B.N Srikrishna Committee presented the draft of the first Personal Data Protection Bill and the much awaited Aadhaar verdict was delivered by the Constitutional bench. Apart from these, the sphere saw various initiatives, they can be summarized as follows:

Item No.


Policy Initiative/ Document



April 25, 2018

Social Media Communications Hub (SMCH)

The Ministry of Information and Broadcasting released a bid document (“SMCH Bid Document”) stating its intent to establish a Social Media Communication Hub, which would enable processes such as analyzing large volumes of data across diverse digital platforms in real time, comprehensive analytics along with monitoring and analyzing social media communications etc.

The proposal was challenged in the Supreme Court by Trinamool Congress MP, Mahua Moitra.

The project was subsequently withdrawn by the Government, as informed by the Attorney General, Mr. K.K Venugopal on August 3, 2018.

SFLC.in live tweeted the developments in the matter. There were multiple points of concern regarding the SMCH Bid Document, a few of the issues are highlighted here: https://sflc.in/social-media-communications-hub-privacy-nightmare


May 1, 2018

Draft National Digital Communications Policy.

The Department of Telecommunication released the draft with an objective of inviting public comments/ inputs to make the National Digital Communications Policy-2018 a robust document and an enabler for achieving the desired goals. Stakeholders comments were invited until 1st June 2018.

The Draft policy has been quite broad in terms of recognizing and outlining various issues that have an impact on communications network in India. A few significant issues that were highlighted: access to Internet, net neutrality, data protection and privacy, to name a few.

SFLC.in analysed the policy and submitted it’s comments based on its extensive research on issues of access and open source softwares.


May 22, 2018

Information Technology (Information Security Practices and Procedures for Protected System) Rules, 2018

Salient Features:

  1. All organisations having “Protected System”(U/s 2(k); primary covers government organisations) shall constitute an Information Security Steering Committee(ISSC) under the chairmanship of CEO/MD/Secretary.

  2. Mandate of ISSC includes approving information security policies of Protected Systems; setting mechanisms for timely communication of cyber incidents; sharing information security audits etc.

  3. Nominate Chief Information Security Officer (CISO) as provided in “Guidelines for Protection of Critical Information Infrastructure”

  4. Establish, monitor and continually improve Information Security Management System (ISMS) of the Protected System.


June 4, 2018

NITI Aayog published India’s strategy document on Artificial Intelligence

It was published by NITI Aayog on June 4, 2018 by NITI Aayog. It identified 5 priority sectors for leveraging AI: Healthcare, Agriculture, Education, Smart Cities and Infrastructure and Smart Mobility and Transportation. Besides, it deliberated on challenges, ethical, privacy, security issues related to AI and skill development.

SFLC.in analysis can be found here - https://sflc.in/welcome-ai-indian-governments-ambitious-policy-proposal

CEO Amitabh Kant informed that a task force would be setup for speedy implementation of the suggestions; setting up COREs (centres of research excellence) and ICTAIs (international centers of transformational AI).


July 16, 2018

Telecom Regulatory Authority of India (TRAI) issued: Recommendations on "Privacy, . Security and Ownership of Data in the Telecom Sector".

TRAI had suo-moto issued recommendation on "Privacy,

Security and Ownership of Data in the Telecom Sector". The recommendations analyses if the current data protection framework is adequate. The recommendations dealt with certain important issues such as: control over data, data security, cross border data transfers among others, consent, data minimization and encryption among others.

The DoT stated that they would currently not take up these recommendations, and they referred the same to B.N Srikrishna Committee.

SFLC.in actively participated both rounds of consultation process. Comments and counter-comments to TRAI consultation may be accessed at:https://privacy.sflc.in/our-comments-on-the-trai/ & https://privacy.sflc.in/our-counter-comments-on-the-trai-consultation-paper-on-privacy-security-and-ownership-of-data-in-the-telecom-sector/


July 27, 2018

The Personal Data Protection Bill, 2018

The Bill has recognized the right to privacy as a fundamental right and protection of personal data as an essential facet of informational privacy. It provides for data protection obligations such as purpose and collection limitation, notice and consent regime; provides stricter consent requirements for sensitive personal data and personal data of children; sets up enforcement and grievance redressal mechanism and various other provisions related to data protection. However, there are certain issues with the bill as well. These include data localisation, lack of independence in Data Protection Authority of India, wide exemptions, online surveillance, independence of data protection officers among others.

SFLC.in’s contribution: Team submitted comments on the draft bill, which may be accessed: https://privacy.sflc.in/our-comments-draft-data-protection-bill/.


July 27, 2018

Justice BN Srikrishna Committee Report

The Personal Data Protection Bill, 2018 came along with the J. BN Srikrishna Committee Report. Its key focus areas include consent and notice; data ownership and user rights, data processing, data protection officers/authority, jurisdiction and data localisation, protection against surveillance etc. The committee elicited public consultations, comments until Jan., 2018.

SFLC.in’s Contribution: SFLC.in was at the forefront of public consultations and submitted comments. Prior to submitting the comments, team organized series of round-table discussions in Delhi, Mumbai, Bangalore and Kochi to understand the perspective of various stakeholders. Report of these events is located at: https://sflc.in/summary-report-series-discussion-personal-data-protection-bill-2018.


July 31, 2018

DoT’s approval of TRAI’s recommendations on Net Neutrality

TRAI released its recommendations on Net Neutrality in November, 2017 These included:

  1. Prohibiting discriminatory treatment of content, updating license agreements for ISP to incorporated principles of non discriminatory treatment of content

  2. Setting up a multistakeholder watchdog under DoT for enforcing net neutrality, website blocking by government/court orders kept outside the ambit; IoT kept within the ambit of net neutrality.

In July, 2018, the Telecom Commission approved these recommendations.


Sept 26, 2018

Justice K.S. Puttaswamy (Retd) & And vs. UOI & Ots (CWP 494 (2012))

(Aadhaar Judgment)

The Supreme Court delivered its much awaited judgment in the Aadhaar case, wherein it upheld the constitutionality of the Aadhaar Act, 2016 barring a few provisions on disclosure of personal information, cognizance of offences and use of the Aadhaar ecosystem by private corporations.

Major Features of the judgment can be accessed here: https://sflc.in/key-highlights-aadhaar-judgment, FAQ on the Aadhaar judgement: https://sflc.in/faqs-aadhaar-judgment


November 28, 2018

State of Rajasthan Government: No more Internet Shutdowns for prevention of cheating in examinations.

A Public Interest Litigation challenging orders that were promulgated to impose Internet Shutdowns in Rajasthan to prevent cheating in examinations was filed at the Jodhpur High Court, located in the State of Rajasthan on 25th July 2018.

Home Department of Rajasthan submitted an additional affidavit stating that the suspension of Internet Services for conducting examinations does not fall in the ambit of ‘public safety’ or ‘public emergency’ as provided under the Temporary Suspension of Telecom Services Rules, 2017. In the light of the said affidavit filed by the State of Rajasthan, a division bench comprising of Justice Sangeeta Lodha and Justice Dinesh Mehta disposed off the matter, on Wednesday, 28th November 2018.

Read more at: https://sflc.in/home-department-state-rajasthan-no-more-internet-shutdowns-prevention-cheating-examinations


December 20, 2018

Ministry of Home Affairs notified certain competent authorities under sub-section (1) of Section 69 of IT Act 2000.

In the exercise of powers conferred upon sub-section (1) of Section 69 of IT Act 2000 read with rule 4 of the IT Rules 2009, Ministry of Home Affairs notified the following authorities as competent authority:

Intelligence Bureau, Narcotics Central Bureau, Enforcement Directorate, Central Board of Direct Taxes, Directorate  of Revenue Intelligence, CBI, NIA, RAW, Directorate of Signal Intelligence, & Commissioner of Police, Delhi.


All Posts | Jun 25,2018

Welcome AI! – The Indian Government’s Ambitious Policy Proposal

Healthcare, Education, Smart Cities and Transportation Identified as Key Sectors

On June 4th, the NITI Aayog published a discussion paper[fn]Can be downloaded from - http://niti.gov.in/writereaddata/files/document_publication/NationalStrategy-for-AI-Discussion-Paper.pdf [/fn] titled “National Strategy for Artificial Intelligence”. While recognizing the potential of AI for the economic and social growth of India, the paper identifies five sectors which are set to play a pivotal role in the adoption of AI in the country and are likely to benefit from Government intervention – Healthcare, Agriculture, Education, Smart Cities and Infrastructure and Smart Mobility and Transportation. These sectors were chosen as private sector participation alone was deemed insufficient to drive AI adoption in these categories (sectors such as banking and manufacturing seem to have been purposely ignored despite them driving AI usage in India). The paper envisions India as a research hub for AI related technologies; it recognizes the need for skilling its workforce for better adoption; the need for creating awareness and supporting start-ups; and the importance of maintaining ethics, privacy and security with the use of AI.

India – AI Garage of the World

The discussion paper pits India’s ambitions in becoming an AI garage for the world. It imagines India to be a playground for global institutions to develop scalable solutions which can be easily adopted in other developing nations. For establishing India as a research hub, the paper calls for setting-up of centres of research - Centre of Research Excellence in AI (these institutions will focus on core research and building a knowledge base around AI) and International Centre for Transformational AI (these institutions will be focused on creation and adoption of AI based applications). The paper also calls for a change in the Intellectual Property (“IP”) framework in India to strengthen laws for bringing AI applications under the purview of patents and protecting the financial interests of innovators, ignoring finer details like how growth of innovation will be ensured if AI applications[fn]As AI applications are computer based technologies, it is important to clarify that for the purpose of this discussion, AI applications are construed as either – a set of algorithms/ computer programme or software.[/fn] are patented and concentrated in a few hands in the industry. It has been a long standing view of experts that making computer programmes patentable will hinder innovation in technology. Currently, algorithms and computer programmes (per se)[fn]Though, as per section 3(k) of The Patents Act, 1970, computer programmes are per se not patentable, the Controller of Patents has in the past offered Patents to companies such as – Facebook, Google and Apple for their computer related inventions.[/fn] are completely excluded and are not patentable under Indian law - as per section 3(k) of The Patents Act, 1970[fn]Section 3(k) of The Patents Act, 1970, excludes mathematical or business methods, computer programmes per se and algorithms from being considered as inventions for the purposes of the Act.[/fn]. If algorithms/ computer programmes are brought under patent law, large corporations will win in the race of filing claims, thereby creating a patent thicket, impenetrable by small players. This will lead to hampering of growth, as sprucing innovation often requires open platforms and active sharing, specially in the field of technology. Even in mature patent jurisdictions like the United States, there is a growing concern around patenting of computer programmes (software). According to renowned patent reformers Bessen and Meurer – granting patents to computer software hinders innovation. In their book - ‘Patent Failure – How Judges, Bureaucrats and Lawyers Put Innovators at Risk’ they distinguish softwares from other inventions on the basis that – claims under software patents are often abstract and ambiguous which leads to a problem in determining their applicability. They say, “Abstract claims in software patents might be especially difficult to translate into well defined property boundaries.” For Bessen and Meurer, abstract claims for software patents end up rewarding patentees for inventions they do not invent and lead to reduced incentive for future inventors. They also argue that due to increased litigation in issues of software patents, the costs of litigation for such inventions far exceeds their profits.

Thus, a change in the IP framework to bring AI applications under the purview of patents is trickier than it seems. Firstly, this will require a major overhaul of the law itself, as patent law currently doesn’t recognize algorithms and computer programmes as inventions. Secondly and more importantly, the rationale behind patenting of AI applications will need to be debated, to ensure that innovation isn’t hampered.

NITI Aayog envisions ambitious uses like – Internet of Medical Things and Autonomous Trucking

The paper comprehensively enumerates various challenges faced by the identified industry sectors and offers recommendations on how AI can help overcome these challenges, but it fails to illustrate the implementation mechanism of these ambitious goals. Moreover, the solutions seem to be slightly disconnected from the ground realities of India. For example, the paper advocates the use of robotics and Internet of Medical Things for solving problems in healthcare in India and helping the Government meet its social objectives. Considering the low affordability and penetration of health services in India, it does not visit details of how such a task will be implemented or scaled up. Similarly, in Agriculture and Education, recommendations such as – soil and crop health monitoring; and adaptive learning and intelligent tutoring systems seem to be lofty goals not contextualized to the Indian situation. Implementing AI tools for soil and health monitoring will require substantial investment on both sides, (government level, as well as at farms) including educating farmers on the use of this new technology. Similarly, with ICT infrastructure a challenge in public schools, along with low teacher awareness, putting in place mechanisms such as intelligent tutoring systems and adaptive learning seems far fetched.

The paper quotes low driver cost per kilometer questioning the economic practicality of autonomous vehicles in India, but recommends investment in such technologies for the purposes of export and to build ancillary expertise. While brushing away the use of autonomous vehicles on Indian roads, the paper routes for autonomous trucking, AI in railways and use of AI in Indian cities for solving traffic woes. The chapter on smart cities and infrastructure warrants red-flagging as it recommends controversial applications of AI such as – crowd management by monitoring and predicting behaviour and implementation of safety systems by keeping a check on people’s movements by using sophisticated surveillance systems and social media intelligence platforms. Crowd monitoring and predictive behaviour need to be addressed with issues of privacy and data protection before implementation and the suggestion of a social media intelligence platform is reminiscent of the I&B Ministry’s proposed Social Media Communication Hub.

A National Data Marketplace for Increased Access to Meaningful Data

One of the most innovative suggestions of the discussion paper is the establishment of a data marketplace for solving the problem of access to data sets by new entrants in the AI foray. The paper envisages the formation of a decentralized data marketplace based on distributed ledger technology, it puts the responsibility on the Government to introduce regulations for the setting-up of such a data marketplace by private players. The paper predicts that the introduction and use of a National AI Marketplace will lead to collaboration, access and accelerated adoption of AI among enterprises and public authorities. Though, establishment of a national data marketplace will benefit smaller players and increase access to meaningful data, it also raises questions of privacy and protection of sensitive data. Before such a marketplace is installed, India requires a robust data protection law, which not only sets comprehensive guidelines for the collection of data but also prescribes reasonable penalties for their violation.

Explainable AI and Self Regulation

On the Ethics, Privacy and Security front – the paper advocates for elimination of data bias by identifying and removing them on a case-by-case basis. Though, the paper discusses explainable AI/ algorithms, it is vague in its applicability. The paper calls for the enactment of a robust data protection law (it also makes a reference to the Justice Srikrishna Committee – which has been tasked with drafting a new data protection law for India) and formulation of sector specific regulations for diversity in applicability. Adherence to International Standards for safety and privacy and encouragement of self-regulation are some of the other methods suggested by the paper to ensure privacy. The paper calls for establishing negligence tests and safe harbours as opposed to strict liability for estimating damages for abuse of process. Though these recommendations are forward looking, there are some issues worth highlighting – the paper acknowledges the concept of explainable AI but doesn’t tackle government use of AI and transparency. It’s essential that the government makes AI use transparent and accessible in the public domain to eliminate instances of foul-play. Rules for self regulation and safe harbour might not be effective in situations of gross negligence and corporate oversight or when dealing with new technologies. The paper is also silent on use of AI technologies in military practices – considering the Indian armed forces are working on incorporating AI in their operations[fn]http://www.thehindu.com/news/national/india-gears-up-for-ai-driven-wars/article23944083.ece[/fn], it is an important moot point.


This discussion paper is a step in the right direction and NITI Aayog’s move should be sufficiently acknowledged, but as policy design and implementation goes in India, the magic lies in execution. The paper has recommended some ambitious uses of AI in Indian life without going into the financial viability of such projects, given that public participation has not been invited yet, this paper is a pre-cursor to a larger policy debate which shall ensue in the coming months. With the draft law on data protection on its way and India standing on the brink of federal elections in the coming year, it will be interesting to see where and how NITI Aayog and the central government take the debate on AI from here.