future

As we tread towards the end of the year, 2018. SFLC.in brings you a summary of Tech-Policy developments for the year. We at SFLC.in, participated in some interesting technology policy initiatives in 2018. After the Right to Privacy judgment and EU GDPR, India this year saw extensive activity on the tech-policy front, TRAI submitted its recommendation on privacy, B.N Srikrishna Committee presented the draft of the first Personal Data Protection Bill and the much awaited Aadhaar verdict was delivered by the Constitutional bench. Apart from these, the sphere saw various initiatives, they can be summarized as follows:

Item No.

Date

Policy Initiative/ Document

Description

  1.  

April 25, 2018

Social Media Communications Hub (SMCH)

The Ministry of Information and Broadcasting released a bid document (“SMCH Bid Document”) stating its intent to establish a Social Media Communication Hub, which would enable processes such as analyzing large volumes of data across diverse digital platforms in real time, comprehensive analytics along with monitoring and analyzing social media communications etc.

The proposal was challenged in the Supreme Court by Trinamool Congress MP, Mahua Moitra.

The project was subsequently withdrawn by the Government, as informed by the Attorney General, Mr. K.K Venugopal on August 3, 2018.

SFLC.in live tweeted the developments in the matter. There were multiple points of concern regarding the SMCH Bid Document, a few of the issues are highlighted here: https://sflc.in/social-media-communications-hub-privacy-nightmare

  1.  

May 1, 2018

Draft National Digital Communications Policy.

The Department of Telecommunication released the draft with an objective of inviting public comments/ inputs to make the National Digital Communications Policy-2018 a robust document and an enabler for achieving the desired goals. Stakeholders comments were invited until 1st June 2018.

The Draft policy has been quite broad in terms of recognizing and outlining various issues that have an impact on communications network in India. A few significant issues that were highlighted: access to Internet, net neutrality, data protection and privacy, to name a few.

SFLC.in analysed the policy and submitted it’s comments based on its extensive research on issues of access and open source softwares.

  1.  

May 22, 2018

Information Technology (Information Security Practices and Procedures for Protected System) Rules, 2018

Salient Features:

  1. All organisations having “Protected System”(U/s 2(k); primary covers government organisations) shall constitute an Information Security Steering Committee(ISSC) under the chairmanship of CEO/MD/Secretary.

  2. Mandate of ISSC includes approving information security policies of Protected Systems; setting mechanisms for timely communication of cyber incidents; sharing information security audits etc.

  3. Nominate Chief Information Security Officer (CISO) as provided in “Guidelines for Protection of Critical Information Infrastructure”

  4. Establish, monitor and continually improve Information Security Management System (ISMS) of the Protected System.

  1.  

June 4, 2018

NITI Aayog published India’s strategy document on Artificial Intelligence

It was published by NITI Aayog on June 4, 2018 by NITI Aayog. It identified 5 priority sectors for leveraging AI: Healthcare, Agriculture, Education, Smart Cities and Infrastructure and Smart Mobility and Transportation. Besides, it deliberated on challenges, ethical, privacy, security issues related to AI and skill development.

SFLC.in analysis can be found here - https://sflc.in/welcome-ai-indian-governments-ambitious-policy-proposal

CEO Amitabh Kant informed that a task force would be setup for speedy implementation of the suggestions; setting up COREs (centres of research excellence) and ICTAIs (international centers of transformational AI).

 

July 16, 2018

Telecom Regulatory Authority of India (TRAI) issued: Recommendations on "Privacy, . Security and Ownership of Data in the Telecom Sector".

TRAI had suo-moto issued recommendation on "Privacy,

Security and Ownership of Data in the Telecom Sector". The recommendations analyses if the current data protection framework is adequate. The recommendations dealt with certain important issues such as: control over data, data security, cross border data transfers among others, consent, data minimization and encryption among others.

The DoT stated that they would currently not take up these recommendations, and they referred the same to B.N Srikrishna Committee.

SFLC.in actively participated both rounds of consultation process. Comments and counter-comments to TRAI consultation may be accessed at:https://privacy.sflc.in/our-comments-on-the-trai/ & https://privacy.sflc.in/our-counter-comments-on-the-trai-consultation-paper-on-privacy-security-and-ownership-of-data-in-the-telecom-sector/

  1.  

July 27, 2018

The Personal Data Protection Bill, 2018

The Bill has recognized the right to privacy as a fundamental right and protection of personal data as an essential facet of informational privacy. It provides for data protection obligations such as purpose and collection limitation, notice and consent regime; provides stricter consent requirements for sensitive personal data and personal data of children; sets up enforcement and grievance redressal mechanism and various other provisions related to data protection. However, there are certain issues with the bill as well. These include data localisation, lack of independence in Data Protection Authority of India, wide exemptions, online surveillance, independence of data protection officers among others.

SFLC.in’s contribution: Team submitted comments on the draft bill, which may be accessed: https://privacy.sflc.in/our-comments-draft-data-protection-bill/.

  1.  

July 27, 2018

Justice BN Srikrishna Committee Report

The Personal Data Protection Bill, 2018 came along with the J. BN Srikrishna Committee Report. Its key focus areas include consent and notice; data ownership and user rights, data processing, data protection officers/authority, jurisdiction and data localisation, protection against surveillance etc. The committee elicited public consultations, comments until Jan., 2018.

SFLC.in’s Contribution: SFLC.in was at the forefront of public consultations and submitted comments. Prior to submitting the comments, team organized series of round-table discussions in Delhi, Mumbai, Bangalore and Kochi to understand the perspective of various stakeholders. Report of these events is located at: https://sflc.in/summary-report-series-discussion-personal-data-protection-bill-2018.

  1.  

July 31, 2018

DoT’s approval of TRAI’s recommendations on Net Neutrality

TRAI released its recommendations on Net Neutrality in November, 2017 These included:

  1. Prohibiting discriminatory treatment of content, updating license agreements for ISP to incorporated principles of non discriminatory treatment of content

  2. Setting up a multistakeholder watchdog under DoT for enforcing net neutrality, website blocking by government/court orders kept outside the ambit; IoT kept within the ambit of net neutrality.

In July, 2018, the Telecom Commission approved these recommendations.

  1.  

Sept 26, 2018

Justice K.S. Puttaswamy (Retd) & And vs. UOI & Ots (CWP 494 (2012))

(Aadhaar Judgment)

The Supreme Court delivered its much awaited judgment in the Aadhaar case, wherein it upheld the constitutionality of the Aadhaar Act, 2016 barring a few provisions on disclosure of personal information, cognizance of offences and use of the Aadhaar ecosystem by private corporations.

Major Features of the judgment can be accessed here: https://sflc.in/key-highlights-aadhaar-judgment, FAQ on the Aadhaar judgement: https://sflc.in/faqs-aadhaar-judgment

  1.  

November 28, 2018

State of Rajasthan Government: No more Internet Shutdowns for prevention of cheating in examinations.

A Public Interest Litigation challenging orders that were promulgated to impose Internet Shutdowns in Rajasthan to prevent cheating in examinations was filed at the Jodhpur High Court, located in the State of Rajasthan on 25th July 2018.

Home Department of Rajasthan submitted an additional affidavit stating that the suspension of Internet Services for conducting examinations does not fall in the ambit of ‘public safety’ or ‘public emergency’ as provided under the Temporary Suspension of Telecom Services Rules, 2017. In the light of the said affidavit filed by the State of Rajasthan, a division bench comprising of Justice Sangeeta Lodha and Justice Dinesh Mehta disposed off the matter, on Wednesday, 28th November 2018.

Read more at: https://sflc.in/home-department-state-rajasthan-no-more-internet-shutdowns-prevention-cheating-examinations

  1.  

December 20, 2018

Ministry of Home Affairs notified certain competent authorities under sub-section (1) of Section 69 of IT Act 2000.

In the exercise of powers conferred upon sub-section (1) of Section 69 of IT Act 2000 read with rule 4 of the IT Rules 2009, Ministry of Home Affairs notified the following authorities as competent authority:

Intelligence Bureau, Narcotics Central Bureau, Enforcement Directorate, Central Board of Direct Taxes, Directorate  of Revenue Intelligence, CBI, NIA, RAW, Directorate of Signal Intelligence, & Commissioner of Police, Delhi.