"Hey there, in this edition of the Tech Ticker, we're trying out something new. We're sharing our take on some of the biggest tech policy developments of the month – on data protection law, cryptocurrency and the FAQs on the IT Rules. Hope you like it, let's go!"

Data protection in action 

It's happened! Almost two years after its formation, the Joint Parliamentary Committee (JPC) examining the draft Personal Data Protection Bill (PDP Bill) adopted its report on 22 November 2021. Typically, a parliamentary committee's report contains analysis of the bill referred to it and any revisions/changes proposed by the committee within the text of the bill (in this case the PDP Bill). Reportedly, 5 JPC members including Congress MP and JPC member Mr. Jairam Ramesh moved dissent notes against the clause that grants exemptions to the government from all or any provision of the PDP Bill, among others. Dissent notes do not impact the adoption of the report. They are taken on record and filed as addenda to the report.  

In its meeting on 12 November, the JPC was unable to finalise its report due to last-minute disagreements on clauses on social media platforms, granting constitutional status to the Data Protection Authority (DPA), and exemptions to the government. 

JPC member and Rajya Sabha MP Dr. Amar Patnaik explained that the DPA should have constitutional status, like the Election Commission of India or the Comptroller and Auditor General of India. This is because the aim of the DPA is to protect a fundamental right, and that it should be independent and autonomous. Does this mean that statutory bodies, like the Securities and Exchange Board of India (SEBI), lack independence and autonomy? Well, the central government exercises greater control over statutory bodies, such as the power to appoint and remove their members and determining their terms of service. The scope for politically motivated misuse is a concern that people have with the DPA being a statutory body. Constitutional bodies are immune to this as their powers are derived from the Constitution itself. Arguably, the DPA which is tasked with securing the fundamental right to privacy would be more autonomous as a constitutional body. 

Next steps-  The Chairman of the JPC Mr. P.P. Chaudhary will submit the report to the Lok Sabha Speaker in the first week of the winter session (starting 29 November 2021). Subsequently, the report will be made public and put up in Parliament for debate. The government will then withdraw the 2019 version of the PDP Bill, re-draft the bill based on the JPC's recommendations and table the re-drafted, cabinet approved version of the data protection bill. If tabled, the bill may get passed in this session itself (which goes on until 23 December 2021).  

That's not all- The Expert Committee on Non-Personal Data (NPD) submitted its final report along with a draft bill on NPD (anonymised data/business information) to the Ministry of Electronics and Information Technology (MeitY). They suggested establishing a separate regulator for NPD. However, later Kris Gopalakrishnan, Chairperson of the NPD Committee said there can be one data regulator if it is necessary to ensure harmony. Several JPC members indicate that there may be an umbrella regulator for both personal data and NPD under the PDP Bill. Gopalakrishnan's statements appear to address the inconsistency between the PDP Bill and the NPD report. Read our analysis on previous NPD reports, here.  

Indian government is finally ready to break their silence on regulating crypto 

Some context? In 2018, the Reserve Bank of India (RBI) had prohibited the use of the banking system for crypto and in 2019 a draft bill seeking to ban private cryptocurrencies was released by an Inter-Ministerial Committee, but it was never tabled in Parliament. In 2020, the Supreme Court struck down the RBI's order. We represented several cryptocurrency exchanges in the Supreme Court. Read our take on all things crypto, here.  

Fast-forward to now-  Reports suggest that a Draft Bill on Cryptocurrency (Draft Bill) may be tabled in the winter session of Parliament. The Draft Bill was announced in January 2021 but has not yet been tabled as the government wanted to take a "calibrated approach" to crypto regulation. In the past weeks, the Parliamentary Standing Committee on Finance (Standing Committee) and Prime Minister Modi (PM) have hosted meetings to discuss the different approaches to regulating crypto.  

The Standing Committee's meetings suggest that the SEBI may be the designated regulator for the crypto industry. Also, the broad view of the Standing Committee is to put in place a "Chinese wall" on the fungibility of cryptocurrency in the real world. At the meeting, concerns were raised about the security of investors' money and the ads used by cryptocurrency exchanges particularly in national daily newspapers. Soon after, two major crypto exchanges, paused advertising on their platforms.  

On taxation of cryptocurrencies, Chairman of the Standing Committee and MP, Mr. Jayant Sinha is confident that the current framework is capable of "handling" crypto tokens and crypto finance. He said that the Standing Committee should decide how to categorise the many functions that crypto finance can fulfil making taxation easier. This comes after the Finance Ministry constituted a group to examine the scope of taxation on income made from cryptocurrency trading. 

The PM also chaired a high-level meeting on crypto attended by the RBI, the Home Ministry and the Finance Ministry. They reached a consensus on taking "progressive and forward-looking" steps on cryptocurrency regulations. However, they too were concerned about misleading advertisements targeted at the youth. Another concern is that if left unregulated, cryptocurrency may become an avenue for money laundering and terror financing.  

Next steps-  We expect that concerns on money laundering are likely to push the government to legislate on cryptocurrency. While it isn't clear the level of regulation that the government will adopt, it is likely that it will take a middle ground approach. This means that it will likely not accept cryptocurrency as legal tender, but will permit transactions and tax income earned from the trade of private cryptocurrencies. They also seem particularly concerned about the security of investor funds and misleading advertisement, so they may feature as a part of the Draft Bill. Since it is being prepared on a war-footing, to be introduced in the winter session of Parliament in 2021, it will likely not contain much detail on regulating the sector. The government will also need to finalise the taxation policy on cryptocurrency, on which no consensus has been reported. The RBI however, remains sceptical of the decision to allow cryptocurrency trading to continue, although it is unlikely that their scepticism will result in the government taking harsh measures on cryptocurrency. 

Anirudh discussed these developments with Barkha Dutt and Mohandas Pai. His opinion is, "finally inching towards what may be well-intentioned, enabling legislation, I am part excited but also part jittery about our laws achieving what they are meant to- if you over-regulate, you miss the plot." A sentiment that most crypto enthusiasts in India are likely echoing.  

The MeitY released its FAQs on the IT (Intermediary Guidelines & Digital Media Ethics Code) Rules, 2021 (IT Rules)   

The development– The MeitY released an FAQs document on the IT Rules that govern social media platforms, marketplaces, search engines (intermediaries), among others.  

The FAQs aim to address queries of intermediaries under the IT Rules. Some clarifications are industry friendly. For instance, the MeitY has the power to call for any 'additional information' from any significant social media intermediary (SSMI). The FAQs clarify that such information will not include any confidential and commercially sensitive information or trade secrets. It also clarifies that an SSMI can appoint a common grievance redressal officer and nodal officer for constant law enforcement assistance.  

However, the MeitY stands its ground on tracing the first originator of messages on platforms like WhatsApp, and says that it does not compromise on encryption. This is concerning, as the FAQs place the responsibility on the intermediary to follow this requirement, without any consideration of it being technologically infeasible. Encryption is essential for governments to secure critical information, for individuals to protect their privacy, and for businesses to protect their trade secrets and build trust. We examined the encryption debate and its ramifications for different actors in a white paper with the Data Security Council of India. The white paper unpacks the regulatory landscape in India and other countries. It also maps different methods used by governments to access encrypted information and covers alternate solutions for accessing protected data. It discusses the legal and technical considerations of traceability, and the economic benefits of encryption. The paper lists a set of recommendations that aim to kickstart deeper, more harmonised discussions on a unique yet divisive subject. It suggests exploring government hacking backed by clear rules, building law enforcement capacity, instituting appropriate safeguards under India's interception framework, among others.  

Back to the FAQs! There was also some confusion on whether social media intermediaries (SMI), as defined in the IT Rules, include B2B platforms, cloud service providers, marketplaces. SMIs are subject to higher compliances. The FAQs clarify that any intermediary whose primary purpose is enabling 'commercial or business-oriented transactions', or providing access to the internet, online storage service, are not SMIs. They are entities that enable online interaction as their core purpose, facilitate socialization by offering a platform to interact with unknown users, and rapid sharing of content on their platforms. With this clarification, it seems that B2B platforms may not come within the scope of SMI.  

The Minister of State for IT Mr. Rajeev Chandrashekhar released the FAQs and said that the MeitY will soon release a separate 'Standard Operating Procedures' (SOPs). While, the FAQs are expected to bring more clarity on the IT Rules, the SOPs will act as guardrails for consumers and investors. The MeitY says the government will consult the industry before releasing the SOPs. Among other things, the SOPs are expected to identify the government agencies which are authorized to send content take downs notices to intermediaries.  

That's not all! Mr. Chandrasekhar also  announced that the MeitY is planning to consult the industry, consumer forums, academia, and identify priority areas for future legislations on the internet (likely pointing to amendments in the Information Technology Act 2000). He said that such laws will account for the impact of the internet on entrepreneurship, citizens and start-ups, and based on their inputs the MeitY will arrive at a consensus on what the regulations should look like. We wonder if the attempt to engage with the industry on SOPs and future internet laws is the government's way of making up for a lack of consultation on the IT Rules (which are mired in legal challenges in different high courts).  

 In case you missed it 

The United Nations Special Rapporteur on the Protection and Promotion of Freedom of Opinion and Expression laid down guidelines on content moderation policies for social media platforms as they play a key role in enabling debate on matters of public interest. They suggest social media platforms adopt international best practices to facilitate open and inclusive debate, be transparent in measures taken against content posted by public figures and rules for political ads such as clear disclosures and inclusion in a publicly accessible archive. Speaking of social media platforms, don't think we forgot about Facebook (we'll take a minute before we get used to Meta), the MeitY has reportedly written to Facebook on the use of its algorithms to deal with hate speech and harmful content, following Frances Haugen's allegations against Facebook. Meanwhile, the Telecom Regulatory Authority of India (TRAI) released a Consultation Paper (CP)  on a licensing framework for earth stations. When the satellite transmits some information, the earth station receives it and converts it into a form that is readable by computers. Think of it as your elder sibling translating your parents' sarcasm. The CP explores the possibility of setting up a new license for earth stations. So far, they can only be established by licensees holding a Unified License, a separate service license of the government. But if approved, the government will give earth stations their own license. TRAI is accepting comments on the CP till 13 December 2021.  

That's all for now! See you in December! 

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.