Keeping up with the times: India’s proposed digital law

Taking a step towards laying the groundwork for a digitally advanced India, the Ministry of Information and Technology (“MeitY”), on 9th March 2023, released a presentation on the proposed Digital India Act, 2023 (“DIA”).

MeitY organized a consultation to appraise the public prior to releasing the draft of the law set to replace the twenty-three-year-old legislation, Information Technology Act, 2000 (“IT Act“). The DIA will operate in tandem with the proposed Digital Personal Data Protection Bill, 2022 and other amendments to the IT Act in the recent past. From the current understanding of how the DIA proposes to work, the DIA seems to be an operative code/guide to the existing laws and amendments on the subject.

NEED FOR DIA

The current IT Act is not equipped to provide the standards of protection required to complement today’s digital landscape as it was drafted at a time when internet use was limited to traditional forms of cyber incidents, such as hacking and cyber-crime. However, with increased users and uses, other complex harms like doxxing, cyber stalking and phishing have emerged. IT Act also has certain other limitations:-

  • Limited mandate that does not consider new challenges – The IT Act regulates only legal recognition of electronic records and does not consider intermediaries like e-commerce, social media, Artificial Intelligence (“AI”), and Over the Top (“OTT”) platforms; other internet uses, including net banking, neo banking, and e-wallets; and internet misuses like information wars, radicalization and hate speech, unfair trade practices, making the IT Act outdated.
  • Lack of comprehensive provisions on user rights, trust & safety- The IT Act provides for an exhaustive list of offenses such as tampering, hacking, etc., but does not cover user rights, consent, safety, and data protection provisions. There is also limited recognition regarding harms and new forms of cybercrimes (such as cyber wars).
  • Lack of IPR Provisions– The IT Act does not provide protection against issues regarding computer programs and networks’ copyrights, domain names and patents. Currently, a rampant cyber “misuse” is downloading movies through peer-to-peer sharing networks. Such pirating of movies is a violation of current copyright laws without effective measures being taken against the perpetrators.

AIM OF DIA

MeitY expressed concerns on how the internet has changed “from a space for good” to a “space for criminalities and illegalities” in the recent past.  The DIA’s objective is to establish a central framework with a principle-based approach that addresses issues surrounding data protection, regulation of intermediaries, and digital crimes.

KEY PROVISIONS OF DIA

MeitY at its presentation, brought out some key provisions to address concerns in the market, such as:

  • Open internet – Big techs are often gaming the system with discriminatory blocking of payments, abuse of their monopoly status, etc. The DIA aims to address this by encouraging online diversity, robust competition, fair market access, and ease of doing business.
  • Online safety with focus on women and children– With technological advancements and its usage, children are falling prey to addictive technology, women are concerned about their bodily safety and privacy due to inventions such as AI porn, and right to free speech is being misused to spread fake news. The DIA aims to provide rights such as the right to be forgotten, redressal, digital inheritance, automated decision-making, etc., and regulate fake news, high-risk AI systems, content monetization, etc.
  • Accountability – With deep fakes, and chatbots running the internet, the innate need to have regulation over this new internet society has been realized. Algorithmic transparency and periodic risk assessment by digital entities, unified government response, ethical use of technology, ownership standards on data collected, and an empowered regulator could ensure accountability on the internet.
  • Intermediaries –The DIA aims to identify different compliances for different kinds of intermediaries with broad scope on the definition of an intermediary. Further, the DIA is also expected to probe into the necessity of the existing “safe harbour” provision under the IT Act. The Government has been trying to increase intermediary compliance as seen in the IT (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021, and subsequent notifications. Sedition, defamation, and fake news on social media have become the norm of the day. It is no debate that regulation of hate speech and misinformation is a must. The question is whether intermediaries should be and to what extent liable for hosting said free speech.
  • Adjudicatory mechanism – Hardly accessible and cumbersome procedures often stop victims from reporting crime. The DIA aims to create adjudicatory mechanisms that are easily accessible, deliver timely remedies, resolve cyber disputes, develop a unified cyberspace, and enforce the rule of law online.
  • New technologies – To ensure that the law is proactive, it is necessary to anticipate potential issues that may arise. The DIA is set to propose a regulatory framework for start-ups and emerging technologies such as Web 3.0, wearable technology, etc. to address issues that could arise herein. Further, it has been identified that it is necessary to have different rules for different digital services such as e-commerce, search engines, gaming, AI, OTTs, TSPs, ad tech, SSMI, etc.

CHALLENGES

The DIA will help establish a robust legal framework for digital activities in India, but some challenges need to be addressed to ensure the effective implementation of the Act.

A major challenge is the lack of awareness regarding digital technology and its implications. People in India, especially in rural areas, still lack access to digital infrastructure and are unfamiliar with digital technology. This could make it difficult to ensure compliance with digital regulations.

Interestingly, the DIA does not seem to expressly deal with crypto currency. As per the IT Minister, there is no need for crypto specific law and that crypto issues won’t arise if laws of the land are followed. However, the sufficiency of the existing law without express addressal of crypto currency is debatable indeed.

Additionally, while the gaming industry will be relieved from the stability DIA aims to provide after being plagued with data privacy, cybercrimes, and compliance issues, big tech firms will be heavily regulated, coming at the cost of more stringent compliances and mandates which would equate to increased investments by companies to stay in the market.

CONCLUSION

The DIA is indeed a welcome step towards shaping the future digital landscape of India. It addresses key concerns such as data protection, cybersecurity, e-commerce, and digital payments and provides a framework for regulating these activities. `However, this new law must ensure that reliance is placed on global trends, laws, crimes, and industry experts prior to passing and enforcing said law.


Authors: Nivedita Nivargi, Partner; Kevin Robin, Senior Associate & Anietia Tom, Associate.

More from Samvad Partners